一种基于IR模拟执行的密码学API误用检测方法

何亚非; 占力戈; 聂宇; 傅建明; 彭国军

doi:10.12263/DZXB.20250813

您当前的位置：

首页 >

文章列表页 >

一种基于IR模拟执行的密码学API误用检测方法

学术论文 | 更新时间：2026-06-16

- 一种基于IR模拟执行的密码学API误用检测方法
- A Cryptographic API Misuse Detection Method Based on Intermediate Representation Simulation
- 电子学报 2026年54卷第3期页码：1132-1146
- 作者机构：
  
  1.武汉大学国家网络安全学院，湖北武汉 430072
  2.空天信息安全与可信计算教育部重点实验室，湖北武汉 430072
- 作者简介：
  
  何亚非男，2001年9月出生于四川省巴中市。现为武汉大学国家网络安全学院硕士研究生。主要研究方向为软件安全。E-mail: yaf2023@whu.edu.cn
  占力戈男，1996年3月出生于福建省南平市。现为武汉大学国家网络安全学院博士研究生。主要研究方向为软件安全。E-mail: ligezhan@whu.edu.cn
  聂宇男，1986年11月出生于江西省景德镇市。现为武汉大学国家网络安全学院博士研究生。主要研究方向为移动安全隐私保护、软件安全、数据安全等。Email: yu.nie@whu.edu.cn
  傅建明男，1969年9月出生于湖南省宁乡市。现为武汉大学国家网络安全学院教授。主要研究方向为系统安全、网络安全等。E-mail: jmfu@whu.edu.cn
  彭国军男，1979年11月出生于湖北省荆州市。现为武汉大学国家网络安全学院教授。主要研究方向为网络与信息系统安全等。E-mail: guojpeng@whu.edu.cn
- 基金信息：
  
  国家自然科学基金(62272351;62572354)
- DOI：10.12263/DZXB.20250813
  中图分类号： TP311.5;TP309.7
- 收稿：2025-09-16，
  
  录用：2026-03-09，
  
  纸质出版：2026-03-25
- 稿件说明：
移动端阅览
何亚非, 占力戈, 聂宇, 等. 一种基于IR模拟执行的密码学API误用检测方法[J]. 电子学报, 2026, 54(03): 1132-1146.

HE Yafei, ZHAN Lige, NIE Yu, et al. A Cryptographic API Misuse Detection Method Based on Intermediate Representation Simulation[J]. Acta Electronica Sinica, 2026, 54(03): 1132-1146.
何亚非, 占力戈, 聂宇, 等. 一种基于IR模拟执行的密码学API误用检测方法[J]. 电子学报, 2026, 54(03): 1132-1146. DOI：10.12263/DZXB.20250813

HE Yafei, ZHAN Lige, NIE Yu, et al. A Cryptographic API Misuse Detection Method Based on Intermediate Representation Simulation[J]. Acta Electronica Sinica, 2026, 54(03): 1132-1146. DOI：10.12263/DZXB.20250813

摘要

密码学算法是现代软件系统中保护数据机密性与完整性的核心机制。然而，密码学应用程序编程接口（Application Programming Interface，API）的误用，例如使用可预测密钥或不安全密码算法，严重影响着软件系统的安全性，可能导致软件破解、网络攻击等后果，表明了检测密码学API误用的必要性。现有密码学API误用检测研究主要通过分析API参数值来识别误用现象，根据分析方式可分为动态分析方法和静态分析方法。动态分析方法能获取运行时的参数值，但受代码覆盖率低的限制，易遗漏未触发的代码，从而导致漏报。相比之下，静态分析方法具备更高的代码覆盖率，但现有的静态检测方法在理论与实现上仍存在显著局限：它们大多依赖简单的常量传播或模式匹配，仅能识别直接赋值的简单参数形式，而难以解析经过复杂指令（如字符串拼接、编码转换等“值变化”操作）处理的目标参数，导致当密码学参数经过复杂变换时，现有静态分析方法会出现大量漏报的情况，形成分析盲区。针对上述问题，本文提出并实现了ParamScope。这是一种基于中间表示（Intermediate Representation，IR）解释模拟的Java密码学API误用静态检测方法。首先，ParamScope实现了一种“赋值驱动”的程序切片算法。该算法基于SootUp程序分析工具构建，通过引入严格的赋值模式约束，能够精准提取密码学参数的依赖路径。其次，ParamScope实现了轻量级IR解释器对切片后的路径进行模拟执行，并引入包含真实逻辑的Android核心类库，结合Java反射机制，在静态分析中实现了对复杂方法调用的语义还原。该方法具有静态分析的高覆盖率优势，同时有效解决了静态环境下复杂指令导致的参数值分析难题。实验表明，ParamScope在公开数据集上的参数值重建精确率达到97.31%，且误用检测准确率达到96.2%，优于现有的先进静态与动态工具；在真实Android应用程序中的检测实验进一步显示，ParamScope有效识别出大量被编码或隐藏的真实参数典型案例，并报告其中的误用现象，相较于现有的静态工具CogniCrypt额外检测出约27%的误用案例，且单个应用平均分析用时仅约4.85 min。综上，ParamScope兼具静态分析的高覆盖率与复杂参数解析的高精准度，为密码学API误用检测提供了一种高精度、高效率的新型解决方案。

