Michael Schlichtig scite author profile

Context: Cryptographic APIs are often misused in real-world applications. To mitigate that, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method: We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domainspecific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair "Cryptographic API Misuse Detection Tool Benchmark Suite". We will implement the first version of Cam-Bench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain. CCS CONCEPTS• Software and its engineering → Software libraries and repositories; Software maintenance tools; Software verification and validation; • Security and privacy → Software security engineering.

show abstract

FUM - A Framework for API Usage constraint and Misuse Classification

Schlichtig

Sassalla

Narasimhan

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Michael Schlichtig

Fully-Featured Anonymous Credentials with Reputation System

Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress)

A large-scale study of usability criteria addressed by static analysis tools

CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite

FUM - A Framework for API Usage constraint and Misuse Classification

Contact Info

Product

Resources

About