عنوان

Study of Outdated Cryptography Algorithms Posts of Stack Overflow

Number

TLpq2489769181

.Language of Text, Soundtrack etc

انگلیسی

Title Proper

Study of Outdated Cryptography Algorithms Posts of Stack Overflow

General Material Designation

[Thesis]

First Statement of Responsibility

Kharche, Shraddha

Subsequent Statement of Responsibility

Narain, Sashank

Name of Publisher, Distributor, etc.

University of Massachusetts Lowell

Date of Publication, Distribution, etc.

2021

Specific Material Designation and Extent of Item

48

Dissertation or thesis details and type of degree

M.S.

Body granting the degree

University of Massachusetts Lowell

Text preceding or following the note

2021

Text of Note

There are many online forums where software developers involve themselves in technical discussions and one of the most popular platforms is Stack Overflow. Though these forums are helping developers to pass hurdle in their development process, many recent studies have shown that copying insecure code from these online forums is the leading cause of software vulnerabilities in applications. Even today, there are a number of posts on Stack Overflow that mention outdated algorithms like AES/ECB and they are still being viewed and up voted by users. Stack Overflow is a completely user driven platform and does not provide any mechanism which will alert users about the vulnerabilities associated with such algorithms. The aforementioned problems motivates us to study the Stack Overflow posts which has reference to outdated cryptography algorithms, and focus on answering two questions: Is it feasible to build a system that identifies weak cryptographic algorithms or hashing function and alert users? If a question contains weak cryptographic algorithms, do responders alert the users or do they simply focus on providing a working solution? To answer these, we have designed and developed a mary tree with a list of encryption algorithms and hashing functions available. We identified cryptographic algorithm keywords from posts text and traversed the tree, where tree leaves suggest if there is a need of potential warning or not. We applied this process both to posts questions and answers to analyze if the question and answers correlate by verifying if they traverse the same tree path. We ran our designed system against 6 million Stack Overflow Posts, which had 5169 cryptography related posts. We could successfully find several posts which had both questions and answers referring to outdated algorithms, and do not have any warnings from responders.

Applied mathematics

Computer engineering

Computer science

Information technology

Web studies

Kharche, Shraddha

Narain, Sashank

Electronic name

p

[Thesis]

276903

a

Y