计算机工程与应用2018,Vol.54Issue(4):110-116,7.DOI:10.3778/j.issn.1002-8331.1609-0195
ParaIntentFuzz:安卓应用漏洞的并行化模糊测试方法
ParaIntentFuzz:Android applications parallel fuzzing system
摘要
Abstract
Permission leakage is a common kind of vulnerability among Android applications.This kind of vulnerability can lead to serious security problem. Fuzzing the Intent to discover the expose of components and find the permission leakage from the exposed components is an efficient method to mine permission leakage.However,existing works based on Intent Fuzz to test this kind of vulnerability are only running on single machine,which leads to low availability.A par-allel fuzzing system based on dynamic task distribution,named ParaIntentFuzz,is implemented.It first extracts extra infor-mation from application by static analysis and then constructs Intent commands.After sending commands to target applica-tion via Drozer,ParaIntentFuzz can effectively fuzz the target application.The system is deployed on four computers.With ParaIntentFuzz,it analyzes 10 064 Android applications and finds 7 367 of them having permission leakage problem.关键词
权限泄露/漏洞挖掘/并行/AndroidKey words
permission leakage/vulnerability mining/parallel/Android分类
信息技术与安全科学引用本文复制引用
李川,刘宝旭..ParaIntentFuzz:安卓应用漏洞的并行化模糊测试方法[J].计算机工程与应用,2018,54(4):110-116,7.基金项目
国家高技术研究发展计划(863)(No.2015AA017202). (863)
