• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps

Vol. 12, No.9, September 30, 2018
10.3837/tiis.2018.09.008 , Download Paper (Free):

Abstract

This research aims at a new practical Intent fuzzing tool for detecting Intent vulnerabilities of Android apps causing the robustness problem. We proposed two new ideas. First, we designed an Intent specification language to describe the structure of Intent, which makes our Intent fuzz testing tool flexible. Second, we proposed an automatic tally method classifying unique failures. With the two ideas, we implemented an Intent fuzz testing tool called Hwacha, and evaluated it with 50 commercial Android apps. Our tool offers an arbitrary combination of automatic and manual Intent generators with executors such as ADB and JUnit due to the use of the Intent specification language. The automatic tally method excluded almost 80% of duplicate failures in our experiment, reducing efforts of testers very much in review of failures. The tool uncovered more than 400 unique failures including what is unknown so far. We also measured execution time for Intent fuzz testing, which has been rarely reported before. Our tool is practical because the whole procedure of fuzz testing is fully automatic and the tool is applicable to the large number of Android apps with no human intervention.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Kwanghoon Choi, Myungpil Ko and Byeong-Mo Chang, "A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps," KSII Transactions on Internet and Information Systems, vol. 12, no. 9, pp. 4248-4270, 2018. DOI: 10.3837/tiis.2018.09.008

[ACM Style]
Choi, K., Ko, M., and Chang, B. 2018. A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps. KSII Transactions on Internet and Information Systems, 12, 9, (2018), 4248-4270. DOI: 10.3837/tiis.2018.09.008