A Comprehensive Benchmark on Java Cryptographic API Misuses

Sharmin Afrose; Sazzadur Rahaman; Danfeng Yao

doi:10.1145/3374664.3379537

A Comprehensive Benchmark on Java Cryptographic API Misuses

Sharmin Afrose
, Sazzadur Rahaman
, Danfeng Yao

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

Original language	English (US)
Title of host publication	CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	177-178
Number of pages	2
ISBN (Electronic)	9781450371070
DOIs	https://doi.org/10.1145/3374664.3379537
State	Published - Mar 16 2020
Externally published	Yes
Event	10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 - New Orleans, United States Duration: Mar 16 2020 → Mar 18 2020

Publication series

Name	CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

Conference

Conference	10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020
Country/Territory	United States
City	New Orleans
Period	3/16/20 → 3/18/20

Keywords

benchmark
cryptographic api misuses
cryptographic vulnerability detection tools

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1145/3374664.3379537

Cite this

Afrose, S., Rahaman, S., & Yao, D. (2020). A Comprehensive Benchmark on Java Cryptographic API Misuses. In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (pp. 177-178). (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3374664.3379537

A Comprehensive Benchmark on Java Cryptographic API Misuses. / Afrose, Sharmin; Rahaman, Sazzadur; Yao, Danfeng.
CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2020. p. 177-178 (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Afrose, S, Rahaman, S & Yao, D 2020, A Comprehensive Benchmark on Java Cryptographic API Misuses. in CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 177-178, 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020, New Orleans, United States, 3/16/20. https://doi.org/10.1145/3374664.3379537

Afrose S, Rahaman S, Yao D. A Comprehensive Benchmark on Java Cryptographic API Misuses. In CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2020. p. 177-178. (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3374664.3379537

Afrose, Sharmin ; Rahaman, Sazzadur ; Yao, Danfeng. / A Comprehensive Benchmark on Java Cryptographic API Misuses. CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2020. pp. 177-178 (CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy).

@inproceedings{4297e9945ac64942a541951db9893e6e,

title = "A Comprehensive Benchmark on Java Cryptographic API Misuses",

abstract = "Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.",

keywords = "benchmark, cryptographic api misuses, cryptographic vulnerability detection tools",

author = "Sharmin Afrose and Sazzadur Rahaman and Danfeng Yao",

note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020 ; Conference date: 16-03-2020 Through 18-03-2020",

year = "2020",

month = mar,

day = "16",

doi = "10.1145/3374664.3379537",

language = "English (US)",

series = "CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "177--178",

booktitle = "CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy",

}

TY - GEN

T1 - A Comprehensive Benchmark on Java Cryptographic API Misuses

AU - Afrose, Sharmin

AU - Rahaman, Sazzadur

AU - Yao, Danfeng

PY - 2020/3/16

Y1 - 2020/3/16

N2 - Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

AB - Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

KW - benchmark

KW - cryptographic api misuses

KW - cryptographic vulnerability detection tools

UR - https://www.scopus.com/pages/publications/85083397655

UR - https://www.scopus.com/pages/publications/85083397655#tab=citedBy

U2 - 10.1145/3374664.3379537

DO - 10.1145/3374664.3379537

M3 - Conference contribution

AN - SCOPUS:85083397655

T3 - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

SP - 177

EP - 178

BT - CODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

T2 - 10th ACM Conference on Data and Application Security and Privacy, CODASPY 2020

Y2 - 16 March 2020 through 18 March 2020

ER -

A Comprehensive Benchmark on Java Cryptographic API Misuses

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this