[Review] CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

Link here

The paper designs a new architecture called CryptoGuard to detect the cryptographic API misuse.

Use 16 rules to figure out the misuses and 5 refinement methods to avoid false positive, which resulting a precision of 98.61%.

Creates a benchmark named CryptoApi-Bench with 112 unit test cases. CryptoApi-Bench contains basic intraprocedural instances, inter-procedural cases, field sensitive cases, false positive tests, and correct API uses.

Introduction:

For cryptographic API misuse detection, both static and dynamic analyses have their respective pros and cons.

Static methods do not require the execution of programs. They scale up to a large number of programs, cover a wide range of security rules, and are unlikely to have false negatives.

Dynamic methods require one to trigger and detect specific misuse symptoms at runtime. They tend to produce fewer false positives than static analysis.

API misuse mainly contain the following problems:

1. Vulnerabilities due to predictable secrets.
2. Vulnerabilities from MitM attacks on SSL/TLS.
3. Vulnerabilities from predictable PRNGs(predictable pseudorandom number generators).
4. Vulnerabilities from CPA(chosen plaintext attacks).
5. Vulnerabilities from feasible bruteforce attacks.

Implementation:

Apply static def-use analysis and forward and backward program slicings for detecting Java cryptographic API misuses.

Apply refinement:

• RI-I: Removal of state indicators. Discard constants/predictable values that are used to describe the state of a variable during an orthogonal method invocation.
• RI-II: Removal of resource identifiers. Discard constants/predictable values that are used as the identifier of a value source during an orthogonal method invocation.
• RI-III: Removal of bookkeeping indices. Discard constants/predictable values that are used as the index or size of any data structures. Specifically, RI-III discards any influences on i) size parameter of an array or a collection instantiation, ii) indices of an array, iii) indices of a collection.
• RI-IV: Removal of contextually incompatible constants. Discard constants/predictable values, if their types are incompatible with the analysis context. For example, a boolean variable cannot be used as a key, IV, or salt.
• RI-V: Removal of constants in infeasible paths. Some constant initializations are updated along the path to the slicing criterion. Need to discard the initializations that do not have a valid path of influence to the criterion.

Evaluation:

RQ1: What are the security findings in Apache Projects? Do Apache projects have any high-risk vulnerabilities such as hardcoded secrets or MitM vulnerabilities?

RQ2: What are the security findings in Android Apps? Do thirdparty libraries have any high-risk vulnerabilities?

RQ3: How does CryptoGuard compare with CrySL, SpotBugs, and the free trial version of Coverity on benchmarks or real-world projects?

Future work:

• the refinement methods may cause false negatives while reducing the false positives.
• generate reports that shows how to exploit the vulnerabilities.