Write a Blog >>
MSR 2019
Sun 26 - Mon 27 May 2019 Montreal, QC, Canada
co-located with ICSE 2019
Mon 27 May 2019 10:16 - 10:22 at Centre-Ville - Session IV: Security Chair(s): Sarah Nadi

Cryptographic APIs (Crypto APIs) provide the foundations for the development of secure applications. Unfortunately, most applications do not use Crypto APIs securely and end up being insecure, e.g., by the usage of an outdated algorithm, a constant initialization vector, or an inappropriate hashing algorithm. Two different studies [1], [2] have recently shown that 88% to 95% of those applications using Crypto APIs are insecure due to misuses. To facilitate further research on these kinds of misuses, we created a collection of 201 misuses found in real-world applications along with a classification of those misuses. In the provided dataset, each misuse consists of the corresponding open-source project, the project’s build information, a description of the misuse, and the misuse’s location. Further, we integrated our dataset into MUBench [3], a benchmark for API misuse detection. Our dataset provides a foundation for research on Crypto API misuses. For example, it can be used to evaluate the precision and recall of detection tools, as a foundation for studies related to Crypto API misuses, or as a training set.

  1. M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel, “An Empirical Study of Cryptographic Misuse in Android Applications,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ser. CCS ’13. New York, NY, USA: ACM, 2013, pp. 73–84.
  2. S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” p. 27, 2018.
  3. S. Amann, S. Nadi, H. A. Nguyen, T. N. Nguyen, and M. Mezini, “MUBench: a benchmark for API-misuse detectors,” in Proceedings of the 13th International Workshop on Mining Software Repositories - MSR ’16. Austin, Texas: ACM Press, 2016, pp. 464–467.

Mon 27 May
Times are displayed in time zone: Eastern Time (US & Canada) change

09:40 - 10:30: Session IV: SecurityMSR 2019 Paper Presentations / MSR 2019 Data Showcase / MSR 2019 Technical Papers at Centre-Ville
Chair(s): Sarah NadiUniversity of Alberta
09:40 - 09:55
Automated Software Vulnerability Assessment with Concept Drift
MSR 2019 Technical Papers
09:55 - 10:01
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software
MSR 2019 Data Showcase
10:01 - 10:16
Negative Results on Mining Crypto-API Usage Rules in Android Apps
MSR 2019 Technical Papers
Jun GaoUniversity of Luxembourg, SnT, Pingfan KongInterdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Li LiMonash University, Australia, Tegawendé F. BissyandéSnT, University of Luxembourg, Jacques KleinUniversity of Luxembourg, SnT
10:16 - 10:22
A Dataset of Parametric Cryptographic Misuses
MSR 2019 Data Showcase
Anna-Katharina WickertTU Darmstadt, Germany, Michael ReifTU Darmstadt, Germany, Michael EichbergTU Darmstadt, Germany, Anam Dodhy, Mira MeziniTU Darmstadt, Germany
Pre-print Media Attached
10:22 - 10:28
RmvDroid: Towards A Reliable Android Malware Dataset with App Metadata
MSR 2019 Data Showcase
Haoyu WangBeijing University of Posts and Telecommunications, China, Junjun Si, Hao Li , Yao GuoPeking University