Abstract

Cryptographic algorithms serve as the core mechanisms for protecting data confidentiality and integrity in modern software systems. However

the misuse of cryptographic application programming interfaces (APIs)

such as using predictable keys or insecure cryptographic algorithms

severely compromises software security

leading to software cracking and network attacks

which highlights the necessity of detecting such misuses. Existing studies on cryptographic API misuse detection primarily identify such misuses by analyzing API parameter values

and can be categorized into dynamic and static methods. While dynamic approaches can retrieve precise runtime parameter values

they suffer from low code coverage

leading to false negatives caused by untriggered code paths. In contrast

static analysis offers higher code coverage

but existing static methods face significant theoretical and practical limitations: they mostly rely on simple constant propagation or pattern matching

which only allow them to identify directly assigned parameters. Consequently

they struggle to resolve target parameters processed by complex “value-transformation” instructions (e.g.

string concatenation or encoding conversion)

leading to substantial blind spots and false negatives when analyzing cryptographic parameters that undergo complex transformations. To address these limitations

this paper proposes Pa

ramScope

a static detection method for Java cryptographic API misuse based on intermediate representation (IR) interpretation and simulation. First

ParamScope implements an “assignment-driven” program slicing algorithm built upon the SootUp

framework

which incorporates strict assignment pattern constraints to precisely extract the dependency paths of cryptographic parameters. Second

it utilizes a lightweight IR interpreter to simulate the execution of the sliced statements

and integrates core Android libraries containing actual implementations. By combining this with Java reflection mechanisms

it achieves the semantic restoration of complex method calls during static analysis. This approach leverages the high coverage of static analysis and effectively resolves the challenge of statically analyzing parameter values derived from complex instructions. Evaluations on public datasets demonstrate that ParamScope achieves parameter value reconstruction and misuse detection accuracies of 97.31% and 96.2% respectively

outperforming state-of-the-art static and dynamic tools. Furthermore

experiments on real-world Android applications reveal that ParamScope effectively identifies typical cases of encoded or hidden real parameters

and reports the misuses within them. It detects approximately 27% more misuses compared to the leading static tool

CogniCrypt

with an average analysis time of only about 4.85 minutes per application. In summary

ParamScope combines the high coverage of static analysis with the high precision of complex parameter resolution

thereby providing a novel

precise

and efficient solution for cryptographic API misuse detection.

关键词

Keywords

references

Katz J , Lindell Y . Introduction to modern cryptography: principles and protocols [M ] . Boca Raton : Chapman & Hall/CRC , 2007 . DOI: 10.1201/9781420010756 http://dx.doi.org/10.1201/9781420010756

Zhang Y , Kabir M M A , Xiao Y , et al . Automatic detection of Java cryptographic API misuses: Are we there yet? [J ] . IEEE Transactions on Software Engineering , 2023 , 49 ( 1 ): 288 - 303 . DOI: 10.1109/tse.2022.3150302 http://dx.doi.org/10.1109/tse.2022.3150302

Meng N , Nagy S , Yao D D , et al . Secure coding practices in Java: Challenges and vulnerabilities [C ] // Proceedings of the 40th International Conference on Software Engineering . New York : ACM , 2018 : 372 - 383 . DOI: 10.1145/3180155.3180201 http://dx.doi.org/10.1145/3180155.3180201

