{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T18:50:41Z","timestamp":1770576641577,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472021, 62202066, U21A20467, 61932011, 62272457"],"award-info":[{"award-number":["62472021, 62202066, U21A20467, 61932011, 62272457"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Beijing Natural Science Foundation","award":["4242023"],"award-info":[{"award-number":["4242023"]}]},{"name":"Youth Top Talent Support Program of Beihang University","award":["YWF-22-L-1272"],"award-info":[{"award-number":["YWF-22-L-1272"]}]},{"DOI":"10.13039\/501100006374","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2022YFB2701600"],"award-info":[{"award-number":["2022YFB2701600"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690276","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2978-2992","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-6250-3570","authenticated-orcid":false,"given":"Yuexi","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5925-1638","authenticated-orcid":false,"given":"Bingyu","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2639-3722","authenticated-orcid":false,"given":"Jingqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7614-3142","authenticated-orcid":false,"given":"Linghui","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9500-6100","authenticated-orcid":false,"given":"Jiaju","family":"Bai","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4262-9478","authenticated-orcid":false,"given":"Shijie","family":"Jia","sequence":"additional","affiliation":[{"name":"Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4604-1142","authenticated-orcid":false,"given":"Qianhong","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Yasemin Acar Michael Backes et al. 2017. Comparing the usability of cryptographic APIs. In 38th IEEE S&P.","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_1_2_1","volume-title":"Security and Authenticity of AI-generated code. Ph. D. Dissertation","author":"Ambati Sriharitha","unstructured":"Sriharitha Ambati. 2023. Security and Authenticity of AI-generated code. Ph. D. Dissertation. University of Saskatchewan."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Amit Seal Ami Nathan Cooper et al. 2022. Why crypto-detectors fail: A systematic evaluation of cryptographic misuse detection techniques. In 43th IEEE S&P.","DOI":"10.1109\/SP46214.2022.9833582"},{"key":"e_1_3_2_1_4_1","unstructured":"Chunyan An Donglei Zhang et al. 2022. CryptoDetection: A Cryptography Misuse Detection Method Based on Bi-LSTM. In 2022 IEEE 8th ICCC."},{"key":"e_1_3_2_1_5_1","unstructured":"Elaine Barker and Quynh Dang. 2020. Nist special publication 800--57 part 1 revision 5: Recommendation for key management: Part 1-general May 2020. NIST Tech. Rep (2020)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Alex Biryukov Daniel Dinu et al. 2021. Argon2 memory-hard function for password hashing and proof-of-work applications. IRTF (2021).","DOI":"10.17487\/RFC9106"},{"key":"e_1_3_2_1_7_1","volume-title":"Wild: An Empirical Analysis of Vulnerabilities in Cryptographic Libraries. In 19th ACM AsiaCCS.","author":"Blessing Jenny","year":"2024","unstructured":"Jenny Blessing, Michael A Specter, et al. 2024. Cryptography in the Wild: An Empirical Analysis of Vulnerabilities in Cryptographic Libraries. In 19th ACM AsiaCCS."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Fabrice Boudot Pierrick Gaudry et al. 2020. Comparing the difficulty of factorization and discrete logarithm: a 240-digit experiment. In 40th CRYPTO.","DOI":"10.1007\/978-3-030-56880-1_3"},{"key":"e_1_3_2_1_9_1","unstructured":"Certicom Research. [n. d.]. Standards for Efficient Cryptography 1 (SEC 1): Elliptic Curve Cryptography. Online at https:\/\/www.secg.org\/sec1-v2.pdf."},{"key":"e_1_3_2_1_10_1","volume-title":"Monitoring cloud-native applications: lead agile operations confidently using open source software","author":"Chakraborty Mainak","unstructured":"Mainak Chakraborty and Ajit Pratap Kundan. 2021. Monitoring cloud-native applications: lead agile operations confidently using open source software. Springer."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Yikang Chen Yibo Liu et al. 2024. Towards Precise Reporting of Cryptographic Misuses. 31st NDSS (2024).","DOI":"10.14722\/ndss.2024.241032"},{"key":"e_1_3_2_1_12_1","volume-title":"Symbolic execution systems?a review. Software Engineering Journal","author":"Coward P David","year":"1988","unstructured":"P David Coward. 1988. Symbolic execution systems?a review. Software Engineering Journal (1988)."