An Intelligent Tutoring System for Cryptographic API Misuse Detection and Repair
Presenter Type
UNO Graduate Student (Masters)
Major/Field of Study
Computer Science
Advisor Information
Associate Professor
Location
MBSC Ballroom Poster # 1005 - G (Masters)
Presentation Type
Poster
Start Date
24-3-2023 1:00 PM
End Date
24-3-2023 2:15 PM
Abstract
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage constraints. The violations of these usage constraints can lead to software crashes. Several professional tools can detect these API misuses in cryptography. However, in educational programs, the focus has been less on helping students implement an application without cryptographic API misuse. To address the problem, we present an intelligent tutoring approach SSDTutor for educating Secure Software Development. Our tutoring approach helps students repair cryptographic API misuse defects by leveraging an automated program repair technique based on the usage patterns of cryptographic APIs. We studied the best practices of cryptographic implementations and encoded eight cryptographic API usage patterns. For quality feedback, we leverage a clone detection technique to recommend related feedback to help students understand why their programs are incorrect rather than blindly accepting repairs.
Scheduling
1-2:15 p.m.
An Intelligent Tutoring System for Cryptographic API Misuse Detection and Repair
MBSC Ballroom Poster # 1005 - G (Masters)
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage constraints. The violations of these usage constraints can lead to software crashes. Several professional tools can detect these API misuses in cryptography. However, in educational programs, the focus has been less on helping students implement an application without cryptographic API misuse. To address the problem, we present an intelligent tutoring approach SSDTutor for educating Secure Software Development. Our tutoring approach helps students repair cryptographic API misuse defects by leveraging an automated program repair technique based on the usage patterns of cryptographic APIs. We studied the best practices of cryptographic implementations and encoded eight cryptographic API usage patterns. For quality feedback, we leverage a clone detection technique to recommend related feedback to help students understand why their programs are incorrect rather than blindly accepting repairs.