---
_id: '52660'
abstract:
- lang: eng
  text: Application Programming Interfaces (APIs) are the primary mechanism developers
    use to obtain access to third-party algorithms and services. Unfortunately, APIs
    can be misused, which can have catastrophic consequences, especially if the APIs
    provide security-critical functionalities like cryptography. Understanding what
    API misuses are, and how they are caused, is important to prevent them, eg, with
    API misuse detectors. However, definitions for API misuses and related terms in
    literature vary. This paper presents a systematic literature review to clarify
    these terms and introduces FUM, a novel Framework for API Usage constraint and
    Misuse classification. The literature review revealed that API misuses are violations
    of API usage constraints. To address this, we provide unified definitions and
    use them to derive FUM. To assess the extent to which FUM aids in determining
    and guiding the improvement of an API misuses detector’s capabilities, we performed
    a case study on the state-of the-art misuse detection tool CogniCrypt. The study
    showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify
    weaknesses and assist in deriving mitigations and improvements.
author:
- first_name: Michael
  full_name: Schlichtig, Michael
  id: '32312'
  last_name: Schlichtig
  orcid: 0000-0001-6600-6171
- first_name: Steffen
  full_name: Sassalla, Steffen
  last_name: Sassalla
- first_name: Krishna
  full_name: Narasimhan, Krishna
  last_name: Narasimhan
- first_name: Eric
  full_name: Bodden, Eric
  id: '59256'
  last_name: Bodden
  orcid: 0000-0003-3470-3647
citation:
  ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. Introducing FUM: A Framework
    for API Usage Constraint and Misuse Classification. In: <i>Software Engineering
    2023</i>. Gesellschaft für Informatik e.V.; 2023:105–106.'
  apa: 'Schlichtig, M., Sassalla, S., Narasimhan, K., &#38; Bodden, E. (2023). Introducing
    FUM: A Framework for API Usage Constraint and Misuse Classification. In <i>Software
    Engineering 2023</i> (pp. 105–106). Gesellschaft für Informatik e.V.'
  bibtex: '@inbook{Schlichtig_Sassalla_Narasimhan_Bodden_2023, place={Bonn}, title={Introducing
    FUM: A Framework for API Usage Constraint and Misuse Classification}, booktitle={Software
    Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Schlichtig,
    Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2023},
    pages={105–106} }'
  chicago: 'Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden.
    “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.”
    In <i>Software Engineering 2023</i>, 105–106. Bonn: Gesellschaft für Informatik
    e.V., 2023.'
  ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM:
    A Framework for API Usage Constraint and Misuse Classification,” in <i>Software
    Engineering 2023</i>, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.'
  mla: 'Schlichtig, Michael, et al. “Introducing FUM: A Framework for API Usage Constraint
    and Misuse Classification.” <i>Software Engineering 2023</i>, Gesellschaft für
    Informatik e.V., 2023, pp. 105–106.'
  short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering
    2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.'
date_created: 2024-03-20T09:22:27Z
date_updated: 2024-03-20T09:25:46Z
department:
- _id: '76'
keyword:
- API misuses  API usage constraints
- classification framework
- API misuse detection
- static analysis
language:
- iso: eng
main_file_link:
- url: https://dl.gi.de/items/c4825557-cf3d-4038-933a-d8f95fd324a2
page: 105–106
place: Bonn
publication: Software Engineering 2023
publication_identifier:
  isbn:
  - 978-3-88579-726-5
publisher: Gesellschaft für Informatik e.V.
status: public
title: 'Introducing FUM: A Framework for API Usage Constraint and Misuse Classification'
type: book_chapter
user_id: '32312'
year: '2023'
...
