ParamScope-apps-dataset

Paper Abstract:

 

Cryptographic API misuses, such as the use of predictable secrets or insecure cryptographic algorithms, have led to numerous incidents involving data breaches, financial theft, and privilege escalation in real-world applications. These consequences highlight the critical importance of detecting cryptographic misuses. Most existing studies focus on identifying such issues through the analysis of API parameter values. However, dynamic detection approaches often suffer from low code coverage, which limits their ability to cover all misuse instances. As a result, increasing attention has been given to static approaches. Nevertheless, these static methods also exhibit notable limitations, as they typically focus on direct parameter value propagation while ignoring values that are transformed through expressions or method calls. These semantically dynamic values are often opaque to static analysis, leading to significant blind spots and an underestimation of existing static tools.

To address the aforementioned limitations, this paper presents ParamScope, a static analysis tool for cryptographic API misuse detection. ParamScope first obtains high-quality Intermediate Representation (IR) and comprehensive coverage of cryptographic API calls through fine-grained static analysis. It then performs assignment-driven program slicing and lightweight IR simulation to reconstruct the complete propagation and assignment chain of parameter values. This approach enables effective analysis of value assignments that can only be determined at runtime, which are often missed by existing static analysis, while also addressing the coverage limitations inherent in dynamic approaches. We evaluated ParamScope by comparing it with leading static and dynamic tools, including CryptoGuard, CrySL, and RvSec, using four cryptographic misuse benchmarks and a dataset of 327 Google Play applications. The results show that ParamScope outperforms the other tools, achieving an accuracy of 96.22% and an F1-score of 96.85%. In real-world experiments, ParamScope identifies 27% more misuse cases than the best-performing tools, while maintaining a comparable analysis time.