摘要
驱动漏洞在Android手机的安全研究中非常重要,因为驱动运行在内核空间,不仅影响用户的使用满意度,还关系到系统的稳定与安全,但驱动的漏洞挖掘一直都相对较困难,传统模糊测试技术对目标程序缺乏理解、测试随机且盲目的缺点无法适应Android驱动漏洞挖掘的需求.通过改进现有模糊测试技术,提出了基于黑盒测试的遗传算法,利用测试的执行结果指导遗传算法,由遗传算法决定测试用例的参数需要遗传还是变异.从而将有效参数遗传到下一代测试用例,无效参数根据执行结果采用不同的策略进行变异,使模糊测试用例可以较快地收敛到有效的范围.为加快漏洞挖掘速度,引入并扩展了参数优化技术,将由遗传算法得到的有效参数进一步修改为特殊数据或使用者预设的数据,更快地达到测试目的.最后基于该算法设计并实现了Android驱动的模糊测试系统Add-fuzz(Android device driver fuzz),利用该系统在多个不同版本的Android手机进行了系统测试,挖掘出了9个Android设备驱动程序的未知安全漏洞.与其它相关测试方法对比,实验结果表明该算法的有效性和适用性表现更优.
The vulnerability of device drive is an especially important issue for security of Android phones,because device drive run in kernel. Not only it will affect the user’s satisfaction, but also concerns the stability and security of the system. Compare with other vulnerability discover the work of device drive is a difficult task. However, there is a lack of understanding about the target program, and the testing is random as well as blind in traditional fuzz testing. So this technique cannot meet the requirements on the vulnerability discovery of Android drivers. By improving the existing fuzz testing techniques, a new genetic algorithm based on black-box test is presented in this paper. The genetic algorithm is performed according to the execution results, and is used to determine whether the parameters of test cases should be preserved or transformed. In this way, valid parameters are passed to the next generation of test cases, while invalid parameters are transformed by different strategies according to the execution results. Therefore, the fuzz test cases can quickly converge to an effective scope. In order to raise the speed of vulnerability discovery, a parameter optimization technology is introduced and expanded. For faster testing,the invalid parameters which are obtained from the genetic algorithm are further modified to some special data or user?s default data. At last, based on this algorithm, we design and implement a fuzz testing system for Android drivers, which is denoted as Add-fuzz (Android device driver fuzz). We deployed the Add-fuzz on many different versions of Android phones to perform a system testing, and 9 unknown security vulnerabilities about Android device drivers was discovered. Compared with other related works, the experiment results demonstrate that this algorithm has good effectiveness and applicability.
出处
《计算机学报》
EI
CSCD
北大核心
2017年第5期1031-1043,共13页
Chinese Journal of Computers
基金
国家自然科学基金(61572460
61272481)
物联网信息安全技术北京市重点实验室开放课题资助~~