The goal of this thesis is to develop and evaluate an approach to learn cryptographic rules based on the implementation of the crypto library.

Previous work to learn usage rules for APIs rely on the most-frequent implementations using the respective API, and are successful for other domains. However, for crypto APIs this approach fails as the majority of usages is insecure.

This thesis evaluated an approach to derive usage rules based on the implementation of a crypto API rather than the on the implementations using the crypto API.

Publications

• Florian Weinacker: Automated Usage Rule Derivation from Crypto-API Source Code.