Showing papers by "Cristina Cifuentes published in 2022"
TL;DR: The needs and challenges of deployable security research are discussed by sharing the experience designing CryptoGuard, a high-precision tool for detecting cryptographic application programming interface misuses.
Abstract: We discuss the needs and challenges of deployable security research by sharing our experience designing CryptoGuard, a high-precision tool for detecting cryptographic application programming interface misuses. Our project has produced multiple benchmarks as well as measurement results on state-of-the-art solutions.
1 citations
01 Oct 2022
TL;DR: In this paper , an industrial-strength cryptographic vulnerability detector, Parfait, is proposed to detect cryptographic API misuses in JavaTM11Java is a registered trademark of Oracle and/or its affiliates.
Abstract: We describe our experience of building an industrial-strength cryptographic vulnerability detector, which aims to detect cryptographic API misuses in JavaTM11Java is a registered trademark of Oracle and/or its affiliates.. Based on the detection algorithms of the academic tool CryptoGuard, we integrated the detection into the Oracle internal code scanning platform Parfait. The goal of the Parfait-based cryptographic vulnerability detection is to provide precise and scalable crypto-graphic code screening for large-scale industrial projects. We discuss the needs and challenges of the static cryptographic vulnerability screening in the industrial environment.