CRAXDroid:通过选择性符号执行自动Android系统测试

2014 IEEE Eighth International Conference on Software Security and Reliability-Companion Pub Date : 2014-06-30 DOI:10.1109/SERE-C.2014.32

Chao-Chun Yeh, Han-Lin Lu, Chun-Yen Chen, Kee Kiat Khor, Shih-Kun Huang

{"title":"CRAXDroid:通过选择性符号执行自动Android系统测试","authors":"Chao-Chun Yeh, Han-Lin Lu, Chun-Yen Chen, Kee Kiat Khor, Shih-Kun Huang","doi":"10.1109/SERE-C.2014.32","DOIUrl":null,"url":null,"abstract":"Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"100 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"CRAXDroid: Automatic Android System Testing by Selective Symbolic Execution\",\"authors\":\"Chao-Chun Yeh, Han-Lin Lu, Chun-Yen Chen, Kee Kiat Khor, Shih-Kun Huang\",\"doi\":\"10.1109/SERE-C.2014.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.\",\"PeriodicalId\":373062,\"journal\":{\"name\":\"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion\",\"volume\":\"100 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2014.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2014.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

智能手机和平板电脑等移动设备正在成为常见的个人设备。中央软件市场的商业模式也在蓬勃发展，并成为这些设备上软件包的主要分发来源。然而，这些设备通常包含个人隐私信息，可以用来进行涉及数据泄露和发送短信等支付事件的操作。因此，移动设备上的软件质量成为一个关键问题。我们的目标是检查现成的软件是否存在缺陷行为或潜在漏洞，帮助官方APP或第三方市场确保其软件不存在隐私问题。我们通过修改我们的软件质量保证和漏洞生成平台CRAX，构建了一个android APP测试平台，应用于android平台。它被称为CRAXDroid，它允许任何输入作为APP的测试源，而不需要源代码。这些方法基于符号执行技术和android仿真器。通过自动探索执行路径，我们可以发现潜在的软件缺陷。我们在Android应用程序上进行了几个实验来证明我们的方法的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CRAXDroid: Automatic Android System Testing by Selective Symbolic Execution

Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE Eighth International Conference on Software Security and Reliability-Companion

自引率

0.00%

发文量