Project Areas

E – Engineering

E1 – Secure Integration of Cryptographic Software

Software engineers are known to often misuse cryptography, causing the applications that they develop to become insecure. The overall goal of the project is to support developers by providing them tool automation to facilitate secure integration of cryptographic software. For this purpose, the project designs software development and analysis techniques and implements those in the tool CogniCrypt. In CROSSING II the project focuses on providing crypto experts tool automation to facilitate the complete and correct specification of how cryptographic components must be used.

Plugin required: in order to see this object, your browser has to support files of type text/html. Download

Principal Investigators

  Name Working area(s) Contact
Prof. Eric Bodden
Secure Software Engineering
E1
+49 5251 60-6563
F1. 125
Prof. Mira Mezini
Software Technology Group
E1, E5
+49 6151 16-21360
S2|02 A212

Researchers

  Name Contact
Krishna Narasimhan
Software Technology & Reactive Programming
+49 6151 16-21369
S2|02 A216
Michael Reif
Software Technology Group
+49 6151 16-21364
S2|02 A226
Michael Schlichtig
Secure Software Engineering
+49 5251 60-6583
Anna-Katharina Wickert
Software Technology Group
+49 6151 16-21364
S2|02 A226

Publications

Reif, Michael and Kübler, Florian and Helm, Dominik and Hermann, Ben and Eichberg, Michael and Mezini, Mira (2020):
TACAI: An Intermediate Representation Based on Abstract Interpretation.
In: SOAP 2020-9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, London, UK, June 2020, pp. 2-7, ISBN 9781450379977,
DOI: 10.1145/3394451.3397204,
[Online-Edition: https://pldi20.sigplan.org/home/SOAP-2020],
[Conference or Workshop Item]

Krüger, Stefan and Ali, Karim and Bodden, Eric (2020):
CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs.
In: International Symposium on Code Generation and Optimization, San Diego, CA, USA, February 22.-26., 2020, [Online-Edition: https://cgo-conference.github.io/cgo2020/],
[Conference or Workshop Item]

Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira (2019):
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In: IEEE Transactions on Software Engineering, 2019. Institute of Electrical and Electronics Engineers, ISSN 1939-3520,
DOI: 10.1109/TSE.2019.2948910,
[Online-Edition: https://ieeexplore.ieee.org/abstract/document/8880510],
[Article]

Reif, Michael and Kübler, Florian and Eichberg, Michael and Helm, Dominik and Mezini, Mira (2019):
Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs.
In: 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'19), Beijing, China, 15.07.-19.0.7. 2019, pp. 251-261, ISBN 978-1-4503-6224-5,
DOI: 10.1145/3293882.3330555,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3293882&picked=prox],
[Conference or Workshop Item]

Amann, Sven and Nguyen, Hoan Anh and Nadi, Sarah and Nguyen, Tien N. and Mezini, Mira (2019):
Investigating Next Steps in Static API-Misuse Detection.
In: MSR, In: Proceedings of the 16th International Conference on Mining Software Repositories, k.A., IEEE, In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), Montreal, QC, Canada, Sun 26 - Mon 27 May 2019, [Online-Edition: https://conf.researchr.org/home/msr-2019],
[Conference or Workshop Item]

Speth, Jonathan (2019):
How secure are business applications? An in-depth study on the security of business applications.
Darmstadt, TU Darmstadt, [Bachelor Thesis]

Wickert, Anna-Katharina and Reif, Michael and Eichberg, Michael and Dodhy, Anam and Mezini, Mira (2019):
A Dataset of Parametric Cryptographic Misuses.
IEEE, In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), [Conference or Workshop Item]

Krüger, Stefan and Hermann, Ben (2019):
Can an online service predict gender?: on the state-of-the-art in gender identification from texts.
In: GE@ICSE 2019 : 2nd Workshop on Gender Equality in Software Engineering, Montreal, Canada, May 27, 2019, DOI: 10.1109/GE.2019.00012,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3339011],
[Conference or Workshop Item]

Fasihi Yazdi, Mohsen (2018):
Study on Security Level of "Security Stack Exchange": How Trustable are Code Snippet on this Plattform?!
TU Darmstadt, [Master Thesis]

Keshavaprakash, Manoj (2018):
A Benchmark for New and Existing Model Comparison.
TU Darmstadt, [Master Thesis]

Schmid, Jakob (2018):
Independent Compilation for the Arithmetic Black Box.
TU Darmstadt, [Master Thesis]

Helm, Dominik and Kübler, Florian and Eichberg, Michael and Reif, Michael and Mezini, Mira (2018):
A unified lattice model and framework for purity analyses.
In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ACM, In: ASE 2018, Corum, Montpellier, France, 3.-7.9.2018, pp. 340-350, DOI: 10.1145/3238147.3238226,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3238226],
[Conference or Workshop Item]

Helm, Dominik (2018):
A Framework for Modular Purity Analyses.
TU Darmstadt, [Master Thesis]

Dodhy, Anam (2018):
Misuses of Parameters for Cryptographic APIs.
TU Darmstadt, [Master Thesis]

Nanjunde Gowda, Vidyashree (2018):
Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities.
TU Darmstadt, [Master Thesis]

Eichberg, Michael and Kübler, Florian and Helm, Dominik and Reif, Michael and Salvaneschi, Guido and Mezini, Mira (2018):
Lattice Based Modularization of Static Analyses.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, ACM, In: SOAP 2018, Amsterdam, Netherlands, pp. 113-118, DOI: 10.1145/3236454.3236509,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236509],
[Conference or Workshop Item]

Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira (2018):
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), Schloss Dagstuhl-Leibniz-Zentrum für Informatik, In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), Amsterdam, The Netherlands, 15.-21.07.2018, pp. 10:1-10:27, DOI: 10.4230/LIPIcs.ECOOP.2018.10,
[Online-Edition: https://2018.ecoop.org/],
[Conference or Workshop Item]

Reif, Michael and Eichberg, Michael and Kübler, Florian and Mezini, Mira (2018):
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, ACM, In: SOAP 2018, Amsterdam, Netherlands, pp. 107-112, DOI: 10.1145/3236454.3236503,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236503],
[Conference or Workshop Item]

Nguyen, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric (2018):
VisuFlow: a Debugging Environment for Static Analyses.
In: ICSE, ACM, [Conference or Workshop Item]

Glanz, Leonid and Amann, Sven and Eichberg, Michael and Reif, Michael and Mezini, Mira Tichy, Matthias and Bodden, Eric and Kuhrmann, Marco and Wagner, Stefan and Steghöfer, Jan-Philipp (eds.) (2018):
CodeMatch: Obfuscation Won't Conceal Your Repackaged App.
In: Software Engineering und Software Management 2018, Gesellschaft für Informatik, pp. 117-118, [Book Section]

Amann, Sven and Nguyen, Hoan Anh and Nadi, Sarah and Nguyen, Tien and Mezini, Mira (2018):
A Systematic Evaluation of API-Misuse Detectors.
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, [Article]

Reif, Michael and Eichberg, Michael and Mezini, Mira Tichy, Matthias and Bodden, Eric and Kuhrmann, Marco and Wagner, Stefan and Steghöfer, Jan-Philipp (eds.) (2018):
Call Graph Construction for Java Libraries.
Bonn, Gesellschaft für Informatik, In: Software Engineering und Software Management 2018, Bonn, pp. 119-120, [Conference or Workshop Item]

Kübler, Florian (2017):
Foundations of a refinement-based framework for escape analyses.
Darmstadt, Technische Universität, [Master Thesis]

Singh, Govind (2017):
o Static Bug Finders Identify API Misuses?
Darmstadt, Technische Universität, [Master Thesis]

Müller, Patrick (2017):
Reconstruction of Obfuscated Strings.
TU Darmstadt, [Master Thesis]

Krüger, Stefan and Nadi, Sarah and Reif, Michael and Ali, Karim and Mezini, Mira and Bodden, Eric and Göpfert, Florian and Günther, Felix and Weinert, Christian and Demmler, Daniel and Kamath, Ram (2017):
CogniCrypt: Supporting Developers in using Cryptography.
In: Automated Software Engineering (ASE'17), Piscataway, NJ, USA, ACM, Piscataway, NJ, USA, DOI: 10.1109/ASE.2017.8115707,
[Online-Edition: http://dl.acm.org/citation.cfm?id=3155562.3155681],
[Conference or Workshop Item]

Späth, Johannes and Ali, Karim and Bodden, Eric (2017):
IDEal: Efficient and Precise Alias-aware Dataflow Analysis.
In: 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), ACM Press, [Conference or Workshop Item]

Glanz, Leonid and Amann, Sven and Eichberg, Michael and Reif, Michael and Hermann, Ben and Lerch, Johannes and Mezini, Mira (2017):
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 638-648, ISBN 978-1-4503-5105-8,
DOI: 10.1145/3106237.3106305,
[Online-Edition: http://dl.acm.org/citation.cfm?id=3106305],
[Conference or Workshop Item]

Hauck, Markus and Savvides, Savvas and Eugster, Patrick and Mezini, Mira and Salvaneschi, Guido (2016):
SecureScala: Scala embedding of secure computations.
In: Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala, ACM, [Conference or Workshop Item]

Späth, Johannes and Nguyen, Lisa and Ali, Karim and Bodden, Eric (2016):
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
In: European Conference on Object-Oriented Programming, Dagstuhl, Rome, Italy, p. 25, [Conference or Workshop Item]

Nadi, Sarah and Krüger, Stefan and Mezini, Mira and Bodden, Eric (2016):
"Jumping Through Hoops" Why do Java Developers Struggle With Cryptography APIs?
In: International Conference on Software Engineering, ACM, Austin, Texas, USA, [Conference or Workshop Item]

Amann, Sven and Nadi, Sarah and Nguyen, Hoan A. and Nguyen, Tien N. and Mezini, Mira (2016):
MUBench: A Benchmark for API-Misuse Detectors.
In: MSR'16, In: Proceedings of the 13th International Conference on Mining Software Repositories, In: 13th International Conference on Mining Software Repositories, Austin, Texas, USA, May 14–15, 2016, [Conference or Workshop Item]

Nadi, Sarah and Krüger, Stefan (2016):
Variability Modeling of Cryptographic Components (Clafer Experience Report).
In: Proceedings of the Tenth International Workshop on Variability Modelling of Software-intensive Systems, In: Tenth International Workshop on Variability Modelling of Software-intensive Systems, Salvador, Brazil, 27. - 29.1.2016, [Conference or Workshop Item]

Reif, Michael and Eichberg, Michael and Hermann, Ben and Lerch, Johannes and Mezini, Mira (2016):
Call graph construction for Java libraries.
In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 474-486, DOI: 10.1145/2950290.2950312,
[Conference or Workshop Item]

Proksch, Sebastian and Lerch, Johannes and Mezini, Mira (2015):
Intelligent Code Completion with Bayesian Networks.
In: ACM Transactions on Software Engineering and Methodology (TOSEM), 25 (1), ACM Press, pp. 3:1-3:31, [Online-Edition: http://doi.acm.org/10.1145/2744200],
[Article]

Lerch, Johannes and Späth, Johannes and Bodden, Eric and Mezini, Mira (2015):
Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths.
In: Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), Washington, DC, USA, IEEE Computer Society, In: Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on, Lincoln, Nebraska, USA, 9.-13. November 2015, pp. 619-629, [Online-Edition: https://dl.acm.org/citation.cfm?id=2916135&picked=prox],
[Conference or Workshop Item]

Arzt, Steven and Nadi, Sarah and Ali, Karim and Bodden, Eric and Erdweg, Sebastian and Mezini, Mira (2015):
Towards Secure Integration of Cryptographic Software.
In: Proceedings of the 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, In: OOPSLA Onward!, Piitsburgh, 25.10.2015, [Online-Edition: http://2015.splashcon.org/track/onward2015-papers],
[Conference or Workshop Item]

Medeiros, Flávio and Kästner, Christian and Ribeiro, Márcio and Nadi, Sarah and Gheyi, Rohit (2015):
The Love/Hate Relationship with the C Preprocessor: An Interview Study.
In: European Conference on Object-Oriented Programming, Prague, Czech Republic, pp. 999-1022, [Conference or Workshop Item]

Zhou, Shurui and Al-Kofahi, Jafar and Nguyen, Tien and Kaestner, Christian and Nadi, Sarah (2015):
Extracting Configuration Knowledge from Build Files with Symbolic Analysis.
In: 3rd International Workshop on Release Engineering, Florence, Italy, p. 4, [Conference or Workshop Item]

CROSSING DFG Logo kurz