Nadi S , Krüger S , Mezini M , et al . Jumping through hoops: Why do Java developers struggle with cryptography APIs [C ] // Proceedings of the 38th International Conference on Software Engineering . New York : ACM , 2016 : 935 - 946 . DOI: 10.1145/2884781.2884790 http://dx.doi.org/10.1145/2884781.2884790

Adrian D , Bhargavan K , Durumeric Z , et al . Imperfect forward secrecy: How diffie-Hellman fails in practice [C ] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security . New York : ACM , 2015 : 5 - 17 . DOI: 10.1145/2810103.2813707 http://dx.doi.org/10.1145/2810103.2813707

Durumeric Z , Li F , Kasten J , et al . The matter of heartbleed [C ] // Proceedings of the 2014 Conference on Internet Measurement Conference . New York : ACM , 2014 : 475 - 488 . DOI: 10.1145/2663716.2663755 http://dx.doi.org/10.1145/2663716.2663755

Bhargavan K , Leurent G . On the practical (In-) security of 64-bit block ciphers: Collision attacks on HTTP over TLS and OpenVPN [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM , 2016 : 456 - 467 . DOI: 10.1145/2976749.2978423 http://dx.doi.org/10.1145/2976749.2978423

Egele M , Brumley D , Fratantonio Y , et al . An empirical study of cryptographic misuse in Android applications [C ] // Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security . New York : ACM , 2013 : 73 - 84 . DOI: 10.1145/2508859.2516693 http://dx.doi.org/10.1145/2508859.2516693

Muslukhov I , Boshmaf Y , Beznosov K . Source attribution of cryptographic API misuse in Android applications [C ] // Proceedings of the 2018 on Asia Conference on Computer and Communications Security . New York : ACM , 2018 : 133 - 146 . DOI: 10.1145/3196494.3196538 http://dx.doi.org/10.1145/3196494.3196538

Wang J N , Guo S Q , Diao W R , et al . CrypTody: Cryptographic misuse analysis of IoT firmware via data-flow reasoning [C ] // Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses . New York : ACM , 2024 : 579 - 593 . DOI: 10.1145/3678890.3678914 http://dx.doi.org/10.1145/3678890.3678914

Rahaman S , Xiao Y , Afrose S , et al . CryptoGuard: High precision detection of cryptographic vulnerabilities in massive-sized Java Projects [C ] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM , 2019 : 2455 - 2472 . DOI: 10.1145/3319535.3345659 http://dx.doi.org/10.1145/3319535.3345659

Krüger S , Nadi S , Reif M , et al . CogniCrypt: Supporting developers in using cryptography [C ] // 2017 32nd IEEE/ACM International Conference on Automated Software Engineering . Piscataway : IEEE , 2017 : 931 - 936 . DOI: 10.1109/ase.2017.8115707 http://dx.doi.org/10.1109/ase.2017.8115707

Krüger S , Späth J , Ali K , et al . CrySL: An extensible approach to validating the correct usage of cryptographic APIs [J ] . IEEE Transactions on Software Engineering , 2021 , 47 ( 11 ): 2382 - 2400 . DOI: 10.1109/tse.2019.2948910 http://dx.doi.org/10.1109/tse.2019.2948910

Li Y , Zhang Y Y , Li J R , et al . iCryptoTracer: Dynamic analysis on misuse of cryptography functions in iOS applications [C ] // Network and System Security . Cham : Springer , 2014 : 349 - 362 . DOI: 10.1007/978-3-319-11698-3_27 http://dx.doi.org/10.1007/978-3-319-11698-3_27

Piccolboni L , Di Guglielmo G , Carloni L P , et al . CRYLOGGER: Detecting crypto misuses dynamically [C ] // 2021 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2021 : 1972 - 1989 . DOI: 10.1109/sp40001.2021.00010 http://dx.doi.org/10.1109/sp40001.2021.00010

Stevens M , Bursztein E , Karpman P , et al . The first collision for full SHA-1 [C ] // Advances in Cryptology - CRYPTO 2017 . Cham : Springer , 2017 : 570 - 596 . DOI: 10.1007/978-3-319-63688-7_19 http://dx.doi.org/10.1007/978-3-319-63688-7_19

Vanhoef M , Piessens F . All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS [C ] // Proceedings of the 24th USENIX Security Symposium . Washington : USENIX Association , 2015 : 97 - 112 .

