CRAXDroid: Automatic android system testing by selective symbolic execution

Chao Chun Yeh*, Han Lin Lu, Chun Yen Chen, Kee Kiat Khor, Shih-Kun Huang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

Mobile devices such as smart phones and tablet PCs are becoming common personal devices. The business model of a central software market is also thriving and turning into a major distribution source of software packages on those devices. However, these devices often contain personal private information and can be used to conduct operations involving data leakage and payment events like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. We aim at checking whether software off the shelf contains defective behavior or potential vulnerabilities, and aiding the official APP or third party markets to ensure their software without privacy issues. We have built a platform for android APP testing, by revising our software quality assurance and exploit generation platform, called CRAX, to apply in the Android platform. It is called the CRAXDroid that allows any inputs to be the testing sources to the APP without source code. These approaches are based on the symbolic execution technique and android emulator. By automatically exploring execution paths, we can find potential software defects. We perform several experiments on Android applications to prove the feasibility of our method.

Original languageEnglish
Title of host publicationProceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages140-148
Number of pages9
ISBN (Electronic)9781479958436
DOIs
StatePublished - 17 Sep 2014
Event8th International Conference on Software Security and Reliability - Companion, SERE-C 2014 - San Francisco, United States
Duration: 30 Jun 20142 Jul 2014

Publication series

NameProceedings - 8th International Conference on Software Security and Reliability - Companion, SERE-C 2014

Conference

Conference8th International Conference on Software Security and Reliability - Companion, SERE-C 2014
CountryUnited States
CitySan Francisco
Period30/06/142/07/14

Keywords

  • concolic execution
  • market App software
  • software quality assurance
  • software testing
  • symbolic execution

Fingerprint Dive into the research topics of 'CRAXDroid: Automatic android system testing by selective symbolic execution'. Together they form a unique fingerprint.

Cite this