The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Avec la commercialisation des téléphones mobiles 5G, les pilotes Android se multiplient rapidement pour utiliser une grande quantité de nouveaux matériels riches en fonctionnalités. La plupart de ces pilotes sont développés par des fournisseurs tiers et ne disposent pas d'un examen approprié des vulnérabilités, ce qui pose un certain nombre de nouveaux risques potentiels pour la sécurité et la confidentialité. Cependant, la complexité et la diversité des pilotes Android rendent les méthodes d’analyse traditionnelles inefficaces. Par exemple, les formats d'arguments spécifiques au pilote rendent difficile la génération d'entrées valides par les fuzzers d'appels système traditionnels, le code lourd en pointeurs rend les résultats de l'analyse statique incomplets et la diffusion du pointeur masque le type réel. Déclencher du code profondément dans les pilotes Android reste un défi. Nous présentons CoLaFUZE, un outil de fuzzing guidé par la couverture et prenant en compte la mise en page pour générer automatiquement des entrées valides et explorer le code du pilote. CoLaFUZE utilise un module de noyau pour capturer l'opération de copie de données et la rediriger vers le moteur de fuzzing, garantissant ainsi que la taille correcte des données requises est transférée au pilote. CoLaFUZE exploite l'analyse dynamique et l'exécution symbolique pour récupérer les interfaces des pilotes et génère des entrées valides pour les interfaces. De plus, le module de mutation des semences de CoLaFUZE exploite les informations de couverture pour obtenir une meilleure qualité des semences et exposer les bogues en profondeur dans le pilote. Nous évaluons CoLaFUZE sur 5 téléphones mobiles Android modernes des principaux fournisseurs, dont Google, Xiaomi, Samsung, Sony et Huawei. Les résultats montrent que CoLaFUZE peut explorer une plus grande couverture de code par rapport au fuzzer de pointe, et CoLaFUZE a réussi à trouver 11 vulnérabilités dans les appareils de test.
Tianshi MU
China Southern Power Grid
Huabing ZHANG
China Southern Power Grid
Jian WANG
China Southern Power Grid
Huijuan LI
China Southern Power Grid
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI, "CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 11, pp. 1902-1912, November 2021, doi: 10.1587/transinf.2021NGP0005.
Abstract: With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021NGP0005/_p
Copier
@ARTICLE{e104-d_11_1902,
author={Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI, },
journal={IEICE TRANSACTIONS on Information},
title={CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers},
year={2021},
volume={E104-D},
number={11},
pages={1902-1912},
abstract={With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.},
keywords={},
doi={10.1587/transinf.2021NGP0005},
ISSN={1745-1361},
month={November},}
Copier
TY - JOUR
TI - CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
T2 - IEICE TRANSACTIONS on Information
SP - 1902
EP - 1912
AU - Tianshi MU
AU - Huabing ZHANG
AU - Jian WANG
AU - Huijuan LI
PY - 2021
DO - 10.1587/transinf.2021NGP0005
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2021
AB - With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.
ER -