TY - JOUR
T1 - Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation
AU - Luo, Lannan
AU - Zeng, Qiang
AU - Cao, Chen
AU - Chen, Kai
AU - Liu, Jian
AU - Liu, Limin
AU - Gao, Neng
AU - Yang, Min
AU - Xing, Xinyu
AU - Liu, Peng
N1 - Publisher Copyright:
© 2002-2012 IEEE.
PY - 2020/12/1
Y1 - 2020/12/1
N2 - Android Application Framework is an integral and foundational part of the Android system. Each of the two billion (as of 2017) Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is indeed vulnerable and exploitable. While there is a large body of studies on Android application analysis, research on Android Framework analysis is very limited. In particular, to our knowledge, there is no prior work that investigates how to enable symbolic execution of the framework, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to the middleware nature and technical peculiarities of the framework that impinge on the analysis, many unique challenges arise and are addressed in Centaur. The system has been applied to discovering new vulnerability instances, which can be exploited by recently uncovered attacks against the framework, and to generating PoC exploits.
AB - Android Application Framework is an integral and foundational part of the Android system. Each of the two billion (as of 2017) Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is indeed vulnerable and exploitable. While there is a large body of studies on Android application analysis, research on Android Framework analysis is very limited. In particular, to our knowledge, there is no prior work that investigates how to enable symbolic execution of the framework, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to the middleware nature and technical peculiarities of the framework that impinge on the analysis, many unique challenges arise and are addressed in Centaur. The system has been applied to discovering new vulnerability instances, which can be exploited by recently uncovered attacks against the framework, and to generating PoC exploits.
UR - http://www.scopus.com/inward/record.url?scp=85086995672&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85086995672&partnerID=8YFLogxK
U2 - 10.1109/TMC.2019.2936561
DO - 10.1109/TMC.2019.2936561
M3 - Article
AN - SCOPUS:85086995672
SN - 1536-1233
VL - 19
SP - 2946
EP - 2964
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
IS - 12
M1 - 8807272
ER -