{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T03:48:20Z","timestamp":1772164100791,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,6,11]],"date-time":"2018-06-11T00:00:00Z","timestamp":1528675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,6,11]]},"DOI":"10.1145\/3192366.3192403","type":"proceedings-article","created":{"date-parts":[[2018,6,12]],"date-time":"2018-06-12T08:16:01Z","timestamp":1528791361000},"page":"450-464","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Inferring crypto API rules from code changes"],"prefix":"10.1145","author":[{"given":"Rumen","family":"Paletov","sequence":"first","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Petar","family":"Tsankov","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Veselin","family":"Raychev","sequence":"additional","affiliation":[{"name":"DeepCode, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Vechev","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,6,11]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2013. Some SecureRandom Thoughts. https:\/\/android-developers. googleblog.com\/2013\/08\/some-securerandom-thoughts.html  2013. Some SecureRandom Thoughts. https:\/\/android-developers. googleblog.com\/2013\/08\/some-securerandom-thoughts.html"},{"key":"e_1_3_2_2_2_1","unstructured":"2015. The Right Way to Use SecureRandom. https:\/\/tersesystems. com\/2015\/12\/17\/the-right-way-to-use-securerandom\/  2015. The Right Way to Use SecureRandom. https:\/\/tersesystems. com\/2015\/12\/17\/the-right-way-to-use-securerandom\/"},{"key":"e_1_3_2_2_3_1","unstructured":"2016. Which security implementation should I use: Bouncy Castle or JCA? https:\/\/blog.idrsolutions.com\/2016\/08\/ which-security-implementation-should-i-use-bouncy-castle-or-jca\/  2016. Which security implementation should I use: Bouncy Castle or JCA? https:\/\/blog.idrsolutions.com\/2016\/08\/ which-security-implementation-should-i-use-bouncy-castle-or-jca\/"},{"key":"e_1_3_2_2_4_1","unstructured":"2017. FindSecBugs Bugs Patterns. https:\/\/find-sec-bugs.github.io\/ bugs.htm  2017. FindSecBugs Bugs Patterns. https:\/\/find-sec-bugs.github.io\/ bugs.htm"},{"key":"e_1_3_2_2_5_1","unstructured":"2017. OWASP Source Code Analysis Tools. https:\/\/www.owasp.org\/ index.php\/Source_Code_Analysis_Tools.  2017. OWASP Source Code Analysis Tools. https:\/\/www.owasp.org\/ index.php\/Source_Code_Analysis_Tools."},{"key":"e_1_3_2_2_6_1","unstructured":"2017. Top 10 developer Crypto mistakes. https:\/\/littlemaninmyhead. wordpress.com\/2017\/04\/22\/top-10-developer-crypto-mistakes\/  2017. Top 10 developer Crypto mistakes. https:\/\/littlemaninmyhead. wordpress.com\/2017\/04\/22\/top-10-developer-crypto-mistakes\/"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11523468_54"},{"key":"e_1_3_2_2_8_1","volume-title":"Atallah and Susan Fox (Eds.)","author":"Mikhail","year":"1998","unstructured":"Mikhail J. Atallah and Susan Fox (Eds.) . 1998 . Algorithms and Theory of Computation Handbook (1st ed.). CRC Press , Inc., Boca Raton, FL, USA. Mikhail J. Atallah and Susan Fox (Eds.). 1998. Algorithms and Theory of Computation Handbook (1st ed.). CRC Press, Inc., Boca Raton, FL, USA."},{"key":"e_1_3_2_2_9_1","unstructured":"M. Bellare and P. Rogaway. 2017. Course notes for introduction to modern cryptography. cseweb.ucsd.edu\/users\/mihir\/cse207\/classnotes. html  M. Bellare and P. Rogaway. 2017. Course notes for introduction to modern cryptography. cseweb.ucsd.edu\/users\/mihir\/cse207\/classnotes. html"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/512760.512770"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/502059.502041"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2737924.2737957"},{"key":"e_1_3_2_2_17_1","volume-title":"Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy. In 8th USENIX Workshop on Offensive Technologies (WOOT \u201914)","author":"Kaplan David","year":"2014","unstructured":"David Kaplan , Sagi Kedmi , Roee Hay , and Avi Dayan . 2014 . Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy. In 8th USENIX Workshop on Offensive Technologies (WOOT \u201914) . USENIX Association, San Diego, CA. https:\/\/www.usenix.org\/conference\/woot14\/workshop-program\/ presentation\/kaplan David Kaplan, Sagi Kedmi, Roee Hay, and Avi Dayan. 2014. Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy. In 8th USENIX Workshop on Offensive Technologies (WOOT \u201914). USENIX Association, San Diego, CA. https:\/\/www.usenix.org\/conference\/woot14\/workshop-program\/ presentation\/kaplan"},{"key":"e_1_3_2_2_18_1","volume-title":"From Uncertainty to Belief: Inferring the Specification Within (OSDI \u201906)","author":"Kremenek Ted","unstructured":"Ted Kremenek , Paul Twohey , Godmar Back , Andrew Ng , and Dawson Engler . 