Related papers: MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors

MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors

URL: http://arxiv.org/abs/2308.02310v2
Date: Sun, 13 Aug 2023 06:28:16 GMT
Title: MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors
Authors: Amit Seal Ami, Syed Yusuf Ahmed, Radowan Mahmud Redoy, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni
Abstract summary: This demo paper presents the technical details and usage scenarios of our tool, namely Mutation Analysis for evaluating Static Crypto-API misuse detectors (MASC) We developed $12$ generalizable, usage based mutation operators and three mutation scopes, namely Main Scope, Similarity Scope, and Exhaustive Scope, which can be used to expressively instantiate compilable variants of the crypto-API misuse cases. MASC comes with both Command Line Interface and Web-based front-end, making it practical for users of different levels of expertise.
Score: 16.62222783321419
License: http://creativecommons.org/licenses/by-nc-sa/4.0/
Abstract: While software engineers are optimistically adopting crypto-API misuse detectors (or crypto-detectors) in their software development cycles, this momentum must be accompanied by a rigorous understanding of crypto-detectors' effectiveness at finding crypto-API misuses in practice. This demo paper presents the technical details and usage scenarios of our tool, namely Mutation Analysis for evaluating Static Crypto-API misuse detectors (MASC). We developed $12$ generalizable, usage based mutation operators and three mutation scopes, namely Main Scope, Similarity Scope, and Exhaustive Scope, which can be used to expressively instantiate compilable variants of the crypto-API misuse cases. Using MASC, we evaluated nine major crypto-detectors, and discovered $19$ unique, undocumented flaws. We designed MASC to be configurable and user-friendly; a user can configure the parameters to change the nature of generated mutations. Furthermore, MASC comes with both Command Line Interface and Web-based front-end, making it practical for users of different levels of expertise.

Related papers

Cryptanalysis via Machine Learning Based Information Theoretic Metrics [58.96805474751668]
We propose two novel applications of machine learning (ML) algorithms to perform cryptanalysis on any cryptosystem. These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem. We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy.
arXiv Detail & Related papers (2025-01-25T04:53:36Z)
Beyond Static Tools: Evaluating Large Language Models for Cryptographic Misuse Detection [0.30693357740321775]
GPT 4-o-mini surpasses current state-of-the-art static analysis tools on the CryptoAPI and MASC datasets. This study highlights the comparative strengths and limitations of static analysis versus LLM-driven approaches.
arXiv Detail & Related papers (2024-11-14T19:33:08Z)
ChatGPT's Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools [0.08192907805418582]
cryptography misuse detectors have demonstrated inconsistent performance and remain largely inaccessible to most developers. We investigated the extent to which ChatGPT can detect cryptography misuses and compared its performance with that of the state-of-the-art static analysis tools. Our investigation, mainly based on the CryptoAPI-Bench benchmark, demonstrated that ChatGPT is effective in identifying cryptography API misuses, and with the use of prompt engineering, it can even outperform leading static cryptography misuse detectors.
arXiv Detail & Related papers (2024-09-10T14:50:12Z)
WiFaKey: Generating Cryptographic Keys from Face in the Wild [25.144030737846276]
Deriving a unique cryptographic key from biometric measurements is a challenging task due to the existing noise gap between the biometric measurements and error correction coding. We propose a novel biometric cryptosystem named WiFaKey, for generating cryptographic keys from face in unconstrained settings.
arXiv Detail & Related papers (2024-07-20T08:31:06Z)
FoC: Figure out the Cryptographic Functions in Stripped Binaries with LLMs [54.27040631527217]
We propose a novel framework called FoC to Figure out the Cryptographic functions in stripped binaries. We first build a binary large language model (FoC-BinLLM) to summarize the semantics of cryptographic functions in natural language. We then build a binary code similarity model (FoC-Sim) upon the FoC-BinLLM to create change-sensitive representations and use it to retrieve similar implementations of unknown cryptographic functions in a database.
arXiv Detail & Related papers (2024-03-27T09:45:33Z)
Privacy Preserving Anomaly Detection on Homomorphic Encrypted Data from IoT Sensors [0.9831489366502302]
Homomorphic encryption schemes are promising solutions as they enable the processing and execution of operations on IoT data while still encrypted. We propose a novel privacy-preserving anomaly detection solution designed for homomorphically encrypted data generated by IoT devices.
arXiv Detail & Related papers (2024-03-14T12:11:25Z)
Cal-DETR: Calibrated Detection Transformer [67.75361289429013]
We propose a mechanism for calibrated detection transformers (Cal-DETR), particularly for Deformable-DETR, UP-DETR and DINO. We develop an uncertainty-guided logit modulation mechanism that leverages the uncertainty to modulate the class logits. Results corroborate the effectiveness of Cal-DETR against the competing train-time methods in calibrating both in-domain and out-domain detections.
arXiv Detail & Related papers (2023-11-06T22:13:10Z)
Modality-Agnostic Self-Supervised Learning with Meta-Learned Masked Auto-Encoder [61.7834263332332]
We develop Masked Auto-Encoder (MAE) as a unified, modality-agnostic SSL framework. We argue meta-learning as a key to interpreting MAE as a modality-agnostic learner. Our experiment demonstrates the superiority of MetaMAE in the modality-agnostic SSL benchmark.
arXiv Detail & Related papers (2023-10-25T03:03:34Z)
Self-Supervised Masked Convolutional Transformer Block for Anomaly Detection [122.4894940892536]
We present a novel self-supervised masked convolutional transformer block (SSMCTB) that comprises the reconstruction-based functionality at a core architectural level. In this work, we extend our previous self-supervised predictive convolutional attentive block (SSPCAB) with a 3D masked convolutional layer, a transformer for channel-wise attention, as well as a novel self-supervised objective based on Huber loss.
arXiv Detail & Related papers (2022-09-25T04:56:10Z)
Spotting adversarial samples for speaker verification by neural vocoders [102.1486475058963]
We adopt neural vocoders to spot adversarial samples for automatic speaker verification (ASV) We find that the difference between the ASV scores for the original and re-synthesize audio is a good indicator for discrimination between genuine and adversarial samples. Our codes will be made open-source for future works to do comparison.
arXiv Detail & Related papers (2021-07-01T08:58:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.