Application developers can use CogniCrypt to learn about which cryptographic components to use in which combination, in order to achieve high-level security guarantees for a system they desire to build, eventually under constraints, like not requiring special hardware components (chipcards, etc.) for authentication in low-cost scenarios. CogniCrypt also assists application developers in instantiating the architecture and validates the correct integration of all components in this instantiation by validating the correct usage of the components’ application interfaces. We envision CogniCrypt to also support cryptographers that use the platform to host their cryptographic components.
Eclipse CogniCrypt is planned as a set of Eclipse plugins, which to developers ultimately are meant to provide the following features:
- Generation of secure crypto-integration code
- Static analysis of existing crypto-integration code (to automatically and instantly highlight insecure integrations)
- Suggest better/more secure integrations via quick fixes
- Alert developers of security breaches of cryptographic algorithms
The project will initially support Java and Android projects only, through an integration with the JDT/ADT projects. In the future we might add support for C/C++ through an integration with CDT.