E1 - Secure Integration of Cryptographic Software

E1 – Secure Integration of Cryptographic Software

Download

Software engineers are known to often misuse cryptography, causing the applications that they develop to become insecure. The overall goal of the project is to support developers by providing them tool automation to facilitate secure integration of cryptographic software. For this purpose, the project designs software development and analysis techniques and implements those in the tool CogniCrypt. In CROSSING II the project focuses on providing crypto experts tool automation to facilitate the complete and correct specification of how cryptographic components must be used.

Researchers

Dr. Michael Eichberg
Software Technology Group

Research Interests:

  • Software architectures and static analyses.
  • Software engineering.

Stefan Krüger
Secure Software Engineering Group

Research Interests:

  • API Misuse.
  • Variability Modeling and Code Generation.

Michael Reif
Software Technology Group

Research Interests:

  • Intersection of programming languages and security.
  • Static analysis and call graphs in a security context.

Anna-Katharina Wickert
Software Technology Group

Research Interests:

  • Static analysis focused on software security.
  • API misuse.

Publications

Wickert, Anna-Katharina ; Reif, Michael ; Eichberg, Michael ; Dodhy, Anam ; Mezini, Mira (2019):
A Dataset of Parametric Cryptographic Misuses.
IEEE, In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), [Konferenzveröffentlichung]

Fasihi Yazdi, Mohsen (2018):
Study on Security Level of "Security Stack Exchange": How Trustable are Code Snippet on this Plattform?!
TU Darmstadt, [Masterarbeit]

Keshavaprakash, Manoj (2018):
A Benchmark for New and Existing Model Comparison.
TU Darmstadt, [Masterarbeit]

Schmid, Jakob (2018):
Independent Compilation for the Arithmetic Black Box.
TU Darmstadt, [Masterarbeit]

Helm, Dominik ; Kübler, Florian ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira (2018):
A unified lattice model and framework for purity analyses.
In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ACM, In: ASE 2018, Corum, Montpellier, France, 3.-7.9.2018, DOI: 10.1145/3238147.3238226,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3238226],
[Konferenzveröffentlichung]

Helm, Dominik (2018):
A Framework for Modular Purity Analyses.
TU Darmstadt, [Masterarbeit]

Dodhy, Anam (2018):
Misuses of Parameters for Cryptographic APIs.
TU Darmstadt, [Masterarbeit]

Nanjunde Gowda, Vidyashree (2018):
Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities.
TU Darmstadt, [Masterarbeit]

Eichberg, Michael ; Kübler, Florian ; Helm, Dominik ; Reif, Michael ; Salvaneschi, Guido ; Mezini, Mira (2018):
Lattice Based Modularization of Static Analyses.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, ACM, In: SOAP 2018, Amsterdam, Netherlands, DOI: 10.1145/3236454.3236509,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236509],
[Konferenzveröffentlichung]

Krüger, Stefan ; Späth, Johannes ; Ali, Karim ; Bodden, Eric ; Mezini, Mira (2018):
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), Schloss Dagstuhl-Leibniz-Zentrum für Informatik, In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), Amsterdam, The Netherlands, 15.-21.07.2018, DOI: 10.4230/LIPIcs.ECOOP.2018.10,
[Online-Edition: https://2018.ecoop.org/],
[Konferenzveröffentlichung]

Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira (2018):
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, ACM, In: SOAP 2018, Amsterdam, Netherlands, DOI: 10.1145/3236454.3236503,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236503],
[Konferenzveröffentlichung]

Nguyen, Lisa ; Krüger, Stefan ; Hill, Patrick ; Ali, Karim ; Bodden, Eric (2018):
VisuFlow: a Debugging Environment for Static Analyses.
In: ICSE, ACM, [Konferenzveröffentlichung]

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (Hrsg.) (2018):
CodeMatch: Obfuscation Won't Conceal Your Repackaged App.
In: Software Engineering und Software Management 2018, Gesellschaft für Informatik, S. 117-118, [Book section]

Amann, Sven ; Nguyen, Hoan Anh ; Nadi, Sarah ; Nguyen, Tien ; Mezini, Mira (2018):
A Systematic Evaluation of API-Misuse Detectors.
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, [Article]

Reif, Michael ; Eichberg, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (Hrsg.) (2018):
Call Graph Construction for Java Libraries.
Bonn, Gesellschaft für Informatik, In: Software Engineering und Software Management 2018, Bonn, [Konferenzveröffentlichung]

Kübler, Florian (2017):
Foundations of a refinement-based framework for escape analyses.
TU Darmstadt, [Masterarbeit]

Singh, Govind (2017):
o Static Bug Finders Identify API Misuses?
TU Darmstadt, [Masterarbeit]

Müller, Patrick (2017):
Reconstruction of Obfuscated Strings.
TU Darmstadt, [Masterarbeit]

Krüger, Stefan ; Nadi, Sarah ; Reif, Michael ; Ali, Karim ; Mezini, Mira ; Bodden, Eric ; Göpfert, Florian ; Günther, Felix ; Weinert, Christian ; Demmler, Daniel ; Kamath, Ram (2017):
CogniCrypt: Supporting Developers in using Cryptography.
In: Automated Software Engineering (ASE'17), Piscataway, NJ, USA, ACM, Piscataway, NJ, USA, DOI: 10.1109/ASE.2017.8115707,
[Online-Edition: http://dl.acm.org/citation.cfm?id=3155562.3155681],
[Konferenzveröffentlichung]

Späth, Johannes ; Ali, Karim ; Bodden, Eric (2017):
IDEal: Efficient and Precise Alias-aware Dataflow Analysis.
In: 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), ACM Press, [Konferenzveröffentlichung]

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira (2017):
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ISBN 978-1-4503-5105-8,
DOI: 10.1145/3106237.3106305,
[Online-Edition: http://dl.acm.org/citation.cfm?id=3106305],
[Konferenzveröffentlichung]

Hauck, Markus ; Savvides, Savvas ; Eugster, Patrick ; Mezini, Mira ; Salvaneschi, Guido (2016):
SecureScala: Scala embedding of secure computations.
In: Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala, ACM, [Konferenzveröffentlichung]

Späth, Johannes ; Nguyen, Lisa ; Ali, Karim ; Bodden, Eric (2016):
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
In: European Conference on Object-Oriented Programming, Dagstuhl, Rome, Italy, [Konferenzveröffentlichung]

Nadi, Sarah ; Krüger, Stefan ; Mezini, Mira ; Bodden, Eric (2016):
"Jumping Through Hoops" Why do Java Developers Struggle With Cryptography APIs?
In: International Conference on Software Engineering, ACM, Austin, Texas, USA, [Konferenzveröffentlichung]

Amann, Sven ; Nadi, Sarah ; Nguyen, Hoan A. ; Nguyen, Tien N. ; Mezini, Mira (2016):
MUBench: A Benchmark for API-Misuse Detectors.
In: Proceedings of the 13th International Conference on Mining Software Repositories, In: 13th International Conference on Mining Software Repositories, Austin, Texas, USA, May 14–15, 2016, In: MSR'16, [Konferenzveröffentlichung]

Nadi, Sarah ; Krüger, Stefan (2016):
Variability Modeling of Cryptographic Components (Clafer Experience Report).
In: Tenth International Workshop on Variability Modelling of Software-intensive Systems, Salvador, Brazil, 27. - 29.1.2016, In: Proceedings of the Tenth International Workshop on Variability Modelling of Software-intensive Systems, [Konferenzveröffentlichung]

Reif, Michael ; Eichberg, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira (2016):
Call graph construction for Java libraries.
In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, DOI: 10.1145/2950290.2950312,
[Konferenzveröffentlichung]

Proksch, Sebastian ; Lerch, Johannes ; Mezini, Mira (2015):
Intelligent Code Completion with Bayesian Networks.
In: ACM Transactions on Software Engineering and Methodology (TOSEM), ACM Press, S. 3:1-3:31, 25, (1), [Online-Edition: http://doi.acm.org/10.1145/2744200],
[Article]

Lerch, Johannes ; Späth, Johannes ; Bodden, Eric ; Mezini, Mira (2015):
Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths.
In: Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), Washington, DC, USA, IEEE Computer Society, In: Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on, Lincoln, Nebraska, USA, 9.-13. November 2015, [Online-Edition: https://dl.acm.org/citation.cfm?id=2916135&picked=prox],
[Konferenzveröffentlichung]

Arzt, Steven ; Nadi, Sarah ; Ali, Karim ; Bodden, Eric ; Erdweg, Sebastian ; Mezini, Mira (2015):
Towards Secure Integration of Cryptographic Software.
In: OOPSLA Onward!, Piitsburgh, 25.10.2015, In: Proceedings of the 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, [Online-Edition: http://2015.splashcon.org/track/onward2015-papers],
[Konferenzveröffentlichung]

Medeiros, Flávio ; Kästner, Christian ; Ribeiro, Márcio ; Nadi, Sarah ; Gheyi, Rohit (2015):
The Love/Hate Relationship with the C Preprocessor: An Interview Study.
In: European Conference on Object-Oriented Programming, Prague, Czech Republic, [Konferenzveröffentlichung]

Zhou, Shurui ; Al-Kofahi, Jafar ; Nguyen, Tien ; Kaestner, Christian ; Nadi, Sarah (2015):
Extracting Configuration Knowledge from Build Files with Symbolic Analysis.
In: 3rd International Workshop on Release Engineering, Florence, Italy, [Konferenzveröffentlichung]

go to TU-biblio search on ULB website