Engineering

Cryptography-based security solutions and cryptographic primitives can only support trust if sound implementations exist and users and developers are supported in integrating them into their applications. Thus, the goal of this project area is to develop methods and technologies that allow for secure implementation of cryptography and enable users and developers who may not be cryptography experts in properly applying cryptography.

E1 - Secure Integration of Cryptographic Software

Software engineers are regularly overwhelmed by the usage constraints that cryptographic components impose on their application interfaces. Frequently, components are initialized incorrectly, or security-sensitive error situations remain unhandled. Furthermore, programmers may disregard composition rules, leading to insecure combinations of cryptographic components. This project addresses these issues by providing an integrated system that not only pre-selects sensible combinations of components according to the developer's security demands, but also helps the developer to securely integrate them into his software system.

Researchers

Stefan Krüger

Secure Software Engineering Group

  • API Misuse.
  • Variability Modeling and Code Generation.

Michael Reif

Software Technology Group

Interests:

  • Intersection of programming languages and security.
  • Static analysis and call graphs in a security context.

Sven Amann

Software Technology Group

Interests:

  • Tools that help software developers to become more efficient and increase software quality.

Dr. Guido Salvaneschi 

Software Technology Group

Interests:

  • Programming language design.
  • Language support for reactive applications.
  • Dataflow languages & functional reactive programming.

Dr. Michael Eichberg

Software Technology Group

Interests:

  • Software architectures and static analyses.
  • Software engineering.

Johannes Späth

Secure Software Engineering Group

Interests:

  • Static code analysis.
  • Security during the software development process.

CROSSING Publications E1

Additional Attributes

Type

CogniCrypt: Supporting Developers in using Cryptography

Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath
In: Automated Software Engineering (ASE'17), November 2017
ACM
[Inproceedings]

CodeMatch: Obfuscation Won’t Conceal Your Repackaged App

Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, Mira Mezini
In: ESEC/FSE 2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, p. 638-648, September 2017
ACM New York, NY, USA ©2017
[Online-Edition: esec-fse17.uni-paderborn.de/]
[Inproceedings]

SFB 1119 - Contact


Contact E1

Mira Mezini
Technische Universität Darmstadt
Hochschulstr. 10
64289 Darmstadt

Eric Bodden
Universität Paderborn
Warburger Str. 100
33098 Paderborn

 

Funded by

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang