{"id":1121,"date":"2022-09-09T11:34:53","date_gmt":"2022-09-09T09:34:53","guid":{"rendered":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/"},"modified":"2022-09-09T11:34:53","modified_gmt":"2022-09-09T09:34:53","slug":"phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation","status":"publish","type":"events","link":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/","title":{"rendered":"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation"},"content":{"rendered":"<section class=\"wp-block-unilux-blocks-free-section section\"><div class=\"container xl:max-w-screen-xl\"><p>You are all cordially invited to attend the PhD Defence of Timoth\u00e9e Riom<strong>\u00a0<\/strong>on\u00a0<strong>Wednesday, 28 September\u00a02022 at 10:00.<\/strong><\/p><p>The defence will take place physically in room D17 (Main building of the Campus Kirchberg).<\/p><p><strong>Members of the defense committee<\/strong>:<\/p><ul class=\"ulux-list\"><li class=\"ulux-list-item\">Dr. Jacques KLEIN, Dissertation Supervisor, Associate Professor, University of Luxembourg, Luxembourg<\/li><li class=\"ulux-list-item\">Dr. Tegawend\u00e9 Francois d\u2019Assise BISSYANDE, Chairman, Associate Professor, University of Luxembourg, Luxembourg<\/li><li class=\"ulux-list-item\">Dr. Yves LE TRAON, Vice-Chairman, Full Professor, University of Luxembourg, Luxembourg<\/li><li class=\"ulux-list-item\">Dr. Olivier BARAIS, Full Professor, Universit\u00e9 de Rennes 1, France<\/li><li class=\"ulux-list-item\">Dr. Pierre GRAUX, Associate Professor, University of Lille, France<\/li><\/ul><p><\/p><p><strong>Abstract<\/strong>:<\/p><p>Programming has become central in the development of human activities while not being immune to defaults, or bugs. Developers have developed specific methods and sequences of tests that they implement to prevent these bugs from being deployed in releases. Nonetheless, not all cases can be thought through beforehand, and automation presents limits the community attempts to overcome. As a consequence, not all bugs can be caught.<\/p><p>These defaults are causing particular concerns in case bugs can be exploited to breach the program\u2019s security policy. They are then called vulnerabilities and provide specific actors with undesired access to the resources a program manages. It damages the trust in the program and in its developers, and may eventually impact the adoption of the program. Hence, to attribute a specific attention to vulnerabilities appears as a natural outcome. In this regard, this PhD work targets the following three challenges:<\/p><p>(1) The research community references those vulnerabilities, categorises them, reports and ranks their impact. As a result, analysts can learn from past vulnerabilities in specific programs and figure out new ideas to counter them. Nonetheless, the resulting quality of the lessons and the usefulness of ensuing solutions depend on the quality and the consistency of the information provided in the reports.<\/p><p>(2) New methods to detect vulnerabilities can emerge among the teachings this monitoring provides. With responsible reporting, these detection methods can provide hardening of the programs we rely on. Additionally, in a context of computer performance gain, machine learning algorithms are increasingly adopted, providing engaging promises.<\/p><p>(3) If some of these promises can be fulfilled, not all are not reachable today. Therefore a complementary strategy needs to be adopted while vulnerabilities evade detection up to public releases. Instead of preventing their introduction, programs can be hardened to scale down their exploitability. Increasing the complexity to exploit or lowering the impact below specific thresholds makes the presence of vulnerabilities an affordable risk for the feature provided. The history of programming development encloses the experimentation and the adoption of so-called defence mechanisms. Their goals and performances can be diverse, but their implementation in worldwide adopted programs and systems (such as the Android Open Source Project) acknowledges their pivotal position.<\/p><p>To face these challenges, we provide the following contributions:<\/p><p>\u2022 We provide a manual categorisation of the vulnerabilities of the worldwide adopted Android Open Source Project up to June 2020. Clarifying to adopt a vulnerability analysis provides consistency in the resulting data set. It facilitates the explainability of the analyses and sets up for the updatability of the resulting set of vulnerabilities. Based on this analysis, we study the evolution of AOSP\u2019s vulnerabilities. We explore the different temporal evolutions of the vulnerabilities affecting the system for their severity, the type of vulnerability, and we provide a focus on memory corruption-related vulnerabilities.