Abstract
The wide application of mobile terminals that makes the software and hardware of mobile platforms gradually become the important target of malicious attackers. In response to the above problems, this paper proposes a vulnerability mining scheme based on Fuzzing. In this scheme, many methods are used to generate a large number of test cases. After the application receives the corresponding test cases, it analyzes the output results and the exceptions thrown. The experimental results show that the scheme can effectively excavate the vulnerabilities of mobile office software on the Android platform, and has certain reliability.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Nowadays, Android has become the mobile phone operating system with the largest market share, and its development boom has also brought about new network security issues [1, 2], such as criminals taking advantage of mobile phone program vulnerabilities to seek benefits, and leaking user privacy. Therefore, vulnerability testing of Android applications is essential before facing users [3].
There are few types of research onvulnerability mining of office software onthe Android platform, and the design of test cases is relatively simple. To better solve the threat of Android memory corruption vulnerability, this paper designs, and implements a Fuzzing-based Android platform domestic office software vulnerability mining system. Under the Android platform, office software constructs special test cases, observes the exceptions thrown and the process crashes to find out the possible vulnerabilities, and ensures the security of the mobile offices.
The main contributions of this paper are as follows:
-
1.
Generate test cases by mutation-based, generation-based, and Char-RNN-based methods to ensure the coverage of test cases and detect applications from multiplesides.
-
2.
Analyze the operating mechanism of office software applications under the Android platform, and construct a set of effective fuzzing test schemes, which can run successfully under various versions of Android and have a wide range of applications.
-
3.
Design and implement a set of office software vulnerability mining systems based on Fuzzing technology to find possible vulnerabilities [4]. The system is simple and easy to use, displays the process and results intuitively, and reduces the threshold of use. The system adopts a modular design, and each module runs independently to facilitate the subsequent functional debugging and upgrading of the vulnerability mining system [5].
The structure of this paper is as follows: Chapter One gives a brief introduction, Chapter Two designs the overall framework and various modules of the system, Chapter Three implements the system, Chapter Four conducts experiments and evaluations, Chapter Five summarizes and puts forward the improvement direction.
2 System Architecture Design
The system is divided into four modules: visualization platform module, test case generation module, fuzzing module, and automatic analysis module. The visualization platform module constructs the graphic page of the entire system, the test case generation module is responsible for constructing semi-effective test cases, the fuzzing module is responsible for the entire process of test cases from sending to running, and the automatic analysis module is responsible for analyzing the crash information and logs that appear during the test to discover the security vulnerabilities that exists. As shown in Fig. 1:
3 Implementation of System Module
3.1 Test Case Generation Module
Mutation-based Method. Mutation-based test case generation requires samples to be obtained in advance, and the steps for generating PDF and HTML are similar. Take the generation of a PDF file as an example, collect a malicious PDF sample set from GitHub as input for subsequent mutation operations. In the program, use the generate_dumb_pdf_sample() method to achieve. By controlling the number of mutations, the input files are mutated to different degrees to ensure the coverage of the generated samples. The specific process is shown in Fig. 2:
The main steps are as follows:
-
(1)
Use the choice() function of the random module to randomly select one from the preset sample library as the given valid input;
-
(2)
Obtain the length of the file, use the randrang() function in the random module to randomly select a position “start” as the starting point for subsequent operations;
-
(3)
Determine the text length “len” for mutation, and choose arbitrarily on the premise that it does not exceed the maximum length of the file;
-
(4)
Perform mutation operations based on the values of “start” and “len”, such as inserting a random character, deleting a character or flipping a character, etc.;
-
(5)
Write the content obtained after mutation into a new PDF file for subsequent fuzzing.
Generation-based Method. The system made some modifications to the grammar rules of the Google Domato open-source fuzzing test tool to generate PDF files and HTML files for testing. To generate HTML, just call the gen_new_jscript_js() function in Domato. Generate PDF test cases using m PDF (a PHP library) method, the generation steps are as follows:
-
(1)
Call the header() method in mpdf to write the file header of the pdf, where “%PDF-1.1” is used.
