Android Driver Vulnerability Mining Algorithm And Application Research Based On Fuzz Testing

The Android driver is an important part of physical devices to realize their functions,and it is also an important carrier between the system and hardware.Due to the special ecology,the Android system carries drivers provided from various aspects,but the driver lacks a unified standard security review,and has always hidden many security vulnerabilities.Most of the traditional methods of vulnerability mining is that Fuzzy testing of driving-related system calls with a large number of random data.This kind of randomly constructed test sample has a great deal of blindness,test data often can not enter the program is ended,which cannot effectively achieve the purpose of program safety testing.In addition,the randomly constructed data will destroy the correlation between parameters to a certain extent.In this case,the efficiency of driving vulnerability mining is relatively low.In view of the above relevant background,this paper proposes a new type of fuzzing technology based on known drive interface information.The thesis first analyzes the registration operation mechanism of the drive device and the relevant kernel source code,and summarizes the regularity of the drive interface control parameter settings.In addition,the interface called by the drive system is studied and analyzed,and the ioctl interface with frequent data interaction is selected as the fuzzing test target.According to the rules set by the ioctl interface parameters,this paper proposes a driver interface information extraction technology based on source code text association search.This technology only needs to provide the corresponding version of the kernel source code and the relevant path file of the driver,and then it can extract the fuzzy test interface information of each driver according to the rules.The Android kernel is developed based on the Linux kernel,the kernel code also inherits its open source features,and the source code file path corresponding to each driver device is relatively fixed.Therefore,when you know the name of the driver device from the device,you can search for the cmd operation command required by ioctl,the parameter type passed,and other information according to its corresponding path file.During the search process,based on the characteristics of the kernel source code's various association dependencies,iterative text search technology is used,that is,if the query information is not obtained in the current file,continue to include the path of the header file in the current text "include" Iterate through the search until the required information is found or the set number of levels is reached.This type of source code-based correlation search technology can accurately obtain the parameter values required for fuzzing,which improves the accuracy of test cases to a certain extent.Under the premise of obtaining interface information,this paper designs and implements the fuzzy test tool ADdigger for Android driver vulnerability mining combined with genetic algorithm.The tool cleverly integrates the genetic algorithm into the parameter optimization process of fuzzy testing,and flexibly sets the fitness evaluation function according to the number of parameters of the test interface during the testing process.And in the genetic variation module,a selection operator based on parameter type priority combination mutation is proposed.This selection operator model will have a small mutation space,use a data type with a high frequency as a genetic individual with priority mutation,and combine the combination formula will be excellent Individual gene bundles mutate simultaneously.This selection mode will invisibly increase the possibility of triggering vulnerabilities,alleviate the problem of combinatorial explosion,help to accelerate the evolution direction of fuzzing,and maintain the balance of relationships between parameters to a certain extent.Through ADdigger testing on four mobile phones,a total of 51 vulnerabilities were found in 38 driver modules of four kernel versions.The results show that several of these vulnerabilities coincide with the vulnerability characteristics numbered CVE-2016-2468,CVE-2016-3867,and CVE-2017-0531.And in the stage of recurring vulnerabilities,the test data is re-sent to the test interface,and the vulnerabilities can also be reproduced completely.The experimental results show that this fuzzy test technology based on the known driver interface is effective,and it also shows the effectiveness of the ADdigger driver vulnerability mining tool.