<\/p><p>\u2022 We undertake the replication of a machine-learning based detection algorithms that, besides being part of the state-of-the-art and referenced to by ensuing works, was not available. Named VCCFinder, this algorithm implements a Support-Vector Machine and bases its training on Vulnerability-Contributing Commits and related patches for C and C++ code. Not in capacity to achieve analogous performances to the original article, we explore parameters and algorithms, and attempt to overcome the challenge provided by the over-population of unlabeled<\/p><p>entries in the data set. We provide the community with our code and results as a replicable baseline for further improvement.<\/p><p>\u2022 We eventually list the defence mechanisms that the Android Open Source Project incrementally implements, and we discuss how it sometimes answers comments the community addressed to the project\u2019s developers. We further verify the extent to which specific memory corruption defence mechanisms were implemented in the binaries of different versions of Android (from API-level 10 to 28). We eventually confront the evolution of memory corruption-related vulnerabilities with the implementation timeline of related defence mechanisms.<\/p><\/div><\/section>","protected":false},"excerpt":{"rendered":"<p>You are all cordially invited to attend the PhD Defence of Timoth\u00e9e Riom\u00a0on\u00a0Wednesday, 28 September\u00a02022 at 10:00.The defence will take place physically in room D17 (Main building of the Campus Kirchberg).<\/p>\n","protected":false},"author":0,"featured_media":1122,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"featured_image_focal_point":[],"show_featured_caption":false,"ulux_newsletter_groups":"","uluxPostTitle":"","uluxPrePostTitle":"","_trash_the_other_posts":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"event_start_date":"2022-09-28 10:00:00","event_end_date":"2022-09-28 13:00:00","event_speaker_name":"Timoth\u00e9e Riom (SerVal group)","event_speaker_link":"","event_is_online":false,"event_location":"","event_street":"","event_location_link":"","event_zip_code":"","event_city":"","event_country":"LU"},"events-topic":[],"events-type":[],"organisation":[183],"authorship":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.3 (Yoast SEO v22.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation - SnT - Universit\u00e9 du Luxembourg I Uni.lu<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation\" \/>\n<meta property=\"og:description\" content=\"You are all cordially invited to attend the PhD Defence of Timoth\u00e9e Riom\u00a0on\u00a0Wednesday, 28 September\u00a02022 at 10:00.The defence will take place physically in room D17 (Main building of the Campus Kirchberg).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/\" \/>\n<meta property=\"og:site_name\" content=\"SnT FR\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"2560\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/\",\"url\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/\",\"name\":\"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation - SnT - Universit\u00e9 du Luxembourg I Uni.lu\",\"isPartOf\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg\",\"datePublished\":\"2022-09-09T09:34:53+00:00\",\"dateModified\":\"2022-09-09T09:34:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage\",\"url\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg\",\"contentUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.uni.lu\/fr\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Interdisciplinary Centre for Security, Reliability and Trust (SnT)\",\"item\":\"https:\/\/www.uni.lu\/snt-fr\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Events\",\"item\":\"https:\/\/www.uni.lu\/snt-fr\/events\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#website\",\"url\":\"https:\/\/www.uni.lu\/snt-fr\/\",\"name\":\"SnT\",\"description\":\"Interdisciplinary Centre for Security, Reliability and Trust I Uni.lu\",\"publisher\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#organization\"},\"alternateName\":\"Interdisciplinary Centre for Security, Reliability and Trust I Universit\u00e9 du Luxembourg\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.uni.lu\/snt-fr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#organization\",\"name\":\"SnT - Universit\u00e9 du Luxembourg I