{"id":"https://openalex.org/W2973035781","doi":"https://doi.org/10.1109/tse.2019.2948910","title":"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs","display_name":"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs","publication_year":2019,"publication_date":"2019-10-23","ids":{"openalex":"https://openalex.org/W2973035781","doi":"https://doi.org/10.1109/tse.2019.2948910","mag":"2973035781"},"language":"en","primary_location":{"is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2019.2948910","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},"type":"article","type_crossref":"journal-article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067921018","display_name":"Stefan Kr\u00fcger","orcid":"https://orcid.org/0000-0003-0895-8830"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Stefan Kruger","raw_affiliation_strings":["Paderborn University, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008520601","display_name":"Johannes Sp\u00e4th","orcid":"https://orcid.org/0000-0003-4462-9372"},"institutions":[{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johannes Spath","raw_affiliation_strings":["Fraunhofer IEM, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IEM, Paderborn, Germany","institution_ids":["https://openalex.org/I4210093498"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038781215","display_name":"Karim Ali","orcid":"https://orcid.org/0000-0002-5516-1376"},"institutions":[{"id":"https://openalex.org/I154425047","display_name":"University of Alberta","ror":"https://ror.org/0160cpw27","country_code":"CA","type":"education","lineage":["https://openalex.org/I154425047"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Karim Ali","raw_affiliation_strings":["University of Alberta, Edmonton, AB, Canada"],"affiliations":[{"raw_affiliation_string":"University of Alberta, Edmonton, AB, Canada","institution_ids":["https://openalex.org/I154425047"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076678278","display_name":"Eric Bodden","orcid":"https://orcid.org/0000-0003-3470-3647"},"institutions":[{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Eric Bodden","raw_affiliation_strings":["Fraunhofer IEM, Paderborn, Germany","Paderborn University, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IEM, Paderborn, Germany","institution_ids":["https://openalex.org/I4210093498"]},{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078067853","display_name":"Mira Mezini","orcid":"https://orcid.org/0000-0001-6563-7537"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mira Mezini","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]}],"institution_assertions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.058,"has_fulltext":false,"cited_by_count":40,"citation_normalized_percentile":{"value":0.999775,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"47","issue":"11","first_page":"2382","last_page":"2400"},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Characterization and Detection of Android Malware","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Characterization and Detection of Android Malware","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Empirical Studies in Software Engineering","score":0.9977,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Language-based Information Flow Security","score":0.9946,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/source-code-analysis","display_name":"Source Code Analysis","score":0.570285},{"id":"https://openalex.org/keywords/api-usage-patterns","display_name":"API Usage Patterns","score":0.563494},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security Analysis","score":0.555171},{"id":"https://openalex.org/keywords/requirements-traceability","display_name":"Requirements Traceability","score":0.503352},{"id":"https://openalex.org/keywords/code-clone-detection","display_name":"Code Clone Detection","score":0.502712}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7716833},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.75333905},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7269442},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.57446194},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5221813},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2833962},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17215866}],"mesh":[],"locations_count":2,"locations":[{"is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2019.2948910","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10","pdf_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","source":{"id":"https://openalex.org/S4377196569","display_name":"DROPS (Schloss Dagstuhl \u2013 Leibniz Center for Informatics)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799853480","host_organization_name":"Schloss Dagstuhl \u2013 Leibniz Center for Informatics","host_organization_lineage":["https://openalex.org/I2799853480"],"host_organization_lineage_names":["Schloss Dagstuhl \u2013 Leibniz Center for Informatics"],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true}],"best_oa_location":{"is_oa":true,"landing_page_url":"https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10","pdf_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","source":{"id":"https://openalex.org/S4377196569","display_name":"DROPS (Schloss Dagstuhl \u2013 Leibniz Center for Informatics)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799853480","host_organization_name":"Schloss Dagstuhl \u2013 Leibniz Center for Informatics","host_organization_lineage":["https://openalex.org/I2799853480"],"host_organization_lineage_names":["Schloss Dagstuhl \u2013 Leibniz Center for Informatics"],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true},"sustainable_development_goals":[],"grants":[{"funder":"https://openalex.org/F4320330076","funder_display_name":"Heinz Nixdorf Stiftung","award_id":null},{"funder":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada","award_id":null}],"datasets":[],"versions":[],"referenced_works_count":43,"referenced_works":["https://openalex.org/W1504211573","https://openalex.org/W1505465226","https://openalex.org/W1536265389","https://openalex.org/W1610570299","https://openalex.org/W1915915253","https://openalex.org/W1983447928","https://openalex.org/W1993084949","https://openalex.org/W2008810193","https://openalex.org/W2044590882","https://openalex.org/W2082000355","https://openalex.org/W2084864601","https://openalex.org/W2089139117","https://openalex.org/W2091712774","https://openalex.org/W2092115639","https://openalex.org/W2103370348","https://openalex.org/W2104416102","https://openalex.org/W2108632968","https://openalex.org/W2111141292","https://openalex.org/W2115725211","https://openalex.org/W2130559265","https://openalex.org/W2134429122","https://openalex.org/W2145994642","https://openalex.org/W2156881251","https://openalex.org/W2162126440","https://openalex.org/W2166743230","https://openalex.org/W2170181173","https://openalex.org/W2171240827","https://openalex.org/W2279161046","https://openalex.org/W2357927175","https://openalex.org/W2407313496","https://openalex.org/W2546558533","https://openalex.org/W2553375745","https://openalex.org/W2577540292","https://openalex.org/W2761352457","https://openalex.org/W2766217896","https://openalex.org/W2766347289","https://openalex.org/W2767943400","https://openalex.org/W2770623724","https://openalex.org/W2792868481","https://openalex.org/W2796472165","https://openalex.org/W2808620986","https://openalex.org/W2964144088","https://openalex.org/W4230796557"],"related_works":["https://openalex.org/W4387195303","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2382290278","https://openalex.org/W2376932109","https://openalex.org/W2358668433","https://openalex.org/W2350741829","https://openalex.org/W2084864601","https://openalex.org/W1558040955"],"abstract_inverted_index":{"Various":[0],"studies":[1],"have":[2,97,140],"empirically":[3,156],"shown":[4],"that":[5,101,178,217],"the":[6,31,71,87,91,133,150],"majority":[7],"of":[8,19,90,180,189,194],"Java":[9,126,151,169],"and":[10,77,111,155,165,191],"Android":[11,128,163],"applications":[12],"misuse":[13,179],"cryptographic":[14,92,181],"libraries,":[15],"causing":[16],"devastating":[17],"breaches":[18],"data":[20],"security.":[21],"It":[22],"is":[23,183],"crucial":[24],"to":[25,85],"detect":[26,35],"such":[27,103],"misuses":[28],"early":[29],"in":[30],"development":[32],"process.":[33],"To":[34],"cryptography":[36,51,75,83],"misuses,":[37],"one":[38,200],"must":[39],"define":[42],"secure":[43,88],"uses":[44],"first,":[45],"a":[46,66,99,109,124,224],"process":[47],"mastered":[48],"primarily":[49],"by":[50,55,121,159],"experts":[52,76,84],"but":[53],"not":[54],"developers.":[56,78],"In":[57],"this":[58],"paper,":[59],"we":[60],"present":[61],"CrySL":[64,81,106,136,146,207],",":[65],"specification":[67,107],"language":[68],"for":[69,130,149],"bridging":[70],"cognitive":[72],"gap":[73],"between":[74],"enables":[82],"specify":[86],"usage":[89],"libraries":[93],"they":[94],"provide.":[95],"We":[96,139],"implemented":[98],"compiler":[100],"translates":[102],"into":[108],"context-sensitive":[110],"flow-sensitive":[112],"demand-driven":[113],"static":[114],"analysis.":[115,227],"The":[116],"analysis":[117],"then":[118],"helps":[119],"developers":[120],"automatically":[122],"checking":[123],"given":[125],"or":[127],"app":[129],"compliance":[131],"with":[132,186],"-encoded":[137],"rules.":[138],"designed":[141],"an":[142],"extensive":[143],"rule":[147,208],"set":[148,209],"Cryptography":[152],"Architecture":[153],"(JCA),":[154],"evaluated":[157],"it":[158],"analyzing":[160],"10,000":[161],"current":[162,168],"apps":[164,190],"all":[166],"204,788":[167],"software":[170],"artefacts":[171,196],"on":[172],"Maven":[173,195],"Central.":[174],"Our":[175,202],"results":[176],"show":[177],"APIs":[182],"still":[184,222],"widespread,":[185],"95":[187],"percent":[188,193],"63":[192],"containing":[197],"at":[198],"least":[199],"misuse.":[201],"easily":[203],"extensible":[204],"covers":[210],"more":[211,225],"violations":[212],"than":[213],"previous":[214],"special-purpose":[215],"tools":[216],"contain":[218],"hard-coded":[219],"rules,":[220],"while":[221],"offering":[223],"precise":[226]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W2973035781","counts_by_year":[{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":3}],"updated_date":"2024-11-17T18:16:31.224095","created_date":"2019-09-19"}