---
_id: '31133'
abstract:
- lang: eng
  text: Application Programming Interfaces (APIs) are the primary mechanism that developers
    use to obtain access to third-party algorithms and services. Unfortunately, APIs
    can be misused, which can have catastrophic consequences, especially if the APIs
    provide security-critical functionalities like cryptography. Understanding what
    API misuses are, and for what reasons they are caused, is important to prevent
    them, e.g., with API misuse detectors. However, definitions and nominations for
    API misuses and related terms in literature vary and are diverse. This paper addresses
    the problem of scattered knowledge and definitions of API misuses by presenting
    a systematic literature review on the subject and introducing FUM, a novel Framework
    for API Usage constraint and Misuse classification. The literature review revealed
    that API misuses are violations of API usage constraints. To capture this, we
    provide unified definitions and use them to derive FUM. To assess the extent to
    which FUM aids in determining and guiding the improvement of an API misuses detectors'
    capabilities, we performed a case study on CogniCrypt, a state-of-the-art misuse
    detector for cryptographic APIs. The study showed that FUM can be used to properly
    assess CogniCrypt's capabilities, identify weaknesses and assist in deriving mitigations
    and improvements. And it appears that also more generally FUM can aid the development
    and improvement of misuse detection tools.
author:
- first_name: Michael
  full_name: Schlichtig, Michael
  id: '32312'
  last_name: Schlichtig
  orcid: 0000-0001-6600-6171
- first_name: Steffen
  full_name: Sassalla, Steffen
  last_name: Sassalla
- first_name: Krishna
  full_name: Narasimhan, Krishna
  last_name: Narasimhan
- first_name: Eric
  full_name: Bodden, Eric
  id: '59256'
  last_name: Bodden
  orcid: 0000-0003-3470-3647
citation:
  ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. FUM - A Framework for API
    Usage constraint and Misuse Classification. In: <i>2022 IEEE International Conference
    on Software Analysis, Evolution and Reengineering (SANER)</i>. ; 2022:673-684.
    doi:<a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>'
  apa: Schlichtig, M., Sassalla, S., Narasimhan, K., &#38; Bodden, E. (2022). FUM
    - A Framework for API Usage constraint and Misuse Classification. <i>2022 IEEE
    International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>,
    673–684. <a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>
  bibtex: '@inproceedings{Schlichtig_Sassalla_Narasimhan_Bodden_2022, title={FUM -
    A Framework for API Usage constraint and Misuse Classification}, DOI={<a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>},
    booktitle={2022 IEEE International Conference on Software Analysis, Evolution
    and Reengineering (SANER)}, author={Schlichtig, Michael and Sassalla, Steffen
    and Narasimhan, Krishna and Bodden, Eric}, year={2022}, pages={673–684} }'
  chicago: Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden.
    “FUM - A Framework for API Usage Constraint and Misuse Classification.” In <i>2022
    IEEE International Conference on Software Analysis, Evolution and Reengineering
    (SANER)</i>, 673–84, 2022. <a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>.
  ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework
    for API Usage constraint and Misuse Classification,” in <i>2022 IEEE International
    Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 2022,
    pp. 673–684, doi: <a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>.'
  mla: Schlichtig, Michael, et al. “FUM - A Framework for API Usage Constraint and
    Misuse Classification.” <i>2022 IEEE International Conference on Software Analysis,
    Evolution and Reengineering (SANER)</i>, 2022, pp. 673–84, doi:<a href="https://doi.org/10.1109/SANER53432.2022.00085">https://doi.org/10.1109/SANER53432.2022.00085</a>.
  short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: 2022 IEEE International
    Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp.
    673–684.'
date_created: 2022-05-09T13:04:10Z
date_updated: 2022-07-26T11:42:30Z
department:
- _id: '76'
doi: https://doi.org/10.1109/SANER53432.2022.00085
keyword:
- API misuses
- API usage constraints
- classification framework
- API misuse detection
- static analysis
language:
- iso: eng
page: 673 - 684
publication: 2022 IEEE International Conference on Software Analysis, Evolution and
  Reengineering (SANER)
quality_controlled: '1'
related_material:
  link:
  - relation: confirmation
    url: https://ieeexplore.ieee.org/document/9825763
status: public
title: FUM - A Framework for API Usage constraint and Misuse Classification
type: conference
user_id: '32312'
year: '2022'
...