Firebugs: Finding and repairing cryptography API misuses in mobile applications

Larry Singleton, Rui Zhao, Harvey Siy, Myoungkyu Song

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we present FireBugs for Finding and Repairing Bugs ggggg based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021
EditorsW. K. Chan, Bill Claycomb, Hiroki Takakura, Ji-Jiang Yang, Yuuichi Teranishi, Dave Towey, Sergio Segura, Hossain Shahriar, Sorel Reisman, Sheikh Iqbal Ahamed
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1194-1201
Number of pages8
ISBN (Electronic)9781665424639
DOIs
StatePublished - Jul 2021
Event45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021 - Virtual, Online, Spain
Duration: Jul 12 2021Jul 16 2021

Publication series

NameProceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021

Conference

Conference45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021
Country/TerritorySpain
CityVirtual, Online
Period7/12/217/16/21

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Firebugs: Finding and repairing cryptography API misuses in mobile applications'. Together they form a unique fingerprint.

Cite this