},{"key":"e_1_3_2_1_13_1","volume-title":"Detecting cryptography misuses with machine learning: Graph embeddings, transfer learning and data augmentation in source code related tasks","author":"de Paula Rodrigues Gustavo Eloi","year":"2023","unstructured":"Gustavo Eloi de Paula Rodrigues, Alexandre M Braga, and Ricardo Dahab. 2023. Detecting cryptography misuses with machine learning: Graph embeddings, transfer learning and data augmentation in source code related tasks. IEEE Transactions on Reliability (2023)."},{"key":"e_1_3_2_1_14_1","volume-title":"Androguard documentation. Obtenido de Androguard","author":"Desnos Anthony","year":"2018","unstructured":"Anthony Desnos and Geoffroy Gueguen. 2018. Androguard documentation. Obtenido de Androguard (2018)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Manuel Egele David Brumley et al. 2013. An empirical study of cryptographic misuse in android applications. In 20th ACM CCS.","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Tiago Espinha Andy Zaidman et al. 2014. Web API growing pains: Stories from client developers and their code. In 2014 CSMR-WCRE.","DOI":"10.1109\/CSMR-WCRE.2014.6747228"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Felix Fischer et al. 2017. Stack overflow considered harmful? the impact of copy&paste on android application security. In 38th IEEE S&P.","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_1_18_1","volume-title":"Poster: Precise detection of unprecedented python cryptographic misuses using on-demand analysis. In 28th NDSS.","author":"Frantz Miles","year":"2022","unstructured":"Miles Frantz, Ya Xiao, et al. 2022. Poster: Precise detection of unprecedented python cryptographic misuses using on-demand analysis. In 28th NDSS."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30303-1_20"},{"key":"e_1_3_2_1_20_1","volume-title":"14th ACM\/IEEE ESEM.","author":"Hazhirpasand Mohammadreza","unstructured":"Mohammadreza Hazhirpasand, Mohammad Ghafari, and Oscar Nierstrasz. 2020. Java cryptography uses in the wild. In 14th ACM\/IEEE ESEM."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Mohammadreza Hazhirpasand Oscar Nierstrasz et al. 2021. Hurdles for developers in cryptography. In IEEE ICSME.","DOI":"10.26226\/morressier.613b5418842293c031b5b621"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MobServ.2015.38"},{"key":"e_1_3_2_1_23_1","unstructured":"Atishay Jain. [n. d.]. Hugo in Action: Static Sites and Dynamic Jamstack Apps."},{"key":"e_1_3_2_1_24_1","volume-title":"d.]. Go Programming - The State of Developer Ecosystem","year":"2023","unstructured":"JetBrains. [n. d.]. Go Programming - The State of Developer Ecosystem in 2023. https:\/\/www.jetbrains.com\/lp\/devecosystem-2023\/go\/"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Burt Kaliski. 2000. PKCS# 5: Password-based cryptography specification version 2.0. Technical Report.","DOI":"10.17487\/rfc2898"},{"key":"e_1_3_2_1_26_1","volume-title":"Cognicrypt: Supporting developers in using cryptography","author":"Kr\u00fcger Stefan","year":"2017","unstructured":"Stefan Kr\u00fcger, Sarah Nadi, Michael Reif, et al. 2017. Cognicrypt: Supporting developers in using cryptography. In IEEE ASE."},{"key":"e_1_3_2_1_27_1","volume-title":"Crysl: An extensible approach to validating the correct usage of cryptographic apis","author":"Kr\u00fcger Stefan","year":"2019","unstructured":"Stefan Kr\u00fcger, Johannes Sp\u00e4th, et al. 2019. Crysl: An extensible approach to validating the correct usage of cryptographic apis. IEEE Transactions on Software Engineering (2019)."},{"key":"e_1_3_2_1_28_1","unstructured":"Juanru Li Zhiqiang Lin et al. 2018. K-Hunt: Pinpointing insecure cryptographic keys from execution traces. In 25th ACM CCS."},{"key":"e_1_3_2_1_29_1","volume-title":"Cryptogo: Automatic detection of go cryptographic api misuses. In 38th ACSAC.","author":"Li Wenqing","year":"2022","unstructured":"Wenqing Li, Shijie Jia, et al. 2022. Cryptogo: Automatic detection of go cryptographic api misuses. In 38th ACSAC."},{"key":"e_1_3_2_1_30_1","volume-title":"DES and RSA for security. Global journal of computer science and technology","author":"Mahajan Prerna","year":"2013","unstructured":"Prerna Mahajan and Abhishek Sachdeva. 2013. A study of encryption algorithms AES, DES and RSA for security. Global journal of computer science and technology (2013)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Na Meng Stefan Nagy et al. 2018. Secure coding practices in java: Challenges and vulnerabilities. In 40th ICSE.","DOI":"10.1145\/3180155.3180201"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Sarah Nadi Stefan Kr\u00fcger et al. 2016. Jumping through hoops: Why do Java developers struggle with cryptography APIs?. In 38th ICSE.","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_1_33_1","unstructured":"OWASP. 2021. Password Storage Cheat Sheet. https:\/\/cheatsheetseries.owasp. org\/cheatsheets\/Password_Storage_Cheat_Sheet.html. Accessed: 2023-01--23."},{"key":"e_1_3_2_1_34_1","volume-title":"Giuseppe Di Guglielmo, et al","author":"Piccolboni Luca","year":"2021","unstructured":"Luca Piccolboni, Giuseppe Di Guglielmo, et al. 2021. Crylogger: Detecting crypto misuses dynamically. In 42nd IEEE S&P."},{"key":"e_1_3_2_1_35_1","unstructured":"Niels Provos and David Mazieres. 1999. Bcrypt algorithm. In USENIX."},{"key":"e_1_3_2_1_36_1","unstructured":"Sazzadur Rahaman Haipeng Cai et al. 2021. From theory to code: identifying logical flaws in cryptographic implementations in C\/C. IEEE TDSC (2021)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_38_1","volume-title":"19th IEEE ICMLA.","author":"Rodrigues Gustavo Eloi","unstructured":"Gustavo Eloi de P Rodrigues, Alexandre M Braga, and Ricardo Dahab. 2020. Using graph embeddings and machine learning to detect cryptography misuse in source code. In 19th IEEE ICMLA."},{"key":"e_1_3_2_1_39_1","volume-title":"15th ACM SIGPLAN-SIGACT.","author":"Rosen Barry K","unstructured":"Barry K Rosen, Mark N Wegman, and F Kenneth Zadeck. 1988. Global value numbers and redundant computations. In 15th ACM SIGPLAN-SIGACT."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2014.22"},{"key":"e_1_3_2_1_41_1","volume-title":"Smv-hunter: Large scale, automated detection of ssl\/tls man-in-the-middle vulnerabilities in android apps. In 21st NDSS.","author":"Sounthiraraj David","year":"2014","unstructured":"David Sounthiraraj, Zhiqiang Lin, et al. 2014. Smv-hunter: Large scale, automated detection of ssl\/tls man-in-the-middle vulnerabilities in android apps. In 21st NDSS."},{"key":"e_1_3_2_1_42_1","volume-title":"Introduction to the go programming language. Journal of Computing Sciences in Colleges","author":"Suresh Durga","year":"2013","unstructured":"Durga Suresh. 2013. Introduction to the go programming language. Journal of Computing Sciences in Colleges (2013)."},{"key":"e_1_3_2_1_43_1","volume-title":"Cockroachdb: The resilient geo-distributed sql database. In 2020 ACM SIGMOD.","author":"Taft Rebecca","year":"2020","unstructured":"Rebecca Taft, Irfan Sharif, et al. 2020. Cockroachdb: The resilient geo-distributed sql database. In 2020 ACM SIGMOD."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-75650-9_14"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Anna-Katharina Wickert Lars Baumg\u00e4rtner et al. 2021. Python crypto misuses in the wild. In 15th ESEM.","DOI":"10.1145\/3475716.3484195"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Anna-Katharina Wickert Lars Baumg\u00e4rtner et al. 2022. To fix or not to fix: a critical study of crypto-misuses in the wild. In 2022 IEEE TrustCom. IEEE.","DOI":"10.1109\/TrustCom56396.2022.00051"},{"key":"e_1_3_2_1_47_1","unstructured":"Baowen Xu Ju Qian Xiaofang Zhang et al. 2005. A brief survey of program slicing. ACM SIGSOFT Software Engineering Notes (2005)."},{"key":"e_1_3_2_1_48_1","unstructured":"Zhiwu Xu Xiongya Hu et al. 2020. Analyzing cryptographic api usages for android applications using hmm and n-gram. In IEEE TASE."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the 6th USENIX Security Symposium.","author":"Ylonen Tatu","year":"1996","unstructured":"Tatu Ylonen. 1996. SSH--secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium."},{"key":"e_1_3_2_1_50_1","unstructured":"Li Zhang Jiongyi Chen et al. 2019. CryptoREX: Large-scale analysis of cryptographic misuse in IoT devices. In 22nd RAID."},{"key":"e_1_3_2_1_51_1","volume-title":"Md Mahir Asef Kabir, et al","author":"Zhang Ying","year":"2022","unstructured":"Ying Zhang, Md Mahir Asef Kabir, et al. 2022. Automatic detection of Java cryptographic API misuses: Are we there yet? IEEE TSE (2022)."},{"key":"e_1_3_2_1_52_1","volume-title":"Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem. https:\/\/github.com\/ yxzhang2024\/gopher\/blob\/main\/gopher_full_paper.pdf","author":"Zhang Yuexi","year":"2024","unstructured":"Yuexi Zhang, Bingyu Li, et al. 2024. Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem. https:\/\/github.com\/ yxzhang2024\/gopher\/blob\/main\/gopher_full_paper.pdf"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690276","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690276","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:20:37Z","timestamp":1755843637000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690276"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":52,"alternative-id":["10.1145\/3658644.3690276","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690276","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}