This commit is contained in:
Jean-Marie Mineau
parent
37f8298cb7
commit
0d50644ede
GPG key ID:
B66AEEDA9B645AD2
2 changed files with 96 additions and 18 deletions
98
slides.typ
98
slides.typ
|
|
@ -325,11 +325,12 @@
|
|||
#item-by-item(start: 5)[
|
||||
- Do *not* run the application
|
||||
- *Not* limited by code coverage
|
||||
- Some values cannot be computed
|
||||
- But only for the *code available*
|
||||
//- Some values cannot be computed
|
||||
]
|
||||
|
||||
],
|
||||
grid.cell(colspan: 2, uncover(7)[
|
||||
grid.cell(colspan: 2, uncover(8)[
|
||||
#text(size: 30pt)[Can we combine both?]
|
||||
]),
|
||||
)
|
||||
|
|
@ -341,7 +342,13 @@
|
|||
|
||||
#slide[
|
||||
#highlight-block(pb1-text)
|
||||
|
||||
|
||||
|
||||
#highlight-block(pb2-text)
|
||||
|
||||
|
||||
|
||||
#highlight-block(pb3-text)
|
||||
]
|
||||
|
||||
|
|
@ -500,7 +507,13 @@
|
|||
]
|
||||
|
||||
#slide(
|
||||
title: [Conclusion]
|
||||
title: [Conclusion],
|
||||
foreground: {
|
||||
place(
|
||||
bottom + left,
|
||||
text(fill: pirat-color.blue)[International Conference on Software and Systems Reuse (ICSR 2024)]
|
||||
)
|
||||
}
|
||||
)[
|
||||
#set align(center)
|
||||
#item-by-item[
|
||||
|
|
@ -513,6 +526,7 @@
|
|||
|
||||
#slide[
|
||||
#set align(center)
|
||||
// Sous titre dans la conclusion
|
||||
#text(size: 22pt)[21st International Conference on Software and Systems Reuse (ICSR 2024)]
|
||||
|
||||
#v(2em)
|
||||
|
|
@ -741,6 +755,7 @@
|
|||
else:
|
||||
return f"classes{index+1}.dex"
|
||||
```)
|
||||
// Donner example
|
||||
- `classes0.dex` ?
|
||||
- `classes1.dex` ?
|
||||
- `classes02.dex` ?
|
||||
|
|
@ -814,7 +829,7 @@
|
|||
return load_from_file(dex_file, class_name)
|
||||
else:
|
||||
raise ClassNotFoundError()
|
||||
```)
|
||||
```) // TODO: nomer And Cl Alg
|
||||
], [
|
||||
#set align(left)
|
||||
#set text(size: 18pt)
|
||||
|
|
@ -846,7 +861,11 @@
|
|||
show table: set align(center+horizon)
|
||||
it
|
||||
}
|
||||
#show "not working": "attack not successfull"
|
||||
#show "working": "attack successfull"
|
||||
#show "works": "successfull"
|
||||
#scale(100%, reflow: true, get_figure(<tab:cl-results>))
|
||||
// TODO: IF PR: Add REF
|
||||
]
|
||||
|
||||
#slide(
|
||||
|
|
@ -867,7 +886,7 @@
|
|||
#for i in range(3) {
|
||||
if i != 0 { counter("logical-slide").update( n => n - 1 ) }
|
||||
slide(
|
||||
title: [In the Wild],
|
||||
title: [In the Wild: 49 975 APKs],
|
||||
foreground: eye-2(x: 8%, y: 67%, height: 70pt)
|
||||
)[
|
||||
#set align(center+horizon)
|
||||
|
|
@ -886,6 +905,8 @@
|
|||
}
|
||||
}
|
||||
)
|
||||
// TODO: Simplifier table, mettre nb apk dans titre
|
||||
// enlever SDK et 1ere partie 100%
|
||||
#scale(90%, reflow: true, get_figure(<tab:cl-shadow>))
|
||||
]
|
||||
}
|
||||
|
|
@ -904,7 +925,8 @@
|
|||
|
||||
#slide[
|
||||
#set align(center)
|
||||
#text(size: 22pt)[Digital Threats: Research and Practice]
|
||||
// Faire apparaitre a chaque étape
|
||||
#text(size: 22pt)[Digital Threats: Research and Practice])
|
||||
|
||||
#v(2em)
|
||||
|
||||
|
|
@ -917,7 +939,13 @@
|
|||
|
||||
#slide(
|
||||
title: [Overview],
|
||||
foreground: {
|
||||
set align(center+horizon)
|
||||
rotate(30deg, text(fill: pirat-color.red, size: 30pt)[Moche faire un dessin])
|
||||
}
|
||||
)[
|
||||
// TODO: bien tout rappeler l'objectif
|
||||
// TODO: SOA
|
||||
#set align(center+horizon)
|
||||
#show figure.caption: none
|
||||
#scale(100%, reflow: true, get_figure(<fig:th-process>))
|
||||
|
|
@ -932,7 +960,7 @@
|
|||
|
||||
#uncover("2-")[
|
||||
- Android Emulator: runs on computer/server
|
||||
- Grodd Runner: clicks buttons
|
||||
- Grodd Runner: clicks buttons // TODO: ref
|
||||
]
|
||||
|
||||
#v(2em)
|
||||
|
|
@ -943,9 +971,10 @@
|
|||
]
|
||||
|
||||
#slide(
|
||||
title: [Dynamic Code Loading],
|
||||
title: [Transformation: Dynamic Code Loading],
|
||||
foreground: ghost-6(x: 80%, y: 15%, mirror: true)
|
||||
)[
|
||||
// Split schema: observed dyn code loaded / new apk
|
||||
#set align(center+horizon)
|
||||
#show figure.caption: none
|
||||
#show image: box.with(width: 58%)
|
||||
|
|
@ -953,6 +982,7 @@
|
|||
]
|
||||
|
||||
#for i in range(4) {
|
||||
// TODO: plutot barrer les lignes au lieux de les remplacer
|
||||
if i != 0 { counter("logical-slide").update( n => n - 1 ) }
|
||||
|
||||
slide(
|
||||
|
|
@ -1070,6 +1100,8 @@
|
|||
)[
|
||||
#set align(center+horizon)
|
||||
#show figure.caption: none
|
||||
// TODO: enlever 1er 6iem pass, garder nb failed, remplacer vide par '-' sous '209'
|
||||
// enlever nb activity
|
||||
#set table(
|
||||
fill: (x, y) => {
|
||||
if (
|
||||
|
|
@ -1106,12 +1138,15 @@
|
|||
#scale(90%, reflow: true, get_figure(<tab:th-bytecode-hashes>))
|
||||
]
|
||||
|
||||
// TODO schema!!!
|
||||
|
||||
#for i in range(3) {
|
||||
if i != 0 { counter("logical-slide").update( n => n - 1 ) }
|
||||
|
||||
slide(
|
||||
title: [Added Calls],
|
||||
title: [Added Method Calls],
|
||||
)[
|
||||
// TODO: remove Before After
|
||||
#set align(center+horizon)
|
||||
#show link.where(dest: <acr-apk>): it => it.body
|
||||
#show link.where(dest: <acr-dex>): it => it.body
|
||||
|
|
@ -1133,11 +1168,12 @@
|
|||
]
|
||||
}
|
||||
|
||||
|
||||
// TODO: Remove?
|
||||
#slide(
|
||||
title: [Added Calls],
|
||||
title: [Toy Example: New Call Graph],
|
||||
foreground: ghost-3(x: 93%, y: 10%)
|
||||
)[
|
||||
// TODO: Légende des couleurs
|
||||
#import "@preview/diagraph:0.3.5": render
|
||||
#set align(center+horizon)
|
||||
#scale(47%, box(render(
|
||||
|
|
@ -1153,6 +1189,10 @@
|
|||
#set align(center+horizon)
|
||||
#show figure.caption: none
|
||||
#scale(90%, reflow: true, get_figure(<fig:th-status-npatched-vs-patched>))
|
||||
// Fleche original
|
||||
// Fleche theseus
|
||||
//
|
||||
// Theseus Transformeur
|
||||
]
|
||||
|
||||
#slide(
|
||||
|
|
@ -1174,7 +1214,7 @@
|
|||
#item-by-item[
|
||||
- After five years, more than half the static analysis tools are no longer usable.
|
||||
The size of the application seems to be the most significant factor.
|
||||
- Android behaviour is complex and well known.
|
||||
- Android behaviour is complex and not well known.
|
||||
In the specific case of class loading, we showed that state-of-the-art tools do not match Android, leading to invalid analyses.
|
||||
- APKs can be augmented with instrumentation to improve further analyses with any other tools.
|
||||
- Also, dynamic analysis is still very much not trivial.
|
||||
|
|
@ -1233,3 +1273,37 @@
|
|||
#pagebreak()
|
||||
#set page(height: auto, margin: 25mm)
|
||||
#bibliography("bibliography.bib")
|
||||
|
||||
|
||||
/*
|
||||
* RETOUR 1:
|
||||
*
|
||||
* Bon premier jet.
|
||||
*
|
||||
* - slide text bof
|
||||
* - Parti 3: plus dure a comprendre
|
||||
* - Expliquer ce qui est fait avant le résultat (surtout parti 3)
|
||||
* - 'Analysing Applications: Which Tools?': 1 - 2 bof
|
||||
* plus décrire les papier avec des bullets + limites, *critiquer*
|
||||
* 1) test pas les outils
|
||||
* 2) a l'air de dire que ca marche pas, mais pas a l'echelle
|
||||
* bascullement de which tools? a tester les outils, on est pas sur que les outils fonctionne
|
||||
*
|
||||
*
|
||||
* slite titre problemenatiques: PB1, PB2 PB3
|
||||
*
|
||||
* Plus d'état de l'art, dans chapitres? redonner contexte au debut des chapitre, en profiter pour l'état de l'art. Pas plus d'un ou deux papiers, si important.
|
||||
* Remplacer l'état de l'art dans l'intro par intuition et mettre soa dans chapitre
|
||||
*
|
||||
* Pb Statement: lisibilité!
|
||||
*
|
||||
* PQ: focu on dcl & refl
|
||||
*
|
||||
* Obfuscation: fleche vers deobfuscation
|
||||
*
|
||||
* Intro, dessin pas a pas dans l'intro en fonction de ce qui se passe dans l'intro
|
||||
* RQ1: Static, RQ2: Check coherence static / dynamic, RQ3: transformation
|
||||
*
|
||||
* Mettre Theseus Tranformeur un peu partout!
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue