CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Authors Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini

Thumbnail PDF


  • Filesize: 0.63 MB
  • 27 pages

Document Identifiers

Author Details

Stefan Krüger
  • Paderborn University, Germany
Johannes Späth
  • Fraunhofer IEM
Karim Ali
  • University of Alberta, Canada
Eric Bodden
  • Paderborn University& Fraunhofer IEM, Germany
Mira Mezini
  • Technische Universität Darmstadt, Germany

Cite AsGet BibTex

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Leibniz International Proceedings in Informatics (LIPIcs), Volume 109, pp. 10:1-10:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)


Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to detect such misuses early in the development process. To detect cryptography misuses, one must first define secure uses, a process mastered primarily by cryptography experts, and not by developers. In this paper, we present CrySL, a definition language for bridging the cognitive gap between cryptography experts and developers. CrySL enables cryptography experts to specify the secure usage of the cryptographic libraries that they provide. We have implemented a compiler that translates such CrySL specification into a context-sensitive and flow-sensitive demand-driven static analysis. The analysis then helps developers by automatically checking a given Java or Android app for compliance with the CrySL-encoded rules. We have designed an extensive CrySL rule set for the Java Cryptography Architecture (JCA), and empirically evaluated it by analyzing 10,000 current Android apps. Our results show that misuse of cryptographic APIs is still widespread, with 95% of apps containing at least one misuse. Our easily extensible CrySL rule set covers more violations than previous special-purpose tools with hard-coded rules, with our tooling offering a more precise analysis.

Subject Classification

ACM Subject Classification
  • Security and privacy → Software and application security
  • Software and its engineering → Software defect analysis
  • Software and its engineering → Syntax
  • Software and its engineering → Semantics
  • cryptography
  • domain-specific language
  • static analysis


