Cryptographic First Aid – Providing Tool Support For Crypto APIs

08.10.2015, 15:00 – 16:30

2015/10/08 15:00-16:30

Speaker: Stefan Krüger| Location: Mornewegstraße 32 (S4|14), Room 5.3.01, Darmstadt

Organizer: Eric Bodden

Abstract

Previous research indicates that many developers who are not experts in cryptography struggle with implementing cryptographic tasks into their application. For instance, one study finds that find that 88% of the applications they investigate violate at least one of the security-relevant rules, the authors defined. Our research tackles this issue twofold. First, we investigated the question of why developers fail at such tasks and what support they would like to have. Second, pursuing one of the goals of CROSSING, we provide the support developers ask for by combining generation of secure code with static analyses to ensure a secure integration. In this talk, I will be giving an overview of the current status of this research and a brief outlook into the future.

Short Bio

In December 2014, Stefan received his Master's degree in Computer Science from Otto-von-Guericke University in Magdeburg. He started working on CROSSING as a PhD Student in January 2015. Until now, his research mainly focusses on Variability Modelling, Code Generation Techniques and API Usability.