Reference : Evolutionary Fuzzing of Android OS Vendor System Services
Scientific journals : Article
Engineering, computing & technology : Computer science
Computational Sciences
Evolutionary Fuzzing of Android OS Vendor System Services
Iannillo, Antonio Ken* mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Natella, Roberto* mailto [Universita degli Studi di Napoli Federico Secondo > DIETI]
Cotroneo, Domenico* mailto []
* These authors have contributed equally to this work.
Empirical Software Engineering
Kluwer Academic Publishers
Yes (verified by ORBilu)
[en] fuzz testing ; evolutionary algorithms ; Android OS
[en] Android devices are shipped in several flavors by more than 100 manufacturer partners, which extend the Android “vanilla” OS with new system services and modify the existing ones. These proprietary extensions expose Android devices to reliability and security issues. In this paper, we propose a coverage-guided fuzzing platform (Chizpurfle) based on evolutionary algorithms to test proprietary Android system services. A key feature of this platform is the ability to profile coverage on the actual, unmodified Android device, by taking advantage of dynamic binary re-writing techniques. We applied this solution to three high-end commercial Android smartphones. The results confirmed that evolutionary fuzzing is able to test Android OS system services more efficiently than blind fuzzing. Furthermore, we evaluate the impact of different choices for the fitness function and selection algorithm.

File(s) associated to this reference

Fulltext file(s):

Limited access
10.1007@s10664-019-09725-6.pdfPublisher postprint1.88 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.