This commit is contained in:
parent
f5fee56cab
commit
63f34abca6
GPG key ID:
B66AEEDA9B645AD2
6 changed files with 40 additions and 16 deletions
|
|
@ -124,9 +124,11 @@ The contributions of this thesis are the following:
|
|||
This work was published in the Digital Threats journal~@classloaderinthemiddle.
|
||||
+ We propose an approach to allow static analysis tools to analyse applications that perform dynamic code loading:
|
||||
We collect at runtime the bytecode dynamically loaded and the reflection calls information, and patch the #APK file to perform those operations statically.
|
||||
Finally, we evaluate the impact this transformation has on the tools we containerised previously.#jfl-note[Dire 2 mots sur la méthode de patch qui a été reimplémentée pour être robuste? \ jm: j'ai pas eu le temps de comparer avec soot/droidRA, je trouve que sans xp ca fait trop trust me bro #emoji.cat.face.cry]
|
||||
|
||||
#jfl-note[We release a buch of open source sofware to help the research community: rasta, androscalpel, theseus \ jm: rasta ok, androscalpel/theseus peut être mais j'attend tj le ok de l'inria]
|
||||
Finally, we evaluate the impact this transformation has on the tools we containerised previously.
|
||||
+ We released under the GPL licence #todo[Still waiting for the INRIA to validate] the software we used in the experiments presented in this thesis.
|
||||
For @sec:rasta, this includes the code used to test the output of each tool and the code to analyse the results of the experiment, in addition to the containers to run the tested tools.
|
||||
We also released Androscalpel, a Rust crate to manipulate Dalvik bytecode, that we used to create Theseus, a set of scripts that implement the approach presented in @sec:th.
|
||||
The complete list and location of the software we release are available in @sec:soft.
|
||||
|
||||
== Outline
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue