Java密码学API注解及模板生成框架
|
摘要
随着Java软件功能日益复杂,开发者越来越多地依赖于密码学函数来保护应用数据.虽然密码学算法功能非常强大,但是设计复杂的Java密码学API经常被开发者误用,引入本可避免的安全漏洞.为了强制规范开发者的行为,本文提出基于注解的Java密码学API安全性增强方法,实现SecureCrypto框架,框架能够根据用户参数以及应用场景的模板自动生成加解密代码,同时对开发者代码进行校验,在编译阶段发现并报出错误.此外为了简化注解开发,本文还实现了一个基于Java代码的模板生成器,安全专家能够快速准确定义新场景以完善SecureCrypto.实验调查发现,注解确实能帮助开发者高效编写安全可靠代码,模板生成器是安全专家拓展注解使用场景的必要工具.
As Java software becoming more and more sophisticated,developers increasingly rely on cryptographic libraries to protect application data. While cryptographic libraries are secure enough,the complicated Java cryptographic API is often misused,leading to some avoidable security problem. We propose SecureCrypto,an annotation-based framework to help developers securely using cryptographic APIs. SecureCrypto framework can generate code based on user parameters and scenario template,verify user code and raise errors during compile time. To simplify annotation developing,we implemented a template generator based on Java code. Security expert can quickly define newscenarios to extend SecureCrypto. From control experiment,we find that annotation can indeed help developers to write secure and reliable code,template generator is also a necessary tool for security experts to define newannotation scenarios.
As Java software becoming more and more sophisticated,developers increasingly rely on cryptographic libraries to protect application data. While cryptographic libraries are secure enough,the complicated Java cryptographic API is often misused,leading to some avoidable security problem. We propose SecureCrypto,an annotation-based framework to help developers securely using cryptographic APIs. SecureCrypto framework can generate code based on user parameters and scenario template,verify user code and raise errors during compile time. To simplify annotation developing,we implemented a template generator based on Java code. Security expert can quickly define newscenarios to extend SecureCrypto. From control experiment,we find that annotation can indeed help developers to write secure and reliable code,template generator is also a necessary tool for security experts to define newannotation scenarios.
引文
[1]Lazar David,Haogang Chen,Xi Wang,et al. Why does crypto-graphic softw are fail:a case study and open problems[C]. Proceed-ings of 5th Asia-Pacific Workshop on Systems,ACM,2014.
[2]Egele Manuel,David Brumley,Yanick Fratantonio,et al. An empir-ical study of cryptographic misuse in android applications[C].Proceedings of the 2013 ACM SIGSAC Conference on Computer&Communications Security,ACM,2013:73-84.
[3]Nadi Sarah,Stefan Krüger,Mira Mezini,et al. Jumping throughhoops:w hy do Java developers struggle w ith cryptography APIs[C]. Proceedings of the 38th Iternational Conference on SoftwareEngeering,ACM,2016:935-946.
[4]Acar Yasem,Michael Backes,Sascha Fahl,et al. Comparing the us-ability of cryptographic apis[C]. Security and Privacy(SP),IEEESymposium on,2017:154-171.
[5]Acar Yasem,Michael Backes,Sascha Fahl,et al. You get whereyou're looking for:the impact of information sources on code secur-ity[C]. Security and Privacy(SP),IEEE Symposium on,2016:289-305.
[6] Nguyen Duc Cuong,Dominik Wermke,Yasemin Acar,et al. Astitch time:supporting Android developers w riting secure code[C]. Proceedings of the 2017 ACM SIGSAC Conference on Com-puter and Communications Security,ACM,2017:1065-1077.
[7]Krüger Stefan,Sarah Nadi,Michael Reif,et al. CogniCrypt:sup-porting developers using cryptography[C]. Proceedings of the32nd IEEE/ACM Ternational Conference on Automated Softw areEngeering,IEEE Press,2017:931-936.
[8]Nadi Sarah,Stefan Krüger. Variability modeling of cryptographiccomponents:clafer experience report[C]. Proceedings of theTenth International Workshop on Variability M odelling of Softw are-tensive Systems,ACM,2016:105-112.
