Firebugs: Finding and repairing cryptography API misuses in mobile applications

Larry Singleton; Rui Zhao; Harvey Siy; Myoungkyu Song

doi:10.1109/COMPSAC51774.2021.00165

Firebugs: Finding and repairing cryptography API misuses in mobile applications

Larry Singleton, Rui Zhao, Harvey Siy, Myoungkyu Song

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

In this paper, we present FireBugs for Finding and Repairing Bugs ggggg based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.

Original language	English (US)
Title of host publication	Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021
Editors	W. K. Chan, Bill Claycomb, Hiroki Takakura, Ji-Jiang Yang, Yuuichi Teranishi, Dave Towey, Sergio Segura, Hossain Shahriar, Sorel Reisman, Sheikh Iqbal Ahamed
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1194-1201
Number of pages	8
ISBN (Electronic)	9781665424639
DOIs	https://doi.org/10.1109/COMPSAC51774.2021.00165
State	Published - Jul 2021
Event	45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021 - Virtual, Online, Spain Duration: Jul 12 2021 → Jul 16 2021

Publication series

Name	Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021

Conference

Conference	45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021
Country/Territory	Spain
City	Virtual, Online
Period	7/12/21 → 7/16/21

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications
Software

Access to Document

10.1109/COMPSAC51774.2021.00165

Cite this

Singleton, L., Zhao, R., Siy, H., & Song, M. (2021). Firebugs: Finding and repairing cryptography API misuses in mobile applications. In W. K. Chan, B. Claycomb, H. Takakura, J.-J. Yang, Y. Teranishi, D. Towey, S. Segura, H. Shahriar, S. Reisman, & S. I. Ahamed (Eds.), Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021 (pp. 1194-1201). (Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/COMPSAC51774.2021.00165

Firebugs: Finding and repairing cryptography API misuses in mobile applications. / Singleton, Larry; Zhao, Rui; Siy, Harvey et al.
Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021. ed. / W. K. Chan; Bill Claycomb; Hiroki Takakura; Ji-Jiang Yang; Yuuichi Teranishi; Dave Towey; Sergio Segura; Hossain Shahriar; Sorel Reisman; Sheikh Iqbal Ahamed. Institute of Electrical and Electronics Engineers Inc., 2021. p. 1194-1201 (Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Singleton, L, Zhao, R, Siy, H & Song, M 2021, Firebugs: Finding and repairing cryptography API misuses in mobile applications. in WK Chan, B Claycomb, H Takakura, J-J Yang, Y Teranishi, D Towey, S Segura, H Shahriar, S Reisman & SI Ahamed (eds), Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021. Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021, Institute of Electrical and Electronics Engineers Inc., pp. 1194-1201, 45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021, Virtual, Online, Spain, 7/12/21. https://doi.org/10.1109/COMPSAC51774.2021.00165

Singleton L, Zhao R, Siy H, Song M. Firebugs: Finding and repairing cryptography API misuses in mobile applications. In Chan WK, Claycomb B, Takakura H, Yang JJ, Teranishi Y, Towey D, Segura S, Shahriar H, Reisman S, Ahamed SI, editors, Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 1194-1201. (Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021). doi: 10.1109/COMPSAC51774.2021.00165

Singleton, Larry ; Zhao, Rui ; Siy, Harvey et al. / Firebugs : Finding and repairing cryptography API misuses in mobile applications. Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021. editor / W. K. Chan ; Bill Claycomb ; Hiroki Takakura ; Ji-Jiang Yang ; Yuuichi Teranishi ; Dave Towey ; Sergio Segura ; Hossain Shahriar ; Sorel Reisman ; Sheikh Iqbal Ahamed. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 1194-1201 (Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021).

@inproceedings{f535fb157ac4416d8ffe5a413e078b7d,

title = "Firebugs: Finding and repairing cryptography API misuses in mobile applications",

abstract = "In this paper, we present FireBugs for Finding and Repairing Bugs ggggg based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.",

author = "Larry Singleton and Rui Zhao and Harvey Siy and Myoungkyu Song",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021 ; Conference date: 12-07-2021 Through 16-07-2021",

year = "2021",

month = jul,

doi = "10.1109/COMPSAC51774.2021.00165",

language = "English (US)",

series = "Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1194--1201",

editor = "Chan, {W. K.} and Bill Claycomb and Hiroki Takakura and Ji-Jiang Yang and Yuuichi Teranishi and Dave Towey and Sergio Segura and Hossain Shahriar and Sorel Reisman and Ahamed, {Sheikh Iqbal}",

booktitle = "Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021",

}

TY - GEN

T1 - Firebugs

T2 - 45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021

AU - Singleton, Larry

AU - Zhao, Rui

AU - Siy, Harvey

AU - Song, Myoungkyu

PY - 2021/7

Y1 - 2021/7

N2 - In this paper, we present FireBugs for Finding and Repairing Bugs ggggg based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.

AB - In this paper, we present FireBugs for Finding and Repairing Bugs ggggg based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.

UR - http://www.scopus.com/inward/record.url?scp=85115872984&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85115872984&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC51774.2021.00165

DO - 10.1109/COMPSAC51774.2021.00165

M3 - Conference contribution

AN - SCOPUS:85115872984

T3 - Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021

SP - 1194

EP - 1201

BT - Proceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021

A2 - Chan, W. K.

A2 - Claycomb, Bill

A2 - Takakura, Hiroki

A2 - Yang, Ji-Jiang

A2 - Teranishi, Yuuichi

A2 - Towey, Dave

A2 - Segura, Sergio

A2 - Shahriar, Hossain

A2 - Reisman, Sorel

A2 - Ahamed, Sheikh Iqbal

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 12 July 2021 through 16 July 2021

ER -

Firebugs: Finding and repairing cryptography API misuses in mobile applications

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this