Explore a comprehensive conference talk on Android kernel driver security analysis techniques. Delve into DR.CHECKER, a static analysis tool designed to overcome limitations by focusing on bug-prone kernel drivers. Learn about its ability to balance scalability and precision while minimizing unsoundness. Discover DIFUZE, a dynamic analysis fuzzing tool that addresses challenges in driver input constraints and bug triggering. Gain insights into interface recovery, structure generation, and on-device execution techniques. Examine real-world bug examples in Mediatek and Samsung drivers, and understand the ongoing developments in user data tracking and taint propagation. Access open-source tools and resources to enhance your Android security analysis skills.
Overview
Syllabus
Intro
$ Android is everywhere!!
$ Bugs in Android (First Half of 2017)..
$ Okay! Why is it hard to find these bugs?
$ Static Analysis: Existing tools
$ Ideal Static analysis tool
$ Tracking user data: pointer analysis
$ Kernel drivers are small!!
$ DR.CHECKER: Story of the name
$ DR.CHECKER Overview
$ DR.CHECKER: SDTraversal
$ DR.CHECKER: Vulnerability Detectors
$ DR.CHECKER: Bue in Mediatek Accdet driver
$ DR.CHECKER: Bug in Samsung SensorHub drive
$ DR.CHECKER: Open Source and Dockerized
$ DR.CHECKER is not enough!!
$ Dynanic Analysis: Fuzzing!!
$ Fuzzing: Good Luck!!
$ Fuzzing: Highly constrained input
$ Drivers Expect Highly structured input
$ Bugs are hard to trigeer
$ DIFUZE: Idea
$ DIFUZE: Overview
$ DIFUZE: Interface Recovery
$ DIFUZE: Structure Generation
$ DIFUZE: On Device Execution
$ DIFUZE: Evaluation
$ DIFUZE: Bug Types
$ DIFUZE: Open Source
$ In Progress: drchecker.io
$ Tracking user data: Taint Propagation
Taught by
nullcon
