AndroidsJCL-SecDev23

In this repository, we provide the artifacts related to our paper analysing the Java Class Library in Android:

Timothée Riom, Alexandre Bartel An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact., IEEE Secure Development Conference (SecDev), 2023. [bib] [secdev]

# clone this repository
git clone https://github.com/software-engineering-and-security/AndroidsJCL-SecDev23.git
cd AndroidsJCL-SecDev23
tar xzvf timdb-openjdk_classes_tables.tar.gz

Buidling the database

Mariadb has been used all alog the process.

DB can be rebuild auromatically by:

Updating the RQ1-OriginalVersion/toolsDir/db_tools file
Create mariadb user accordingly
cd in RQ1-OriginalVersion/toolsDir/
Execute build_mariadb_db.sh

RQ1-Origin of Libcore Java classes:

Reproduce Figure 3- Evolution of Java Classes:

cd RQ1-OriinalVersion
bash toolsDir/one_tables_nb_ojclass_figure.sf
cd ..

Reproduce Figure 4- OpenJDK profile of each Android version:

For each version X

cd RQ1-OriginalVersion
bash toolsDir/compare_one_tables_sh_X.sh
cd ..

Reproduce figure 5- Proximity of Android Java Classes to Original OpenJDK :

cd RQ1-OriginalVersion/ONE_TABLES/PROXIMITY
bash toolsDir/stats.sh

RQ2-Management of OpenJDK CVEs and Potential Over-Exposures :

cd RQ2-OverExposure
bash run_analysis.sh
cd ..

RQ3- Exploit of CVE-2022-21340, both on OpenJDK and Android-13:

Video demonstrating available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/device-2023-05-24-101133.mp4

App available at ./RQ3-Exploit/cve-2022-21340/tim_android_app/CVE20221340

Device fingerprint: google/sdk_gphone_x86_64/emu64xa:13/TE1A.220922.025/9795748:userdebug/dev-keys

OpenJDK

cd RQ3-Exploit/openjdk-vulnerable
#Download Vulnerable version of OpenJDK
wget https://download.java.net/java/GA/jdk11/13/GPL/openjdk-11.0.1_linux-x64_bin.tar.gz
#untar openjdk vulnerable version
tar xzvf openjdk-11.0.1.tar.gz
#Generate the tar file
cd source_jar
bash create_jar.sh
cd ..

Android-13

Paper figures

Ref	Location (relative to `$DOCKER_CONTAINER_BASE/home/{user_name}/`)
Figure 3	RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/nb_ojluni_classes.pdf
Figure 4	RQ1-OriginalVersion/ONE_TABLES/GRAPHDIR/*
Figure 5	RQ1-OriginalVersion/ONE_TABLES/PROXIMITY/graphDir/distances_area.pdf

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
RQ1-OriginalVersion		RQ1-OriginalVersion
RQ2-OverExposure		RQ2-OverExposure
RQ3-Exploit		RQ3-Exploit
README.md		README.md
timdb-libcore_classes_table.sql		timdb-libcore_classes_table.sql
timdb-openjdk_classes_tables.tar.gz		timdb-openjdk_classes_tables.tar.gz

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AndroidsJCL-SecDev23

Buidling the database

RQ1-Origin of Libcore Java classes:

Reproduce Figure 3- Evolution of Java Classes:

Reproduce Figure 4- OpenJDK profile of each Android version:

Reproduce figure 5- Proximity of Android Java Classes to Original OpenJDK :

RQ2-Management of OpenJDK CVEs and Potential Over-Exposures :

RQ3- Exploit of CVE-2022-21340, both on OpenJDK and Android-13:

OpenJDK

Android-13

Paper figures

About

Releases

Packages

Contributors 2

Languages

software-engineering-and-security/AndroidsJCL-SecDev23

Folders and files

Latest commit

History

Repository files navigation

AndroidsJCL-SecDev23

Buidling the database

RQ1-Origin of Libcore Java classes:

Reproduce Figure 3- Evolution of Java Classes:

Reproduce Figure 4- OpenJDK profile of each Android version:

Reproduce figure 5- Proximity of Android Java Classes to Original OpenJDK :

RQ2-Management of OpenJDK CVEs and Potential Over-Exposures :

RQ3- Exploit of CVE-2022-21340, both on OpenJDK and Android-13:

OpenJDK

Android-13

Paper figures

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages