Abstract
The Intent is a set of inter-component communication mechanisms supported by HarmonyOS and Android. If the receiver of Intent does not check whether the parameters carried by Intent are legal, it may cause the process to crash and the application to stop running. This paper proposes IntentDetector, a vulnerability mining technology that combines static analysis and dynamic testing implemented on HarmonyOS. Firstly, the components that may have problems and the parameters that may cause problems are collected through reverse analysis. Then, based on Fuzzing technology, a large number of Intent samples are automatically generated, and sent to the components to be tested, and abnormal conditions are recorded, which realizes automated testing. Through experimental tests and result analysis, IntentDetector can realize Intent vulnerability mining on HarmonyOS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wang, A., et al.: Huawei harmony-based smart agriculture system with multi-source data fusion algorithm. Smart Agrojournal 3(9), 1–4 (2023)
Ouyang, D., Li, J., Zeng, Y.: Research on card applications based on open-source HarmonyOS. Dev. Innov. Electromech. Prod. 36(2), 71–73 (2023)
Tang J.: A vulnerability analysis framework and its application for the Intent communication mechanism in the Android system. Ph.D. dissertation, Shandong University, China (2017)
Zhou, M., et al.: Automatic mining technology for component denial of service vulnerabilities. J. Comput. Appl. 37(11), 3288–3293+3329 (2017)
Zhao, S.: Defect detection and analysis technology of inter-component communication for Android applications. Ph.D. dissertation, Bei**g University of Technology, China (2020). https://doi.org/10.26935/d.cnki.gbjgu.2020.000834
Fu, J., Li, P., Yi, Q., Huang, S.: Static detection method for security defects in Android inter-component communication. J. Huazhong Univ. Sci. Technol. Nat. Sci. Ed. 41(suppl. 2), 259–264 (2013)
**ao, W., Zhang, Y., Yang, M.: Detection method for intent data validation vulnerabilities in android application software. J. Chinese Comput. Syst. 38(4), 813–819 (2017)
Li, Y., Liu, D., Tian, X., Tan, Q.: Analysis of characteristics and application prospects of HarmonyOS. Commun. Inf. Technol. 5, 85–87 (2019)
Huawei Technologies Co. Ltd.: Ability and Intent. https://developer.harmonyos.com/cn/docs/documentation/doc-guides/ability-intent-0000000000038799#ZH-CN_TOPIC_0000001050748859__table610715348476. Accessed 17 Nov. 2021
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)
Wu, Z., Wang, H., Sun, L., Pan, Z., Liu, J.: A survey of fuzzing technology. Comput. Appl. Res. 27(3), 829–832 (2010)
Li, J., Zhao, B., Zhang, C.: Fuzzing: a survey. Cybersecurity 1, 1–27 (2018). https://doi.org/10.1186/s42400-018-0002-y
Chen, C., Cui, B., Ma, J., et al.: A systematic review of fuzzing techniques. Comput. Secur. 75, 118–137 (2018). https://doi.org/10.1016/j.cose.2018.02.002
Zhang, Y., Fang, Z., Wang, K., et al.: Android security vulnerability mining technology survey. J. Comput. Res. Dev. 52(10), 2167–2177 (2015)
Zheng, C., Zhu, S., Dai, S., et al.: SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, New York, USA, pp. 93–104 (Nov. 2021)
iSEC Partners: Intent Fuzzer. https://www.isecpartners.com/tools/mobile-security/intentfuzzer.aspx. Accessed 23 Dec. 2016
Maji, A.K., Arshad, F.A., Bagchi, S., et al.: An empirical study of the robustness of inter-component communication in android. In: Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, USA, pp. 1–12 (2012)
Wang, K., Liu, Q., Zhang, Y.: Fuzzing-based vulnerability mining technology for communication process in android applications. J. Univ. Chinese Acad. Sci. 31(6), 827–835 (2014)
Zhao, S., Liu, H., Wang, Y., Su, H., Yan, J.: Fuzz testing method for inter-component communication in android. Comput. Sci. 47(suppl. 2), 303–309+315 (Nov. 2020)
Wu, S., Guo, T.: Software Vulnerability Analysis. Sci. Press, Bei**g, China (2014)
Android Developer Documentation: Intent. https://developer.android.com/reference/android/content/Intent. Accessed 1 Oct. 2021
Acknowledgement
Supported by the College Students' Innovative Entrepreneurial Training Plan Program of China(202210018004).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xu, Y., Wang, Z., Tan, S., Lu, Y., Liang, C. (2024). IntentDetector: Research on Intent Vulnerability Mining Technology Based on Fuzzing Technology. In: Zhang, Y., Qi, L., Liu, Q., Yin, G., Liu, X. (eds) Proceedings of the 13th International Conference on Computer Engineering and Networks. CENet 2023. Lecture Notes in Electrical Engineering, vol 1126. Springer, Singapore. https://doi.org/10.1007/978-981-99-9243-0_3
Download citation
DOI: https://doi.org/10.1007/978-981-99-9243-0_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9242-3
Online ISBN: 978-981-99-9243-0
eBook Packages: EngineeringEngineering (R0)