{"department":[{"_id":"76"}],"publisher":"Gesellschaft für Informatik e.V.","type":"book_chapter","keyword":["API misuses  API usage constraints","classification framework","API misuse detection","static analysis"],"citation":{"short":"M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.","ama":"Schlichtig M, Sassalla S, Narasimhan K, Bodden E. Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In: <i>Software Engineering 2023</i>. Gesellschaft für Informatik e.V.; 2023:105–106.","bibtex":"@inbook{Schlichtig_Sassalla_Narasimhan_Bodden_2023, place={Bonn}, title={Introducing FUM: A Framework for API Usage Constraint and Misuse Classification}, booktitle={Software Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Schlichtig, Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2023}, pages={105–106} }","ieee":"M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification,” in <i>Software Engineering 2023</i>, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.","mla":"Schlichtig, Michael, et al. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” <i>Software Engineering 2023</i>, Gesellschaft für Informatik e.V., 2023, pp. 105–106.","chicago":"Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” In <i>Software Engineering 2023</i>, 105–106. Bonn: Gesellschaft für Informatik e.V., 2023.","apa":"Schlichtig, M., Sassalla, S., Narasimhan, K., &#38; Bodden, E. (2023). Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In <i>Software Engineering 2023</i> (pp. 105–106). Gesellschaft für Informatik e.V."},"year":"2023","author":[{"first_name":"Michael","id":"32312","last_name":"Schlichtig","full_name":"Schlichtig, Michael","orcid":"0000-0001-6600-6171"},{"full_name":"Sassalla, Steffen","last_name":"Sassalla","first_name":"Steffen"},{"full_name":"Narasimhan, Krishna","last_name":"Narasimhan","first_name":"Krishna"},{"last_name":"Bodden","full_name":"Bodden, Eric","id":"59256","first_name":"Eric","orcid":"0000-0003-3470-3647"}],"main_file_link":[{"url":"https://dl.gi.de/items/c4825557-cf3d-4038-933a-d8f95fd324a2"}],"publication_identifier":{"isbn":["978-3-88579-726-5"]},"user_id":"32312","date_created":"2024-03-20T09:22:27Z","_id":"52660","status":"public","publication":"Software Engineering 2023","abstract":[{"lang":"eng","text":"Application Programming Interfaces (APIs) are the primary mechanism developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and how they are caused, is important to prevent them, eg, with API misuse detectors. However, definitions for API misuses and related terms in literature vary. This paper presents a systematic literature review to clarify these terms and introduces FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To address this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detector’s capabilities, we performed a case study on the state-of the-art misuse detection tool CogniCrypt. The study showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify weaknesses and assist in deriving mitigations and improvements."}],"title":"Introducing FUM: A Framework for API Usage Constraint and Misuse Classification","date_updated":"2024-03-20T09:25:46Z","language":[{"iso":"eng"}],"place":"Bonn","page":"105–106"}