English
Related papers

Related papers: CRYLOGGER: Detecting Crypto Misuses Dynamically

200 papers

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful…

Cryptography and Security · Computer Science 2021-05-18 Rodrigo Bonifacio , Stefan Krüger , Krishna Narasimhan , Eric Bodden , Mira Mezini

Many Android apps analyzers rely, among other techniques, on dynamic analysis to monitor their runtime behavior and detect potential security threats. However, malicious developers use subtle, though efficient, techniques to bypass dynamic…

Cryptography and Security · Computer Science 2022-03-10 Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking,…

Cryptography and Security · Computer Science 2023-02-16 Xiaoyu Sun

Increasing interest in securing the Android ecosystem has spawned numerous efforts to assist app developers in building secure apps. These efforts have resulted in tools and techniques capable of detecting vulnerabilities (and malicious…

Cryptography and Security · Computer Science 2019-08-06 Venkatesh-Prasad Ranganath , Joydeep Mitra

Resource leak bugs in Android apps are pervasive and can cause serious performance degradation and system crashes. In recent years, several resource leak detection techniques have been proposed to assist Android developers in correctly…

Software Engineering · Computer Science 2016-11-28 Yepang Liu , Lili Wei , Chang Xu , Shing-Chi Cheung

Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive…

Software Engineering · Computer Science 2022-04-14 Michael Schlichtig , Anna-Katharina Wickert , Stefan Krüger , Eric Bodden , Mira Mezini

With the rapid growth of mobile apps, users' concerns about their privacy have become increasingly prominent. Android app logs serve as crucial computer resources, aiding developers in debugging and monitoring the status of Android apps,…

Developers rely on third-party library Application Programming Interfaces (APIs) when developing software. However, libraries typically come with assumptions and API usage constraints, whose violation results in API misuse. API misuses may…

Software Engineering · Computer Science 2026-04-17 Akalanka Galappaththi , Sarah Nadi , Christoph Treude

Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google's mobile operating system. With an estimated number of 700 new Android applications released every…

Cryptography and Security · Computer Science 2014-10-29 Sebastian Neuner , Victor van der Veen , Martina Lindorfer , Markus Huber , Georg Merzdovnik , Martin Mulazzani , Edgar Weippl

In Android, communications between apps and system services are supported by a transaction-based Inter-Process Communication (IPC) mechanism. Binder, as the cornerstone of this IPC mechanism, separates two communicating parties as client…

Cryptography and Security · Computer Science 2016-04-26 Huan Feng , Kang G. Shin

This paper conducts a comprehensive examination of the infrastructure supporting cryptojacking operations. The analysis elucidates the methodologies, frameworks, and technologies malicious entities employ to misuse computational resources…

Cryptography and Security · Computer Science 2024-08-08 Ayodeji Adeniran , Kieran Human , David Mohaisen

Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make…

Cryptography and Security · Computer Science 2018-10-12 Chamila Wijayarathna , Nalin Asanka Gamagedara Arachchilage

Keyloggers remain a serious threat in modern cybersecurity, silently capturing user keystrokes to steal credentials and sensitive information. Traditional defenses focus mainly on detection and removal, which can halt malicious activity but…

Cryptography and Security · Computer Science 2025-08-07 Md Sajidul Islam Sajid , Shihab Ahmed , Ryan Sosnoski

While software engineers are optimistically adopting crypto-API misuse detectors (or crypto-detectors) in their software development cycles, this momentum must be accompanied by a rigorous understanding of crypto-detectors' effectiveness at…

Cryptography and Security · Computer Science 2023-08-15 Amit Seal Ami , Syed Yusuf Ahmed , Radowan Mahmud Redoy , Nathan Cooper , Kaushal Kafle , Kevin Moran , Denys Poshyvanyk , Adwait Nadkarni

When users leave their mobile devices unattended, or let others use them momentarily, they are susceptible to privacy breaches. Existing technological defenses, such as unlock authentication or account switching, have proven to be…

Human-Computer Interaction · Computer Science 2022-08-30 Tiago Guerreiro , Ana Pires , Luís Carriço

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth

Smartphones, the devices we carry everywhere with us, are being heavily tracked and have undoubtedly become a major threat to our privacy. As "tracking the trackers" has become a necessity, various static and dynamic analysis tools have…

Cryptography and Security · Computer Science 2016-06-13 Jagdish Prasad Achara , Vincent Roca , Claude Castelluccia , Aurelien Francillon

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of…

Cryptography and Security · Computer Science 2018-07-04 Kai Mindermann , Stefan Wagner