Ami A S , Moran K , Poshyvanyk D , et al . “False negative - that one is going to kill you”: Understanding industry perspectives of static analysis based security testing [C ] // 2024 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2024 : 3979 - 3997 . DOI: 10.1109/sp54263.2024.00019 http://dx.doi.org/10.1109/sp54263.2024.00019

Torres A , Costa P , Amaral L , et al . Runtime verification of crypto APIs: An empirical study [J ] . IEEE Transactions on Software Engineering , 2023 , 49 ( 10 ): 4510 - 4525 . DOI: 10.1109/tse.2023.3301660 http://dx.doi.org/10.1109/tse.2023.3301660

杜瑞颖 , 陈晶 , 吴聪 , 等 . 基于敏感组件函数调用图的安卓重打包恶意软件检测方法 [J ] . 电子学报 , 2025 , 53 ( 7 ): 2372 - 2388 .

Du Ruiying , Chen Jing , Wu Cong , et al . A detection method for Android repackaged malware based on sensitive component function call graph [J ] . Acta Electronica Sinica , 2025 , 53 ( 7 ): 2372 - 2388 . (in Chinese)

Biringa C , Kul G . Detecting hard-coded credentials in software repositories via LLMs [J ] . Digital Threats: Research and Practice , 2025 , 6 ( 3 ): 1 - 16 . DOI: 10.1145/3744756 http://dx.doi.org/10.1145/3744756

Alfardan N J , Bernstein D J , Paterson K G , et al . On the security of RC4 in TLS [C ] // Proceedings of the 22nd USENIX Security Symposium . Berkeley, CA : USENIX Association , 2013 : 305 - 320 . DOI: doi:http://dx.doi.org/ http://dx.doi.org/doi:http://dx.doi.org/

Stevens M , Lenstra A , De Weger B . Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities [M ] // Advances in Cryptology - EUROCRYPT 2007 . Berlin : Springer , 2007 : 1 - 22 . DOI: 10.1007/978-3-540-72540-4_1 http://dx.doi.org/10.1007/978-3-540-72540-4_1

RFC2898: PKCS #5: Password-based cryptography specification version 2.0 [S ] . DOI: 10.17487/rfc2898 http://dx.doi.org/10.17487/rfc2898

Al Fardan N J , Paterson K G . Lucky thirteen: Breaking the TLS and DTLS record protocols [C ] // 2013 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2013 : 526 - 540 . DOI: 10.1109/sp.2013.42 http://dx.doi.org/10.1109/sp.2013.42

Lenstra A K , Verheul E R . Selecting cryptographic key sizes [J ] . Journal of Cryptology , 2001 , 14 ( 4 ): 255 - 293 . DOI: 10.1007/s00145-001-0009-4 http://dx.doi.org/10.1007/s00145-001-0009-4

RFC 5639: Elliptic curve cryptography (ECC) brainpool standard curves and curve generation [S ] . DOI: 10.17487/rfc5639 http://dx.doi.org/10.17487/rfc5639

RFC3447: Public-key cryptography standards (PKCS) #1: RSA cryptography specifications version 2.1 [S ] . DOI: 10.17487/rfc3447 http://dx.doi.org/10.17487/rfc3447

Gutmann P . Software generation of practically strong random numbers [C ] // Proceedings of the 7th conference on USENIX Security Symposium - Volume 7 . New York : ACM , 1998 : 19 .

Heninger N , Durumeric Z , Wustrow E , et al . Mining your Ps and Qs: Detection of widespread weak keys in network devices [C ] // Proceedings of the 21st USENIX Conference on Security Symposium . New York : ACM , 2012 : 35 .

Krawczyk H . How to predict congruential generators [J ] . Journal of Algorithms , 1992 , 13 ( 4 ): 527 - 545 . DOI: 10.1016/0196-6774(92)90054-g http://dx.doi.org/10.1016/0196-6774(92)90054-g

Karakaya K , Schott S , Klauke J , et al . SootUp: A redesign of the soot static analysis framework [C ] // Tools and Algorithms for the Construction and Analysis of Systems . Cham : Springer , 2024 : 229 - 247 . DOI: 10.1007/978-3-031-57246-3_13 http://dx.doi.org/10.1007/978-3-031-57246-3_13

SootUp . Jimple [EB/OL ] . [ 2025-12-31 ] . https://soot-oss.github.io/SootUp/v1.1.2/jimple/ https://soot-oss.github.io/SootUp/v1.1.2/jimple/ .

