Scrutinizing and Appraising the Usages of Cryptographic API
P. Tanmayi1, R. Sri Harshini2, Mahitha3, Venkata Vara Prasad Padyala4, K.V.D Kiran5
1P. Tanmayi, B. tech Students, Department of Computer Science &Engineering,, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
2R. Sri Harshini, Btech Students, Department of Computer Science &Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
3CH. Mahitha, Btech Students, Department of Computer Science &Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
4Mr. Venkata Vara Prasad Padyala, Professors, Department of Computer Science &Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
5DR. K. V. D Kiran, Professors, Department of Computer Science &Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India.
Manuscript received on March 15, 2020. | Revised Manuscript received on March 25, 2020. | Manuscript published on April 10, 2020. | PP: 2053-2056 | Volume-9 Issue-6, April 2020. | Retrieval Number: D1165029420/2020©BEIESP | DOI: 10.35940/ijitee.D1165.049620
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Developing and maintaining an appropriate series of safety regulations that balance the abuse of cryptographic APIs is a daunting task as cryptographic APIs are continually changing with new primeval and cryptographic settings, rendering current versions balanced. We are proposing a new approach to eliminating security patches from thousands of code changes in order to resolve this challenge. Our approach involves (i) detecting program modifications that sometimes cause security fixes, (ii) an abstraction that filters trivial code changes (such as refactoring), and (iii) a cluster analysis that recognizes similarities between semantine program modifications and helps to obtain safety laws. We used our approach to the Java Crypto API and demonstrated that it is effective: (i) effectively filter changes in non-modification code (more than 99% of all changes) without removing them from our abstraction, and (ii) over 80 percent of code changes are security fixes that define security rules. We have established 13 rules, including new ones, based on our findings, that are not supported by existing security checks. CCS COCEPTS: Security and privacy → Systems security; Cryptanalysis and other attacks; Software security engineering;
Keywords: Security, Misuse of Cryptography
Scope of the Article: Cryptography and Applied Mathematics