skip to main content
research-article

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing

Published:14 March 2015Publication History
Skip Abstract Section

Abstract

The development of a new application virtual machine (VM), like the creation of any complex piece of software, is a bug-prone process. In version 5.0, the widely-used Android operating system has changed from the Dalvik VM to the newly-developed ART VM to execute Android applications. As new iterations of this VM are released, how can the developers aim to reduce the number of potentially security-threatening bugs that make it into the final product? In this paper we combine domain-aware binary fuzzing and differential testing to produce DexFuzz, a tool that exploits the presence of multiple modes of execution within a VM to test for defects. These modes of execution include the interpreter and a runtime that executes ahead-of-time compiled code. We find and present a number of bugs in the in-development version of ART in the Android Open Source Project. We also assess DexFuzz's ability to highlight defects in the experimental version of ART released in the previous version of Android, 4.4, finding 189 crashing programs and 15 divergent programs that indicate defects after only 5,000 attempts.

References

  1. american-fuzzy-lop on Google Code. https://code.google.com/p/american-fuzzy-lop/. Accessed: 2014-11-12.Google ScholarGoogle Scholar
  2. Alien Dalvik. http://www.myriadgroup.com/products/device-solutions/mobile-software/alien-dalvik/. Accessed: 2014-11-25.Google ScholarGoogle Scholar
  3. BlueStacks AppPlayer. http://www.bluestacks.com/app-player.html. Accessed: 2014-11-25.Google ScholarGoogle Scholar
  4. HITB2014AMS - Day 1 - State of the ART: Exploring the new Android KitKat Runtime. https://www.corelan.be/index.php/2014/05/29/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime/. Accessed: 2014-11-20.Google ScholarGoogle Scholar
  5. Peachfuzzer. http://peachfuzzer.com/. Accessed: 2014-11-20.Google ScholarGoogle Scholar
  6. smali - an assembler/disassembler for android's dex format on Google Code. https://code.google.com/p/smali/. Accessed: 2014-11-19.Google ScholarGoogle Scholar
  7. K. Claessen and J. Hughes. Quickcheck: A lightweight tool for random testing of haskell programs. In Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming, ICFP '00, pages 268--279, New York, NY, USA, 2000. ACM. ISBN 1-58113-202-6. 10.1145/351240.351266. URL http://doi.acm.org/10.1145/351240.351266. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. K. Dewey, J. Roesch, and B. Hardekopf. Language fuzzing using constraint logic programming. In Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, ASE '14, pages 725--730, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-3013-8. 10.1145/2642937.2642963. URL http://doi.acm.org/10.1145/2642937.2642963. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Holler, K. Herzig, and A. Zeller. Fuzzing with code fragments. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 38--38, Berkeley, CA, USA, 2012. USENIX Association. URL http://dl.acm.org/citation.cfm?id=2362793.2362831. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. K. Jayaraman, D. Harvison, V. Ganesh, and A. Kiezun. jfuzz: A concolic whitebox fuzzer for java. In NASA Formal Methods, pages 121--125, 2009.Google ScholarGoogle Scholar
  11. A. Lanzi, L. Martignoni, M. Monga, and R. Paleari. A smart fuzzer for x86 executables. In Proceedings of the Third International Workshop on Software Engineering for Secure Systems, SESS '07, pages 7--, Washington, DC, USA, 2007. IEEE Computer Society. ISBN 0-7695-2952-6. 10.1109/SESS.2007.1. URL http://dx.doi.org/10.1109/SESS.2007.1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. V. Le, M. Afshari, and Z. Su. Compiler validation via equivalence modulo inputs. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, pages 216--226, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-2784-8. 10.1145/2594291.2594334. URL http://doi.acm.org/10.1145/2594291.2594334. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. B. P. Miller, L. Fredriksen, and B. So. An empirical study of the reliability of unix utilities. Commun. ACM, 33 (12): 32--44, Dec. 1990. ISSN 0001-0782. 10.1145/96267.96279. URL http://doi.acm.org/10.1145/96267.96279. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. P. Purdom. A sentence generator for testing parsers. BIT Numerical Mathematics, 12 (3): 366--375, 1972. ISSN 0006-3835. 10.1007/BF01932308. URL http://dx.doi.org/10.1007/BF01932308.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. G. Wen, Y. Zhang, Q. Liu, and D. Yang. Fuzzing the actionscript virtual machine. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 457--468, New York, NY, USA, 2013. ACM. ISBN 978-1-4503-1767-2. 10.1145/2484313.2484372. URL http://doi.acm.org/10.1145/2484313.2484372. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in c compilers. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 283--294, New York, NY, USA, 2011. ACM. ISBN 978-1-4503-0663-8. 10.1145/1993498.1993532. URL http://doi.acm.org/10.1145/1993498.1993532. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!