CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite (MSR 2022 - Registered Reports)

Who

Michael Schlichtig, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden, Mira Mezini

Track

MSR 2022 Registered Reports

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 19 May 2022 05:30 - 05:34 at MSR Main room - odd hours - Session 10: Security Chair(s): Triet Le Huynh Minh
Tue 24 May 2022 10:01 - 10:09 at Room 315+316 - Blended Technical Session 3 (Smells and Maintenance) Chair(s): Andy Zaidman

Abstract

Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method:We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair “Cryptographic API Misuse Detection Tool Benchmark Suite”. We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain.

Link to Preprint

https://arxiv.org/abs/2204.06447

Michael Schlichtig

Heinz Nixdorf Institute at Paderborn University

Anna-Katharina Wickert

TU Darmstadt, Germany

Germany

Stefan Krüger

Independent Researcher

Germany

Eric Bodden

University of Paderborn; Fraunhofer IEM

Germany

Mira Mezini

TU Darmstadt

Germany

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 19 May
Displayed time zone: Eastern Time (US & Canada) change

05:00 - 05:50	Session 10: SecurityTechnical Papers / Data and Tool Showcase Track / Registered Reports at MSR Main room - odd hours Chair(s): Triet Le Huynh Minh The University of Adelaide

05:00 4m Short-paper		WeakSATD: detecting weak self-admitted technical debt Technical Papers Barbara Russo Free University of Bolzano, Matteo Camilli Free University of Bozen-Bolzano, Moritz Mock Free University of Bolzano DOI Pre-print Media Attached
05:04 7m Talk		LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries Technical Papers Wei Tang Tsinghua University, Yanlin Wang Microsoft Research, Hongyu Zhang University of Newcastle, Shi Han Microsoft Research, Ping Luo Tsinghua University, Dongmei Zhang Microsoft Research Pre-print
05:11 7m Talk		Noisy Label Learning for Security Defects Technical Papers Roland Croft The University of Adelaide, Muhammad Ali Babar University of Adelaide, Huaming Chen The University of Adelaide
05:18 4m Talk		Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair TechniquesData and Tool Showcase Award Data and Tool Showcase Track Quang-Cuong Bui Hamburg University of Technology, Riccardo Scandariato Hamburg University of Technology, Nicolás E. Díaz Ferreyra Hamburg University of Technology Pre-print Media Attached
05:22 4m Talk		AndroOBFS: Time-tagged Obfuscated Android Malware Dataset with Family Information Data and Tool Showcase Track Saurabh Kumar Indian Institute of Technology Kanpur, Debadatta Mishra , Biswabandan Panda Indian Institute of Technology Bombay, Sandeep K. Shukla Indian Institute of Technology Kanpur DOI Pre-print Media Attached
05:26 4m Talk		TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs Data and Tool Showcase Track Jordan Samhi University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg DOI Pre-print Media Attached
05:30 4m Talk		CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite Registered Reports Michael Schlichtig Heinz Nixdorf Institute at Paderborn University, Anna-Katharina Wickert TU Darmstadt, Germany, Stefan Krüger Independent Researcher, Eric Bodden University of Paderborn; Fraunhofer IEM, Mira Mezini TU Darmstadt Pre-print
05:34 16m Live Q&A		Discussions and Q&A Technical Papers

Tue 24 May
Displayed time zone: Eastern Time (US & Canada) change

09:00 - 10:30	Blended Technical Session 3 (Smells and Maintenance)Technical Papers / Mining Challenge / Registered Reports / Data and Tool Showcase Track at Room 315+316 Chair(s): Andy Zaidman Delft University of Technology

09:00 15m Talk		Smelly Variables in Ansible Infrastructure Code: Detection, Prevalence, and Lifetime Technical Papers Ruben Opdebeeck Vrije Universiteit Brussel, Ahmed Zerouali Vrije Universiteit Brussel, Coen De Roover Vrije Universiteit Brussel Pre-print
09:15 15m Talk		Beyond Duplicates: Towards Understanding and Predicting Link Types in Issue Tracking Systems Technical Papers Clara Marie Lüders University of Hamburg, Abir Bouraffa University of Hamburg, Walid Maalej University of Hamburg DOI Pre-print
09:30 15m Talk		How to Improve Deep Learning for Software Analytics (a case study with code smell detection) Technical Papers Rahul Yedida , Tim Menzies North Carolina State University Pre-print
09:45 8m Talk		npm-filter: Automating the mining of dynamic information from npm packages Data and Tool Showcase Track Ellen Arteca Northeastern University, Alexi Turcotte Northeastern University Pre-print Media Attached
09:53 8m Talk		Refactoring Debt: Myth or Reality? An Exploratory Study on the Relationship Between Technical Debt and RefactoringBest Mining Challenge Paper Award Mining Challenge Anthony Peruma Rochester Institute of Technology, Eman Abdullah AlOmar Stevens Institute of Technology, Christian D. Newman Rochester Institute of Technology, Mohamed Wiem Mkaouer Rochester Institute of Technology, Ali Ouni ETS Montreal, University of Quebec Pre-print Media Attached
10:01 8m Talk		CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite Registered Reports Michael Schlichtig Heinz Nixdorf Institute at Paderborn University, Anna-Katharina Wickert TU Darmstadt, Germany, Stefan Krüger Independent Researcher, Eric Bodden University of Paderborn; Fraunhofer IEM, Mira Mezini TU Darmstadt Pre-print
10:09 21m Live Q&A		Discussions and Q&A Technical Papers

Information for Participants

Thu 19 May 2022 05:00 - 05:50 at MSR Main room - odd hours - Session 10: Security Chair(s): Triet Le Huynh Minh

Info for room MSR Main room - odd hours:

Click here to go to the room on Midspace