| With the continuous development of the Internet,whether the operating system of a mobile phone is convenient,fast and safe is increasingly valued by users.Android system is currently the most popular and widely used operating system for mobile phones and other portable devices.The Android system is sometimes threatened in many ways.Among them,attacks using various vulnerabilities of the Android kernel are currently the most serious threats.Many measures can be taken to protect the normal operation of the Android system,and the Android system itself has some means to mitigate the vulnerability.These measures have protected the normal operation of the Android system kernel to a certain extent.In Android systems,KASLR(kernel address space layout randomization)is an important vulnerability mitigation measure.As a malicious attacker,in order to fight against KASLR,it is necessary to find a loophole that leads to information leakage in order to obtain the required module base address.Although the vulnerability that leads to information leakage is a kind of kernel vulnerability,this type of vulnerability has special features.Traditional memory corruption vulnerabilities will affect the normal operation of the system.This kind of anomaly is easy for us to observe,and then patch the loophole.However,information leakage vulnerabilities will not trigger system anomalies.Even if the vulnerability exists,it will not crash the system.This makes it very difficult to find them.Therefore,research on related vulnerabilities is currently lacking.In response to the above problems,this article made the following work:1.The security of the Android kernel is studied.Through the research and analysis of the Android kernel,the Android kernel information leakage vulnerability is studied,and a method for discovering the Android kernel memory information leakage vulnerability based on taint tracking is proposed.This method pollutes the stack of the Android system,provides a tracking method for memory information leakage,and can find the location of the information leakage.2.Constructed a framework for fuzzing the Android kernel.The framework mainly obtains the location of the Android kernel memory leak by tracking pollution data and fuzzing the Android system kernel.3.In order to evaluate the framework proposed in this article,the author carried out the actual construction of the framework,and tested the framework on many different versions of Android devices,respectively selected 4 different mobile platforms,and the stable version of Android 6.0,7.0 and 8.0,and the information disclosure vulnerability was successfully found.The test results prove the effectiveness and applicability of the framework proposed in this article. |
PDF Full Text Request