Reference : Negative Results on Mining Crypto-API Usage Rules in Android Apps
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/42460
Negative Results on Mining Crypto-API Usage Rules in Android Apps
English
Gao, Jun mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Kong, Pingfan mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > >]
Li, Li mailto [Monash University > Faculty of Information Technology]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
2019
Proceedings of the 16th International Conference on Mining Software Repositories
Yes
International
Mining Software Repositories 2019
from 26-05-2019 to 27-05-2019
Montreal
Canada
[en] Android ; Cryptography
[en] Android app developers recurrently use crypto-APIs to provide data security to app users. Unfortunately, misuse of APIs only creates an illusion of security and even exposes apps to systematic attacks. It is thus necessary to provide developers with a statically-enforceable list of specifications of crypto-API usage rules. On the one hand, such rules cannot be manually written as the process does not scale to all available APIs. On the other hand, a classical mining approach based on common usage patterns is not relevant in Android, given that a large share of usages include mistakes. In this work, building on the assumption that “developers update API usage instances to fix misuses”, we propose to mine a large dataset of updates within about 40 000 real-world app lineages to infer API usage rules. Eventually, our investigations yield negative results on our assumption that API usage updates tend to correct misuses. Actually, it appears that updates that fix misuses may be unintentional: the same misuses patterns are quickly re-introduced by subsequent updates.
University of Luxembourg: Interdisciplinary Centre for Security, Reliability and Trust
http://hdl.handle.net/10993/42460
10.1109/MSR.2019.00065
FnR ; FNR10621687 > Sjouke Mauw > SPsquared > Security and Privacy for System Protection > 01/01/2017 > 30/06/2023 > 2016

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
article.pdfAuthor preprint363.32 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.