Authors:
(1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de);
(2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de);
(3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de);
(4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction 2 Background 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 6 Comparison with previous studies 7 Threats to Validity 8 Related Work 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Authors: Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction Abstract and 1 Introduction 2 Background 2 Background 3 Design and Implementation of Licma and 3.1 Design 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 5.2 MicroPython 6 Comparison with previous studies 6 Comparison with previous studies 7 Threats to Validity 7 Threats to Validity 8 Related Work 8 Related Work 9 Conclusion, Acknowledgments, and References 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. LICMA LICMA Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

A Comparative Analysis of Crypto API Misuses Across Programming Languages

Evaluating Crypto Misuses in Python: Insights from GitHub Projects and MicroPython

Read My Stories

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

MicroPython Analysis: Exploring Crypto API Usage and Custom Implementations

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Comparative Analysis of Crypto API Misuses Across Programming Languages

A Review of API Design Patterns: The Pros and Cons

The Role Of Affordance In Software Design

An API-First Approach For Designing Restful APIs

API Choice Overload

A Comparative Analysis of Crypto API Misuses Across Programming Languages

A Review of API Design Patterns: The Pros and Cons

The Role Of Affordance In Software Design

An API-First Approach For Designing Restful APIs

API Choice Overload

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps