| 基于Fuzzing的Android应用通信过程漏洞挖掘技术 |
| |
| 作者姓名: | 王凯 刘奇旭 张玉清 |
| |
| 作者单位: | 中国科学院大学 国家计算机网络入侵防范中心, 北京 101408 |
| |
| 基金项目: | 国家自然科学基金(61272481,61303239)、北京市自然科学基金(4122089)、国家发改委信息安全专项(发改办高技[2012]1424号)和中国科学院大学校长基金资助 |
| |
| 摘 要: | 在通信过程中,如果Android应用对其私有组件保护不充分,会导致组件暴露漏洞的存在.以往针对Android应用通信过程的漏洞挖掘方法不能准确发现这种安全威胁.为解决上述问题,提出一种结合Fuzzing技术和逆向分析的漏洞挖掘方法,设计并实现了漏洞挖掘工具KMDroid.实验结果表明,KMDroid可以有效挖掘应用通信过程中存在的安全漏洞.
|
| 关 键 词: | Android Fuzzing 逆向分析 应用通信 安全漏洞 |
| 收稿时间: | 2013-09-27 |
| 修稿时间: | 2014-01-03 |
Android inter-application communication vulnerability mining technique based on Fuzzing |
| |
| Authors: | WANG Kai LIU Qixu ZHANG Yuqing |
| |
| Institution: | National Computer Network Intrusion Protection Center, University of Chinese Academy of Science, Beijing 101408, China |
| |
| Abstract: | If an Android application could not protect its private components well in the process of inter-application communication, there would exist exposed component vulnerabilities. The current vulnerability mining technique cannot identify such vulnerabilities accurately. To solve this problem, we propose a new vulnerability mining method which combines Fuzzing with reverse analysis, and design a vulnerability mining tool named KMDroid. Experimental results show that KMDroid can discover the vulnerability of inter-application communication effectively. |
| |
| Keywords: | Android Fuzzing reverse analysis inter-application communication vulnerabilities |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
