Institutional Repository
| Vulnerability Detection of Android System in Fuzzing Cloud | |
| Wu, Jingzheng; Wu, Yanjun; Yang, Mutian; Wu, Zhifei; Wang, Yongji | |
| 2013 | |
| Conference Name | IEEE 6th International Conference on Cloud Computing (CLOUD) |
| Pages | 954-955 |
| Conference Date | JUN 27-JUL 03, 2013 |
| Conference Place | Santa Clara, CA |
| Indexed Type | CPCI |
| Publish Place | IEEE |
| ISSN | 2159-6182 |
| ISBN | 978-0-7695-5028-2 |
| Department | [Wu, Jingzheng; Wu, Yanjun; Yang, Mutian; Wu, Zhifei] Chinese Acad Sci, Inst Software, Beijing 100864, Peoples R China. |
| English Abstract | The rapid growth of Android system has encountered enormous security challenges. The vulnerabilities caused by the limited security models, coarse permission system and code flaws lead to private information leakage, deny of service, potential costs, etc. To detect these vulnerabilities, some analysis and security testing methods have been presented. However, most of these methods focus on certain aspects, for example, applications, permission, or capability leakage. In this paper, we propose a new detection paradigm named Fuzzing Cloud to detect vulnerabilities in Android system. Firstly, the architecture of fuzzing cloud is introduced, and the fuzzing nodes are investigated. Then, each layer of the Android system is decomposed into separated modules, and the fuzzing test cases are created with the endless capacity of processing power and storage in fuzzing cloud. Finally, the prototype of fuzzing cloud has been implemented, and some separated modules have been tested. The experiment results show that some vulnerabilities can be detected by the fuzzing cloud. It is also believed that after small extension, fuzzing cloud can detect vulnerabilities in other systems.; The rapid growth of Android system has encountered enormous security challenges. The vulnerabilities caused by the limited security models, coarse permission system and code flaws lead to private information leakage, deny of service, potential costs, etc. To detect these vulnerabilities, some analysis and security testing methods have been presented. However, most of these methods focus on certain aspects, for example, applications, permission, or capability leakage. In this paper, we propose a new detection paradigm named Fuzzing Cloud to detect vulnerabilities in Android system. Firstly, the architecture of fuzzing cloud is introduced, and the fuzzing nodes are investigated. Then, each layer of the Android system is decomposed into separated modules, and the fuzzing test cases are created with the endless capacity of processing power and storage in fuzzing cloud. Finally, the prototype of fuzzing cloud has been implemented, and some separated modules have been tested. The experiment results show that some vulnerabilities can be detected by the fuzzing cloud. It is also believed that after small extension, fuzzing cloud can detect vulnerabilities in other systems. |
| Keyword | Android Fuzzing Cloud Computing Vulnerability Detection Security Detection |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16540 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Wu, Jingzheng,Wu, Yanjun,Yang, Mutian,et al. Vulnerability Detection of Android System in Fuzzing Cloud[C]. IEEE,2013:954-955. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment