• DocumentCode
    731515
  • Title

    Detecting and Mitigating Secret-Key Leaks in Source Code Repositories

  • Author

    Sinha, Vibha Singhal ; Saha, Diptikalyan ; Dhoolia, Pankaj ; Padhye, Rohan ; Mani, Senthil

  • fYear
    2015
  • fDate
    16-17 May 2015
  • Firstpage
    396
  • Lastpage
    400
  • Abstract
    Several news articles in the past year highlighted incidents in which malicious users stole API keys embedded in files hosted on public source code repositories such as GitHub and Bit Bucket in order to drive their own work-loads for free. While some service providers such as Amazon have started taking steps to actively discover such developer carelessness by scouting public repositories and suspending leaked API keys, there is little support for tackling the problem from the code sharing platforms themselves. In this paper, we discuss practical solutions to detecting, preventing and fixing API key leaks. We first outline a handful of methods for detecting API keys embedded within source code, and evaluate their effectiveness using a sample set of projects from GitHub. Second, we enumerate the mechanisms which could be used by developers to prevent or fix key leaks in code repositories manually. Finally, we outline a possible solution that combines these techniques to provide tool support for protecting against key leaks in version control systems.
  • Keywords
    application program interfaces; public key cryptography; source code (software); code repositories; fix key leaks; key leaks protection; secret-key leaks detection; secret-key leaks mitigation; source code repositories; version control systems; Control systems; Facebook; History; Java; Leak detection; Pattern matching; Software; api keys; git; mining software repositories; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Mining Software Repositories (MSR), 2015 IEEE/ACM 12th Working Conference on
  • Conference_Location
    Florence
  • Type

    conf

  • DOI
    10.1109/MSR.2015.48
  • Filename
    7180102