Engineering

Cryptography-based security solutions and cryptographic primitives can only support trust if sound implementations exist and users and developers are supported in integrating them into their applications. Thus, the goal of this project area is to develop methods and technologies that allow for secure implementation of cryptography and enable users and developers who may not be cryptography experts in properly applying cryptography.

E1 - Secure Integration of Cryptographic Software

Software engineers are regularly overwhelmed by the usage constraints that cryptographic components impose on their application interfaces. Frequently, components are initialized incorrectly, or security-sensitive error situations remain unhandled. Furthermore, programmers may disregard composition rules, leading to insecure combinations of cryptographic components. This project addresses these issues by providing an integrated system that not only pre-selects sensible combinations of components according to the developer's security demands, but also helps the developer to securely integrate them into his software system.

Researchers

Stefan Krüger

Secure Software Engineering Group

Interests:

  • API Misuse.
  • Variability Modeling and Code Generation.

Michael Reif

Software Technology Group

Interests:

  • Intersection of programming languages and security.
  • Static analysis and call graphs in a security context.

Sven Amann

Software Technology Group

Interests:

  • Tools that help software developers to become more efficient and increase software quality.

Dr. Guido Salvaneschi 

Software Technology Group

Interests:

  • Programming language design.
  • Language support for reactive applications.
  • Dataflow languages & functional reactive programming.

Dr. Michael Eichberg

Software Technology Group

Interests:

  • Software architectures and static analyses.
  • Software engineering.

Anna-Katharina Wickert

Software Technology Group

Interests:

  • Static analysis focused on software security.
  • API misuse.

CROSSING Publications E1

Additional Attributes

Type

A Systematic Evaluation of API-Misuse Detectors

Sven Amann, Hoan Anh Nguyen, Sarah Nadi, Tien Nguyen, Mira Mezini
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2018
[Article]

SFB 1119 - Contact


Contact E1

Mira Mezini
Technische Universität Darmstadt
Hochschulstr. 10
64289 Darmstadt

Eric Bodden
Universität Paderborn
Warburger Str. 100
33098 Paderborn

 

Funded by

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang