当前位置: X-MOL 学术arXiv.cs.SE › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs
arXiv - CS - Software Engineering Pub Date : 2020-01-03 , DOI: arxiv-2001.00773
Mohammadreza Hazhirpasand, Mohammad Ghafari, Oscar Nierstrasz

Research has shown that cryptographic APIs are hard to use. Consequently, developers resort to using code examples available in online information sources that are often not secure. We have developed a web platform, named CryptoExplorer, stocked with numerous real-world secure and insecure examples that developers can explore to learn how to use cryptographic APIs properly. This platform currently provides 3,263 secure uses, and 5,897 insecure uses of Java Cryptography Architecture mined from 2,324 Java projects on GitHub. A preliminary study shows that CryptoExplorer provides developers with secure crypto API use examples instantly, developers can save time compared to searching on the internet for such examples, and they learn to avoid using certain algorithms in APIs by studying misused API examples. We have a pipeline to regularly mine more projects, and, on request, we offer our dataset to researchers.

中文翻译:

CryptoExplorer:支持安全使用加密 API 的交互式 Web 平台

研究表明,加密 API 很难使用。因此,开发人员求助于使用通常不安全的在线信息源中可用的代码示例。我们开发了一个名为 CryptoExplorer 的网络平台,其中包含大量真实世界的安全和不安全示例,开发人员可以探索这些示例以了解如何正确使用加密 API。该平台目前提供 3,263 个安全使用,以及从 GitHub 上的 2,324 个 Java 项目中挖掘的 Java 加密架构的 5,897 个不安全使用。初步研究表明,CryptoExplorer 可以即时为开发者提供安全的加密 API 使用示例,与在互联网上搜索此类示例相比,开发人员可以节省时间,并且他们通过研究误用的 API 示例来学习避免在 API 中使用某些算法。
更新日期:2020-01-06
down
wechat
bug