English
Related papers

Related papers: CryptoGuard: High Precision Detection of Cryptogra…

200 papers

Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apache projects and Android apps). There exist several open-sourced and commercial security tools that automatically screen Java programs to…

Cryptography and Security · Computer Science 2021-12-09 Sharmin Afrose , Ya Xiao , Sazzadur Rahaman , Barton P. Miller , Danfeng , Yao

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers…

Cryptography and Security · Computer Science 2022-01-20 Miles Frantz

Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. Therefore, it is crucial to detect such misuses early in the development…

Software Engineering · Computer Science 2017-10-04 Stefan Krüger , Johannes Späth , Karim Ali , Eric Bodden , Mira Mezini

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer,…

Software Engineering · Computer Science 2020-01-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

Cryptographic algorithms are fundamental to modern security, yet their implementations frequently harbor subtle logic flaws that are hard to detect. We introduce CryptoScope, a novel framework for automated cryptographic vulnerability…

Cryptography and Security · Computer Science 2025-08-18 Zhihao Li , Zimo Ji , Tao Zheng , Hao Ren , Xiao Lan

Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto hash functions and encryption algorithms, for example, can guarantee properties such as integrity and confidentiality. Developers, however, can…

Cryptography and Security · Computer Science 2020-09-07 Luca Piccolboni , Giuseppe Di Guglielmo , Luca P. Carloni , Simha Sethumadhavan

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity…

Cryptography and Security · Computer Science 2023-03-27 Anna-Katharina Wickert , Lars Baumgärtner , Michael Schlichtig , Krishna Narasimhan , Mira Mezini

While the automated detection of cryptographic API misuses has progressed significantly, its precision diminishes for intricate targets due to the reliance on manually defined patterns. Large Language Models (LLMs) offer a promising…

Cryptography and Security · Computer Science 2026-03-19 Yifan Xia , Zichen Xie , Peiyu Liu , Kangjie Lu , Yan Liu , Wenhai Wang , Shouling Ji

The increasing trend of using Large Language Models (LLMs) for code generation raises the question of their capability to generate trustworthy code. While many researchers are exploring the utility of code generation for uncovering software…

Cryptography and Security · Computer Science 2024-04-08 Zahra Mousavi , Chadni Islam , Kristen Moore , Alsharif Abuadbba , Muhammad Ali Babar

Cryptographic API misuse represents a critical vulnerability class that undermines the security foundations of modern software. Yet, it remains largely unexplored in Go despite its dominance in security-critical infrastructure. This paper…

Cryptography and Security · Computer Science 2026-04-28 Vivi Andersson , Martin Monperrus

Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users' privacy. Various system-based and third-party libraries for Android…

Cryptography and Security · Computer Science 2022-07-08 Adam Janovsky , Davide Maiorca , Dominik Macko , Vashek Matyas , Giorgio Giacinto

Large language model fine-tuning APIs enable widespread model customization, yet pose significant safety risks. Recent work shows that adversaries can exploit access to these APIs to bypass model safety mechanisms by encoding harmful…

Machine Learning · Computer Science 2025-08-26 Jack Youstra , Mohammed Mahfoud , Yang Yan , Henry Sleight , Ethan Perez , Mrinank Sharma

[Background] Previous research has shown that developers commonly misuse cryptography APIs. [Aim] We have conducted an exploratory study to find out how crypto APIs are used in open-source Java projects, what types of misuses exist, and why…

Cryptography and Security · Computer Science 2020-09-03 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms, necessitating a proactive approach to identify and modernize cryptographic code. Identifying these…

Cryptography and Security · Computer Science 2025-03-26 Micha Moffie , Omer Boehm , Anatoly Koyfman , Eyal Bin , Efrayim Sztokman , Sukanta Bhattacharjee , Meghnath Saha , James McGugan

Java platform provides various APIs to facilitate secure coding. However, correctly using security APIs is usually challenging for developers who lack cybersecurity training. Prior work shows that many developers misuse security APIs; such…

Cryptography and Security · Computer Science 2021-02-16 Ying Zhang , Mahir Kabir , Ya Xiao , Danfeng , Yao , Na Meng

Package confusion attacks such as typosquatting threaten software supply chains. Attackers make packages with names that syntactically or semantically resemble legitimate ones, tricking engineers into installing malware. While prior work…

Cryptography and Security · Computer Science 2025-08-05 Wenxin Jiang , Berk Çakar , Mikola Lysenko , James C. Davis

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To eliminate such vulnerabilities, people built tools to detect…

Cryptography and Security · Computer Science 2022-05-02 Ying Zhang , Ya Xiao , Md Mahir Asef Kabir , Danfeng , Yao , Na Meng

The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate…

Cryptography and Security · Computer Science 2023-05-16 Cong Sun , Xinpeng Xu , Yafei Wu , Dongrui Zeng , Gang Tan , Siqi Ma , Peicheng Wang
‹ Prev 1 2 3 10 Next ›