CDRep: Automatic repair of cryptographic-misuses in Android applications

CDRep: Automatic repair of cryptographic-misuses in Android applications

Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such m...

Full description

Saved in:
Bibliographic Details
Main Authors: MA, Siqi, LO, David, LI, Teng, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2016
Subjects:
vulnerability detection
cryptographic misuse
automated program repair
Computer Sciences
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/3733
https://ink.library.smu.edu.sg/context/sis_research/article/4735/viewcontent/CDRep_AsiaCCS_2016_afv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4735
record_format dspace
spelling sg-smu-ink.sis_research-47352017-09-13T05:11:06Z CDRep: Automatic repair of cryptographic-misuses in Android applications MA, Siqi LO, David LI, Teng DENG, Robert H. Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding fix patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average runtime to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average. 2016-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3733 info:doi/10.1145/2897845.2897896 https://ink.library.smu.edu.sg/context/sis_research/article/4735/viewcontent/CDRep_AsiaCCS_2016_afv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University vulnerability detection cryptographic misuse automated program repair Computer Sciences Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic vulnerability detection
cryptographic misuse
automated program repair
Computer Sciences
Information Security
Software Engineering
spellingShingle vulnerability detection
cryptographic misuse
automated program repair
Computer Sciences
Information Security
Software Engineering
MA, Siqi
LO, David
LI, Teng
DENG, Robert H.
CDRep: Automatic repair of cryptographic-misuses in Android applications
description Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding fix patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average runtime to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average.
format text
author MA, Siqi
LO, David
LI, Teng
DENG, Robert H.
author_facet MA, Siqi
LO, David
LI, Teng
DENG, Robert H.
author_sort MA, Siqi
title CDRep: Automatic repair of cryptographic-misuses in Android applications
title_short CDRep: Automatic repair of cryptographic-misuses in Android applications
title_full CDRep: Automatic repair of cryptographic-misuses in Android applications
title_fullStr CDRep: Automatic repair of cryptographic-misuses in Android applications
title_full_unstemmed CDRep: Automatic repair of cryptographic-misuses in Android applications
title_sort cdrep: automatic repair of cryptographic-misuses in android applications
publisher Institutional Knowledge at Singapore Management University
publishDate 2016
url https://ink.library.smu.edu.sg/sis_research/3733
https://ink.library.smu.edu.sg/context/sis_research/article/4735/viewcontent/CDRep_AsiaCCS_2016_afv.pdf
_version_ 1770573705628352512

Similar Items