BArcherFuzzer: An Android System Services Fuzzier via Transaction Dependencies of BpBinder.

By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, we implement a detection tool-BArcherFuzzer to detect vulnerabilities of Android native system services. The experiment results show that BArcherFuzzer found four vulnerabilities of hundreds of exception messages, all of them were confirmed by Google and one was assigned a Common Vulnerabilities and Exposures (CVE) number (CVE-2020-0363). [ABSTRACT FROM AUTHOR]