Authors:
(1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de);
(2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de);
(3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de);
(4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction 2 Background 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 6 Comparison with previous studies 7 Threats to Validity 8 Related Work 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Authors: Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction Abstract and 1 Introduction 2 Background 2 Background 3 Design and Implementation of Licma and 3.1 Design 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 5.2 MicroPython 6 Comparison with previous studies 6 Comparison with previous studies 7 Threats to Validity 7 Threats to Validity 8 Related Work 8 Related Work 9 Conclusion, Acknowledgments, and References 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. LICMA LICMA Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

MicroPython Analysis: Exploring Crypto API Usage and Custom Implementations

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Grassroots Distributed Systems for Digital Sovereignty: Abstract and Introduction

Securing Your MCP Server: a Step-by-Step Guide

What Happens in The Cloud Doesn’t Stay in The Cloud: A Not-So-Serious Guide to NIST SP 800–228

The Bookmarklet Hack OpenAI Doesn’t Want You to Know About

Cryptography's Developer Dilemma: An Urgent Call for API Research

Grassroots Distributed Systems for Digital Sovereignty: Abstract and Introduction

Securing Your MCP Server: a Step-by-Step Guide

What Happens in The Cloud Doesn’t Stay in The Cloud: A Not-So-Serious Guide to NIST SP 800–228

The Bookmarklet Hack OpenAI Doesn’t Want You to Know About

Cryptography's Developer Dilemma: An Urgent Call for API Research

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps