TY - GEN
T1 - System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation
AU - Luo, Lannan
AU - Zeng, Qiang
AU - Cao, Chen
AU - Chen, Kai
AU - Liu, Jian
AU - Liu, Limin
AU - Gao, Neng
AU - Yang, Min
AU - Xing, Xinyu
AU - Liu, Peng
N1 - Publisher Copyright:
© 2017 Copyright held by the owner/author(s).
PY - 2017/6/16
Y1 - 2017/6/16
N2 - Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.
AB - Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.
UR - http://www.scopus.com/inward/record.url?scp=85026260421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85026260421&partnerID=8YFLogxK
U2 - 10.1145/3081333.3081361
DO - 10.1145/3081333.3081361
M3 - Conference contribution
AN - SCOPUS:85026260421
T3 - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
SP - 225
EP - 238
BT - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
PB - Association for Computing Machinery, Inc
T2 - 15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017
Y2 - 19 June 2017 through 23 June 2017
ER -