Αυτοματοποιημένος έλεγχος ασφαλείας του Android API μέσω fuzzing

Automated security testing of Android API using fuzzing

Thumbnail
Master Thesis
Author
Πουλάκη, Βασιλική
Date
2018-12
Advisor
Πατσάκης, Κωνσταντίνος
View/Open
Keywords
Android ; Security ; Fuzzing ; Reflection ; Automated testing ; Malware 
Abstract
Today, the vast evolution of the technology of smart devices and their operating systems is offering enormous potential for the development of the emerging industry producing applications appropriate for such devices. At the same time, the mobile operating systems become more and more exposed to the danger of malware. The Application Programming Interface provided by Google’s Android operating system to software developers undergoes often upgrades and evolves, offering multiple capabilities regarding the exploitation of the device resources. This, in conjunction with the fact that many Android devices are affordable in general, has caused the Android application development market to take off, giving a boost to malicious applications’ evolution too. The permissions system that Android operating system utilizes in order to give third party applications access to user’s sensitive data and vital systems resources of the device, is one of the fundamental security measures of this system. Since October of 2015 it has been upgraded so that the device’s end user has more visibility over that access, by granting the permissions at the point of the actual usage of the respective feature by the applications, instead of once at installation time. However, not all potential security dangers have been eliminated by this enhancement. Moreover, the further usage of the Android API by the application programmers poses new risks, and the platform should be designed to enforce its own proper use. For this reason, in order to protect users, Google for Android uses automated ways for the daily evaluation of hundreds of thousands of applications, regarding their ability to potentially harm the devices. Under the context of this work, the fuzzing test tool XenonAutomated was developed and used for an extended security check of possible ‘extreme’ or ‘bad’ usage of the Android API levels from 21 to 28. The results of this test work are presented hereby.
Postgraduate Studies Programme
Πληροφορική
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Πληροφορικής
Number of pages
35
Language
English
URI
https://dione.lib.unipi.gr/xmlui/handle/unipi/11867
Collections
Show full item record
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Except where otherwise noted, this item's license is described as
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Βιβλιοθήκη Πανεπιστημίου Πειραιώς
Contact Us
Send Feedback
Created by ELiDOC
Η δημιουργία κι ο εμπλουτισμός του Ιδρυματικού Αποθετηρίου "Διώνη", έγιναν στο πλαίσιο του Έργου «Υπηρεσία Ιδρυματικού Αποθετηρίου και Ψηφιακής Βιβλιοθήκης» της πράξης «Ψηφιακές υπηρεσίες ανοιχτής πρόσβασης της βιβλιοθήκης του Πανεπιστημίου Πειραιώς»