Mitigating Security Risks by Understanding Security-related API-misuses and Advancing Detection of Misuses

Abstract

Context: Software is ubiquitous today, and the benefits of widespread software usage come at a risk. Attacks on critical infrastructure and the number of reported vulnerabilities increase. To ensure secure software, the mitigation of potential vulnerabilities is essential. Static analyses, application programming interfaces (APIs) that focus on usability, and memory-safe languages are solutions to achieve this aim. However, these approaches are not yet effective enough, as the number of vulnerabilities constantly increases. To examine the effectiveness of approaches and enhance the detection of critical API usages, we focus on cryptographic and Unsafe APIs. So far, the precision and recall of analyses applied on public projects are insufficiently discussed, as well as other limitations that can impact the reports. Further, the effectiveness of “usable” APIs is only evaluated in user studies, and approaches to identify Unsafe usages provide no further information, such as the underlying motivation for the usage. Method: We introduced two novel benchmarks for cryptographic API misuses and conducted two empirical studies to investigate the capabilities and limitations of existing cryptographic API misuse detectors. Further, we conducted an empirical study on the effectiveness of the API design and another to understand to which extent Go applications use the Unsafe API. In addition, we built a theoretical model of vulnerabilities and introduced several novel tools and a classifier. Results: The evaluation upon our benchmarks provided insights into the capabilities of the detectors and presented the importance of test cases beyond synthetic instances. Our first two empirical studies revealed that not all reported API misuses should be fixed, i. e. due to the usage context, and that every second project has API misuses that depend on each other. Furthermore, our third empirical study indicated that the API design positively impacts the number of observed misuses. Regarding the Unsafe API, our analysis revealed that the Unsafe API is used frequently and can cause vulnerabilities. We reported vulnerable usages and over 70 % of these are fixed by the maintainers. In addition, our classifier can effectively predict for what and why Unsafe is used. Conclusion: Each result contributes novel insights and shows the importance of understanding usages of security-critical APIs in public projects. Overall, this thesis examined the effectiveness of approaches that prevent (mis)uses of security-critical APIs and enhance their detection to mitigate vulnerabilities. To conclude, this thesis provides the foundations for assessing detectors and advances the detection and results in actual fixes of insecure API usages