An official website of the United States government
Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to detect misuses. To compare their accuracy and security guarantees, we develop two comprehensive benchmarks named CryptoAPI-Bench and ApacheCryptoAPI-Bench. CryptoAPI-Bench consists of 181 unit test cases that cover basic cases, as well as complex cases, including interprocedural, field sensitive, multiple class test cases, and path sensitive data flow of misuse cases. The benchmark also includes correct cases for testing false-positive rates. The ApacheCryptoAPI-Bench consists of 121 cryptographic cases from 10 Apache projects. We evaluate four tools, namely, SpotBugs, CryptoGuard, CrySL, and another tool (anonymous) using both benchmarks. We present their performance and comparative analysis. The ApacheCryptoAPI-Bench also examines the scalability of the tools. Our benchmarks are useful for advancing state-of-the-art solutions in the space of misuse detection.
more »
« less
- Home
- Search Results
- Page 1 of 1
Search for: All records
Award ID contains:
1929739
-
Total Resources5
- Resource Type
-
0000000005000000
- More
- Availability
-
50
- Author / Contributor
- Filter by Author / Creator
-
-
Miller, Barton P. (4)
-
Afrose, Sharmin (2)
-
Heymann, Elisa (2)
-
Heymann, Elisa R. (2)
-
Rahaman, Sazzadur (2)
-
Xiao, Ya (2)
-
Yao, Danfeng Daphne (2)
-
Allen, Nicholas (1)
-
Cifuentes, Cristina (1)
-
Eichenhofer, Joseph O. (1)
-
Frantz, Miles (1)
-
Kang, Arnold (1)
-
Kantarcioglu, Murat (1)
-
Keynes, Nathan (1)
-
Meng, Na (1)
-
Miller, Barton (1)
-
Shaon, Fahad (1)
-
Tian, Ke (1)
-
Zhang, Mengxiao (1)
-
Zhao, Yang (1)
-
- Filter by Editor
-
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
(submitted - in Review for IEEE ICASSP-2024) (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
-
Yao, Danfeng Daphne; Rahaman, Sazzadur; Xiao, Ya; Afrose, Sharmin; Frantz, Miles; Tian, Ke; Meng, Na; Cifuentes, Cristina; Zhao, Yang; Allen, Nicholas; et al (, IEEE Security & Privacy)
-
Miller, Barton P.; Zhang, Mengxiao; Heymann, Elisa R. (, IEEE Transactions on Software Engineering)
-
Heymann, Elisa R.; Miller, Barton P. (, IEEE Security & Privacy)
-
Eichenhofer, Joseph O.; Heymann, Elisa; Miller, Barton P.; Kang, Arnold (, IEEE Access)
