System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation

Lannan Luo, Qiang Zeng, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.

Original languageEnglish (US)
Title of host publicationMobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery, Inc
Pages225-238
Number of pages14
ISBN (Electronic)9781450349284
DOIs
StatePublished - Jun 16 2017
Event15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017 - Niagara Falls, United States
Duration: Jun 19 2017Jun 23 2017

Publication series

NameMobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

Other

Other15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017
CountryUnited States
CityNiagara Falls
Period6/19/176/23/17

Fingerprint

Middleware

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications
  • Software
  • Hardware and Architecture

Cite this

Luo, L., Zeng, Q., Cao, C., Chen, K., Liu, J., Liu, L., ... Liu, P. (2017). System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation. In MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (pp. 225-238). (MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services). Association for Computing Machinery, Inc. https://doi.org/10.1145/3081333.3081361
Luo, Lannan ; Zeng, Qiang ; Cao, Chen ; Chen, Kai ; Liu, Jian ; Liu, Limin ; Gao, Neng ; Yang, Min ; Xing, Xinyu ; Liu, Peng. / System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation. MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc, 2017. pp. 225-238 (MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services).
@inproceedings{4fbaf3d35c784c4d8105da63bcf1bc7a,
title = "System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation",
abstract = "Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.",
author = "Lannan Luo and Qiang Zeng and Chen Cao and Kai Chen and Jian Liu and Limin Liu and Neng Gao and Min Yang and Xinyu Xing and Peng Liu",
year = "2017",
month = "6",
day = "16",
doi = "10.1145/3081333.3081361",
language = "English (US)",
series = "MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services",
publisher = "Association for Computing Machinery, Inc",
pages = "225--238",
booktitle = "MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services",

}

Luo, L, Zeng, Q, Cao, C, Chen, K, Liu, J, Liu, L, Gao, N, Yang, M, Xing, X & Liu, P 2017, System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation. in MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, Association for Computing Machinery, Inc, pp. 225-238, 15th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2017, Niagara Falls, United States, 6/19/17. https://doi.org/10.1145/3081333.3081361

System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation. / Luo, Lannan; Zeng, Qiang; Cao, Chen; Chen, Kai; Liu, Jian; Liu, Limin; Gao, Neng; Yang, Min; Xing, Xinyu; Liu, Peng.

MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc, 2017. p. 225-238 (MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation

AU - Luo, Lannan

AU - Zeng, Qiang

AU - Cao, Chen

AU - Chen, Kai

AU - Liu, Jian

AU - Liu, Limin

AU - Gao, Neng

AU - Yang, Min

AU - Xing, Xinyu

AU - Liu, Peng

PY - 2017/6/16

Y1 - 2017/6/16

N2 - Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.

AB - Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.

UR - http://www.scopus.com/inward/record.url?scp=85026260421&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85026260421&partnerID=8YFLogxK

U2 - 10.1145/3081333.3081361

DO - 10.1145/3081333.3081361

M3 - Conference contribution

AN - SCOPUS:85026260421

T3 - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

SP - 225

EP - 238

BT - MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

PB - Association for Computing Machinery, Inc

ER -

Luo L, Zeng Q, Cao C, Chen K, Liu J, Liu L et al. System service call-oriented symbolic execution of Android Framework with applications to vulnerability discovery and exploit generation. In MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc. 2017. p. 225-238. (MobiSys 2017 - Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services). https://doi.org/10.1145/3081333.3081361