Obuhersys: Dynamic Analysis of Cryptographic API Misuse in Node.js

Obuhersys: Dynamic Analysis of Cryptographic API Misuse in Node.js

연구 분야: Analysis

학회: 2024 IEEE MIT Undergraduate Research Technology Conference (URTC)

JavaScript and the corresponding Node.js runtime have become popular for writing server-side applications. Developers frequently utilize the primitives found in the builtin cryptography application programming interface (API) to secure their applications. However, these primitives can be difficult to utilize correctly, and can pose a risk of misuse due to their subtle nature. Static analysis to detect API misuse can be challenging for JavaScript code due to its dynamic, asynchronous, and eventdriven nature. In this paper, we present Obuhersys: an extensible system to detect cryptographic API misuse through dynamic analysis, utilizing both code instrumentation and JavaScript Proxies. We also present a corresponding evaluation dataset CamNode: a benchmark for Node.js cryptographic API misuse detection. Repository—https://github.com/pbrucla/obuhersys