[9]Bernste Daniel J,Tanja Lange,Peter Schwabe. The security impactof a new cryptographic library[C]. International Conference onCryptology and Information Security Lat America,Sprger,Berl,Heidelberg,2012:159-176.
[10]Arzt Steven,Sarah Nadi,Karim Ali,et al. Towards secure integra-tion of cryptographic softw are[C]. 2015 ACM International Sym-posium on New Ideas,New Paradigms,and Reflections on Pro-grammg and Softw are(Onw ard!),ACM,2015:1-13.
[11]Dela Soumya,Mukul Kulkarni,Kartic Nayak,et al. Helping John-ny encrypt:tow ard semantic interfaces for cryptographic frame-w orks[C]. Proceedings of the 2016 ACM International Symposi-um on New Ideas,New Paradigms,and Reflections on Program-ming and Softw are(Onw ard!),ACM,2016:180-196.
[12] Acar Yasem,Michael Backes,Sven Bugiel,et al. Sok:lessonslearned from android security research for appified softw are plat-forms[C]. Security and Privacy(SP),2016 IEEE Symposiumon,2016:433-451.
1http://google.github.io/dagger/
2http://www.javaparser.org/
3http://www.sable.mcgill.ca/soot/
[2]Egele Manuel,David Brumley,Yanick Fratantonio,et al. An empir-ical study of cryptographic misuse in android applications[C].Proceedings of the 2013 ACM SIGSAC Conference on Computer&Communications Security,ACM,2013:73-84.
[3]Nadi Sarah,Stefan Krüger,Mira Mezini,et al. Jumping throughhoops:w hy do Java developers struggle w ith cryptography APIs[C]. Proceedings of the 38th Iternational Conference on SoftwareEngeering,ACM,2016:935-946.
[4]Acar Yasem,Michael Backes,Sascha Fahl,et al. Comparing the us-ability of cryptographic apis[C]. Security and Privacy(SP),IEEESymposium on,2017:154-171.
[5]Acar Yasem,Michael Backes,Sascha Fahl,et al. You get whereyou're looking for:the impact of information sources on code secur-ity[C]. Security and Privacy(SP),IEEE Symposium on,2016:289-305.
[6] Nguyen Duc Cuong,Dominik Wermke,Yasemin Acar,et al. Astitch time:supporting Android developers w riting secure code[C]. Proceedings of the 2017 ACM SIGSAC Conference on Com-puter and Communications Security,ACM,2017:1065-1077.
[7]Krüger Stefan,Sarah Nadi,Michael Reif,et al. CogniCrypt:sup-porting developers using cryptography[C]. Proceedings of the32nd IEEE/ACM Ternational Conference on Automated Softw areEngeering,IEEE Press,2017:931-936.
[8]Nadi Sarah,Stefan Krüger. Variability modeling of cryptographiccomponents:clafer experience report[C]. Proceedings of theTenth International Workshop on Variability M odelling of Softw are-tensive Systems,ACM,2016:105-112.
[9]Bernste Daniel J,Tanja Lange,Peter Schwabe. The security impactof a new cryptographic library[C]. International Conference onCryptology and Information Security Lat America,Sprger,Berl,Heidelberg,2012:159-176.
[10]Arzt Steven,Sarah Nadi,Karim Ali,et al. Towards secure integra-tion of cryptographic softw are[C]. 2015 ACM International Sym-posium on New Ideas,New Paradigms,and Reflections on Pro-grammg and Softw are(Onw ard!),ACM,2015:1-13.
[11]Dela Soumya,Mukul Kulkarni,Kartic Nayak,et al. Helping John-ny encrypt:tow ard semantic interfaces for cryptographic frame-w orks[C]. Proceedings of the 2016 ACM International Symposi-um on New Ideas,New Paradigms,and Reflections on Program-ming and Softw are(Onw ard!),ACM,2016:180-196.
[12] Acar Yasem,Michael Backes,Sven Bugiel,et al. Sok:lessonslearned from android security research for appified softw are plat-forms[C]. Security and Privacy(SP),2016 IEEE Symposiumon,2016:433-451.
1http://google.github.io/dagger/
2http://www.javaparser.org/
3http://www.sable.mcgill.ca/soot/