Android has become the most popular mobile OS, as it enables device manufacturers to introduce customizations to compete with value-added services. However, customizations make the OS less dependable and secure, since they can introduce software flaws. Such flaws can be found by using fuzzing, a popular testing technique among security researchers. This paper presents Chizpurfle, a novel "gray-box" fuzzing tool for vendor-specific Android services. Testing these services is challenging for existing tools, since vendors do not provide source code and the services cannot be run on a device emulator. Chizpurfle has been designed to run on an unmodified Android OS on an actual device. The tool automatically discovers, fuzzes, and profiles proprietary services. This work evaluates the applicability and performance of Chizpurfle on the Samsung Galaxy S6 Edge, and discusses software bugs found in privileged vendor services.

Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations / Iannillo, Antonio Ken; Natella, Roberto; Cotroneo, Domenico; Nita-Rotaru, Cristina. - 2017:(2017), pp. 1-11. (Intervento presentato al convegno 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017 nel 2017) [10.1109/ISSRE.2017.16].

Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations

Iannillo, Antonio Ken;Natella, Roberto;Cotroneo, Domenico;
2017

Abstract

Android has become the most popular mobile OS, as it enables device manufacturers to introduce customizations to compete with value-added services. However, customizations make the OS less dependable and secure, since they can introduce software flaws. Such flaws can be found by using fuzzing, a popular testing technique among security researchers. This paper presents Chizpurfle, a novel "gray-box" fuzzing tool for vendor-specific Android services. Testing these services is challenging for existing tools, since vendors do not provide source code and the services cannot be run on a device emulator. Chizpurfle has been designed to run on an unmodified Android OS on an actual device. The tool automatically discovers, fuzzes, and profiles proprietary services. This work evaluates the applicability and performance of Chizpurfle on the Samsung Galaxy S6 Edge, and discusses software bugs found in privileged vendor services.
2017
9781538609415
Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations / Iannillo, Antonio Ken; Natella, Roberto; Cotroneo, Domenico; Nita-Rotaru, Cristina. - 2017:(2017), pp. 1-11. (Intervento presentato al convegno 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017 nel 2017) [10.1109/ISSRE.2017.16].
File in questo prodotto:
File Dimensione Formato  
08109068.pdf

solo utenti autorizzati

Tipologia: Documento in Post-print
Licenza: Accesso privato/ristretto
Dimensione 858.01 kB
Formato Adobe PDF
858.01 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/697699
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 22
  • ???jsp.display-item.citation.isi??? 12
social impact