Making Malory Behave Maliciously: Targeted Fuzzing of Android Applications
Android applications, or apps, provide useful features to end-users, but many apps also contain malicious behavior. Modern malware makes understanding such behavior challenging by behaving maliciously only under particular conditions. For example, a malware app may check whether it runs on a real device and not an emulator, in a particular country, and alongside a specific target app, such as a vulnerable banking app. To observe the malicious behavior, an analyst must find out and emulate all these app-specific constraints. In this talk, we will present FuzzDroid, a framework for automatically generating an Android execution environment where an app exposes its malicious behavior. The key idea is to combine an extensible set of static and dynamic analyses through a search-based algorithm that steers the app toward a configurable target location. On recent malware, the approach reaches the target location in 75% of the apps. In total, we reach 240 code locations within an average time of only one minute. To reach these code locations, FuzzDroid generates 106 different environments, too many for a human analyst to create manually.
Tue 1 NovDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:10 | Session 2WODA at Winterthur Chair(s): Michael Pradel TU Darmstadt, Germany, Omer Tripp IBM Research, USA | ||
10:30 33mTalk | Inferring test oracles from the Javadoc documentation WODA Alessandra Gorla IMDEA Software Institute | ||
11:03 33mTalk | The high-interest credit card of runtime enforcement WODA Ben Livshits Microsoft Research | ||
11:36 33mTalk | Making Malory Behave Maliciously: Targeted Fuzzing of Android Applications WODA Steven Arzt TU Darmstadt, Germany |