Rahaman et al., 2019 - Google Patents
Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projectsRahaman et al., 2019
View PDF- Document ID
- 2745907747375056046
- Author
- Rahaman S
- Xiao Y
- Afrose S
- Shaon F
- Tian K
- Frantz M
- Kantarcioglu M
- Yao D
- Publication year
- Publication venue
- Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
External Links
Snippet
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (eg, millions of LoC) …
- 238000001514 detection method 0 title abstract description 27
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rahaman et al. | Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects | |
| Continella et al. | Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. | |
| Lu et al. | Chex: statically vetting android apps for component hijacking vulnerabilities | |
| Li et al. | A survey on server-side approaches to securing web applications | |
| Rasthofer et al. | Making malory behave maliciously: Targeted fuzzing of android execution environments | |
| Piccolboni et al. | Crylogger: Detecting crypto misuses dynamically | |
| Afrose et al. | Evaluation of static vulnerability detection tools with Java cryptographic API benchmarks | |
| Afrose et al. | CryptoAPI-Bench: A comprehensive benchmark on Java cryptographic API misuses | |
| Merlo et al. | You shall not repackage! demystifying anti-repackaging on android | |
| Iadarola et al. | Formal methods for android banking malware analysis and detection | |
| Wang et al. | One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant {APIs} in {WeChat} | |
| Noller et al. | Qfuzz: Quantitative fuzzing for side channels | |
| Borzacchiello et al. | Reconstructing C2 servers for remote access trojans with symbolic execution | |
| Sutter et al. | Dynamic Security Analysis on Android: A Systematic Literature Review | |
| Mishra et al. | Privacy protection framework for android | |
| Arzt | Security code smells in apps: are we getting better? | |
| Rahaman et al. | From theory to code: identifying logical flaws in cryptographic implementations in C/C++ | |
| Rahaman et al. | CHIRON: deployment-quality detection of Java cryptographic vulnerabilities | |
| Chen et al. | Towards Precise Reporting of Cryptographic Misuses | |
| Beijnum | Haly: Automated evaluation of hardening techniques in Android and iOS apps | |
| Yao et al. | Being the developers’ friend: Our experience developing a high-precision tool for secure coding | |
| Gadient et al. | Security in Android applications | |
| Bagga et al. | A biological immune system (BIS) inspired mobile agent platform (MAP) security architecture | |
| Mousavi et al. | Detecting Misuses of Security APIs: A Systematic Review | |
| Chang et al. | Vulnerable service invocation and countermeasures |