@inproceedings{83fe373c5e414500afa3cd1858192fa1,
title = "SpanL: Creating Algorithms for Automatic API Misuse Detection with Program Analysis Compositions",
abstract = "High-level language platforms provide APIs to aid developers in easily integrating security-relevant features in their code. Prior research shows that improper use of these APIs is a major source of insecurity in various application domains. Automatic code screening holds lots of potential to enable secure coding. However, building domain-specific security analysis tools requires both application domain and program analysis expertise. Interestingly, most of the prior works in developing domain-specific security analysis tools leverage some form of data flow analysis in the core. We leverage this insight to build a specification language named SpanL1 for domain-specific security screening. The expressiveness analysis shows that a rule requiring any composition of dataflow analysis can be modeled in our language. Our evaluation on four cryptographic API misuse problems shows that our prototype implementation of SpanL does not introduce any imprecision due to the expressiveness of the language(1 SpanL stands for Security sPecificAtioN Language.).",
keywords = "API Misuse, Program Analysis, Specification Language",
author = "Sazzadur Rahaman and Miles Frantz and Barton Miller and Yao, {Danfeng (Daphne)}",
note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 21st International Conference on Applied Cryptography and Network Security, ACNS 2023 ; Conference date: 19-06-2023 Through 22-06-2023",
year = "2023",
doi = "10.1007/978-3-031-41181-6_28",
language = "English (US)",
isbn = "9783031411809",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "515--529",
editor = "Jianying Zhou and Lejla Batina and Stjepan Picek and Zengpeng Li and Jingqiang Lin and Eleonora Losiouk and Suryadipta Majumdar and Daisuke Mashima and Weizhi Meng and Rahman, {Mohammad Ashiqur} and Jun Shao and Masaki Shimaoka and Ezekiel Soremekun and Chunhua Su and Teh, {Je Sen} and Aleksei Udovenko and Cong Wang and Leo Zhang and Yury Zhauniarovich",
booktitle = "Applied Cryptography and Network Security Workshops - ACNS 2023 Satellite Workshops, ADSC, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings",
address = "Germany",
}