In this repository, we provide the artifacts related to our paper analysing the Java Class Library in Android:
Timothée Riom, Alexandre Bartel An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact., IEEE Secure Development Conference (SecDev), 2023. [bib] [secdev]
# clone this repository
git clone https://github.com/software-engineering-and-security/AndroidsJCL-SecDev23.git
cd AndroidsJCL-SecDev23
tar xzvf timdb-openjdk_classes_tables.tar.gz
Mariadb has been used all alog the process.
DB can be rebuild auromatically by:
- Updating the RQ1-OriginalVersion/toolsDir/db_tools file
- Create mariadb user accordingly
- cd in RQ1-OriginalVersion/toolsDir/
- Execute build_mariadb_db.sh
cd RQ1-OriinalVersion
bash toolsDir/one_tables_nb_ojclass_figure.sf
cd ..
For each version X
cd RQ1-OriginalVersion
bash toolsDir/compare_one_tables_sh_X.sh
cd ..
cd RQ1-OriginalVersion/ONE_TABLES/PROXIMITY
bash toolsDir/stats.sh
cd RQ2-OverExposure
bash run_analysis.sh
cd ..
Video demonstrating available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/device-2023-05-24-101133.mp4
App available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/CVE20221340
Device fingerprint: google/sdk_gphone_x86_64/emu64xa:13/TE1A.220922.025/9795748:userdebug/dev-keys
cd RQ3-Exploit/openjdk-vulnerable
#Download Vulnerable version of OpenJDK
wget https://download.java.net/java/GA/jdk11/13/GPL/openjdk-11.0.1_linux-x64_bin.tar.gz
#untar openjdk vulnerable version
tar xzvf openjdk-11.0.1.tar.gz
#Generate the tar file
cd source_jar
bash create_jar.sh
cd ..
Ref | Location (relative to $DOCKER_CONTAINER_BASE/home/{user_name}/ ) |
---|---|
Figure 3 | RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/nb_ojluni_classes.pdf |
Figure 4 | RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/* |
Figure 5 | RQ1-OriginalVersion/ONE_TABLES/PROXIMITY/graphDir/distances_area.pdf |