Java加密API误用的综合基准测试

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI:10.1145/3374664.3379537

Sharmin Afrose, Sazzadur Rahaman, D. Yao

{"title":"Java加密API误用的综合基准测试","authors":"Sharmin Afrose, Sazzadur Rahaman, D. Yao","doi":"10.1145/3374664.3379537","DOIUrl":null,"url":null,"abstract":"Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Comprehensive Benchmark on Java Cryptographic API Misuses\",\"authors\":\"Sharmin Afrose, Sazzadur Rahaman, D. Yao\",\"doi\":\"10.1145/3374664.3379537\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.\",\"PeriodicalId\":171521,\"journal\":{\"name\":\"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3374664.3379537\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3374664.3379537","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

在现有的实际Java代码中，对加密api的误用非常普遍。存在一些开源和商业加密漏洞检测工具，可以捕获Java程序中的滥用。为了分析它们的效率和覆盖率，我们构建了一个名为CryptoAPI-Bench的综合基准，它由171个单元测试用例组成。测试用例包括基本用例和复杂用例。我们使用CryptoAPI-Bench评估了四个工具，即SpotBugs, CryptoGuard, CrySL和Coverity，并显示了它们的相对性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Comprehensive Benchmark on Java Cryptographic API Misuses

Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量