Industrial Strength Static Detection for Cryptographic API Misuses – Sanghani Center for Artificial Intelligence and Data Analytics

Danfeng (Daphne) Yao

Abstract

We describe our experience of building an industrial-strength cryptographic vulnerability detector, which aims to detect cryptographic API misuses in Java TM 1 1 Java is a registered trademark of Oracle and/or its affiliates.. Based on the detection algorithms of the academic tool CryptoGuard, we integrated the detection into the Oracle internal code scanning platform Parfait. The goal of the Parfait-based cryptographic vulnerability detection is to provide precise and scalable crypto-graphic code screening for large-scale industrial projects. We discuss the needs and challenges of the static cryptographic vulnerability screening in the industrial environment.

Ya Xiao, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng Yao, Cristina Cifuentes: Industrial Strength Static Detection for Cryptographic API Misuses. SecDev 2022: 61-62

People

Danfeng (Daphne) Yao

Professor of Computer Science

Publication Details

Date of publication:: December 14, 2022
Conference:: IEEE Cybersecurity Development (SecDev)
Page number(s):: 61-62