CDRep: Automatic repair of cryptographic-misuses in Android applications
Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such m...
Saved in:
| Main Authors: | , , , |
|---|---|
| 格式: | text |
| 語言: | English |
| 出版: |
Institutional Knowledge at Singapore Management University
2016
|
| 主題: | |
| 在線閱讀: | https://ink.library.smu.edu.sg/sis_research/3733 https://ink.library.smu.edu.sg/context/sis_research/article/4735/viewcontent/CDRep_AsiaCCS_2016_afv.pdf |
| 標簽: |
添加標簽
沒有標簽, 成為第一個標記此記錄!
|
| 機構: | Singapore Management University |
| 語言: | English |
| 總結: | Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding fix patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average runtime to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average. |
|---|