Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References

In this paper, researchers look into the types of problems that exist in various crypto libraries.


This content originally appeared on HackerNoon and was authored by CryptoColumns

:::info Authors:

(1) Mohammadreza Hazhirpasand, University of Bern, Bern, Switzerland;

(2) Oscar Nierstrasz, University of Bern, Bern, Switzerland;

(3) Mohammad Ghafari, University of Auckland, Auckland, New Zealand.

:::

VII. ACKNOWLEDGMENTS

We gratefully acknowledge the financial support of the Swiss National Science Foundation for the project “Agile Software Assistance” (SNSF project No. 200020-181973, Feb. 1, 2019 - April 30, 2022). We also thank CHOOSE, the Swiss Group for Original and Outside-the-box Software Engineering of the Swiss Informatics Society, for its financial contribution to the presentation of this paper.

REFERENCES

[1] M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, and O. Nierstrasz, “The impact of developer experience in using Java cryptography,” in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). IEEE, 2019, pp. 1–6.

\ [2] S. Rahaman, Y. Xiao, S. Afrose, F. Shaon, K. Tian, M. Frantz, M. Kantarcioglu, and D. Yao, “Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized Java projects,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 2455–2472.

\ [3] M. Green and M. Smith, “Developers are not the enemy!: The need for usable security APIs,” IEEE Security & Privacy, vol. 14, no. 5, pp. 40–46, 2016.

\ [4] M. Hazhirpasand, O. Nierstrasz, M. Shabani, and M. Ghafari, “Hurdles for developers in cryptography,” in 37th International Conference on Software Maintenance and Evolution (ICSME), 2021.

\ [5] D. Lazar, H. Chen, X. Wang, and N. Zeldovich, “Why does cryptographic software fail? a case study and open problems,” in Proceedings of 5th Asia-Pacific Workshop on Systems, 2014, pp. 1–7.

\ [6] N. Patnaik, J. Hallett, and A. Rashid, “Usability smells: An analysis of developers’ struggle with crypto libraries,” in Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019), 2019, pp. 245–257.

\ [7] K. Cairns, H. Halpin, and G. Steel, “Security analysis of the W3C web cryptography api,” in International Conference on Research in Security Standardisation. Springer, 2016, pp. 112–140.

\ [8] Y. Yarom, D. Genkin, and N. Heninger, “Cachebleed: a timing attack on OpenSSL constant-time RSA,” Journal of Cryptographic Engineering, vol. 7, no. 2, pp. 99–112, 2017.

\ [9] J. Somorovsky, “Systematic fuzzing and testing of TLS libraries,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 1492–1504.

\ [10] V. Braun and V. Clarke, “Using thematic analysis in psychology,” Qualitative research in psychology, vol. 3, no. 2, pp. 77–101, 2006.

\ [11] S. Lewis, “Qualitative inquiry and research design: Choosing among five approaches,” Health promotion practice, vol. 16, no. 4, pp. 473– 475, 2015.

\ [12] J. Cohen, “A coefficient of agreement for nominal scales,” Educational and psychological measurement, vol. 20, no. 1, pp. 37–46, 1960.

\ [13] S. Kafader and M. Ghafari, “Fluentcrypto: Cryptography in easy mode,” in 37th International Conference on Software Maintenance and Evolution (ICSME), 2021.

\ [14] C. Parnin, C. Treude, L. Grammel, and M.-A. Storey, “Crowd documentation: Exploring the coverage and the dynamics of API discussions on stack overflow,” Georgia Institute of Technology, Tech. Rep, vol. 11, 2012.

\ [15] D. Hou and L. Li, “Obstacles in using frameworks and APIs: An exploratory study of programmers’ newsgroup discussions,” in 2011 IEEE 19th International Conference on Program Comprehension. IEEE, 2011, pp. 91–100.

\ [16] M. Hazhirpasand, M. Ghafari, and O. Nierstrasz, “Java cryptography uses in the wild,” in Proceedings of the 14th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2020, pp. 1–6.

\ [17] M. Hazhirpasand, O. Nierstrasz, and M. Ghafari, “Worrisome patterns in developers: A survey in cryptography,” in Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, 2021.

\

:::info This paper is available on arxiv under CC BY 4.0 DEED license.

:::

\


This content originally appeared on HackerNoon and was authored by CryptoColumns


Print Share Comment Cite Upload Translate Updates
APA

CryptoColumns | Sciencx (2024-06-15T20:00:26+00:00) Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References. Retrieved from https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/

MLA
" » Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References." CryptoColumns | Sciencx - Saturday June 15, 2024, https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/
HARVARD
CryptoColumns | Sciencx Saturday June 15, 2024 » Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References., viewed ,<https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/>
VANCOUVER
CryptoColumns | Sciencx - » Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/
CHICAGO
" » Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References." CryptoColumns | Sciencx - Accessed . https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/
IEEE
" » Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References." CryptoColumns | Sciencx [Online]. Available: https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/. [Accessed: ]
rf:citation
» Dazed and Confused: What’s Wrong with Crypto Libraries? — Acknowledgments and References | CryptoColumns | Sciencx | https://www.scien.cx/2024/06/15/dazed-and-confused-whats-wrong-with-cryptolibraries-acknowledgments-and-references/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.