عنوان
پدید آورنده
موضوع
رده
کتابخانه
محل استقرار
NATIONAL BIBLIOGRAPHY NUMBER
Number
TLpq2489769181
LANGUAGE OF THE ITEM
.Language of Text, Soundtrack etc
انگلیسی
TITLE AND STATEMENT OF RESPONSIBILITY
Title Proper
Study of Outdated Cryptography Algorithms Posts of Stack Overflow
General Material Designation
[Thesis]
First Statement of Responsibility
Kharche, Shraddha
Subsequent Statement of Responsibility
Narain, Sashank
.PUBLICATION, DISTRIBUTION, ETC
Name of Publisher, Distributor, etc.
University of Massachusetts Lowell
Date of Publication, Distribution, etc.
2021
PHYSICAL DESCRIPTION
Specific Material Designation and Extent of Item
48
DISSERTATION (THESIS) NOTE
Dissertation or thesis details and type of degree
M.S.
Body granting the degree
University of Massachusetts Lowell
Text preceding or following the note
2021
SUMMARY OR ABSTRACT
Text of Note
There are many online forums where software developers involve themselves in technical discussions and one of the most popular platforms is Stack Overflow. Though these forums are helping developers to pass hurdle in their development process, many recent studies have shown that copying insecure code from these online forums is the leading cause of software vulnerabilities in applications. Even today, there are a number of posts on Stack Overflow that mention outdated algorithms like AES/ECB and they are still being viewed and up voted by users. Stack Overflow is a completely user driven platform and does not provide any mechanism which will alert users about the vulnerabilities associated with such algorithms. The aforementioned problems motivates us to study the Stack Overflow posts which has reference to outdated cryptography algorithms, and focus on answering two questions: Is it feasible to build a system that identifies weak cryptographic algorithms or hashing function and alert users? If a question contains weak cryptographic algorithms, do responders alert the users or do they simply focus on providing a working solution? To answer these, we have designed and developed a mary tree with a list of encryption algorithms and hashing functions available. We identified cryptographic algorithm keywords from posts text and traversed the tree, where tree leaves suggest if there is a need of potential warning or not. We applied this process both to posts questions and answers to analyze if the question and answers correlate by verifying if they traverse the same tree path. We ran our designed system against 6 million Stack Overflow Posts, which had 5169 cryptography related posts. We could successfully find several posts which had both questions and answers referring to outdated algorithms, and do not have any warnings from responders.
TOPICAL NAME USED AS SUBJECT
Applied mathematics
Computer engineering
Computer science
Information technology
Web studies
PERSONAL NAME - PRIMARY RESPONSIBILITY
Kharche, Shraddha
Narain, Sashank
ELECTRONIC LOCATION AND ACCESS
Electronic name
مطالعه متن کتاب p
[Thesis]
276903
a
Y
