藉由選擇性符號操作執行之Android APPs隨性測試

Abstract

智慧型手機、平板電腦等行動裝置已日益成為個人的必備工具，軟 體市集的商業模式也蓬勃發展，並成為智慧型裝置的應用軟體主要來 源。然而這些智慧型裝置往往包含著大量個人化的資訊，同時也能進 行發送簡訊等付費行為，因此執行於其上的應用軟體的品質與可靠性 也逐漸成為備受關注的議題。但是一般使用者並沒有能力判斷市集上 的軟體品質，而官方市集以及第三方市集也都無法保證架上的軟體是 否不含缺陷問題。在此論文中，我們描述如何建立一個Android APP 測試環境，採用符號執行(Symbolic execution) 技術，可以自動化對市 集中的應用程式進行品質檢測，透過探測程式的可能執行路徑，以發 掘出未被執行之潛在品質缺陷或隱含可能有威脅疑慮之執行路徑。我 們實作改良原有之軟體品質測試與脅迫平台：CRAX，進行Andorid APP 之測試，稱為CRAXdroid，已成功實驗於實際應用之Android 程 式，證明此方法可行性高。

Mobile devices such as smart phone and tablet PC are becoming common personal devices. The business model of software market is also thriving and turning into a major source of software on those devices. However, such intelligent devices often contain lots of private information, and also can be used to conduct operations involving payment, like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. But ordinary users do not have the ability to check whether software on the shelf contains defective behavior or potential vulnerabilities, and neither the official APP market nor third party markets can ensure their software have no privacy risk. In this thesis, we proposed to build a platform for android APP testing, based on symbolic execution technique. By exploring all possible paths, we can find potential software vulnerabilities. We revised our software quality assurance and exploit generation platform, called CRAX, to apply in the Android APPs. It is called the CRAXdroid subsystem. We perform several experiments on Android market applications to prove the feasibility of our method.