关键词: 关键词: 安卓, 拒绝服务, 静态分析, 模糊测试, 崩溃弹窗

Abstract: Abstract: Intent is built-in communication scheme among Android Abstract: Concern the problem that the receiver of an intent does not validate empty data and abnormal data, the process will crash and cause Denial of Service. an automated Android component vulnerability mining framework based static analysis techniques and fuzzing test techniques was proposed. In this framework, reverse analysis techniques and static data flow analysis techniques were used to extract package name, component, intent with the data of a traffic and data flow paths from exported component to private component to assist fuzzing test. In addition, more mutation strategy on the attributes of Intent (such as Action, Category, Data and Extra) were added while generating Intent tests and the Accessibility technology was adopted to close the crash windows in order to realize automation. Finally, a tool named DroidRVMS was implemented, and a comparative experiment with Intent Fuzzer was designed to verify the validity of the framework. The experimental results show that DroidRVMS can find denial of service vulnerability resulting from dynamic Broadcast Receiver and most types of exceptions.

Key words: Keywords: android, Denial of Service, static analysis, fuzzing test, crash window