research-article

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing

Authors:
Stephen Kyle

University of Edinburgh, Edinburgh, United Kingdom

University of Edinburgh, Edinburgh, United Kingdom
View Profile

,
Hugh Leather

University of Edinburgh, Edinburgh, United Kingdom

University of Edinburgh, Edinburgh, United Kingdom
View Profile

,
Björn Franke

University of Edinburgh, Edinburgh, United Kingdom

University of Edinburgh, Edinburgh, United Kingdom
View Profile

,
Dave Butcher

Arm Ltd., Cambridge, United Kingdom

Arm Ltd., Cambridge, United Kingdom
View Profile

,
Stuart Monteith

ARM Ltd., Cambridge, United Kingdom

ARM Ltd., Cambridge, United Kingdom
View Profile

VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsMarch 2015Pages 121–132https://doi.org/10.1145/2731186.2731198

Published:14 March 2015Publication History

VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Pages 121–132

ABSTRACT

The development of a new application virtual machine (VM), like the creation of any complex piece of software, is a bug-prone process. In version 5.0, the widely-used Android operating system has changed from the Dalvik VM to the newly-developed ART VM to execute Android applications. As new iterations of this VM are released, how can the developers aim to reduce the number of potentially security-threatening bugs that make it into the final product? In this paper we combine domain-aware binary fuzzing and differential testing to produce DexFuzz, a tool that exploits the presence of multiple modes of execution within a VM to test for defects. These modes of execution include the interpreter and a runtime that executes ahead-of-time compiled code. We find and present a number of bugs in the in-development version of ART in the Android Open Source Project. We also assess DexFuzz's ability to highlight defects in the experimental version of ART released in the previous version of Android, 4.4, finding 189 crashing programs and 15 divergent programs that indicate defects after only 5,000 attempts.

References

american-fuzzy-lop on Google Code. https://code.google.com/p/american-fuzzy-lop/. Accessed: 2014-11-12.Google Scholar
Alien Dalvik. http://www.myriadgroup.com/products/device-solutions/mobile-software/alien-dalvik/. Accessed: 2014-11-25.Google Scholar
BlueStacks AppPlayer. http://www.bluestacks.com/app-player.html. Accessed: 2014-11-25.Google Scholar
HITB2014AMS - Day 1 - State of the ART: Exploring the new Android KitKat Runtime. https://www.corelan.be/index.php/2014/05/29/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime/. Accessed: 2014-11-20.Google Scholar
Peachfuzzer. http://peachfuzzer.com/. Accessed: 2014-11-20.Google Scholar
smali - an assembler/disassembler for android's dex format on Google Code. https://code.google.com/p/smali/. Accessed: 2014-11-19.Google Scholar
K. Claessen and J. Hughes. Quickcheck: A lightweight tool for random testing of haskell programs. In Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming, ICFP '00, pages 268--279, New York, NY, USA, 2000. ACM. ISBN 1-58113-202-6. 10.1145/351240.351266. URL http://doi.acm.org/10.1145/351240.351266. Google ScholarDigital Library
K. Dewey, J. Roesch, and B. Hardekopf. Language fuzzing using constraint logic programming. In Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, ASE '14, pages 725--730, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-3013-8. 10.1145/2642937.2642963. URL http://doi.acm.org/10.1145/2642937.2642963. Google ScholarDigital Library
C. Holler, K. Herzig, and A. Zeller. Fuzzing with code fragments. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 38--38, Berkeley, CA, USA, 2012. USENIX Association. URL http://dl.acm.org/citation.cfm?id=2362793.2362831. Google ScholarDigital Library
K. Jayaraman, D. Harvison, V. Ganesh, and A. Kiezun. jfuzz: A concolic whitebox fuzzer for java. In NASA Formal Methods, pages 121--125, 2009.Google Scholar
A. Lanzi, L. Martignoni, M. Monga, and R. Paleari. A smart fuzzer for x86 executables. In Proceedings of the Third International Workshop on Software Engineering for Secure Systems, SESS '07, pages 7--, Washington, DC, USA, 2007. IEEE Computer Society. ISBN 0-7695-2952-6. 10.1109/SESS.2007.1. URL http://dx.doi.org/10.1109/SESS.2007.1. Google ScholarDigital Library
V. Le, M. Afshari, and Z. Su. Compiler validation via equivalence modulo inputs. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, pages 216--226, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-2784-8. 10.1145/2594291.2594334. URL http://doi.acm.org/10.1145/2594291.2594334. Google ScholarDigital Library
B. P. Miller, L. Fredriksen, and B. So. An empirical study of the reliability of unix utilities. Commun. ACM, 33 (12): 32--44, Dec. 1990. ISSN 0001-0782. 10.1145/96267.96279. URL http://doi.acm.org/10.1145/96267.96279. Google ScholarDigital Library
P. Purdom. A sentence generator for testing parsers. BIT Numerical Mathematics, 12 (3): 366--375, 1972. ISSN 0006-3835. 10.1007/BF01932308. URL http://dx.doi.org/10.1007/BF01932308.Google ScholarDigital Library
G. Wen, Y. Zhang, Q. Liu, and D. Yang. Fuzzing the actionscript virtual machine. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 457--468, New York, NY, USA, 2013. ACM. ISBN 978-1-4503-1767-2. 10.1145/2484313.2484372. URL http://doi.acm.org/10.1145/2484313.2484372. Google ScholarDigital Library
X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in c compilers. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 283--294, New York, NY, USA, 2011. ACM. ISBN 978-1-4503-0663-8. 10.1145/1993498.1993532. URL http://doi.acm.org/10.1145/1993498.1993532. Google ScholarDigital Library

Index Terms

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software notations and tools
    1. Compilers
      1. Runtime environments

Recommendations

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing
VEE '15

The development of a new application virtual machine (VM), like the creation of any complex piece of software, is a bug-prone process. In version 5.0, the widely-used Android operating system has changed from the Dalvik VM to the newly-developed ART VM ...
Read More
Testing android apps through symbolic execution

There is a growing need for automated testing techniques aimed at Android apps. A critical challenge is the systematic generation of test cases. One method of systematically generating test cases for Java programs is symbolic execution. But applying ...
Read More
Grey-box concolic testing on binary code
ICSE '19: Proceedings of the 41st International Conference on Software Engineering

We present grey-box concolic testing, a novel path-based test case generation method that combines the best of both white-box and grey-box fuzzing. At a high level, our technique systematically explores execution paths of a program under test as in ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
March 2015
238 pages
ISBN:9781450334501
DOI:10.1145/2731186
General Chair:
Ada Gavrilovska
Georgia Tech
,
Program Chairs:
Angela Demke Brown
University of Toronto
,
Bjarne Steensgaard
Microsoft
ACM SIGPLAN Notices Volume 50, Issue 7
VEE '15
July 2015
221 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2817817
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 March 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
android
art
compiler testing
dex
fuzzing
random testing
testing
virtual machine testing
Qualifiers
- research-article
Conference

Acceptance Rates
VEE '15 Paper Acceptance Rate16of50submissions,32%Overall Acceptance Rate80of235submissions,34%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 670
  Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing

VEE '15: Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

ABSTRACT

References

Cited By

Index Terms

Recommendations

Application of Domain-aware Binary Fuzzing to Aid Android Virtual Machine Testing

Testing android apps through symbolic execution

Grey-box concolic testing on binary code