TY  - EJOU
AU  - Qin, Jiawei 
AU  - Zhang, Hua 
AU  - Yan, Hanbing 
AU  - Zhu, Tian 
AU  - Hu, Song 
AU  - Yan, Dingyu 

TI  - BArcherFuzzer: An Android System Services Fuzzier via Transaction Dependencies of BpBinder
T2  - Intelligent Automation \& Soft Computing

PY  - 2024
VL  - 39
IS  - 3
SN  - 2326-005X

AB  - By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services. The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages, all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures (CVE) number (CVE-2020-0363).
KW  - Android OS; vulnerability detection; binder; fuzz testing; genetic algorithm

DO  - 10.32604/iasc.2024.047509