Write a Blog >>
ECOOP 2021
Sun 11 - Sat 17 July 2021 Online
co-located with ECOOP and ISSTA 2021
Fri 16 Jul 2021 19:40 - 20:00 at ECOOP 1 - Potpourri (time band 1) Chair(s): Omer Tripp
Sat 17 Jul 2021 02:10 - 02:30 at ECOOP 1 - Potpourri (time band 2) Chair(s): Lingming Zhang

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API-misuse detectors have been proposed to address this issue—including CogniCrypt, one of the most versatile of such detectors and that uses a language (CrySL) to specify cryptographic API usage contracts. Nonetheless, existing approaches to detect API misuse had not been designed for systematic reuse, ignoring the fact that different versions of a library, different versions of a platform, and different recommendations/guidelines might introduce variability in the correct usage of an API. Yet, little is known about how such variability impacts the specification of the correct API usage. This paper investigates this question by analyzing the impact of various sources of variability on widely used Java cryptographic libraries (including JCA/JCE, Bouncy Castle, and Google Tink). The results of our investigation show that sources of variability like new versions of the API and security standards significantly impact the specifications. We then use the insights gained from our investigation to motivate an extension to the CrySL language (named MetaCrySL), which builds on meta-programming concepts. We evaluate MetaCrySL by specifying usage rules for a family of Android versions and illustrate that MetaCrySL can model all forms of variability we identified and drastically reduce the size of a family of specifications for the correct usage of cryptographic APIs.

Fri 16 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

19:00 - 20:00
Potpourri (time band 1)ECOOP Technical Papers at ECOOP 1
Chair(s): Omer Tripp Amazon
19:00
20m
Talk
CodeDJ: Reproducible Queries over Large-Scale Software Repositories
ECOOP Technical Papers
Petr Maj Czech Technical University, Konrad Siek Czech Technical University in Prague, Jan Vitek Northeastern University / Czech Technical University, Alexander Kovalenko Czech Technical University in Prague
DOI
19:20
20m
Talk
Differential Privacy for Coverage Analysis of Software Traces
ECOOP Technical Papers
Yu Hao Ohio State University, Sufian Latif Ohio State University, Hailong Zhang Fordham University, Raef Bassily Ohio State University, Atanas Rountev Ohio State University
DOI
19:40
20m
Talk
Dealing with Variability in API Misuse Specification
ECOOP Technical Papers
Rodrigo Bonifácio Computer Science Department - University of Brasília, Stefan Krüger Independent Researcher, Krishna Narasimhan TU Darmstadt, Eric Bodden University of Paderborn; Fraunhofer IEM, Mira Mezini TU Darmstadt, Germany
DOI

Sat 17 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

01:10 - 02:30
Potpourri (time band 2)ECOOP Technical Papers at ECOOP 1
Chair(s): Lingming Zhang University of Illinois at Urbana-Champaign
01:10
20m
Talk
Differential Privacy for Coverage Analysis of Software Traces
ECOOP Technical Papers
Yu Hao Ohio State University, Sufian Latif Ohio State University, Hailong Zhang Fordham University, Raef Bassily Ohio State University, Atanas Rountev Ohio State University
DOI
01:30
20m
Talk
Do Bugs Propagate? An Empirical Analysis of Temporal Correlations among Software Bugs
ECOOP Technical Papers
Xiaodong Gu Shanghai Jiao Tong University, China, Sunghun Kim Hong Kong University of Science and Technology, Yo-Sub Han Yonsei University, Hongyu Zhang University of Newcastle
DOI
01:50
20m
Talk
Linear Promises: Towards Safer Concurrent Programming
ECOOP Technical Papers
Ohad Rau Georgia Institute of Technology, Caleb Voss Georgia Institute of Technology, Vivek Sarkar Georgia Institute of Technology
DOI
02:10
20m
Talk
Dealing with Variability in API Misuse Specification
ECOOP Technical Papers
Rodrigo Bonifácio Computer Science Department - University of Brasília, Stefan Krüger Independent Researcher, Krishna Narasimhan TU Darmstadt, Eric Bodden University of Paderborn; Fraunhofer IEM, Mira Mezini TU Darmstadt, Germany
DOI