Android Uygulama Kurulum Sürecı̇ İçin Verı̇mlı̇ Bir Evrı̇msel Tabanlı Fuzz Testı̇

Abstract

Automated tools based on source code analysis used in application development and test phases are insufficient to ensure application security. For this reason, researchers also resort to fuzz testing methods to analyze vulnerability in applications and to reveal software faults. With a well-configured fuzz test security tools and white-box and/or black-box fuzz tests and reverse engineering analysis, many serious security vulnerabilities can be uncovered and the required patches made in a timely manner. In recent years, with the development of mobile platform, fuzz tests have been started on mobile applications and Android operating system. Much of the fuzz testing work that has been done so far is implemented at the application level and GUI based. The work done to determine vulnerabilities in operating system level libraries that affect and critical the wider user base is very new. In this thesis, a new fuzzy test method is proposed to find the security vulnerabilities in the Android operating system. A proposed genetic algorithm-based black-box fuzz test method is presented as a platform for automatically detecting vulnerabilities in the Android system and compared with similar studies. The proposed method has shown that new security vulnerabilities can be found in a much shorter time than other studies.