Cryptographic api misuses
WebMay 11, 2024 · APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API misuse detectors have … WebAnalyzing Cryptographic API Usages for Android Applications Using HMM and N-Gram Abstract: A recent research shows that 88 % of Android applications that use cryptographic APIs make at least one mistake. For this reason, several tools have been proposed to detect crypto API misuses, such as CryptoLint, CMA, and CogniCryptS AsT .
Cryptographic api misuses
Did you know?
WebJun 18, 2024 · Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically … WebMay 31, 2024 · Further, we integrated our dataset into MUBench [3], a benchmark for API misuse detection. Our dataset provides a foundation for research on Crypto API misuses. For example, it can be used to evaluate the precision and recall of detection tools, as a foundation for studies related to Crypto API misuses, or as a training set.
Webthe vulnerabilities in the “cryptography issues” category of the Common Vulnerabilities and Exposures (CVE) database have been dominated (83%) by the Cryptography API misuses [18]. The detection of cryptographic API misuses can be mapped to a set of program analysis problems [19]. Most of these WebCryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of …
WebDec 7, 2024 · CryptoAPI-Bench consists of 181 unit test cases that cover basic cases, as well as complex cases, including interprocedural, field sensitive, multiple class test cases, and path sensitive data flow... WebSep 15, 2024 · For the detection of crypto API misuses, the AE uses an anomaly detection based approach because it is trained to reconstruct frequently encountered patterns in …
WebJun 18, 2024 · We specialize static def-use analysis (DBLP:conf/aswec/YangTM08, ) and forward and backward program slicings (DBLP:conf/scam/Lucia01, ) for detecting Java cryptographic API misuses. We break the detection strategy into one or more steps, so that a step can be realized with a single round of program slicing.
WebAutomatic Detection of Java Cryptographic API Misuses: Are We There Yet Authors: Zhang, Ying; Kabir, Md Mahir; Xiao, Ya; Yao, Danfeng Daphne; Meng, Na Award ID (s): 1929701 1845446 Publication Date: 2024-01-01 NSF-PAR ID: 10345922 Journal Name: IEEE Transactions on Software Engineering Page Range or eLocation-ID: 1 to 1 ISSN: 0098-5589 how is a dental bridge attachedWebAbstract: Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced … highhsoulWebA comprehensive benchmark for misuse detection of cryptographic APIs, consisting of 171 unit test cases that cover basic cases, as well as complex cases, including interprocedural, field sensitive, multiple class test cases, and path sensitive data flow of misuse cases. 26 PDF View 1 excerpt, references background how is a defined benefit pension calculatedWebMar 16, 2024 · Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. high hs crp in womenWebthat try to address the misuses II from both static and dynamic analysis perspectives. a) CRYLOGGER: Android applications use Java cryp-tographic algorithms (JCA) to perform cryptographic opera-tions like authentication, storing the data, checking integrity. CRYLOGGER [17] is designed to detect API misuses of JCA through dynamic analysis. high hs-crp levelsWebRunning on 120 open source Go cryptographic projects from GitHub, CryptoGo discovered that 83.33% of the Go cryptographic projects have at least one cryptographic misuse. It … high hs crp levels in womenWebA Comprehensive Benchmark on Java Cryptographic API Misuses Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao Department of Computer Science Virginia Tech Blacksburg, Virginia {sharminafrose,sazzad14,danfeng}@vt.edu ABSTRACT Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced … high hspf mini splits