CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact)

Authors Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini

Thumbnail PDF

Artifact Description

  • Filesize: 380 kB
  • 4 pages

Document Identifiers

Author Details

Stefan Krüger
Johannes Späth
Karim Ali
Eric Bodden
Mira Mezini

Cite AsGet BibTex

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact). In Special Issue of the 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Dagstuhl Artifacts Series (DARTS), Volume 4, Issue 3, pp. 6:1-6:4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)



In this artefact, we present CrySL, an extensible approach to validating the correct usage of cryptographic APIs. The artefact contains executables for CogniCrypt_{SAST}, the analysis CrySL-based analysis, along with the CrySL rules we used in in the original paper's experiments. We also provide scripts to re-run the experiments. We finally include a tutorial to showcase the CogniCrypt_{SAST} on a small Java target program.
  • cryptography
  • domain-specific language
  • static analysis


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. Androzoo: collecting millions of android apps for the research community. In Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, Austin, TX, USA, May 14-22, 2016, pages 468-471, 2016. Google Scholar
  2. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom - June 09 - 11, 2014, pages 259-269, 2014. Google Scholar
  3. Raja Vallée-Rai, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, Patrice Pominville, and Vijay Sundaresan. Optimizing java bytecode using the soot framework: Is it feasible? In Compiler Construction, pages 18-34, 2000. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail