Authors:
(1) Amit Seal Ami, Computer Science Department, William & Mary Williamsburg, Virginia, USA, and this author contributed equally to this paper (aami@wm.edu);
(2) Syed Yusuf Ahmed, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1013@iit.du.ac.bd);
(3) Radowan Mahmud Redoy, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1002@iit.du.ac.bd);
(4) Nathan Cooper, Computer Science Department, William & Mary Williamsburg, Virginia, USA (nacooper01@wm.edu);
(5) Kaushal Kafle, Computer Science Department, William & Mary Williamsburg, Virginia, USA (kkafle@wm.edu);
(6) Kevin Moran, Department of Computer Science, University of Central Florida Orlando, Florida, USA (kpmoran@ucf.edu);
(7) Denys Poshyvanyk, Computer Science Department, William & Mary Williamsburg, Virginia, USA (denys@cs.wm.edu);
(8) Adwait Nadkarni, Computer Science Department, William & Mary Williamsburg, Virginia, USA (apnadkarni@wm.edu). Table of Links Abstract and 1 Introduction 2 Overview of MASC 3 Design Goals 4 Implementation of MASC 4.1 Mutation Operators 4.2 Mutation Scopes 5 Using MASC 6 Future Work and Conclusion, Acknowledgments, and References 2 OVERVIEW OF MASC Overall, MASC works by (1) mutating a base crypto API misuse case to create mutated crypto-API instantiations or mutated misuse case, (2) seeding or injecting the mutated misuse case in source code, (3) analyzing both unmutated and mutated source code using a target crypto-detector, and (4) comparing the outputs of cryptodetector applied on both base misuse case and mutated misuse case to identify undetected (not killed) mutated misuse case. The overview of this process is shown in Figure 1. Conceptually, MASC contextualizes the traditional mutation testing techniques of SE domain for the evaluation of crypto-detectors, while introducing crypto-API misuse mutation operators that instantiates variants or expressions of crypto-API misuse. To elaborate, while mutation operators from the traditional, SE mutation testing are used to describe operations that either add, modify, or remove existing source code statement(s), in the context of MASC, cryptoAPI mutation operators create expressive instances of crypto-API misuse independent of any source code or application. As shown in Listing 1, statement marked //1 is the base misuse case, whereas statements //2 – //5 are the mutated crypto-misuse cases instantiated by several mutation operators of MASC. We provide the design considerations and implementation details of MASC’s mutation operators in Sec. 4.1. These mutated misuse instances are then "injected" or "seeded" in source code, where the injection site depends on the mutation scopes of MASC, which we detail in Sec. 4.2. This paper is available on arxiv under CC BY-NC-SA 4.0 DEED license. Authors: (1) Amit Seal Ami, Computer Science Department, William & Mary Williamsburg, Virginia, USA, and this author contributed equally to this paper (aami@wm.edu); (2) Syed Yusuf Ahmed, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1013@iit.du.ac.bd); (3) Radowan Mahmud Redoy, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1002@iit.du.ac.bd); (4) Nathan Cooper, Computer Science Department, William & Mary Williamsburg, Virginia, USA (nacooper01@wm.edu); (5) Kaushal Kafle, Computer Science Department, William & Mary Williamsburg, Virginia, USA (kkafle@wm.edu); (6) Kevin Moran, Department of Computer Science, University of Central Florida Orlando, Florida, USA (kpmoran@ucf.edu); (7) Denys Poshyvanyk, Computer Science Department, William & Mary Williamsburg, Virginia, USA (denys@cs.wm.edu); (8) Adwait Nadkarni, Computer Science Department, William & Mary Williamsburg, Virginia, USA (apnadkarni@wm.edu). Authors: Authors: (1) Amit Seal Ami, Computer Science Department, William & Mary Williamsburg, Virginia, USA, and this author contributed equally to this paper (aami@wm.edu); (2) Syed Yusuf Ahmed, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1013@iit.du.ac.bd); (3) Radowan Mahmud Redoy, Institute for Information Technology, University of Dhaka Dhaka, Bangladesh, and this author contributed equally to this paper (bsse1002@iit.du.ac.bd); (4) Nathan Cooper, Computer Science Department, William & Mary Williamsburg, Virginia, USA (nacooper01@wm.edu); (5) Kaushal Kafle, Computer Science Department, William & Mary Williamsburg, Virginia, USA (kkafle@wm.edu); (6) Kevin Moran, Department of Computer Science, University of Central Florida Orlando, Florida, USA (kpmoran@ucf.edu); (7) Denys Poshyvanyk, Computer Science Department, William & Mary Williamsburg, Virginia, USA (denys@cs.wm.edu); (8) Adwait Nadkarni, Computer Science Department, William & Mary Williamsburg, Virginia, USA (apnadkarni@wm.edu). Table of Links Abstract and 1 Introduction Abstract and 1 Introduction 2 Overview of MASC 2 Overview of MASC 3 Design Goals 3 Design Goals 4 Implementation of MASC 4 Implementation of MASC 4.1 Mutation Operators 4.1 Mutation Operators 4.2 Mutation Scopes 4.2 Mutation Scopes 5 Using MASC 5 Using MASC 6 Future Work and Conclusion, Acknowledgments, and References 6 Future Work and Conclusion, Acknowledgments, and References 2 OVERVIEW OF MASC Overall, MASC works by (1) mutating a base crypto API misuse case to create mutated crypto-API instantiations or mutated misuse case, (2) seeding or injecting the mutated misuse case in source code, (3) analyzing both unmutated and mutated source code using a target crypto-detector, and (4) comparing the outputs of cryptodetector applied on both base misuse case and mutated misuse case to identify undetected (not killed) mutated misuse case. The overview of this process is shown in Figure 1. Conceptually, MASC contextualizes the traditional mutation testing techniques of SE domain for the evaluation of crypto-detectors, while introducing crypto-API misuse mutation operators that instantiates variants or expressions of crypto-API misuse. To elaborate, while mutation operators from the traditional, SE mutation testing are used to describe operations that either add, modify, or remove existing source code statement(s), in the context of MASC, cryptoAPI mutation operators create expressive instances of crypto-API misuse independent of any source code or application. As shown in Listing 1, statement marked //1 is the base misuse case, whereas statements //2 – //5 are the mutated crypto-misuse cases instantiated by several mutation operators of MASC. We provide the design considerations and implementation details of MASC’s mutation operators in Sec. 4.1. These mutated misuse instances are then "injected" or "seeded" in source code, where the injection site depends on the mutation scopes of MASC, which we detail in Sec. 4.2. This paper is available on arxiv under CC BY-NC-SA 4.0 DEED license. This paper is available on arxiv under CC BY-NC-SA 4.0 DEED license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

MASC Design Goals: Extensibility, Diversity, and Usability in Crypto-Detection

MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors

Mutation.TECH

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Improving Crypto-Detectors: Inside the MASC Mutation Testing Framework

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Making AI-Powered Mutation Testing Reliable and Fair

Crypto APIs' Role within Blockchain as a Service (BaaS)

How to Import Crypto APIs into Excel

The 5 Best Cryptocurrency Data APIs in 2022

Top 5 Crypto APIs for Developers

Making AI-Powered Mutation Testing Reliable and Fair

Crypto APIs' Role within Blockchain as a Service (BaaS)

How to Import Crypto APIs into Excel

The 5 Best Cryptocurrency Data APIs in 2022

Top 5 Crypto APIs for Developers

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps