Visible to the public Biblio

Filters: Keyword is Modelling Analysis  [Clear All Filters]
2015-05-04
Shao Shuai, Dong Guowei, Guo Tao, Yang Tianchang, Shi Chenjie.  2014.  Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications. Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on. :75-80.

Cryptographic misuse affects a sizeable portion of Android applications. However, there is only an empirical study that has been made about this problem. In this paper, we perform a systematic analysis on the cryptographic misuse, build the cryptographic misuse vulnerability model and implement a prototype tool Crypto Misuse Analyser (CMA). The CMA can perform static analysis on Android apps and select the branches that invoke the cryptographic API. Then it runs the app following the target branch and records the cryptographic API calls. At last, the CMA identifies the cryptographic API misuse vulnerabilities from the records based on the pre-defined model. We also analyze dozens of Android apps with the help of CMA and find that more than a half of apps are affected by such vulnerabilities.