CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Nierstrasz, Oscar (March 2020). CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs. In: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) 2020 2020 (pp. 632-636). IEEE 10.1109/SANER48275.2020.9054799

[img] Text
Hazh20a.pdf - Accepted Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (1MB)
[img] Text
09054799.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (1MB)

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer, stocked with numerous real-world secure and insecure examples that developers can explore to learn how to use cryptographic APIs properly. This platform currently provides 3 263 secure uses, and 5 897 insecure uses of Java Cryptography Architecture mined from 2 324 Java projects on GitHub. A preliminary study shows that CryptoExplorer provides developers with secure crypto API use examples instantly, developers can save time compared to searching on the internet for such examples, and they learn to avoid using certain algorithms in APIs by studying misused API examples. We have a pipeline to regularly mine more projects, and, on request, we offer our dataset to researchers.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued]

UniBE Contributor:

Hazhirpasand Barkadehi, Mohammadreza, Ghafari, Mohammad, Nierstrasz, Oscar

Subjects:

000 Computer science, knowledge & systems
500 Science > 510 Mathematics

ISBN:

978-1-7281-5143-4

Publisher:

IEEE

Funders:

[4] Swiss National Science Foundation

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

20 Apr 2021 12:09

Last Modified:

05 Dec 2022 15:49

Publisher DOI:

10.1109/SANER48275.2020.9054799

ArXiv ID:

2001.00773v1

Uncontrolled Keywords:

scg-pub security snf-asa3 scg20 jb20 snf-imad

BORIS DOI:

10.48350/154501

URI:

https://boris.unibe.ch/id/eprint/154501

Actions (login required)

Edit item Edit item
Provide Feedback