Authors:
(1) Amit Seal Ami, Computer Science Department, William & Mary Williamsburg, Virginia, USA, and this author contributed equally to this paper ([email protected]);
(2) Syed Yusuf Ahmed, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper ([email protected]);
(3) Radowan Mahmud Redoy, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper ([email protected]);
(4) Nathan Cooper, Computer Science Department, William & Mary Williamsburg, Virginia, USA ([email protected]);
(5) Kaushal Kafle, Computer Science Department, William & Mary Williamsburg, Virginia, USA ([email protected]);
(6) Kevin Moran, Department of Computer Science, University of Central Florida Orlando, Florida, USA ([email protected]);
(7) Denys Poshyvanyk, Computer Science Department, William & Mary Williamsburg, Virginia, USA ([email protected]);
(8) Adwait Nadkarni, Computer Science Department, William & Mary Williamsburg, Virginia, USA ([email protected]).
6 Future Work and Conclusion, Acknowledgments, and References
To emulate vulnerable crypto-API misuse placement by benign and evasive developers, we designed three mutation scopes to be used with MASC:
• Main Scope represents the simplest scope, where it seeds mutants at the beginning of the main method of a simple Java or Android template app, ensuring reachability.
• Similarity Scope, which is extended from MDroid+ [13, 14], seeds mutants in the source code of an input application where a similar crypto-API is found. Note that it does not modify the existing crypto-API, and only appends the said mutant misuse case
• Exhaustive Scope, which is extended 𝜇SE [4, 5, 7], seeds mutants at all syntactically possible locations in the target app, such as class definition, conditional segments, method bodies and anonymous inner class object declarations. This helps evaluate the reachability of the target crypto-detector.
This paper is available on arxiv under CC BY-NC-SA 4.0 DEED license.