{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:39:23Z","timestamp":1769729963771,"version":"3.49.0"},"reference-count":56,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"11","license":[{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"DFG"},{"name":"RUNSECURE"},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100018867","name":"Heinz Nixdorf Stiftung","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100018867","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Fraunhofer ATTRACT"},{"name":"Oracle Collaborative Research"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2021,11,1]]},"DOI":"10.1109\/tse.2019.2948910","type":"journal-article","created":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T20:28:02Z","timestamp":1571862482000},"page":"2382-2400","source":"Crossref","is-referenced-by-count":36,"title":["CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs"],"prefix":"10.1109","volume":"47","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0895-8830","authenticated-orcid":false,"given":"Stefan","family":"Kruger","sequence":"first","affiliation":[]},{"given":"Johannes","family":"Spath","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5516-1376","authenticated-orcid":false,"given":"Karim","family":"Ali","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3470-3647","authenticated-orcid":false,"given":"Eric","family":"Bodden","sequence":"additional","affiliation":[]},{"given":"Mira","family":"Mezini","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","article-title":"BouncyCastle","year":"2018"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133977"},{"key":"ref33","first-page":"343","article-title":"The security and performance of the galois\/counter mode (GCM) of operation","author":"mcgrew","year":"2004","journal-title":"Proc 5th Int Conf IV"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"ref31","first-page":"18","article-title":"Finding security vulnerabilities in Java applications with static analysis","author":"livshits","year":"2005","journal-title":"Proc 14th USENIX Security Symp"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2637166.2637237"},{"key":"ref37","article-title":"VisualCodeGrepper","year":"2018"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/1449764.1449792"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1218563.1218571"},{"key":"ref28","first-page":"10:1","article-title":"CrySL: An extensible approach to validating the correct usage of cryptographic APIs","author":"kr\u00fcger","year":"2018","journal-title":"Proc Europ Conf Object-Oriented Programming"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"ref29","article-title":"The Soot framework for Java program analysis: A retrospective","author":"lam","year":"2011","journal-title":"Proc Cetus Users Compiler Infrastructure Workshop"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/1509239.1509244"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2017.17"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"ref21","article-title":"Cryptographic mechanisms: Recommendations and key lengths","year":"2017"},{"key":"ref24","year":"2017"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094841"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45337-7_18"},{"key":"ref25","article-title":"Java Cryptography Architecture (JCA) Reference Guide","year":"2017"},{"key":"ref50","article-title":"SonarQube","year":"2017"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3133923"},{"key":"ref56","first-page":"301","article-title":"NativeSpeaker: Identifying crypto misuses in Android native code libraries","author":"wang","year":"2017","journal-title":"Proc 13th Int Conf Inf Security Cryptology"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46423-9_2"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1986.6312929"},{"key":"ref53","first-page":"22:1","article-title":"Boomerang: Demand-driven flow- and context-sensitive pointer analysis for Java","author":"sp\u00e4th","year":"2016","journal-title":"Proc Europ Conf Object-Oriented Programming"},{"key":"ref52","first-page":"22:1","article-title":"Boomerang: Demand-driven flow- and context-sensitive pointer analysis for Java","author":"sp\u00e4th","year":"2016","journal-title":"Proc Europ Conf Object-Oriented Programming"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1297027.1297050"},{"key":"ref40","article-title":"OpenSSL - Cryptography and SSL\/TLS Toolkit","year":"2018"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1806799.1806805"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2614628.2614629"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2220365.2220366"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.27"},{"key":"ref15","article-title":"State of software security 2017","year":"2017"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.4108\/eai.3-12-2015.2262471"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49538-X_5"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"ref4","first-page":"468","article-title":"AndroZoo: Collecting Millions of Android Apps for the Research Community","author":"allix","year":"2016","journal-title":"2016 IEEE\/ACM 13th Conference on Mining Software Repositories (MSR)"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094839"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"ref5","article-title":"FindsecBugs","author":"arteau","year":"2018"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45139-0_7"},{"key":"ref49","first-page":"75","article-title":"Modelling analysis and auto-detection of cryptographic misuse in Android applications","author":"shao","year":"2014","journal-title":"Proc Int Conf Dependable Autonomic Secure Comput"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/366193.366201"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503274"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.63"},{"key":"ref45","article-title":"Xanitizer","year":"0"},{"key":"ref48","article-title":"Yasca","author":"scovetta","year":"2018"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.63"},{"key":"ref42","article-title":"(in)security of backend-as-a-service","author":"rasthofer","year":"2015","journal-title":"BlackHat Europe"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192403"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950312"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23066"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/9611545\/08880510.pdf?arnumber=8880510","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:50:06Z","timestamp":1652194206000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8880510\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,1]]},"references-count":56,"journal-issue":{"issue":"11"},"URL":"https:\/\/doi.org\/10.1109\/tse.2019.2948910","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,1]]}}}