{"id":"https://openalex.org/W2796472165","doi":"https://doi.org/10.4230/lipics.ecoop.2018.10","title":"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs","display_name":"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2796472165","doi":"https://doi.org/10.4230/lipics.ecoop.2018.10","mag":"2796472165"},"language":"en","primary_location":{"id":"pmh:oai:drops-oai.dagstuhl.de:9215","is_oa":true,"landing_page_url":"https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10","pdf_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","source":{"id":"https://openalex.org/S4377196569","display_name":"DROPS (Schloss Dagstuhl \u2013 Leibniz Center for Informatics)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799853480","host_organization_name":"Schloss Dagstuhl \u2013 Leibniz Center for Informatics","host_organization_lineage":["https://openalex.org/I2799853480"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"InProceedings"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067921018","display_name":"Stefan Kr\u00fcger","orcid":"https://orcid.org/0000-0003-0895-8830"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Kr\u00fcger, Stefan","raw_affiliation_strings":["Paderborn University, Germany","Paderborn University, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Paderborn University, Germany","institution_ids":["https://openalex.org/I206945453"]},{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008520601","display_name":"Johannes Sp\u00e4th","orcid":"https://orcid.org/0000-0003-4462-9372"},"institutions":[{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sp\u00e4th, Johannes","raw_affiliation_strings":["Fraunhofer IEM","Paderborn University, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer IEM","institution_ids":["https://openalex.org/I4210093498"]},{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038781215","display_name":"Karim Ali","orcid":"https://orcid.org/0000-0002-5516-1376"},"institutions":[{"id":"https://openalex.org/I154425047","display_name":"University of Alberta","ror":"https://ror.org/0160cpw27","country_code":"CA","type":"education","lineage":["https://openalex.org/I154425047"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ali, Karim","raw_affiliation_strings":["University of Alberta, Canada","University of Alberta, Edmonton, Canada"],"affiliations":[{"raw_affiliation_string":"University of Alberta, Canada","institution_ids":["https://openalex.org/I154425047"]},{"raw_affiliation_string":"University of Alberta, Edmonton, Canada","institution_ids":["https://openalex.org/I154425047"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076678278","display_name":"Eric Bodden","orcid":"https://orcid.org/0000-0003-3470-3647"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]},{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Bodden, Eric","raw_affiliation_strings":["Paderborn University& Fraunhofer IEM, Germany","Paderborn University, Paderborn, Germany"],"affiliations":[{"raw_affiliation_string":"Paderborn University& Fraunhofer IEM, Germany","institution_ids":["https://openalex.org/I4210093498"]},{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078067853","display_name":"Mira Mezini","orcid":"https://orcid.org/0000-0001-6563-7537"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mezini, Mira","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Germany","Technical University of Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]},{"raw_affiliation_string":"Technical University of Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5067921018"],"corresponding_institution_ids":["https://openalex.org/I206945453"],"apc_list":null,"apc_paid":null,"fwci":6.4406,"has_fulltext":true,"cited_by_count":57,"citation_normalized_percentile":{"value":0.97414307,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":100},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9650999903678894,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9603999853134155,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8390638828277588},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.8137948513031006},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7652219533920288},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.6833761930465698},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5098337531089783},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.4647476077079773},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.413673996925354},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3439466059207916},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.32055723667144775},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23179247975349426}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8390638828277588},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.8137948513031006},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7652219533920288},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.6833761930465698},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5098337531089783},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.4647476077079773},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.413673996925354},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3439466059207916},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.32055723667144775},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23179247975349426}],"mesh":[],"locations_count":4,"locations":[{"id":"pmh:oai:drops-oai.dagstuhl.de:9215","is_oa":true,"landing_page_url":"https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10","pdf_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","source":{"id":"https://openalex.org/S4377196569","display_name":"DROPS (Schloss Dagstuhl \u2013 Leibniz Center for Informatics)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799853480","host_organization_name":"Schloss Dagstuhl \u2013 Leibniz Center for Informatics","host_organization_lineage":["https://openalex.org/I2799853480"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"InProceedings"},{"id":"pmh:oai:fraunhofer.de:N-520278","is_oa":false,"landing_page_url":"http://publica.fraunhofer.de/documents/N-520278.html","pdf_url":null,"source":{"id":"https://openalex.org/S4306400801","display_name":"Publikationsdatenbank der Fraunhofer-Gesellschaft (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Fraunhofer IEM","raw_type":"Conference Paper"},{"id":"pmh:oai:publica.fraunhofer.de:publica/403792","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/403792","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},{"id":"doi:10.4230/lipics.ecoop.2018.10","is_oa":true,"landing_page_url":"https://doi.org/10.4230/lipics.ecoop.2018.10","pdf_url":null,"source":{"id":"https://openalex.org/S7407052059","display_name":"Dagstuhl Research Online Publication Server","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":""}],"best_oa_location":{"id":"pmh:oai:drops-oai.dagstuhl.de:9215","is_oa":true,"landing_page_url":"https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10","pdf_url":"https://drops.dagstuhl.de/storage/00lipics/lipics-vol109-ecoop2018/LIPIcs.ECOOP.2018.10/LIPIcs.ECOOP.2018.10.pdf","source":{"id":"https://openalex.org/S4377196569","display_name":"DROPS (Schloss Dagstuhl \u2013 Leibniz Center for Informatics)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2799853480","host_organization_name":"Schloss Dagstuhl \u2013 Leibniz Center for Informatics","host_organization_lineage":["https://openalex.org/I2799853480"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"InProceedings"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6000000238418579,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320330076","display_name":"Heinz Nixdorf Stiftung","ror":"https://ror.org/04j2tkk21"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2796472165.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2008810193","https://openalex.org/W2985320478","https://openalex.org/W2767943400","https://openalex.org/W2698406033","https://openalex.org/W2357927175","https://openalex.org/W2145994642","https://openalex.org/W2103370348","https://openalex.org/W2092115639","https://openalex.org/W2279161046","https://openalex.org/W2166743230","https://openalex.org/W2759023773","https://openalex.org/W2808620986","https://openalex.org/W2766347289","https://openalex.org/W2084864601","https://openalex.org/W2964144088","https://openalex.org/W2511044583","https://openalex.org/W2400329213","https://openalex.org/W2793937183","https://openalex.org/W2766217896","https://openalex.org/W2044590882"],"abstract_inverted_index":{"Various":[0],"studies":[1],"have":[2,91,129],"empirically":[3,143],"shown":[4],"that":[5,87,95,155],"the":[6,31,66,80,84,125,137],"majority":[7],"of":[8,19,83,157,165],"Java":[9,118,138],"and":[10,51,72,103,142],"Android":[11,120,150],"apps":[12,166],"misuse":[13,156],"cryptographic":[14,85,158],"libraries,":[15],"causing":[16],"devastating":[17],"breaches":[18],"data":[20],"security.":[21],"It":[22],"is":[23,160],"crucial":[24],"to":[25,78],"detect":[26,35],"such":[27,97],"misuses":[28],"early":[29],"in":[30],"development":[32],"process.":[33],"To":[34],"cryptography":[36,49,70,76],"misuses,":[37],"one":[38,170],"must":[39],"first":[40],"define":[41],"secure":[42,81],"uses,":[43],"a":[44,61,93,101,116,192],"process":[45],"mastered":[46],"primarily":[47],"by":[48,53,113,146],"experts,":[50],"not":[52],"developers.":[54,73],"In":[55],"this":[56],"paper,":[57],"we":[58],"present":[59],"CrySL,":[60],"definition":[62],"language":[63],"for":[64,122,136],"bridging":[65],"cognitive":[67],"gap":[68],"between":[69],"experts":[71,77],"CrySL":[74,98,133,175],"enables":[75],"specify":[79],"usage":[82],"libraries":[86],"they":[88],"provide.":[89],"We":[90,128],"implemented":[92],"compiler":[94],"translates":[96],"specification":[99],"into":[100],"context-sensitive":[102],"flow-sensitive":[104],"demand-driven":[105],"static":[106],"analysis.":[107,195],"The":[108],"analysis":[109],"then":[110],"helps":[111],"developers":[112],"automatically":[114],"checking":[115],"given":[117],"or":[119],"app":[121],"compliance":[123],"with":[124,163,185,188],"CrySL-encoded":[126],"rules.":[127],"designed":[130],"an":[131],"extensive":[132],"rule":[134,176],"set":[135,177],"Cryptography":[139],"Architecture":[140],"(JCA),":[141],"evaluated":[144],"it":[145],"analyzing":[147],"10,000":[148],"current":[149],"apps.":[151],"Our":[152,172],"results":[153],"show":[154],"APIs":[159],"still":[161],"widespread,":[162],"95%":[164],"containing":[167],"at":[168],"least":[169],"misuse.":[171],"easily":[173],"extensible":[174],"covers":[178],"more":[179,193],"violations":[180],"than":[181],"previous":[182],"special-purpose":[183],"tools":[184],"hard-coded":[186],"rules,":[187],"our":[189],"tooling":[190],"offering":[191],"precise":[194]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":15},{"year":2019,"cited_by_count":15},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T06:51:31.235846","created_date":"2025-10-10T00:00:00"}