{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T09:33:28Z","timestamp":1761989608498,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,7,11]],"date-time":"2021-07-11T00:00:00Z","timestamp":1625961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSERC","award":["RGPIN-05799-2014, RGPIN-2020-05502, and CRDPJ-543583-2019"],"award-info":[{"award-number":["RGPIN-05799-2014, RGPIN-2020-05502, and CRDPJ-543583-2019"]}]},{"name":"WHJIL"},{"name":"Early Researcher Award"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,7,13]]},"DOI":"10.1145\/3464971.3468418","type":"proceedings-article","created":{"date-parts":[[2021,7,8]],"date-time":"2021-07-08T22:07:03Z","timestamp":1625782023000},"page":"43-50","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Ensuring correct cryptographic algorithm and provider usage at compile time"],"prefix":"10.1145","author":[{"given":"Weitian","family":"Xing","sequence":"first","affiliation":[{"name":"University of Waterloo, Canada"}]},{"given":"Yuanhui","family":"Cheng","sequence":"additional","affiliation":[{"name":"University of Waterloo, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9316-6952","authenticated-orcid":false,"given":"Werner","family":"Dietl","sequence":"additional","affiliation":[{"name":"University of Waterloo, Canada"}]}],"member":"320","published-online":{"date-parts":[[2021,7,11]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"crossref","unstructured":"Sharmin Afrose Sazzadur Rahaman and Danfeng Yao. 2020. A Comprehensive Benchmark on Java Cryptographic API Misuses. In Data and Application Security and Privacy. 177\u2013178.  Sharmin Afrose Sazzadur Rahaman and Danfeng Yao. 2020. A Comprehensive Benchmark on Java Cryptographic API Misuses. In Data and Application Security and Privacy. 177\u2013178.","DOI":"10.1145\/3374664.3379537"},{"key":"e_1_3_2_2_2_1","unstructured":"Apache. 2021. Apache Commons Crypto. https:\/\/github.com\/apache\/commons-crypto  Apache. 2021. Apache Commons Crypto. https:\/\/github.com\/apache\/commons-crypto"},{"key":"e_1_3_2_2_3_1","volume-title":"Stack Overflow: Java - Default RSA padding in SUN JCE\/Oracle JCE. https:\/\/stackoverflow.com\/questions\/21066902\/default-rsa-padding-in-sun-jce-oracle-jce","author":"Bodewes Maarten","year":"2016","unstructured":"Maarten Bodewes . 2016 . Stack Overflow: Java - Default RSA padding in SUN JCE\/Oracle JCE. https:\/\/stackoverflow.com\/questions\/21066902\/default-rsa-padding-in-sun-jce-oracle-jce Maarten Bodewes. 2016. Stack Overflow: Java - Default RSA padding in SUN JCE\/Oracle JCE. https:\/\/stackoverflow.com\/questions\/21066902\/default-rsa-padding-in-sun-jce-oracle-jce"},{"key":"e_1_3_2_2_4_1","volume-title":"OOPSLA Workshop on Revival of Dynamic Languages.","author":"Bracha Gilad","year":"2004","unstructured":"Gilad Bracha . 2004 . Pluggable type systems . In OOPSLA Workshop on Revival of Dynamic Languages. Gilad Bracha. 2004. Pluggable type systems. In OOPSLA Workshop on Revival of Dynamic Languages."},{"key":"e_1_3_2_2_5_1","unstructured":"Spot Bugs. 2021. SpotBugs: Find bugs in Java Programs. https:\/\/spotbugs.github.io\/  Spot Bugs. 2021. SpotBugs: Find bugs in Java Programs. https:\/\/spotbugs.github.io\/"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Alexia Chatzikonstantinou Christoforos Ntantogian Georgios Karopoulos and Christos Xenakis. 2016. Evaluation of cryptography usage in Android applications. In Bio-inspired Information and Communications Technologies (formerly BIONETICS). 83\u201390.  Alexia Chatzikonstantinou Christoforos Ntantogian Georgios Karopoulos and Christos Xenakis. 2016. Evaluation of cryptography usage in Android applications. In Bio-inspired Information and Communications Technologies (formerly BIONETICS). 83\u201390.","DOI":"10.4108\/eai.3-12-2015.2262471"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666620.2666627"},{"key":"e_1_3_2_2_8_1","unstructured":"The MITRE Corporation. 2021. CWE-327: Use of a Broken or Risky Cryptographic Algorithm. https:\/\/cwe.mitre.org\/data\/definitions\/327.html  The MITRE Corporation. 