A Comprehensive Benchmark on Java Cryptographic API Misuses – Sanghani Center for Artificial Intelligence and Data Analytics

Danfeng (Daphne) Yao

Abstract

Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.

Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao: A Comprehensive Benchmark on Java Cryptographic API Misuses. CODASPY 2020: 177-178

People

Danfeng (Daphne) Yao

Professor of Computer Science

Publication Details

Date of publication:: March 16, 2020
Conference:: CODASPY: Data and Application Security and Privacy
Page number(s):: 177-178