Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …
vulnerable certificate verification, seriously threaten software security. The vision of …
Evaluation of static vulnerability detection tools with Java cryptographic API benchmarks
Several studies showed that misuses of cryptographic APIs are common in real-world code
(eg, Apache projects and Android apps). There exist several open-sourced and commercial …
(eg, Apache projects and Android apps). There exist several open-sourced and commercial …
Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
Crylogger: Detecting crypto misuses dynamically
Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto
hash functions and encryption algorithms, for example, can guarantee properties such as …
hash functions and encryption algorithms, for example, can guarantee properties such as …
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs
Various studies have empirically shown that the majority of Java and Android applications
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to …
Chex: statically vetting android apps for component hijacking vulnerabilities
An enormous number of apps have been developed for Android in recent years, making it
one of the most popular mobile operating systems. However, the quality of the booming …
one of the most popular mobile operating systems. However, the quality of the booming …
Droidchecker: analyzing android applications for capability leak
PPF Chan, LCK Hui, SM Yiu - Proceedings of the fifth ACM conference …, 2012 - dl.acm.org
While Apple has checked every app available on the App Store, Google takes another
approach that allows anyone to publish apps on the Android Market. The openness of the …
approach that allows anyone to publish apps on the Android Market. The openness of the …
PREC: practical root exploit containment for android devices
Application markets such as the Google Play Store and the Apple App Store have become
the de facto method of distributing software to mobile devices. While official markets …
the de facto method of distributing software to mobile devices. While official markets …
Multi-app security analysis with fuse: Statically detecting android app collusion
T Ravitch, ER Creswick, A Tomb, A Foltzer… - Proceedings of the 4th …, 2014 - dl.acm.org
Android's popularity has given rise to myriad application analysis techniques to improve the
security and robustness of mobile applications, motivated by the evolving adversarial …
security and robustness of mobile applications, motivated by the evolving adversarial …
Jucify: A step towards android code unification for enhanced static analysis
Native code is now commonplace within Android app packages where it co-exists and
interacts with Dex bytecode through the Java Native Interface to deliver rich app …
interacts with Dex bytecode through the Java Native Interface to deliver rich app …