-
(2)
Call the indirect object() method in mpdf to write the object.
-
(3)
Call the gen_new_jscript_js() method to randomly select and generate a javaScript script from the modified Domato grammar rule library and write it into the object.
-
(4)
Call the xref And Trailer() method in mpdf to write the cross-reference table and tail of the pdf.
Char-RNN-based Method. The system uses Char-RNN to generate test cases as a supplement to ensure the comprehensiveness of test cases and uses TensorFlow to quickly build the Char-RNN framework. The specific process is as follows:
-
(1)
Read and decode the sample set, and convert it to UTF-8 encoding. Vectorize the sample and establish the mapping relationship between strings and numbers.
-
(2)
The text is divided into text blocks with the growth of x + 1. Each input sequence contains x characters in the text, and the corresponding target sequence is moved one character to the right. Rearrange and package the data into batches.
-
(3)
Use tf. keras. Sequential to define the model.
-
(4)
Add optimizer and loss function. Apply the tf. keras. Model. compile method to configure the training steps.Use tf. keras. optimizers. Adam with default parameters and loss function.
-
(5)
Use tf. keras. callbacks. Model Checkpoint to ensure that checkpoints are saved during training.
3.2 Fuzzing Module
Fuzzing is the core part of the entire vulnerability mining system. Before running the system, get the device id of the Android device. After installing adb under windows, use a data cable to connect the Android device to the PC. Set the Android device connection mode to “USB MIDI”, and enter the “adb devices” command to get the device id of the currently connected device.Take WPS as the test object for fuzzing. The test process is shown in Fig. 3.
-
(1)
Call the adb_connection_int() method to initialize the connection. Restart the adb server, connect to the Android device and clear its background according to the WPS package name “cn.wps.moffice_eng” to minimize the interference of other factors in the subsequent testing process.
-
(2)
Enter “http://192.168.189.1:1337/” in any browser to open the visualization page, select the fuzzing test method on this page, and click the “Start” button to start the test.
-
(3)
The background receives the information from the front endand generates the corresponding PDF test case according to the fuzzing method selected by the user. Call the pdf _fuzz() method to start the fuzzing process. Run the WPS application after unlocking the screen of the device, then open the test file and collect all kinds of information feedback from the application during the running process. Execute “adb shell am force-stop cn. wps. moffice_eng” to stop the application.Wait for a while of time before the next fuzzing operation to prevent problems caused by the long-time load operation of the equipment.
3.3 Automatic Analysis Module
The automatic analysis process filters the log information collected during the fuzzing process.Due to the influence of many human factors and uncontrollable factors such as equipment, server, operating environment, etc., Fuzzing technology has the possibility of false alarms, that is, the abnormal information thrown maybe just some bugs, which cannot be called vulnerabilities. Therefore, the automatic analysis function is added to the system. The specific process is shown in Fig. 4.
Use the “adb logcat -d” command to view the corresponding log information, call “subprocess. Popen()” to run the command as a subprocess and get a return value, which is the log information. Use a loop to determine whether there are key signals about vulnerabilities predefined in the setting file in the log information, as shown in Table 1. If it exists, save this piece of log information and the test case that caused the log information in the specified folder. Finally, use the adb command “adb logcat -c” to clear the old logs and enter the next test process.
4 Experiment and Evaluation
4.1 Experimental Environment
The equipment used in this system includes a PC device and an Android device. The system of the PC device is win10 system, and the IP address is 192.168.189.1. The system of the Android device is Android 4.The mobile office applications tested are WPS Office and UC browser, In addition, Adobe Reader and Chrome browsers are selected as test comparisons.The applications are downloaded from regular channels.