Vallée-Rai R , Gagnon E , Hendren L , et al . Optimizing Java bytecode using the soot framework: Is it feasible? [C ] // Compiler Construction . Berlin : Springer , 2000 : 18 - 34 . DOI: 10.1007/3-540-46423-9_2 http://dx.doi.org/10.1007/3-540-46423-9_2

Ami A S , Cooper N , Kafle K , et al . Why crypto-detectors fail: A systematic evaluation of cryptographic misuse detection techniques [C ] // 2022 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2022 : 614 - 631 . DOI: 10.1109/sp46214.2022.9833582 http://dx.doi.org/10.1109/sp46214.2022.9833582

Ami A S , Ahmed S Y , Redoy R M , et al . MASC: A tool for mutation-based evaluation of static crypto-API misuse detectors [C ] // Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering . New York : ACM , 2023 : 2162 - 2166 . DOI: 10.1145/3611643.3613099 http://dx.doi.org/10.1145/3611643.3613099

Reardon J , Feal Á , Wijesekera P , et al . 50 ways to leak your data: An exploration of Apps’ circumvention of the Android permissions system [C ] // Proceedings of the 28th USENIX Security Symposium . Berkeley, CA : USENIX Association , 2019 : 603 - 620 .

Pan B . Dex2jar v2.1 [EB/OL ] . [ 2025-02-07 ] . https://github.com/pxb1988/dex2jar https://github.com/pxb1988/dex2jar .

Weiser M . Program slicing [J ] . IEEE Transactions on Software Engineering , 1984 , SE-10( 4 ): 352 - 357 . DOI: 10.1109/tse.1984.5010248 http://dx.doi.org/10.1109/tse.1984.5010248

刘天阳 , 石剑君 , 叶嘉威 , 等 . P-Slicer: 面向路径表示学习的程序切片方法 [J ] . 电子学报 , 2025 , 53 ( 11 ): 3894 - 3909 .

Liu Tianyang , Shi Jianjun , Ye Jiawei , et al . P-Slicer: A program slicing approach based on learning path representations [J ] . Acta Electronica Sinica , 2025 , 53 ( 11 ): 3894 - 3909 . (in Chinese)

Robolectric . Robolectric [EB/OL ] . [ 2025-02-17 ] . https://robolectric.org/ https://robolectric.org/ .

Gansner E R , Koutsofios E , North S . Drawing graphs with dot [EB/OL ] . ( 2015-01-05 )[ 2026-03-10 ] . https://www.graphviz.org/pdf/dotguide.pdf https://www.graphviz.org/pdf/dotguide.pdf .

Ellson J , Gansner E , Koutsofios L , et al . Graphviz: Open source graph drawing tools [M ] // Graph Drawing . Berlin : Springer , 2002 : 483 - 484 . DOI: 10.1007/3-540-45848-4_57 http://dx.doi.org/10.1007/3-540-45848-4_57

Afrose S , Xiao Y , Rahaman S , et al . Evaluation of static vulnerability detection tools with Java cryptographic API benchmarks [J ] . IEEE Transactions on Software Engineering , 2023 , 49 ( 2 ): 485 - 497 . DOI: 10.1109/tse.2022.3154717 http://dx.doi.org/10.1109/tse.2022.3154717

OWASP benchmark project [EB/OL ] . [ 2025-02-17 ] . https://owasp.org/www-project-benchmark https://owasp.org/www-project-benchmark . DOI: 10.36227/techrxiv.173687667.70476692/v1 http://dx.doi.org/10.36227/techrxiv.173687667.70476692/v1

Chen Y , Liu Y , Wu K L , et al . Towards precise reporting of cryptographic misuses [C ] // Proceedings of the Network and Distributed System Security Symposium (NDSS) . San Diego : Internet Society , 2024 : 241032 . DOI: 10.14722/ndss.2024.241032 http://dx.doi.org/10.14722/ndss.2024.241032

Bleichenbacher D . Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1 [C ] // Advances in Cryptology - CRYPTO ’98 . Berlin : Springer-Verlag , 1998 : 1 - 12 . DOI: 10.1007/bfb0055716 http://dx.doi.org/10.1007/bfb0055716

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

P-Slicer：面向路径表示学习的程序切片方法

条件上下文敏感的安卓恶意虚拟化应用检测方法

一种基于程序可达图的并发程序依赖性分析方法

车辆轨迹预测的分布外泛化：一种社会交互因果模型框架

MASTER：基于知识注入与意图强化的大语言模型漏洞验证代码生成框架