Logo des Repositoriums

Auflistung nach Autor:in "Nadi, Sarah"

1 - 3 von 3
  • Konferenzbeitrag
    Investigating Next Steps in Static API-Misuse Detection
    (Software Engineering 2020, 2020) Amann, Sven; Nguyen, Hoan Anh; Nadi, Sarah; Nguyen, Tien N.; Mezini, Mira
  • Konferenzbeitrag
    “Jumping Through Hoops”: Why do Java Developers Struggle With Cryptography APIs?
    (Software Engineering 2017, 2017) Nadi, Sarah; Krüger, Stefan; Mezini, Mira; Bodden, Eric
    To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain crypto- graphic algorithms correctly, they feel surprisingly confident in selecting the relevant cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.
  • Konferenzbeitrag
    Variability models in large-scale systems: A study and a reverse-engineering technique
    (Software-engineering and management 2015, 2015) Berger, Thorsten; Nadi, Sarah
    Highly configurable systems can easily have thousands of configuration options, together with intricate configuration constraints. Variability models-higherlevel representations of options and constraints-facilitate the development of large, highly configurable systems. Since models are difficult to create and to maintain, we strive to support both activities, automating them as much as possible. To this end, we present an empirical study of real-world variability models, and static code-analysis techniques that support reverse-engineering and consistency-checking of such models.