Automatic Generation Of Capability Leaks'Exploits For Android Applications

The capability leak of Android applications is one kind of serious vulnerability.It causes other apps or attackers to leverage its capabilities to achieve their illegal goals.So it does great harm to Android security.At present,the security work of Android com-ponents is more concerned with the detection of vulnerabilities between Android com-ponents,ignoring the importance of exploits to confirm bugs for developers.Therefore,in this dissertation,we propose two tools which can automatically generate capability leaks,exploits of Android applications.They can help developers confirm bugs.(1)In our first tool,we utilize symbol execution technology to accurately compute the path conditions of each path that may trigger a vulnerability.And we utilize multiple optimization methods to optimize the symbol execution process based on the charac-teristics of the capability leak for Android applications,which make our tool applicable for practical apps.By applying our tool to 611 popular applications from Wandoujia,our first tool detects 6,566 capability leaks of 16 kinds of permissions.According to our experiment,our symbolic execution can produce high-precision test cases,the average path condition accuracy is 85.3%.Compared with similar work IntentFuzzer,our tool improves 14.97%in false negative rate.And the average analysis time per APP is 7.16 minutes,which can meet the time requirements of the actual application scenario.(2)In our second tool,we utilize instrumentation technology to get runtime infor-mation,and then utilize the runtime information to generate test cases.Compared with static analysis tool,this way can get more valid path conditions.At the same time,we utilize a context-sensitive,flow-sensitive inter-procedural data-flow analysis to accu-rately find instrumentation points and variables that contain path condition information.It ensures the completeness of path condition information that obtained from dynamic test.We also mutate path conditions to improve code coverage.By applying our tool to 611 popular applications from Wandoujia,our tool detects 7,143 capability leaks of 17 kinds of permissions.Compared with IntentFuzzer and our first tool,our second tool improves 19.39%and 5.30%respectively in false negative rate.And the average anal-ysis time per APP is 9.04 minutes,which can meet the time requirements of the actual application scenario.