Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries
Fuzzing is an effective method for detecting security bugs in software, and there have been quite a few effective works on fuzzing Android. Researchers have developed methods for fuzzing open-source native APIs and Java interfaces on actual Android devices. However, the realm of automatically fuzzing Android closed-source native libraries, particularly on emulators, remains insufficiently explored. There are two key challenges: firstly, the multi-language programming model inherent to Android; and secondly, the absence of a Java runtime environment within the emulator.
To address these challenges, we propose Atlas, a practical automated fuzz framework for Android closed-source native libraries. Atlas consists of an automatic harness generator and a fuzzer containing the necessary runtime environment. The generator uses static analysis techniques to deduce the correct calling sequences and parameters of the native API according to the information from the "native world" and the "Java world". To maximize the practicality of the generated harness, Atlas heuristically optimizes the generated harness. The Fuzzer provides the essential Java runtime environment in the emulator, making it possible to fuzz the Android closed-source native libraries on a multi-core server. We have tested Atlas on 17 pre-installed apps from four Android vendors. Atlas generates 820 harnesses containing 767 native APIs, of which 78% is practical. Meanwhile, Atlas has discovered 74 new security bugs with 16 CVEs assigned. The experiments show that Atlas can efficiently generate high-quality harnesses and find security bugs.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 11:50 | |||
10:30 20mTalk | Atlas: Automating Cross-Language Fuzzing on Android Closed-Source Libraries Technical Papers Hao Xiong Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Qinming Dai Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Rui Chang Zhejiang University, Mingran Qiu Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Renxiang Wang Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Wenbo Shen Zhejiang University, Yajin Zhou Zhejiang University; ZJU-Hangzhou Global Scientific and Technological Innovation Center DOI | ||
10:50 20mTalk | Feedback-Driven Automated Whole Bug Report Reproduction for Android Apps Technical Papers Dingbang Wang University of Connecticut, Yu Zhao University of Cincinnati, Sidong Feng Monash University, Zhaoxu Zhang University of Southern California, William G.J. Halfond University of Southern California, Chunyang Chen TU Munich, Xiaoxia Sun China Mobile (Suzhou) Software Technology, Jiangfan Shi Zhejiang University, Tingting Yu University of Connecticut DOI | ||
11:10 20mTalk | NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android Apps Technical Papers Jikai Wang Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology DOI | ||
11:30 20mTalk | Towards Automatic Oracle Prediction for AR Testing: Assessing Virtual Object Placement Quality under Real-World Scenes Technical Papers Xiaoyi Yang Rochester Institute of Technology, Yuxing Wang Rochester Institute of Technology, Tahmid Rafi University of Texas at San Antonio, Dongfang Liu Rochester Institute of Technology, Xiaoyin Wang University of Texas at San Antonio, Xueling Zhang Rochester Institute of Technology DOI | ||