TU Darmstadt / ULB / TUbiblio

CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite

Schlichtig, Michael ; Wickert, Anna-Katharina ; Krüger, Stefan ; Bodden, Eric ; Mezini, Mira (2022)
CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite.
19th International Conference on Mining Software Repositories (MSR 2022). virtual Conference (18.-20.05.2022)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method:We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair “Cryptographic API Misuse Detection Tool Benchmark Suite”. We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2022
Autor(en): Schlichtig, Michael ; Wickert, Anna-Katharina ; Krüger, Stefan ; Bodden, Eric ; Mezini, Mira
Art des Eintrags: Bibliographie
Titel: CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite
Sprache: Englisch
Publikationsjahr: 2022
Veranstaltungstitel: 19th International Conference on Mining Software Repositories (MSR 2022)
Veranstaltungsort: virtual Conference
Veranstaltungsdatum: 18.-20.05.2022
URL / URN: https://conf.researchr.org/track/msr-2022/msr-2022-registere...
Zugehörige Links:
Kurzbeschreibung (Abstract):

Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method:We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair “Cryptographic API Misuse Detection Tool Benchmark Suite”. We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain.

Freie Schlagworte: Engineering, E1
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 22 Jun 2022 12:47
Letzte Änderung: 12 Dez 2022 09:45
PPN: 502501324
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen