---
_id: '32409'
abstract:
- lang: eng
text: 'Context: Cryptographic APIs are often misused in real-world applications.
Therefore, many cryptographic API misuse detection tools have been introduced.
However, there exists no established reference benchmark for a fair and comprehensive
comparison and evaluation of these tools. While there are benchmarks, they often
only address a subset of the domain or were only used to evaluate a subset of
existing misuse detection tools. Objective: To fairly compare cryptographic API
misuse detection tools and to drive future development in this domain, we will
devise such a benchmark. Openness and transparency in the generation process are
key factors to fairly generate and establish the needed benchmark. Method: We
propose an approach where we derive the benchmark generation methodology from
the literature which consists of general best practices in benchmarking and domain-specific
benchmark generation. A part of this methodology is transparency and openness
of the generation process, which is achieved by pre-registering this work. Based
on our methodology we design CamBench, a fair "Cryptographic API Misuse Detection
Tool Benchmark Suite". We will implement the first version of CamBench limiting
the domain to Java, the JCA, and static analyses. Finally, we will use CamBench
to compare current misuse detection tools and compare CamBench to related benchmarks
of its domain.'
author:
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: Schlichtig M, Wickert A-K, Krüger S, Bodden E, Mezini M. CamBench -- Cryptographic
API Misuse Detection Tool Benchmark Suite.; 2022. doi:10.48550/ARXIV.2204.06447
apa: Schlichtig, M., Wickert, A.-K., Krüger, S., Bodden, E., & Mezini, M. (2022).
CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. https://doi.org/10.48550/ARXIV.2204.06447
bibtex: '@book{Schlichtig_Wickert_Krüger_Bodden_Mezini_2022, title={CamBench --
Cryptographic API Misuse Detection Tool Benchmark Suite}, DOI={10.48550/ARXIV.2204.06447},
author={Schlichtig, Michael and Wickert, Anna-Katharina and Krüger, Stefan and
Bodden, Eric and Mezini, Mira}, year={2022} }'
chicago: Schlichtig, Michael, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden,
and Mira Mezini. CamBench -- Cryptographic API Misuse Detection Tool Benchmark
Suite, 2022. https://doi.org/10.48550/ARXIV.2204.06447.
ieee: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench
-- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022.
mla: Schlichtig, Michael, et al. CamBench -- Cryptographic API Misuse Detection
Tool Benchmark Suite. 2022, doi:10.48550/ARXIV.2204.06447.
short: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench --
Cryptographic API Misuse Detection Tool Benchmark Suite, 2022.
date_created: 2022-07-25T07:56:59Z
date_updated: 2022-07-25T10:23:44Z
department:
- _id: '76'
doi: 10.48550/ARXIV.2204.06447
keyword:
- cryptography
- benchmark
- API misuse
- static analysis
language:
- iso: eng
related_material:
link:
- relation: confirmation
url: https://arxiv.org/abs/2204.06447
status: public
title: CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite
type: misc
user_id: '32312'
year: '2022'
...
---
_id: '29763'
abstract:
- lang: eng
text: "Modern-day communication has become more and more digital. While this comes
with many advantages such as a more efficient economy, it has also created more
and more opportunities for various adversaries to manipulate communication or
eavesdrop on it. The Snowden revelations in 2013 further highlighted the seriousness
of these threats. To protect the communication of people, companies, and states
from such threats, we require cryptography with strong security guarantees.\r\nDifferent
applications may require different security properties from cryptographic schemes.
For most applications, however, so-called adaptive security is considered a reasonable
minimal requirement of security. Cryptographic schemes with adaptive security
remain secure in the presence of an adversary that can corrupt communication partners
to respond to messages of the adversaries choice, while the adversary may choose
the messages based on previously observed interactions.\r\nWhile cryptography
is associated the most with encryption, this is only one of many primitives that
are essential for the security of digital interactions. This thesis presents novel
identity-based encryption (IBE) schemes and verifiable random functions (VRFs)
that achieve adaptive security as outlined above. Moreover, the cryptographic
schemes presented in this thesis are proven secure in the standard model. That
is without making use of idealized models like the random oracle model."
author:
- first_name: David
full_name: Niehues, David
id: '36113'
last_name: Niehues
citation:
ama: Niehues D. More Efficient Techniques for Adaptively-Secure Cryptography.;
2022. doi:10.25926/rdtq-jw45
apa: Niehues, D. (2022). More Efficient Techniques for Adaptively-Secure Cryptography.
https://doi.org/10.25926/rdtq-jw45
bibtex: '@book{Niehues_2022, title={More Efficient Techniques for Adaptively-Secure
Cryptography}, DOI={10.25926/rdtq-jw45},
author={Niehues, David}, year={2022} }'
chicago: Niehues, David. More Efficient Techniques for Adaptively-Secure Cryptography,
2022. https://doi.org/10.25926/rdtq-jw45.
ieee: D. Niehues, More Efficient Techniques for Adaptively-Secure Cryptography.
2022.
mla: Niehues, David. More Efficient Techniques for Adaptively-Secure Cryptography.
2022, doi:10.25926/rdtq-jw45.
short: D. Niehues, More Efficient Techniques for Adaptively-Secure Cryptography,
2022.
date_created: 2022-02-07T13:29:07Z
date_updated: 2022-02-07T13:32:28Z
ddc:
- '000'
department:
- _id: '558'
doi: 10.25926/rdtq-jw45
file:
- access_level: closed
content_type: application/pdf
creator: davnie
date_created: 2022-02-07T13:26:05Z
date_updated: 2022-02-07T13:26:05Z
file_id: '29764'
file_name: de2107.pdf
file_size: 1542089
relation: main_file
success: 1
file_date_updated: 2022-02-07T13:26:05Z
has_accepted_license: '1'
keyword:
- public-key cryptography
- lattices
- pairings
- verifiable random functions
- identity-based encryption
language:
- iso: eng
license: https://creativecommons.org/licenses/by-nd/4.0/
main_file_link:
- open_access: '1'
url: https://elpub.bib.uni-wuppertal.de/servlets/DerivateServlet/Derivate-14686/de2107.pdf
oa: '1'
project:
- _id: '1'
name: 'SFB 901: SFB 901'
- _id: '4'
name: 'SFB 901 - C: SFB 901 - Project Area C'
- _id: '13'
name: 'SFB 901 - C1: SFB 901 - Subproject C1'
publication_status: published
status: public
supervisor:
- first_name: Tibor
full_name: Jager, Tibor
id: '64669'
last_name: Jager
- first_name: Anja
full_name: Lehmann, Anja
last_name: Lehmann
title: More Efficient Techniques for Adaptively-Secure Cryptography
type: dissertation
user_id: '36113'
year: '2022'
...
---
_id: '20533'
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: 'Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach
to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on
Software Engineering. Published online 2019:1-1. doi:10.1109/TSE.2019.2948910'
apa: 'Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2019). CrySL:
An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/TSE.2019.2948910'
bibtex: '@article{Krüger_Späth_Ali_Bodden_Mezini_2019, title={CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs}, DOI={10.1109/TSE.2019.2948910},
journal={IEEE Transactions on Software Engineering}, author={Krüger, Stefan and
Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2019},
pages={1–1} }'
chicago: 'Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini.
“CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs.” IEEE Transactions on Software Engineering, 2019, 1–1. https://doi.org/10.1109/TSE.2019.2948910.'
ieee: 'S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions
on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.'
mla: 'Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct
Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering,
2019, pp. 1–1, doi:10.1109/TSE.2019.2948910.'
short: S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, IEEE Transactions on Software
Engineering (2019) 1–1.
date_created: 2020-11-27T10:48:38Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/TSE.2019.2948910
keyword:
- Java
- Encryption
- Static analysis
- Tools
- Ciphers
- Semantics
- cryptography
- domain-specific language
- static analysis
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/tse19CrySL.pdf
page: 1-1
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 2326-3881
status: public
title: 'CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs'
type: journal_article
user_id: '5786'
year: '2019'
...