The CROSSING Collaboration Award

The CROSSING Collaboration Award is presented for excellent internal collaborative work and outstanding progress in research collaborations within CROSSING, for which all members of the CRC are eligible. It is awarded annually by the CROSSING directorate. Eligible for the Award is any collaboration between projects, for example joint publications, contributions to OpenCCE, joint software tools or demonstrators or joint bachelor or master thesis.

Winners of the Collaboration Award get a trophy and certificate, and each collaborator receives funds for conference or workshop participation (travel, accommodation, conference fee), freely selectable by the price winners.

Winner 2017: CogniCrypt: Supporting Developers in using Cryptography

Prof. Marc Fischlin, Christian Weinert (S6), Stefan Krüger (E1), Daniel Demmler (E4) and Felix Günther (S4) (from left to right)

Abstract.

There exists an extensive body of research demonstrating that application developers often fail to correctly and securely use cryptographic APIs and, as a result, produce insecure code. They mainly struggle with the cryptographic domain knowledge required to decide which algorithms are appropriate to use to perform a certain task and how to properly configure them. In addition, due to the low-level design of most cryptographic APIs, developers often face problems identifying the correct order of method calls and parameter values. When surveyed, developers indicate that they desire API design to be more high-level, more examplerich documentation showcasing common use cases of the API, as well as assistance tools that support them in using such APIs. In our work that was accepted at the ASE 2017 Tool Demonstrations track, we presented CogniCrypt, a tool that assists developers with the use of cryptographic APIs. CogniCrypt is implemented as an Eclipse plugin to smoothly integrate into any application developer’s workflow and assists the developer in two ways. First, for a number of common programming tasks that involve cryptography, CogniCrypt facilitates the generation of code snippets that implement the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously performs a suite of static code analyses in the background to ensure a secure integration of the generated code into the developer’s project. Since the code analysis runs independently of code generation, CogniCrypt still supports developers to produce secure code if they prefer to write the code themselves or are not aware of CogniCrypt’s full functionality. This video demo showcases the main features of CogniCrypt: youtube.com/watch.

Link to the Paper

CogniCrypt: Supporting Developers in using Cryptography

Contact

Project E1, Project E4, Project S4, Project S6

SFB 1119 - Contact


Funded by

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang