Open Access

ARTICLE

BArcherFuzzer: An Android System Services Fuzzier via Transaction Dependencies of BpBinder

Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

1 The State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100080, China
2 The National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, 100012, China

* Corresponding Author: Hua Zhang. Email:

(This article belongs to the Special Issue: AI Powered Human-centric Computing with Cloud/Fog/Edge)

Intelligent Automation & Soft Computing 2024, 39(3), 527-544. https://doi.org/10.32604/iasc.2024.047509

Received 07 November 2023; Accepted 14 March 2024; Issue published 11 July 2024

Abstract

By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services. The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages, all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures (CVE) number (CVE-2020-0363).

---

Keywords

---