2006. From Uncertainty to Belief: Inferring the Specification Within (OSDI \u201906) . USENIX Association , Berkeley, CA, USA , 161\u2013176. http:\/\/dl.acm.org\/citation.cfm?id=1298455.1298471 Ted Kremenek, Paul Twohey, Godmar Back, Andrew Ng, and Dawson Engler. 2006. From Uncertainty to Belief: Inferring the Specification Within (OSDI \u201906). USENIX Association, Berkeley, CA, USA, 161\u2013176. http:\/\/dl.acm.org\/citation.cfm?id=1298455.1298471"},{"key":"e_1_3_2_2_19_1","unstructured":"Ondrej Lhot\u00c3\u0105k. 2002. Spark: a flexible points-to analysis framework for Java.  Ondrej Lhot\u00c3\u0105k. 2002. Spark: a flexible points-to analysis framework for Java."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11698-3_27"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837617"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897896"},{"key":"e_1_3_2_2_23_1","unstructured":"Dhruv Mohindra. 2016. Do not use insecure or weak cryptographic algorithms. https:\/\/www.securecoding.cert.org\/confluence\/display\/ java\/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+ algorithms  Dhruv Mohindra. 2016. Do not use insecure or weak cryptographic algorithms. https:\/\/www.securecoding.cert.org\/confluence\/display\/ java\/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+ algorithms"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950333"},{"key":"e_1_3_2_2_26_1","unstructured":"Oracle. 2017. Java Cryptography Architecture ( JCA) Reference Guide. http:\/\/docs.oracle.com\/javase\/7\/docs\/technotes\/guides\/ security\/crypto  Oracle. 2017. Java Cryptography Architecture ( JCA) Reference Guide. http:\/\/docs.oracle.com\/javase\/7\/docs\/technotes\/guides\/ security\/crypto"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594321"},{"key":"e_1_3_2_2_28_1","unstructured":"Amit Sethi. 2016. Proper use of Java SecureRandom. https:\/\/www.synopsys.com\/blogs\/software-security\/ proper-use-of-javas-securerandom\/  Amit Sethi. 2016. Proper use of Java SecureRandom. https:\/\/www.synopsys.com\/blogs\/software-security\/ proper-use-of-javas-securerandom\/"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2014.22"},{"key":"e_1_3_2_2_30_1","volume-title":"Alex Petit Bianco, and Clement Baisse","author":"Stevens Marc","year":"2017","unstructured":"Marc Stevens , Elie Bursztein , Pierre Karpman , Ange Albertini , Yarik Markov , Alex Petit Bianco, and Clement Baisse . 2017 . Announcing the first SHA 1 collision. Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov, Alex Petit Bianco, and Clement Baisse. 2017. Announcing the first SHA1 collision."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"e_1_3_2_2_32_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Yun Insu","year":"2016","unstructured":"Insu Yun , Changwoo Min , Xujie Si , Yeongjin Jang , Taesoo Kim , and Mayur Naik . 2016 . APISan: Sanitizing API Usages through Semantic Cross-Checking . In 25th USENIX Security Symposium (USENIX Security 16) . USENIX Association, Austin, TX, 363\u2013378. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/ technical-sessions\/presentation\/yun Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik. 2016. APISan: Sanitizing API Usages through Semantic Cross-Checking. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 363\u2013378. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/ technical-sessions\/presentation\/yun"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999460"}],"event":{"name":"PLDI '18: ACM SIGPLAN Conference on Programming Language Design and Implementation","location":"Philadelphia PA USA","acronym":"PLDI '18","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3192366.3192403","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3192366.3192403","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:07:53Z","timestamp":1750198073000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3192366.3192403"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6,11]]},"references-count":32,"alternative-id":["10.1145\/3192366.3192403","10.1145\/3192366"],"URL":"https:\/\/doi.org\/10.1145\/3192366.3192403","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/3296979.3192403","asserted-by":"object"}]},"subject":[],"published":{"date-parts":[[2018,6,11]]},"assertion":[{"value":"2018-06-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}