YoVDO

Unleashing D* on Android Kernel Drivers

Offered By: nullcon via YouTube

Tags

nullcon Courses Dynamic Analysis Courses Static Analysis Courses Fuzzing Courses

Course Description

Overview

Explore a comprehensive conference talk on Android kernel driver security analysis techniques. Delve into DR.CHECKER, a static analysis tool designed to overcome limitations by focusing on bug-prone kernel drivers. Learn about its ability to balance scalability and precision while minimizing unsoundness. Discover DIFUZE, a dynamic analysis fuzzing tool that addresses challenges in driver input constraints and bug triggering. Gain insights into interface recovery, structure generation, and on-device execution techniques. Examine real-world bug examples in Mediatek and Samsung drivers, and understand the ongoing developments in user data tracking and taint propagation. Access open-source tools and resources to enhance your Android security analysis skills.

Syllabus

Intro
$ Android is everywhere!!
$ Bugs in Android (First Half of 2017)..
$ Okay! Why is it hard to find these bugs?
$ Static Analysis: Existing tools
$ Ideal Static analysis tool
$ Tracking user data: pointer analysis
$ Kernel drivers are small!!
$ DR.CHECKER: Story of the name
$ DR.CHECKER Overview
$ DR.CHECKER: SDTraversal
$ DR.CHECKER: Vulnerability Detectors
$ DR.CHECKER: Bue in Mediatek Accdet driver
$ DR.CHECKER: Bug in Samsung SensorHub drive
$ DR.CHECKER: Open Source and Dockerized
$ DR.CHECKER is not enough!!
$ Dynanic Analysis: Fuzzing!!
$ Fuzzing: Good Luck!!
$ Fuzzing: Highly constrained input
$ Drivers Expect Highly structured input
$ Bugs are hard to trigeer
$ DIFUZE: Idea
$ DIFUZE: Overview
$ DIFUZE: Interface Recovery
$ DIFUZE: Structure Generation
$ DIFUZE: On Device Execution
$ DIFUZE: Evaluation
$ DIFUZE: Bug Types
$ DIFUZE: Open Source
$ In Progress: drchecker.io
$ Tracking user data: Taint Propagation


Taught by

nullcon

Related Courses

Unearthing Malicious and Risky OpenSource Packages Using Packj
nullcon via YouTube
Pushing Security Left by Mutating Byte Code
nullcon via YouTube
The Faces of MacOS Malware - Detecting Anomalies in a Poisoned Apple
nullcon via YouTube
Contextomy - Let's Debug Together
nullcon via YouTube
Mind The Gap - The Linux Ecosystem Kernel Patch Gap
nullcon via YouTube