CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite

Michael Schlichtig; Anna-Katharina Wickert; Stefan Kr\"uger; Eric; Bodden; Mira Mezini

arXiv:2204.06447·cs.SE·April 14, 2022·5 cites

CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite

Michael Schlichtig, Anna-Katharina Wickert, Stefan Kr\"uger, Eric, Bodden, Mira Mezini

PDF

Open Access

TL;DR

CamBench is a new benchmark suite designed to fairly evaluate cryptographic API misuse detection tools, emphasizing transparency and domain-specific best practices to facilitate fair comparisons and drive future improvements.

Contribution

This work introduces CamBench, the first transparent, domain-specific benchmark suite for cryptographic API misuse detection tools, enabling fair evaluation and comparison.

Findings

01

CamBench provides a standardized evaluation platform.

02

It enables fair comparison of existing misuse detection tools.

03

It highlights gaps and strengths in current tools.

Abstract

Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method: We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Web Application Security Vulnerabilities · Network Security and Intrusion Detection