ChatGPT’s Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools
Background. Cryptography is crucial for maintaining confidentiality. Studies reveal widespread misuse of cryptography APIs (e.g., JCA), despite the existence of static tools for detection. However, no single tool covers all misuses, and developer adoption of these tools is low. Aim. This study aims to leverage ChatGPT’s ability to detect JCA misuses. Approach. We assessed ChatGPT’s capability in detecting misuse by inquiring about the vulnerabilities in CryptoAPI-Bench test cases, followed by the application of prompt engineering techniques to enhance its detection prowess. Results.ChatGPT’s performance in detecting JCA misuses is comparable to that of static analysis tools and even superior in certain scenarios. Despite some shortcomings, such as generating false positives and challenges in calculating size or identifying common weak configurations, we have mitigated these weaknesses and enhanced its accuracy and recall through prompt engineering. Conclusion. Prompt engineering enhances ChatGPT’s detection of JCA misuses, outperforming the performance of existing static cryptography analysis tools.
Fri 25 OctDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
14:00 - 15:30 | Large language models in software engineering IIESEM Emerging Results, Vision and Reflection Papers Track / ESEM IGC at Telensenyament (B3 Building - 1st Floor) Chair(s): Claudio Di Sipio University of l'Aquila | ||
14:00 15mVision and Emerging Results | Debugging with Open-Source Large Language Models: An Evaluation ESEM Emerging Results, Vision and Reflection Papers Track Yacine Majdoub IResCoMath Lab, University of Gabes, Eya Ben Charrada IResCoMath Lab, University of Gabes Link to publication DOI Pre-print | ||
14:15 15mVision and Emerging Results | Multi-language Software Development in the LLM Era: Insights from Practitioners’ Conversations with ChatGPT ESEM Emerging Results, Vision and Reflection Papers Track Lucas Almeida Aguiar State University of Ceará, Matheus Paixao State University of Ceará, Rafael Carmo Federal University of Ceará, Edson Soares Instituto Atlantico & State University of Ceara (UECE), Antonio Leal State University of Ceará, Matheus Freitas State University of Ceará, Eliakim Gama State University of Ceará | ||
14:30 15mVision and Emerging Results | Exploring LLM-Driven Explanations for Quantum Algorithms ESEM Emerging Results, Vision and Reflection Papers Track Giordano d'Aloisio University of L'Aquila, Sophie Fortz King's College London, Carol Hanna University College London, Daniel Fortunato INESC-ID, University of Porto, Avner Bensoussan King's College London, Eñaut Mendiluze Usandizaga Simula Research Laboratory, Norway, Federica Sarro University College London Pre-print | ||
14:45 15mIndustry talk | Beyond Words: On Large Language Models Actionability in Mission-Critical Risk Analysis ESEM IGC Matteo Esposito University of Oulu, Francesco Palagiano Multitel di Lerede Alessandro & C. s.a.s., Valentina Lenarduzzi University of Oulu, Davide Taibi University of Oulu Pre-print | ||
15:00 15mVision and Emerging Results | Detecting Code Smells using ChatGPT: Initial Insights ESEM Emerging Results, Vision and Reflection Papers Track Luciana L. Silva Federal University of Minas Gerais, Janio R. Silva IFMG, João Eduardo Montandon Universidade Federal de Minas Gerais (UFMG), Marcus Andrade IFMG, Marco Tulio Valente Federal University of Minas Gerais, Brazil | ||
15:15 15mIndustry talk | ChatGPT’s Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools ESEM IGC | ||