2021. CWE-327: Use of a Broken or Risky Cryptographic Algorithm. https:\/\/cwe.mitre.org\/data\/definitions\/327.html"},{"volume-title":"International Conference on Software Engineering (ICSE).","author":"Dietl W.","key":"e_1_3_2_2_9_1","unstructured":"W. Dietl , S. Dietzel , M. D. Ernst , K. Muslu , and T. W. Schiller . 2011. Building and Using Pluggable Type-Checkers. In Software Engineering in Practice Track , International Conference on Software Engineering (ICSE). W. Dietl, S. Dietzel, M. D. Ernst, K. Muslu, and T. W. Schiller. 2011. Building and Using Pluggable Type-Checkers. In Software Engineering in Practice Track, International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_2_10_1","unstructured":"Eclipse. 2021. An implementation of the Git version control system in pure Java. https:\/\/github.com\/eclipse\/jgit  Eclipse. 2021. An implementation of the Git version control system in pure Java. https:\/\/github.com\/eclipse\/jgit"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"Manuel Egele David Brumley Yanick Fratantonio and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Computer and Communications Security (CCS). 73\u201384.  Manuel Egele David Brumley Yanick Fratantonio and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Computer and Communications Security (CCS). 73\u201384.","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"crossref","unstructured":"Jeffrey S Foster Tachio Terauchi and Alex Aiken. 2002. Flow-sensitive type qualifiers. In Programming Language Design and Implementation (PLDI). 1\u201312.  Jeffrey S Foster Tachio Terauchi and Alex Aiken. 2002. Flow-sensitive type qualifiers. In Programming Language Design and Implementation (PLDI). 1\u201312.","DOI":"10.1145\/512529.512531"},{"key":"e_1_3_2_2_13_1","unstructured":"Checker Framework. 2021. Constant Value Checker. https:\/\/checkerframework.org\/manual\/##constant-value-checker  Checker Framework. 2021. Constant Value Checker. https:\/\/checkerframework.org\/manual\/##constant-value-checker"},{"key":"e_1_3_2_2_14_1","unstructured":"Checker Framework. 2021. Constant Value Checker Qualifier Hierarchy. https:\/\/checkerframework.org\/manual\/##fig-value-hierarchy  Checker Framework. 2021. Constant Value Checker Qualifier Hierarchy. https:\/\/checkerframework.org\/manual\/##fig-value-hierarchy"},{"key":"e_1_3_2_2_15_1","unstructured":"Google. 2020. Android Keystore Provider. https:\/\/developer.android.com\/training\/articles\/keystore##SupportedAlgorithms  Google. 2020. Android Keystore Provider. https:\/\/developer.android.com\/training\/articles\/keystore##SupportedAlgorithms"},{"key":"e_1_3_2_2_16_1","unstructured":"Google. 2020. Android Keystore System. https:\/\/developer.android.com\/training\/articles\/keystore##HardwareSecurityModule  Google. 2020. Android Keystore System. https:\/\/developer.android.com\/training\/articles\/keystore##HardwareSecurityModule"},{"key":"e_1_3_2_2_17_1","unstructured":"Google. 2021. Error Prone Bug Pattern: InsecureCryptoUsage. https:\/\/errorprone.info\/bugpattern\/InsecureCryptoUsage  Google. 2021. Error Prone Bug Pattern: InsecureCryptoUsage. https:\/\/errorprone.info\/bugpattern\/InsecureCryptoUsage"},{"key":"e_1_3_2_2_18_1","unstructured":"JSR 308 Expert Group. 2021. Type Annotations (JSR 308). https:\/\/jcp.org\/en\/jsr\/detail?id=308  JSR 308 Expert Group. 2021. Type Annotations (JSR 308). https:\/\/jcp.org\/en\/jsr\/detail?id=308"},{"volume-title":"Beginning cryptography with Java","author":"Hook David","key":"e_1_3_2_2_19_1","unstructured":"David Hook . 2005. Beginning cryptography with Java . John Wiley & Sons . David Hook. 2005. Beginning cryptography with Java. John Wiley & Sons."},{"volume-title":"Issue: Cryptographic API misuse detected. https:\/\/github.com\/a466350665\/smart\/issues\/47","year":"2020","key":"e_1_3_2_2_20_1","unstructured":"Joe. 2020 . Issue: Cryptographic API misuse detected. https:\/\/github.com\/a466350665\/smart\/issues\/47 Joe. 2020. Issue: Cryptographic API misuse detected. https:\/\/github.com\/a466350665\/smart\/issues\/47"},{"key":"e_1_3_2_2_21_1","volume-title":"LGTM: Continuous security analysis. https:\/\/lgtm.com\/","author":"LGTM.","year":"2021","unstructured":"LGTM. 2021 . LGTM: Continuous security analysis. https:\/\/lgtm.com\/ LGTM. 2021. LGTM: Continuous security analysis. https:\/\/lgtm.com\/"},{"key":"e_1_3_2_2_22_1","unstructured":"Martin Kellogg Martin Sch\u00e4f Serdar Tasiran Michael D. Ernst. 2020. AWS Crypto-Policy Compliance Checker. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker  Martin Kellogg Martin Sch\u00e4f Serdar Tasiran Michael D. Ernst. 2020. AWS Crypto-Policy Compliance Checker. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker"},{"volume-title":"Issue: ECB Mode is Insecure. https:\/\/github.com\/mogol\/flutter_secure_storage\/issues\/60","year":"2021","key":"e_1_3_2_2_23_1","unstructured":"mogol. 2021 . Issue: ECB Mode is Insecure. https:\/\/github.com\/mogol\/flutter_secure_storage\/issues\/60 mogol. 2021. Issue: ECB Mode is Insecure. https:\/\/github.com\/mogol\/flutter_secure_storage\/issues\/60"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_2_25_1","unstructured":"Oracle. 2021. Java Cryptography Architecture (JCA) Reference Guide. https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/security\/crypto\/CryptoSpec.html  Oracle. 2021. Java Cryptography Architecture (JCA) Reference Guide. https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/security\/crypto\/CryptoSpec.html"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192403"},{"volume-title":"International Symposium on Software Testing and Analysis (ISSTA). 201\u2013212","author":"Papi Matthew M.","key":"e_1_3_2_2_27_1","unstructured":"Matthew M. Papi , Mahmood Ali , Telmo Luis Correa Jr ., Jeff H. Perkins , and Michael D. Ernst . 2008. Practical pluggable types for Java . In International Symposium on Software Testing and Analysis (ISSTA). 201\u2013212 . Matthew M. Papi, Mahmood Ali, Telmo Luis Correa Jr., Jeff H. Perkins, and Michael D. Ernst. 2008. Practical pluggable types for Java. In International Symposium on Software Testing and Analysis (ISSTA). 201\u2013212."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_2_29_1","unstructured":"Sonar Source. 2021. SonarSource builds world-class products for Code Quality & Security. https:\/\/www.sonarsource.com\/  Sonar Source. 2021. SonarSource builds world-class products for Code Quality & Security. https:\/\/www.sonarsource.com\/"},{"key":"e_1_3_2_2_30_1","unstructured":"Synopsys. 2021. Coverity Static Application Security Testing (SAST). https:\/\/www.synopsys.com\/software-integrity\/security-testing\/static-analysis-sast.html  Synopsys. 2021. Coverity Static Application Security Testing (SAST). https:\/\/www.synopsys.com\/software-integrity\/security-testing\/static-analysis-sast.html"},{"key":"e_1_3_2_2_31_1","unstructured":"Carnegie Mellon University. 2020. MSC61-J. Do not use insecure or weak cryptographic algorithms. https:\/\/wiki.sei.cmu.edu\/confluence\/display\/java\/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms  Carnegie Mellon University. 2020. MSC61-J. Do not use insecure or weak cryptographic algorithms. https:\/\/wiki.sei.cmu.edu\/confluence\/display\/java\/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms"},{"key":"e_1_3_2_2_32_1","unstructured":"John R Vacca. 2013. Cyber Security and IT Infrastructure Protection. Syngress.  John R Vacca. 2013. Cyber Security and IT Infrastructure Protection. Syngress."}],"event":{"name":"ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages"],"location":"Virtual Denmark","acronym":"ISSTA '21"},"container-title":["Proceedings of the 23rd ACM International Workshop on Formal Techniques for Java-like Programs"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3464971.3468418","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3464971.3468418","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:25Z","timestamp":1750191505000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3464971.3468418"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,11]]},"references-count":32,"alternative-id":["10.1145\/3464971.3468418","10.1145\/3464971"],"URL":"https:\/\/doi.org\/10.1145\/3464971.3468418","relation":{},"subject":[],"published":{"date-parts":[[2021,7,11]]},"assertion":[{"value":"2021-07-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}