A Comprehensive Benchmark on Java Cryptographic API Misuses

Sharmin Afrose, Sazzadur Rahaman, Danfeng Yao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

Original languageEnglish (US)
Title of host publicationCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages177-178
Number of pages2
ISBN (Electronic)9781450371070
DOIs
StatePublished - Mar 16 2020
Externally publishedYes
Event10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 - New Orleans, United States
Duration: Mar 16 2020Mar 18 2020

Publication series

NameCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

Conference

Conference10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020
Country/TerritoryUnited States
CityNew Orleans
Period3/16/203/18/20

Keywords

  • benchmark
  • cryptographic api misuses
  • cryptographic vulnerability detection tools

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'A Comprehensive Benchmark on Java Cryptographic API Misuses'. Together they form a unique fingerprint.

Cite this