Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Automated Unit-test Generation for Detecting Vulnerabilities of Android Kernel Modules

안드로이드 커널 모듈 취약점 탐지를 위한 자동화된 유닛 테스트 생성 기법

  • Received : 2016.09.07
  • Accepted : 2016.11.20
  • Published : 2017.02.15
⟨ Previous Next ⟩

Abstract

In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.

본 논문에서는 안드로이드 커널 모듈의 취약점을 탐지하기 위한 자동 유닛 테스트 생성 기법을 제안한다. 안드로이드 커널 모듈의 각 함수를 대상으로 테스트 드라이버/스텁 함수를 자동 생성하고 동적 기호 실행 기법을 사용하여 테스트 입력 값을 자동으로 생성한다. 또한 안드로이드 커널 모듈의 함수 포인터와 함수 선행 조건을 고려하지 않은 테스트 생성으로 인한 거짓 경보를 줄이기 위해 정적 분석을 통한 함수 포인터 매칭 기법과 def-use 분석을 사용한 함수 선행 조건 생성 기법을 개발하였다. 자동 유닛 테스트 생성 기법을 안드로이드 커널 3.4 버전의 세 모듈에 적용한 결과 기존에 존재하던 취약점을 모두 탐지할 수 있었으며 제안한 거짓 경보 감소 기법으로 평균 44.9%의 거짓 경보를 제거할 수 있었다.

Keywords

Acknowledgement

Grant : 초소형.고신뢰(99.999%) OS와 고성능 멀티코어 OS를 동시 실행하는 듀얼 운영체제 원천 기술 개발

Supported by : 한국연구재단, 정보통신기술진흥센터

References

  1. IDC Smartphone OS Market Share, 2015 Q2, http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  2. P. Godefroid, N. Klarlund, and K. Sen, "DART: Directed Automated Random Testing," Proc. of the 2005 ACM SIGPLAN conference on Programming Language Design and Implementation, pp. 213-223, Jun. 2005.
  3. I. Zakharov, M. Mandrykin, V. Mutilin, E. Novikov, A. Petrenko, and A. Khoroshilov, "Configurable Toolset for Static Verification of Operating Systems Kernel Modules," Programming and Computer Software, Vol. 41, No. 1, pp. 49-64, Jan. 2015. https://doi.org/10.1134/S0361768815010065
  4. H. Post, C. Sinz, and W. Kuchlin, "Towards Automatic Software Model Checking of Thousands of Linux Modules-A Case Study with Avinux," Vol. 19, No. 2, pp. 155-172, Jun. 2009. https://doi.org/10.1002/stvr.399
  5. T. Witkowski, N. Blanc, D. Kroening, and G. Weissenbacher, "Model Checking Concurrent Linux Device Drivers," Proc. of the 22nd IEEE/ACM International Conference on Automated Software Engineering, pp. 501-504, Nov. 2007.
  6. A. Kadav, M. Renzelmann, and M. Swift, "Tolerating Hardware Device Failures in Software," Proc. of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 59-82, Oct. 2009.
  7. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena, "BitBlaze: A New Approach to Computer Security via Binary Analysis," Proc. of the 4th International Conference on Information Systems Security, pp. 1-25, Dec. 2008.
  8. K. Sen, D. Marinov, and G. Agha, "CUTE: A Concolic Unit Testing Engine for C," Proc. of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263-272, Sep. 2005.
  9. N. Tillmann, and J. De Halleux, "Pex: White Box Test Generation for .NET," Proc. of the 2nd International Conference on Tests and Proofs, pp. 134-153, Apr. 2008.
  10. Y. Kim, Y. Kim, T. Kim, G. Lee, Y. Jang, and M. Kim, "Automated Unit Testing of Large Industrial Embedded Software using Concolic Testing," Proc. of the 28th IEEE/ACM International Conference on Automated Software Engineering, pp. 519-528, Nov. 2013.
  11. C. S. Pasareanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape, "Combining Unit-level Symbolic Execution and System-level Concrete Execution for Testing NASA Software," Proc. of the 2008 International Symposium on Software Testing and Analysis, pp. 15-26, Jul. 2008.
  12. C. Pacheco, S. K. Lahiri, M. D. Ernst, and T. Ball, "Feedback-directed Random Test Generation," Proc. of the 2007 International Conference on Software Engineering, pp. 75-84, May. 2007.
  13. G. Fraser and A. Arcuri, "EvoSuite: Automatic Test Suite Generation for Object-oriented Software," Proc. of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, pp. 416-419, Sep. 2011.
  14. L. Baresi, P. L. Lanzi, and M. Miraz, "TestFul: An Evolutionary Test Approach for Java," Proc. of the 2010 3rd International Conference on Software Testing, Verification and Validation, pp. 185-194, Apr. 2010.
  15. P. Garg, F. Ivancic, G. Balakrishnan, N. Maeda, and A. Gupta, "Feedback-directed Unit Test Generation for C/C++ Using Concolic Execution," Proc. of the 2013 International Conference on Software Engineering, pp. 132-141, May. 2013.
  16. P. McMinn, "Search-based Software Test Data Generation: A Survey," Software Testing, Verification and Reliability, Vol. 14, No. 2, pp. 105-156, Jun. 2004. https://doi.org/10.1002/stvr.294
  17. Clang/LLVM. http://llvm.org
  18. Y. Kim, M. Kim, and Y. Jang, "CREST-BV: An improved concolic testing technique supporting bitwise operations for embedded software," Journal of KIISE: Software and Applications, Vol. 40, No. 2, pp. 90-98, Feb. 2013. (in Korean)
  19. CVE-2013-1059: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
  20. CVE-2013-1763: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763
  21. CVE-2014-0101: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101