CRAXDroid: Automatic android system testing by selective symbolic execution

Chao Chun Yeh; Han Lin Lu; Chun Yen Chen; Kee Kiat Khor; Shih-Kun Huang

doi:10.1109/SERE-C.2014.32

CRAXDroid: Automatic android system testing by selective symbolic execution

Chao Chun Yeh^*, Han Lin Lu, Chun Yen Chen, Kee Kiat Khor, Shih-Kun Huang

^*Corresponding author for this work

Center for Information Technology Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.

Original language	English
Title of host publication	Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	140-148
Number of pages	9
ISBN (Electronic)	9781479958436
DOIs	https://doi.org/10.1109/SERE-C.2014.32
State	Published - 17 Sep 2014
Event	8th International Conference on Software Security and Reliability - Companion, SERE-C 2014 - San Francisco, United States Duration: 30 Jun 2014 → 2 Jul 2014

Publication series

Name	Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014

Conference

Conference	8th International Conference on Software Security and Reliability - Companion, SERE-C 2014
Country/Territory	United States
City	San Francisco
Period	30/06/14 → 2/07/14

Keywords

concolic execution
market App software
software quality assurance
software testing
symbolic execution

Access to Document

10.1109/SERE-C.2014.32

Cite this

Yeh, C. C., Lu, H. L., Chen, C. Y., Khor, K. K., & Huang, S.-K. (2014). CRAXDroid: Automatic android system testing by selective symbolic execution. In Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014 (pp. 140-148). Article 6901651 (Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SERE-C.2014.32

Yeh, Chao Chun ; Lu, Han Lin ; Chen, Chun Yen et al. / CRAXDroid : Automatic android system testing by selective symbolic execution. Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 140-148 (Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014).

@inproceedings{c79984058d5d4b119402837ebbe58425,

title = "CRAXDroid: Automatic android system testing by selective symbolic execution",

abstract = "Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.",

keywords = "concolic execution, market App software, software quality assurance, software testing, symbolic execution",

author = "Yeh, {Chao Chun} and Lu, {Han Lin} and Chen, {Chun Yen} and Khor, {Kee Kiat} and Shih-Kun Huang",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014 ; Conference date: 30-06-2014 Through 02-07-2014",

year = "2014",

month = sep,

day = "17",

doi = "10.1109/SERE-C.2014.32",

language = "English",

series = "Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "140--148",

booktitle = "Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014",

address = "美國",

}

Yeh, CC, Lu, HL, Chen, CY, Khor, KK & Huang, S-K 2014, CRAXDroid: Automatic android system testing by selective symbolic execution. in Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014., 6901651, Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014, Institute of Electrical and Electronics Engineers Inc., pp. 140-148, 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014, San Francisco, United States, 30/06/14. https://doi.org/10.1109/SERE-C.2014.32

CRAXDroid: Automatic android system testing by selective symbolic execution. / Yeh, Chao Chun; Lu, Han Lin; Chen, Chun Yen et al.
Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 140-148 6901651 (Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - CRAXDroid

T2 - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014

AU - Yeh, Chao Chun

AU - Lu, Han Lin

AU - Chen, Chun Yen

AU - Khor, Kee Kiat

AU - Huang, Shih-Kun

PY - 2014/9/17

Y1 - 2014/9/17

N2 - Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.

AB - Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.

KW - concolic execution

KW - market App software

KW - software quality assurance

KW - software testing

KW - symbolic execution

UR - http://www.scopus.com/inward/record.url?scp=84908612027&partnerID=8YFLogxK

U2 - 10.1109/SERE-C.2014.32

DO - 10.1109/SERE-C.2014.32

M3 - Conference contribution

AN - SCOPUS:84908612027

T3 - Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014

SP - 140

EP - 148

BT - Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 30 June 2014 through 2 July 2014

ER -

Yeh CC, Lu HL, Chen CY, Khor KK, Huang SK. CRAXDroid: Automatic android system testing by selective symbolic execution. In Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 140-148. 6901651. (Proceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014). doi: 10.1109/SERE-C.2014.32

CRAXDroid: Automatic android system testing by selective symbolic execution

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this