Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Ex-Vivo Dynamic Analysis Framework for Android Device Drivers

IEEE via YouTube

Overview

Explore an innovative ex-vivo dynamic analysis framework for Android device drivers in this IEEE conference talk. Learn about a novel approach that enables off-device analysis without the need for porting or complex hardware emulation. Discover how the framework evades hardware and kernel dependencies to initialize drivers and enable analysis using userspace tools. Understand the advantages of this method over on-device analysis, including scalability with commodity CPUs. Examine the framework's effectiveness in loading drivers from various Android kernels and its ability to detect known vulnerabilities. Gain insights into the discovery of new bugs in system call handlers of platform device drivers, and the potential implications for security tasks such as exploit development, reverse engineering, and vulnerability detection in Android smartphones.

Syllabus

Intro
WHAT PREVENTS OFF-DEVICE DYNAMIC ANALYSIS (IN EMULATOR)?
SUPERFICIALLY DEPENDENT PATHS: EXAMPLE, MSM_ISP DRIVER FROM MSM KERNEL
SUPERFICIALLY DEPENDENT PATHS: EXAMPLE, MSM ISP DRIVER FROM MSM KERNEL
HOW KERNEL MANAGES DEVICES: DEVICE TREES
HARDWARE DEPENDENCIES: MISSING PERIPHERAL
SOFTWARE DEPENDENCIES 1: FUNCTION STUBS
STRUCTURE LAYOUTS
TESTING KNOWN CVE'S WITH EVASION KERNEL (HYPOTHESIS 1)
INITIALIZING ALIEN DRIVERS (HYPOTHESIS 2)
USER-SPACE FUZZING
IOCTL COMPLEX FORMAT
RECOVERING IOCTL'S
FUZZING RESULTS
CONCLUSION

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Ex-Vivo Dynamic Analysis Framework for Android Device Drivers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.