Research On Vulnerability Mining Technology Of Android Kernel Based On State

This paper introduces the security mechanism of the Android kernel,the characteristics of the vulnerability and the technology of Android kernel vulnerability mining.The traditional kernel fuzz testing technology usually uses a large number of random test cases to test,and then uses a variety of methods to improve the code coverage.However,due to the low efficiency of random fuzz testing and the elimination of invalid test data,most of the data are tested on the normal logic function,and only a small amount of data can enter deep code.In addition,the data that trigger the exception is always on the unexpected input data and system state.The exception caused by input data is easy to be detected by random fuzz testing.With the research of security technology,many shallow code vulnerabilities are found,and the latest discovered vulnerabilities are becoming more and more complex.Many security vulnerabilities need to input malicious data on the basis of certain conditions to trigger exceptions.In this case,the fuzz testing of mutating the input data alone is not very good.Based on the above background,this paper proposes a state based kernel vulnerability mining technology,where the state refers to the fragile state of the system.Based on the research of Android kernel code and historical vulnerabilities,this paper proposes the Android kernel vulnerability state,and then performs fuzz testing on Android kernel based on fragile state.In this paper,a kernel finite state machine model is built for kernel vulnerability,and a kernel fuzz testing algorithm based on finite state machine is designed,and the implementation of fuzz testing is guided by the idea of finite state machine.In this paper,we design and implement a state based kernel vulnerability mining tool AndFuzzer,which includes the building module of state library,the state selection module,the test case generation module,the fuzz testing module,the exception handling module and the feedback module.This paper through the PF_PACKET module of Android kernel,sysfs interface and socket test,we found three kernel vulnerabilities,and reproduced many historical vulnerabilities.Experimental results show that the proposed state based on kernel vulnerabilities mining technology is effective,also verifies the effectiveness of AndFuzzer tools.