MASC's Three Mutation Scopes for Comprehensive Crypto-API Misuse Analysis

cover
5 Jun 2024

Authors:

(1) Amit Seal Ami, Computer Science Department, William & Mary Williamsburg, Virginia, USA, and this author contributed equally to this paper (aami@wm.edu);

(2) Syed Yusuf Ahmed, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1013@iit.du.ac.bd);

(3) Radowan Mahmud Redoy, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1002@iit.du.ac.bd);

(4) Nathan Cooper, Computer Science Department, William & Mary Williamsburg, Virginia, USA (nacooper01@wm.edu);

(5) Kaushal Kafle, Computer Science Department, William & Mary Williamsburg, Virginia, USA (kkafle@wm.edu);

(6) Kevin Moran, Department of Computer Science, University of Central Florida Orlando, Florida, USA (kpmoran@ucf.edu);

(7) Denys Poshyvanyk, Computer Science Department, William & Mary Williamsburg, Virginia, USA (denys@cs.wm.edu);

(8) Adwait Nadkarni, Computer Science Department, William & Mary Williamsburg, Virginia, USA (apnadkarni@wm.edu).

Abstract and 1 Introduction

2 Overview of MASC

3 Design Goals

4 Implementation of MASC

4.1 Mutation Operators

4.2 Mutation Scopes

5 Using MASC

6 Future Work and Conclusion, Acknowledgments, and References

4.2 Mutation Scopes

To emulate vulnerable crypto-API misuse placement by benign and evasive developers, we designed three mutation scopes to be used with MASC:

• Main Scope represents the simplest scope, where it seeds mutants at the beginning of the main method of a simple Java or Android template app, ensuring reachability.

• Similarity Scope, which is extended from MDroid+ [13, 14], seeds mutants in the source code of an input application where a similar crypto-API is found. Note that it does not modify the existing crypto-API, and only appends the said mutant misuse case

• Exhaustive Scope, which is extended 𝜇SE [4, 5, 7], seeds mutants at all syntactically possible locations in the target app, such as class definition, conditional segments, method bodies and anonymous inner class object declarations. This helps evaluate the reachability of the target crypto-detector.

This paper is available on arxiv under CC BY-NC-SA 4.0 DEED license.