4.2 Experimental Results
Use the system to test different mobile office applications, and the results are shown in Table 2:
4.3 Evaluation
Among the three test case generation methods, the mutation-based method has the least amount of calculation and the fastest generation speed, while the Char-RNN based method has the largest amount of calculation and the slowest generation speed. On the effectiveness of test cases, the method based on generation is the best, the method based on char RNN is the second, and the method based on variation is the worst. The overall test speed of the same type of application is similar. Compared with the PDF Reader, the browser is more likely to be attacked in DOM parsing [9].
Enter the crash folder to view the recorded log file, as shown in Fig. 5.
Check the log files of all the vulnerabilities and find that they all contain the “SIGSEGV” keyword, and all appear “Fatal signal 11 (SIGSEGV) at 0x0000413d (code = -6), thread 16718 (CrRenderer Main)” type of crash, indicating that the problem of null pointer triggers the vulnerability and then causes the application to crash. The backtrace file in the log records the specific information when the application crashes, and the result is shown in Fig. 6. It can be seen from the figure that there is a problem with the so file, that is, an overflow of the static data area of the application.
5 Conclusion
Currently, the vulnerability of office software under the Android platform has security risks. In response to this problem, this paper designs and implements a domestic office software vulnerability mining system based on Fuzzing technology, analyzes the vulnerabilities that may cause it to crash, generates a large number of test cases, and conducts vulnerability mining through the method of fuzzing. The experimental results show the feasibility of the designed system, which can provide support for developers to improve the application program and improve the completeness of the application program.
The system designed in this paper has certain limitations. It can only detect specific vulnerabilities in specific types of applications, that is, memory vulnerabilities in mobile office software. It is not yet possible to conduct comprehensive vulnerability detection on all Android applications. More in-depth research is needed in the future.
References
Enck, W., Ongtang, M., Mc Daniel, P.: Understanding android security. IEEE Secur. Priv. Mag. (Pennsylvania: Berlin), 7, 50–57 (2009)
Ding, L.P.: Security analysis of Android operating system NETINFO SECURITY 28–31 (2012)
Feng, S.Q.: Android Software Security and Reverse Analysis ed Chen B and Fu Z, pp. 236–64 (2013)
Li, T., Huang, X., Liu, H.Y., Huang, R.: Software vulnerability mining technology based on fuzzing. J. Val. Eng. 3, 197–199 (2014)
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis USENIX Association (New York: Berkeley), p. 29 (2012)
Papaevripides, M., Athanasopoulos, E.: Exploiting mixed binaries. ACM Trans. Priv. Secur. (Cyprus: New York), 24, 1–29 (2021)
Palit, T., Monrose, F., Polychronakis, M.: Mitigating data-only attacks by protecting memory-resident sensitive data digital threats: research and practice. Dig. Threats Res. Practice, 1–26 (2020)
Schmeelk, S., Yang, J., Aho, A.: Android malware static Analysis Techniques. In: Proceeding of the10th Annual Cyber and Information Security Research ConfACMVol 6 (Bellevue: New York), pp. 569–584 (2015)
Mulliner, C., Miller, C.: Fuzzing the phone in your phone Black Hat USA (LAS VEGAS) (2009)
Acknowledgement
This research was financially supported by the National Key RD Program of China (2018YFB1004100), China Postdoctoral Science Foundation-funded project (2019M650606), and the First-class Discipline Construction Project of Beijing Electronic Science and Technology Institute (3201012).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Huang, Y., Wang, Z., Ou, H., Chi, Y. (2022). Fuzzing-Based Office Software Vulnerability Mining on Android Platform. In: Qian, Z., Jabbar, M., Li, X. (eds) Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. WCNA 2021. Lecture Notes in Electrical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-19-2456-9_114
Download citation
DOI: https://doi.org/10.1007/978-981-19-2456-9_114
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2455-2
Online ISBN: 978-981-19-2456-9
eBook Packages: EngineeringEngineering (R0)