CrySL: Validating Correct Usage of Cryptographic APIs

Various studies have empirically shown that the majority of Java and Android appsmisuse cryptographic libraries, causing devastating breaches of data security. Œerefore, it is crucial to detect such misuses early in the development process. Œe fact that insecure usages are not the exception but the norm precludes approaches based on property inference and anomaly detection. In this paper, we present CrySL, a definition language that enables cryptography experts to specify the secure usage of the cryptographic libraries that they provide. CrySL combines the generic concepts of method-call sequences and data-flow constraints with domain-specific constraints related to cryptographic algorithms and their parameters. We have implemented a compiler that translates a CrySL ruleset into a contextand flow-sensitive demanddriven static analysis. Œe analysis automatically checks a given Java or Android app for violations of the CrySL-encoded rules. We empirically evaluated our ruleset through analyzing 10,001 Android apps. Our results show that misuse of cryptographic APIs is still widespread, with 96% of apps containing at least one misuse. However, we observed fewer of the misuses that were reported in previous work.