Uni.lu\",\"alternateName\":\"Interdisciplinary Centre for Security, Reliability and Trust\",\"url\":\"https:\/\/www.uni.lu\/snt-fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg\",\"contentUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg\",\"width\":2560,\"height\":2560,\"caption\":\"SnT - Universit\u00e9 du Luxembourg I Uni.lu\"},\"image\":{\"@id\":\"https:\/\/www.uni.lu\/snt-fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/school\/snt-lu\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation - SnT - Universit\u00e9 du Luxembourg I Uni.lu","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/","og_locale":"fr_FR","og_type":"article","og_title":"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation","og_description":"You are all cordially invited to attend the PhD Defence of Timoth\u00e9e Riom\u00a0on\u00a0Wednesday, 28 September\u00a02022 at 10:00.The defence will take place physically in room D17 (Main building of the Campus Kirchberg).","og_url":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/","og_site_name":"SnT FR","og_image":[{"width":2560,"height":2560,"url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/","url":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/","name":"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation - SnT - Universit\u00e9 du Luxembourg I Uni.lu","isPartOf":{"@id":"https:\/\/www.uni.lu\/snt-fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage"},"image":{"@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg","datePublished":"2022-09-09T09:34:53+00:00","dateModified":"2022-09-09T09:34:53+00:00","breadcrumb":{"@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#primaryimage","url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg","contentUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2022\/09\/phd_defence_a_software_vulnerabilities_odysseus_analysis_detection_and_mitigation.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.uni.lu\/snt-fr\/events\/phd-defence-a-software-vulnerabilities-odysseus-analysis-detection-and-mitigation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.uni.lu\/fr"},{"@type":"ListItem","position":2,"name":"Interdisciplinary Centre for Security, Reliability and Trust (SnT)","item":"https:\/\/www.uni.lu\/snt-fr\/"},{"@type":"ListItem","position":3,"name":"Events","item":"https:\/\/www.uni.lu\/snt-fr\/events\/"},{"@type":"ListItem","position":4,"name":"PhD Defence: A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation"}]},{"@type":"WebSite","@id":"https:\/\/www.uni.lu\/snt-fr\/#website","url":"https:\/\/www.uni.lu\/snt-fr\/","name":"SnT","description":"Interdisciplinary Centre for Security, Reliability and Trust I Uni.lu","publisher":{"@id":"https:\/\/www.uni.lu\/snt-fr\/#organization"},"alternateName":"Interdisciplinary Centre for Security, Reliability and Trust I Universit\u00e9 du Luxembourg","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.uni.lu\/snt-fr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.uni.lu\/snt-fr\/#organization","name":"SnT - Universit\u00e9 du Luxembourg I Uni.lu","alternateName":"Interdisciplinary Centre for Security, Reliability and Trust","url":"https:\/\/www.uni.lu\/snt-fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.uni.lu\/snt-fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg","contentUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/13\/2026\/03\/03112647\/SNT_SM-Profile_1600x1600px-scaled.jpg","width":2560,"height":2560,"caption":"SnT - Universit\u00e9 du Luxembourg I Uni.lu"},"image":{"@id":"https:\/\/www.uni.lu\/snt-fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/school\/snt-lu\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/events\/1121"}],"collection":[{"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/events"}],"about":[{"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/types\/events"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/comments?post=1121"}],"version-history":[{"count":0,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/events\/1121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/media\/1122"}],"wp:attachment":[{"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/media?parent=1121"}],"wp:term":[{"taxonomy":"events-topic","embeddable":true,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/events-topic?post=1121"},{"taxonomy":"events-type","embeddable":true,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/events-type?post=1121"},{"taxonomy":"organisation","embeddable":true,"href":"https:\/\/www.uni.lu\/snt-fr\/wp-json\/wp\/v2\/organisation?post=1121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}