Giter VIP home page Giter VIP logo

androidsjcl-secdev23's Introduction

AndroidsJCL-SecDev23

In this repository, we provide the artifacts related to our paper analysing the Java Class Library in Android:

Timothée Riom, Alexandre Bartel An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact., IEEE Secure Development Conference (SecDev), 2023. [bib] [secdev]

# clone this repository
git clone https://github.com/software-engineering-and-security/AndroidsJCL-SecDev23.git
cd AndroidsJCL-SecDev23
tar xzvf timdb-openjdk_classes_tables.tar.gz

Buidling the database

Mariadb has been used all alog the process.

DB can be rebuild auromatically by:

  1. Updating the RQ1-OriginalVersion/toolsDir/db_tools file
  2. Create mariadb user accordingly
  3. cd in RQ1-OriginalVersion/toolsDir/
  4. Execute build_mariadb_db.sh

RQ1-Origin of Libcore Java classes:

Reproduce Figure 3- Evolution of Java Classes:

cd RQ1-OriinalVersion
bash toolsDir/one_tables_nb_ojclass_figure.sf
cd ..

Reproduce Figure 4- OpenJDK profile of each Android version:

For each version X

cd RQ1-OriginalVersion
bash toolsDir/compare_one_tables_sh_X.sh
cd ..

Reproduce figure 5- Proximity of Android Java Classes to Original OpenJDK :

cd RQ1-OriginalVersion/ONE_TABLES/PROXIMITY
bash toolsDir/stats.sh

RQ2-Management of OpenJDK CVEs and Potential Over-Exposures :

cd RQ2-OverExposure
bash run_analysis.sh
cd ..

RQ3- Exploit of CVE-2022-21340, both on OpenJDK and Android-13:

Video demonstrating available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/device-2023-05-24-101133.mp4

App available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/CVE20221340

Device fingerprint: google/sdk_gphone_x86_64/emu64xa:13/TE1A.220922.025/9795748:userdebug/dev-keys

OpenJDK

cd RQ3-Exploit/openjdk-vulnerable
#Download Vulnerable version of OpenJDK
wget https://download.java.net/java/GA/jdk11/13/GPL/openjdk-11.0.1_linux-x64_bin.tar.gz
#untar openjdk vulnerable version
tar xzvf openjdk-11.0.1.tar.gz
#Generate the tar file
cd source_jar
bash create_jar.sh
cd ..

Android-13

Paper figures

Ref Location (relative to $DOCKER_CONTAINER_BASE/home/{user_name}/)
Figure 3 RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/nb_ojluni_classes.pdf
Figure 4 RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/*
Figure 5 RQ1-OriginalVersion/ONE_TABLES/PROXIMITY/graphDir/distances_area.pdf

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.