Vulnerability Detection of Android System in Fuzzing Cloud
文献类型:会议论文
| 作者 | Wu, Jingzheng ; Wu, Yanjun ; Yang, Mutian ; Wu, Zhifei ; Wang, Yongji |
| 出版日期 | 2013 |
| 会议名称 | IEEE 6th International Conference on Cloud Computing (CLOUD) |
| 会议日期 | JUN 27-JUL 03, 2013 |
| 会议地点 | Santa Clara, CA |
| 关键词 | Android Fuzzing Cloud Computing Vulnerability Detection Security Detection |
| 页码 | 954-955 |
| 中文摘要 | The rapid growth of Android system has encountered enormous security challenges. The vulnerabilities caused by the limited security models, coarse permission system and code flaws lead to private information leakage, deny of service, potential costs, etc. To detect these vulnerabilities, some analysis and security testing methods have been presented. However, most of these methods focus on certain aspects, for example, applications, permission, or capability leakage. In this paper, we propose a new detection paradigm named Fuzzing Cloud to detect vulnerabilities in Android system. Firstly, the architecture of fuzzing cloud is introduced, and the fuzzing nodes are investigated. Then, each layer of the Android system is decomposed into separated modules, and the fuzzing test cases are created with the endless capacity of processing power and storage in fuzzing cloud. Finally, the prototype of fuzzing cloud has been implemented, and some separated modules have been tested. The experiment results show that some vulnerabilities can be detected by the fuzzing cloud. It is also believed that after small extension, fuzzing cloud can detect vulnerabilities in other systems. |
| 英文摘要 | The rapid growth of Android system has encountered enormous security challenges. The vulnerabilities caused by the limited security models, coarse permission system and code flaws lead to private information leakage, deny of service, potential costs, etc. To detect these vulnerabilities, some analysis and security testing methods have been presented. However, most of these methods focus on certain aspects, for example, applications, permission, or capability leakage. In this paper, we propose a new detection paradigm named Fuzzing Cloud to detect vulnerabilities in Android system. Firstly, the architecture of fuzzing cloud is introduced, and the fuzzing nodes are investigated. Then, each layer of the Android system is decomposed into separated modules, and the fuzzing test cases are created with the endless capacity of processing power and storage in fuzzing cloud. Finally, the prototype of fuzzing cloud has been implemented, and some separated modules have been tested. The experiment results show that some vulnerabilities can be detected by the fuzzing cloud. It is also believed that after small extension, fuzzing cloud can detect vulnerabilities in other systems. |
| 收录类别 | CPCI |
| 会议录出版地 | IEEE |
| 语种 | 英语 |
| ISSN号 | 2159-6182 |
| ISBN号 | 978-0-7695-5028-2 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16540]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Wu, Jingzheng,Wu, Yanjun,Yang, Mutian,et al. Vulnerability Detection of Android System in Fuzzing Cloud[C]. 见:IEEE 6th International Conference on Cloud Computing (CLOUD). Santa Clara, CA. JUN 27-JUL 03, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。