Receiving the Test of Time Award at the DSN Conference in Baltimore, Maryland on June 28. From left: Nuno Neves (Chair IEEE Technical Committee on Dependability and Fault Tolerance) and two co-authors of the award winning paper, Saurabh Bagchi and Jan Rellermeyer

A decade after publishing “An empirical study of the robustness of inter-component communication in Android," Saurabh Bagchi, Professor in Purdue University’s Elmore Family School of Electrical and Computer Engineering and Department of Computer Science (by courtesy), along with a team of two PhD alumni and a researcher formerly at IBM Research, won a Test of Time award at the 52nd International Symposium on Dependable Systems and Networks (DSN). The award was announced and presented at the symposium in Baltimore, Maryland on June 28.

Bagchi, who serves as the Director of the CRISP Center and the Army-funded A2I2 Institute at Purdue, co-wrote the article with Amiya Maji (Ph.D. ’15), now a Senior Computational Scientist at Purdue; Fahad Arshad (Ph.D. ’14), now Engineer at VMWare; and former IBM Research member, Jan Rellermeyer, now a Full Professor at Leibniz University in Hannover, Germany.

The Test of Time award is given to two papers each year that were published at DSN 10 years ago and that have had the most profound impact on the field of dependable computing. DSN is the most prestigious conference in the field of dependable computing systems and has been run annually since 1970. It is the flagship conference organized by the IEEE Technical Community on Dependable Computing and Fault Tolerance (TCFT).

The awarded paper was one of the earliest to investigate the reliability and security of Android OS, which was then only 4 years old but had already become the most popular mobile OS with a 47% market share (today that share is 86%). The paper showed how to use stateful fuzzing to understand the vulnerabilities of Android. It then proposed software architecture changes to improve the reliability and the security of the OS. The results, shared with Google, led to two version updates rolled out by Google.

In his acceptance speech Saurabh mentioned, “Never underestimate the power of good taco to get creative ideas flowing. I was doing my sabbatical at IBM Research in Austin and at UT Austin. Jan and I had been discussing the idea of using his expertise in object oriented distributed systems to a problem we had been grappling with --- understanding the vulnerability of mobile Operating Systems. We had been doing a whole bunch of fuzzing experiments but not getting much success.”

Saurabh added, “Then Fahad, then a PhD student in my group, came over from Purdue to Austin to spend a week with us. We are waiting in this long line at Taco Deli for our weekly ritual of the lab going out to lunch at that place. And while discussing there we hit upon this idea of doing directed fuzzing of a very particular kind. We came back, Fahad and Amiya coded up the idea in a tool that we called JarJar Binks (a nod to Star Wars) and within a week we had fantastic results. Android was crashing or hanging up often enough due to the fuzzing campaigns, done without system level privileges. This led us to also develop mitigations and we shared the Proof of Concept codes with Google.”

Jan, a co-author on the paper added, “My group in the IBM Austin Research Lab was in the process of shaping a vision for how smart mobile devices would change the world of enterprise software. We were very glad to have Saurabh as a visitor in our lab because understanding the dependability and security issues of mobile operating systems was of extreme importance to us because we recognized that people had started to bring their own mobile devices to work and would soon expect to use easy and intuitive apps to interact with corporate IT infrastructure. I highly enjoyed the collaboration with Saurabh and his group at Purdue University and am happy that the resulting work had such a tremendous impact on the community. “

Dr. Claudio Basile, a Tech Lead/Manager at Google, who nominated this paper for the Test of Time Award, commented, “This paper has provided a valuable contribution to the way we design mobile OSes in general, and Android in particular. It has had a far-reaching impact by showing how mobile OSes can be made more reliable and secure. This paper is distinctive in that it has had wide academic impact and impact through commercial adoption.”

This paper was one of two that was recognized with the Test of Time award at the conference. The abstract of this paper is given below.

An empirical study of the robustness of Inter-component Communication in Android

Amiya K. Maji⁽⁺⁾, Fahad A. Arshad⁽⁺⁾, Saurabh Bagchi⁽⁺⁾, Jan S. Rellermeyer^(*)

+: Purdue University; *: IBM Research

Abstract

Over the last three years, Android has established itself as the largest-selling operating system for smartphones. It boasts of a Linux-based robust kernel, a modular framework with multiple components in each application, and a security-conscious design where each application is isolated in its own virtual machine. However, all of these desirable properties would be rendered ineffectual if an application were to deliver erroneous messages to targeted applications and thus cause the target to behave incorrectly. In this paper, we present an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values. We show that not only exception handling is a rarity in Android applications, but also it is possible to crash the Android runtime from unprivileged user processes. Based on our observations, we highlight some of the critical design issues in Android ICC and suggest solutions to alleviate these problems.