[{"title":"CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite","doi":"10.48550/ARXIV.2204.06447","date_updated":"2022-07-25T10:23:44Z","date_created":"2022-07-25T07:56:59Z","author":[{"last_name":"Schlichtig","orcid":"0000-0001-6600-6171","id":"32312","full_name":"Schlichtig, Michael","first_name":"Michael"},{"first_name":"Anna-Katharina","full_name":"Wickert, Anna-Katharina","last_name":"Wickert"},{"full_name":"Krüger, Stefan","last_name":"Krüger","first_name":"Stefan"},{"full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"},{"first_name":"Mira","full_name":"Mezini, Mira","last_name":"Mezini"}],"year":"2022","citation":{"apa":"Schlichtig, M., Wickert, A.-K., Krüger, S., Bodden, E., & Mezini, M. (2022). CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. https://doi.org/10.48550/ARXIV.2204.06447","bibtex":"@book{Schlichtig_Wickert_Krüger_Bodden_Mezini_2022, title={CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite}, DOI={10.48550/ARXIV.2204.06447}, author={Schlichtig, Michael and Wickert, Anna-Katharina and Krüger, Stefan and Bodden, Eric and Mezini, Mira}, year={2022} }","short":"M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022.","mla":"Schlichtig, Michael, et al. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022, doi:10.48550/ARXIV.2204.06447.","ama":"Schlichtig M, Wickert A-K, Krüger S, Bodden E, Mezini M. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite.; 2022. doi:10.48550/ARXIV.2204.06447","chicago":"Schlichtig, Michael, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden, and Mira Mezini. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022. https://doi.org/10.48550/ARXIV.2204.06447.","ieee":"M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022."},"related_material":{"link":[{"url":"https://arxiv.org/abs/2204.06447","relation":"confirmation"}]},"keyword":["cryptography","benchmark","API misuse","static analysis"],"language":[{"iso":"eng"}],"_id":"32409","department":[{"_id":"76"}],"user_id":"32312","abstract":[{"text":"Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method: We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair \"Cryptographic API Misuse Detection Tool Benchmark Suite\". We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain.","lang":"eng"}],"status":"public","type":"misc"},{"abstract":[{"text":"Modern-day communication has become more and more digital. While this comes with many advantages such as a more efficient economy, it has also created more and more opportunities for various adversaries to manipulate communication or eavesdrop on it. The Snowden revelations in 2013 further highlighted the seriousness of these threats. To protect the communication of people, companies, and states from such threats, we require cryptography with strong security guarantees.\r\nDifferent applications may require different security properties from cryptographic schemes. For most applications, however, so-called adaptive security is considered a reasonable minimal requirement of security. Cryptographic schemes with adaptive security remain secure in the presence of an adversary that can corrupt communication partners to respond to messages of the adversaries choice, while the adversary may choose the messages based on previously observed interactions.\r\nWhile cryptography is associated the most with encryption, this is only one of many primitives that are essential for the security of digital interactions. This thesis presents novel identity-based encryption (IBE) schemes and verifiable random functions (VRFs) that achieve adaptive security as outlined above. Moreover, the cryptographic schemes presented in this thesis are proven secure in the standard model. That is without making use of idealized models like the random oracle model.","lang":"eng"}],"file":[{"content_type":"application/pdf","relation":"main_file","success":1,"creator":"davnie","date_created":"2022-02-07T13:26:05Z","date_updated":"2022-02-07T13:26:05Z","file_id":"29764","file_name":"de2107.pdf","access_level":"closed","file_size":1542089}],"keyword":["public-key cryptography","lattices","pairings","verifiable random functions","identity-based encryption"],"ddc":["000"],"language":[{"iso":"eng"}],"year":"2022","title":"More Efficient Techniques for Adaptively-Secure Cryptography","date_created":"2022-02-07T13:29:07Z","status":"public","type":"dissertation","file_date_updated":"2022-02-07T13:26:05Z","_id":"29763","project":[{"name":"SFB 901: SFB 901","_id":"1"},{"name":"SFB 901 - C: SFB 901 - Project Area C","_id":"4"},{"_id":"13","name":"SFB 901 - C1: SFB 901 - Subproject C1"}],"department":[{"_id":"558"}],"user_id":"36113","citation":{"apa":"Niehues, D. (2022). More Efficient Techniques for Adaptively-Secure Cryptography. https://doi.org/10.25926/rdtq-jw45","mla":"Niehues, David. More Efficient Techniques for Adaptively-Secure Cryptography. 2022, doi:10.25926/rdtq-jw45.","short":"D. Niehues, More Efficient Techniques for Adaptively-Secure Cryptography, 2022.","bibtex":"@book{Niehues_2022, title={More Efficient Techniques for Adaptively-Secure Cryptography}, DOI={10.25926/rdtq-jw45}, author={Niehues, David}, year={2022} }","chicago":"Niehues, David. More Efficient Techniques for Adaptively-Secure Cryptography, 2022. https://doi.org/10.25926/rdtq-jw45.","ieee":"D. Niehues, More Efficient Techniques for Adaptively-Secure Cryptography. 2022.","ama":"Niehues D. More Efficient Techniques for Adaptively-Secure Cryptography.; 2022. doi:10.25926/rdtq-jw45"},"has_accepted_license":"1","publication_status":"published","doi":"10.25926/rdtq-jw45","main_file_link":[{"open_access":"1","url":"https://elpub.bib.uni-wuppertal.de/servlets/DerivateServlet/Derivate-14686/de2107.pdf"}],"oa":"1","date_updated":"2022-02-07T13:32:28Z","supervisor":[{"first_name":"Tibor","id":"64669","full_name":"Jager, Tibor","last_name":"Jager"},{"full_name":"Lehmann, Anja","last_name":"Lehmann","first_name":"Anja"}],"author":[{"first_name":"David","last_name":"Niehues","id":"36113","full_name":"Niehues, David"}]},{"publication_identifier":{"issn":["2326-3881"]},"year":"2019","page":"1-1","citation":{"short":"S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, IEEE Transactions on Software Engineering (2019) 1–1.","mla":"Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering, 2019, pp. 1–1, doi:10.1109/TSE.2019.2948910.","bibtex":"@article{Krüger_Späth_Ali_Bodden_Mezini_2019, title={CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}, DOI={10.1109/TSE.2019.2948910}, journal={IEEE Transactions on Software Engineering}, author={Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2019}, pages={1–1} }","apa":"Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2019). CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/TSE.2019.2948910","chicago":"Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering, 2019, 1–1. https://doi.org/10.1109/TSE.2019.2948910.","ieee":"S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.","ama":"Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering. Published online 2019:1-1. doi:10.1109/TSE.2019.2948910"},"date_updated":"2022-01-06T06:54:29Z","author":[{"first_name":"Stefan","full_name":"Krüger, Stefan","last_name":"Krüger"},{"full_name":"Späth, Johannes","last_name":"Späth","first_name":"Johannes"},{"last_name":"Ali","full_name":"Ali, Karim","first_name":"Karim"},{"id":"59256","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"},{"last_name":"Mezini","full_name":"Mezini, Mira","first_name":"Mira"}],"date_created":"2020-11-27T10:48:38Z","title":"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs","doi":"10.1109/TSE.2019.2948910","main_file_link":[{"url":"http://www.bodden.de/pubs/tse19CrySL.pdf"}],"publication":"IEEE Transactions on Software Engineering","type":"journal_article","status":"public","_id":"20533","department":[{"_id":"76"}],"user_id":"5786","keyword":["Java","Encryption","Static analysis","Tools","Ciphers","Semantics","cryptography","domain-specific language","static analysis"],"language":[{"iso":"eng"}]}]