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Y. Acar, C. Stransky, D. Wermke, C. Weir, M. L. Mazurek, and S. Fahl. Developers need support, too: A survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev), pages 22-26, Sept 2017. URL:
  2. Dima Alhadidi, Amine Boukhtouta, Nadia Belblidia, Mourad Debbabi, and Prabir Bhattacharya. The dataflow pointcut: a formal and practical framework. In Proceedings of the 8th International Conference on Aspect-Oriented Software Development, AOSD 2009, Charlottesville, Virginia, USA, March 2-6, 2009, pages 15-26, 2009. Google Scholar
  3. Chris Allan, Pavel Avgustinov, Aske Simon Christensen, Laurie J. Hendren, Sascha Kuzins, Ondrej Lhoták, Oege de Moor, Damien Sereni, Ganesh Sittampalam, and Julian Tibble. Adding trace matching with free variables to aspectj. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, October 16-20, 2005, San Diego, CA, USA, pages 345-364, 2005. URL:
  4. Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. Androzoo: collecting millions of android apps for the research community. In Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, Austin, TX, USA, May 14-22, 2016, pages 468-471, 2016. Google Scholar
  5. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom - June 09 - 11, 2014, pages 259-269, 2014. Google Scholar
  6. John W. Backus, Friedrich L. Bauer, Julien Green, C. Katz, John McCarthy, Alan J. Perlis, Heinz Rutishauser, Klaus Samelson, Bernard Vauquois, Joseph Henry Wegstein, Adriaan van Wijngaarden, Michael Woodger, and Peter Naur. Revised report on the algorithm language ALGOL 60. Communications of the ACM, 6(1):1-17, 1963. Google Scholar
  7. Kevin Bierhoff and Jonathan Aldrich. Modular typestate checking of aliased objects. In Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2007, October 21-25, 2007, Montreal, Quebec, Canada, pages 301-320, 2007. URL:
  8. Eric Bodden. Efficient hybrid typestate analysis by determining continuation-equivalent states. In ICSE '10: International Conference on Software Engineering, pages 5-14, New York, NY, USA, may 2010. ACM. Google Scholar
  9. Eric Bodden. TS4J: a fluent interface for defining and computing typestate analyses. In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State Of the Art in Java Program analysis, SOAP 2014, Edinburgh, UK, Co-located with PLDI 2014, June 12, 2014, pages 1:1-1:6, 2014. Google Scholar
  10. Eric Bodden, Patrick Lam, and Laurie Hendren. Partially evaluating finite-state runtime monitors ahead of time. ACM Transactions on Programming Languages and Systems (TOPLAS), 34(2):7:1-7:52, 2012. Google Scholar
  11. VeraCode (CA). State of software security 2017., 2017.
  12. Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, and Christos Xenakis. Evaluation of cryptography usage in android applications. In International Conference on Bio-inspired Information and Communications Technologies, pages 83-90, 2016. Google Scholar
  13. Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An empirical study of cryptographic misuse in android applications. In ACM Conference on Computer and Communications Security, pages 73-84, 2013. Google Scholar
  14. Felix Fischer, Konstantin Böttinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, and Sascha Fahl. Stack overflow considered harmful? the impact of copy&paste on android application security. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017, pages 121-136, 2017. Google Scholar
  15. German Federal Office for Information Security (BSI). Cryptographic mechanisms: Recommendations and key lengths. Technical Report BSI TR-02102-1, BSI, 2017. Google Scholar
  16. Simon Goldsmith, Robert O'Callahan, and Alexander Aiken. Relational queries over program traces. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, October 16-20, 2005, San Diego, CA, USA, pages 385-402, 2005. Google Scholar
  17. Xtext home page., 2017.
  18. Oracle Inc. Java Cryptography Architecture (JCA) Reference Guide., 2017.
  19. Gregor Kiczales, Erik Hilsdale, Jim Hugunin, Mik Kersten, Jeffrey Palm, and William Griswold. An overview of aspectj. ECOOP 2001—Object-Oriented Programming, pages 327-354, 2001. Google Scholar
  20. Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, and Ram Kamath. CogniCrypt: Supporting Developers in Using Cryptography. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana, IL, USA, October 30 - November 03, 2017, pages 931-936, 2017. Google Scholar
  21. Patrick Lam, Eric Bodden, Ondřej Lhoták, and Laurie Hendren. The Soot framework for Java program analysis: a retrospective. In Cetus Users and Compiler Infrastructure Workshop (CETUS 2011), oct 2011. Google Scholar
  22. David Lazar, Haogang Chen, Xi Wang, and Nickolai Zeldovich. Why does cryptographic software fail?: a case study and open problems. In ACM Asia-Pacific Workshop on Systems (APSys), pages 7:1-7:7, 2014. Google Scholar
  23. V. Benjamin Livshits and Monica S. Lam. Finding security vulnerabilities in java applications with static analysis. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31 - August 5, 2005, 2005. Google Scholar
  24. Michael C. Martin, V. Benjamin Livshits, and Monica S. Lam. Finding application errors and security flaws using PQL: a program query language. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, October 16-20, 2005, San Diego, CA, USA, pages 365-383, 2005. Google Scholar
  25. David A. McGrew and John Viega. The security and performance of the galois/counter mode (GCM) of operation. In Progress in Cryptology - INDOCRYPT 2004, 5th International Conference on Cryptology in India, Chennai, India, December 20-22, 2004, Proceedings, pages 343-355, 2004. Google Scholar
  26. Clint Morgan, Kris De Volder, and Eric Wohlstadter. A static aspect language for checking design rules. In Proceedings of the 6th International Conference on Aspect-Oriented Software Development, AOSD 2007, Vancouver, British Columbia, Canada, March 12-16, 2007, pages 63-72, 2007. Google Scholar
  27. Sarah Nadi, Stefan Krüger, Mira Mezini, and Eric Bodden. Jumping through hoops: why do Java developers struggle with cryptography APIs? In International Conference on Software Engineering (ICSE), pages 935-946, 2016. Google Scholar
  28. Nomair A. Naeem and Ondrej Lhoták. Typestate-like analysis of multiple interacting objects. In Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2008, October 19-23, 2008, Nashville, TN, USA, pages 347-366, 2008. Google Scholar
  29. Legion of the Bouncy Castle Inc. BouncyCastle, 2018. URL:
  30. OpenSSL. OpenSSL - Cryptography and SSL/TLS Toolkit, 2018. URL:
  31. Siegfried Rasthofer, Steven Arzt, Robert Hahn, Max Kohlhagen, and Eric Bodden. (in)security of backend-as-a-service. In BlackHat Europe 2015, 2015. Google Scholar
  32. Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. Harvesting runtime values in android applications that feature anti-analysis techniques. In Network and Distributed System Security Symposium (NDSS), 2016. Google Scholar
  33. Martin P. Robillard, Eric Bodden, David Kawrykow, Mira Mezini, and Tristan Ratchford. Automated api property inference techniques. IEEE TOSEM, 39(5):613-637, 2013. URL:
  34. Martin P. Robillard, Eric Bodden, David Kawrykow, Mira Mezini, and Tristan Ratchford. Automated API property inference techniques. IEEE Transactions on Software Engineering (TSE), 39:613-637, 2013. Google Scholar
  35. Shuai Shao, Guowei Dong, Tao Guo, Tianchang Yang, and Chenjie Shi. Modelling analysis and auto-detection of cryptographic misuse in Android applications. In nternational Conference on Dependable, Autonomic and Secure Computing, pages 75-80, 2014. Google Scholar
  36. Johannes Späth, Karim Ali, and Eric Bodden. Ide^al: Efficient and precise alias-aware dataflow analysis. In 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH). ACM Press, 2017. To appear. Google Scholar
  37. Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden. Boomerang: Demand-driven flow- and context-sensitive pointer analysis for java. In 30th European Conference on Object-Oriented Programming, ECOOP 2016, July 18-22, 2016, Rome, Italy, pages 22:1-22:26, 2016. Google Scholar
  38. Robert E. Strom and Shaula Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Software Eng., 12(1):157-171, 1986. URL:
  39. Raja Vallée-Rai, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, Patrice Pominville, and Vijay Sundaresan. Optimizing java bytecode using the soot framework: Is it feasible? In Compiler Construction, pages 18-34, 2000. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail