检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Jiawei Qin Hua Zhang Hanbing Yan Tian Zhu Song Hu Dingyu Yan
机构地区:[1]The State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing,100080,China [2]The National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing,100012,China
出 处:《Intelligent Automation & Soft Computing》2024年第3期527-544,共18页智能自动化与软计算(英文)
基 金:This work was supported by the National Key R&D Program of China(2023YFB3106800);the National Natural Science Foundation of China(Grant No.62072051).We are overwhelmed in all humbleness and gratefulness to acknowledge my depth to all those who have helped me to put these ideas.
摘 要:By the analysis of vulnerabilities of Android native system services,we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server.The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage.In this paper,we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy.Based on the above method,we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services.The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages,all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures(CVE)number(CVE-2020-0363).
关 键 词:Android OS vulnerability detection BINDER fuzz testing genetic algorithm
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.117.169.247