Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.541

A Study of File Format-Aware Fuzzing against Smartphone Media Server Daemons  

Shin, MinSik (Information Security Lab, Graduate School of information, Yonsei University)
Yu, JungBeen (Information Security Lab, Graduate School of information, Yonsei University)
Kwon, Taekyoung (Information Security Lab, Graduate School of information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 541-548 More about this Journal
Abstract
The smartphone operates the media server daemon to handle audio service requests. Media server daemons, running with a high privilege in the background, caused many vulnerabilities to applications most frequently used in smart devices including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities. Unfortunately, fuzzing itself is not much effective in such format-strict environments as media services. In this paper, we propose a file format-aware fuzzing in order to efficiently detect vulnerabilities of media server daemon. We acquired a remote arbitrary code execution vulnerability on iOS/tvOS/MacOS/watchOS, and we verified the effectiveness by comparing our methodology with the fuzzers FileFuzz and ZZUF.
Keywords
Mutation-based Fuzzing; Audio/Video file; Format Awareness; Media Server Daemon; Smartphone;
Citations & Related Records
연도 인용수 순위
  • Reference
1 "CVE Details," https://cve.mitre.org/.
2 P. Oehlert, "Violating assumptions with fuzzing," In Proc. the IEEE Security & Privacy (S&P), vol. 3, no. 2, pp. 58-62, Mar. 2005.
3 C. Lewis, B. Rhoden, and C. Sturton, "Using Structured Random Data to Precisely Fuzz Media Players," Project Report, UC Berkeley, Dec. 2007.
4 D. Thiel, "Exposing Vulnerabilities in Media Software," BlackHat EU, Mar. 2008.
5 "AtomicParsley," http://atomicparsley.sourceforge.net/.
6 "Quicktime File Format Specification," https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/QTFFPreface/qtffPreface.html.
7 M. Sutton and A. Greene, "The Art of File Format Fuzzing," in BlackHat USA, Jul. 2005.
8 M. Sutton, "FileFuzz," http://osdir.com/ml/security.securiteam/2005-09/msg00007.html.
9 C. Labs, "ZZUF," http://caca.zoy.org/wiki/zzuf.
10 B. P. Miller, L. Fredriksen, and B. So, "An Empirical Study of the Reliability of UNIX Utilities," Communications of the ACM, vol. 33, no. 12, pp. 32-44, Dec. 1990.   DOI
11 M. Sutton, A. Greene, and P. Amini, "Fuzzing: Brute Force Vulnerability Discovery," Addison-Wesley Professional, Jul. 2007.
12 Oulu University Secure Programming Group, "PROTOS," https://www.ee.oulu.fi/research/ouspg/Protos.
13 A. Rebert, S. K. Cha, T. Avgerinos, J. Foote, D. Warren, G. Grieco, and D. Brumley, "Optimizing Seed Selection for Fuzzing," In Proc. the USENIX Conference on Security Symposium,, pp. 861-875, Aug. 2014.
14 S. K. Cha, M. Woo, and D. Brumley, "Program-adaptive Mutational Fuzzing," In Proc. the IEEE Symposium on Security and Privacy (S&P), pp. 725-741, May. 2015.
15 M. Bohme, P. Van-Thuan, and R. Abhik, "Coverage-based Greybox Fuzzing as Markov Chain," In Proc. the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1032-1043, Oct. 2016.
16 "Symbolic Execution in Vuln Research," https://lcamtuf.blogspot.kr/2015/02/symbolic-execution-in-vuln-research.html.
17 T. Klein, "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security," No Starch Press, Nov. 2011.
18 W. H. Lee, M. Srirangam Ramanujam, and S. Krishnan, "On Designing an Efficient Distributed Black-box Fuzzing System for Mobile Devices," In Proc. the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 31-42, Apr. 2015.