CogniCrypt – an intelligent open-source platform ensuring the secure usage of crypto components
A central goal of CROSSING is to collaboratively develop CogniCrypt, an intelligent open-source platform for hosting cryptographic components (developed in the CROSSING projects or outside of CROSSING) that actively assists application developers in selecting and correctly integrating its components into applications.
Application developers can use CogniCrypt to learn about which cryptographic components to use in which combination, in order to achieve high-level security guarantees for a system they desire to build, eventually under constraints, like not requiring special hardware components (chipcards, etc.) for authentication in low-cost scenarios. CogniCrypt also assists application developers in instantiating the architecture and validates the correct integration of all components in this instantiation by validating the correct usage of the components’ application interfaces. We envision CogniCrypt to also support cryptographers that use the platform to host their cryptographic components.
CogniCrypt is an official Eclipse project since December 2017.
Eclipse CogniCrypt is planned as a set of Eclipse plugins, which to developers ultimately are meant to provide the following features:
- Generation of secure crypto-integration code
- Static analysis of existing crypto-integration code (to automatically and instantly highlight insecure integrations)
- Suggest better/more secure integrations via quick fixes
- Alert developers of security breaches of cryptographic algorithms
The project will initially support Java and Android projects only, through an integration with the JDT/ADT projects. In the future we might add support for C/C++ through an integration with CDT.