Dan Austin is technical lead of the Android Security Development Lifecycle Research team, where he works on scalable vulnerability research techniques and automating all the things.
[Abstract]
==========
Android is a complex system, and, as a complex system, it will have bugs. Some of these will be security bugs, and some of these security bugs will be remotely exploitable. Fuzzing has been shown as an effective method to discover bugs in complex systems, and, as this is the case, Android Security has included many tools in AOSP that allow for easy fuzz testing and bug analysis. This presentation will take a look at how tools provided in AOSP can be used to set up an effective, scalable fuzzing environment on Android. We will start looking into how to write fuzzers for Android components, focusing on the native code components and the kernel. We will move on to showing how testing infrastructure in AOSP can be used to provision fuzzers, distribute workload, manage corpora for fuzzing sessions, and keep track of results. Finally we'll go a bit into analysis to show how to measure fuzzer status, including code coverage achieved by the fuzzing sessions and how to produce repeatable crashes.