| Title | FireBugs: Finding and Repairing Cryptography API Misuses in Mobile Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Singleton, Larry, Zhao, Rui, Siy, Harvey, Song, Myoungkyu |
| Conference Name | 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC) |
| Keywords | API, API misuses, APIs, Application program interface, application program interfaces, Application Programming Interface (API), Automated Program Repair, Companies, composability, compositionality, Computer bugs, Conferences, cryptography, Insurance, maintenance engineering, mobile applications, program analysis, pubcrawl, resilience, Resiliency, security, Software |
| Abstract | In this paper, we present FireBugs for Finding and Repairing Bugs based on security patterns. For the common misuse patterns of cryptography APIs (crypto APIs), we encode common cryptography rules into the pattern representations for bug detection and program repair regarding cryptography rule violations. In the evaluation, we conducted a case study to assess the bug detection capability by applying FireBugs to datasets mined from both open source and commercial projects. Also, we conducted a user study with professional software engineers at Mutual of Omaha Insurance Company to estimate the program repair capability. This evaluation showed that FireBugs can help professional engineers develop various cryptographic requirements in a resilient application. |
| DOI | 10.1109/COMPSAC51774.2021.00165 |
| Citation Key | singleton_firebugs_2021 |
FireBugs: Finding and Repairing Cryptography API Misuses in Mobile Applications