Project Areas

E – Engineering

E1 – Secure Integration of Cryptographic Software

Software engineers are known to often misuse cryptography, causing the applications that they develop to become insecure. The overall goal of the project is to support developers by providing them tool automation to facilitate secure integration of cryptographic software. For this purpose, the project designs software development and analysis techniques and implements those in the tool CogniCrypt. In CROSSING II the project focuses on providing crypto experts tool automation to facilitate the complete and correct specification of how cryptographic components must be used.

Error: Loading of resource has failed

Go to original web page

Principal Investigators

  Name Working area(s) Contact
Prof. Eric Bodden
Secure Software Engineering
E1
+49 5251 60-6563
F1. 125
Prof. Mira Mezini
Software Technology Group
E1, E5
+49 6151 16-21360
S2|02 A212

Researchers

  Name Contact
Dr. Krishna Narasimhan
Software Technology & Reactive Programming
+49 6151 16-21369
S2|02 A216
Michael Reif
Software Technology Group
+49 6151 16-21364
S2|02 A226
Michael Schlichtig
Secure Software Engineering
+49 5251 60-6583
Anna-Katharina Wickert
Software Technology Group
+49 6151 16-21364
S2|02 A226

Publications

Lauinger, Johannes ; Baumgärtner, Lars ; Wickert, Anna-Katharina ; Mezini, Mira (2020):
Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild.
In: Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 410-417,
IEEE, TrustCom 2020, virtual Conference, 29.12.2020-01.01.2021, ISBN 978-0-7381-4380-4,
[Conference or Workshop Item]

Helm, Dominik ; Kübler, Florian ; Reif, Michael ; Eichberg, Michael (2020):
Modular Collaborative Program Analysis in OPAL.
pp. 184-196, ACM, 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), virtual Conference, 06.-16.11., DOI: 10.1145/3368089.3409765,
[Conference or Workshop Item]

Glanz, Leonid ; Müller, Patrick ; Baumgärtner, Lars ; Reif, Michael ; Anthonysamy, Pauline ; Mezini, Mira (2020):
Hidden in Plain Sight:Obfuscated Strings Threatening Your Privacy.
In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 694-707,
ACM, 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS '20), virtual Conference, 05.-09.10, ISBN 978-1-4503-6750-9,
DOI: 10.1145/3320269.3384745,
[Conference or Workshop Item]

Helm, Dominik ; Kübler, Florian ; Kölzer, Jan Thomas ; Haller, Philipp ; Eichberg, Michael ; Salvaneschi, Guido ; Mezini, Mira (2020):
A Programming Model for Semi-implicit Parallelization of Static Analyses.
pp. 428-439, ACM, ISSTA '20: 29th SIGSOFT International Symposium on Software Testing and Analysis, virtual Conference, 18.-22.07., ISBN 978-1-4503-8008-9,
DOI: 10.1145/3395363.3397367,
[Conference or Workshop Item]

Reif, Michael ; Kübler, Florian ; Helm, Dominik ; Hermann, Ben ; Eichberg, Michael ; Mezini, Mira (2020):
TACAI: An Intermediate Representation Based on Abstract Interpretation.
pp. 2-7, SOAP 2020-9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, London, UK, June 2020, ISBN 9781450379977,
DOI: 10.1145/3394451.3397204,
[Conference or Workshop Item]

Krüger, Stefan ; Ali, Karim ; Bodden, Eric (2020):
CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs.
International Symposium on Code Generation and Optimization, San Diego, CA, USA, February 22.-26., 2020, [Conference or Workshop Item]

Krüger, Stefan ; Späth, Johannes ; Ali, Karim ; Bodden, Eric ; Mezini, Mira (2019):
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In: IEEE Transactions on Software Engineering, 2019, Institute of Electrical and Electronics Engineers, ISSN 1939-3520,
DOI: 10.1109/TSE.2019.2948910,
[Article]

Reif, Michael ; Kübler, Florian ; Eichberg, Michael ; Helm, Dominik ; Mezini, Mira (2019):
Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs.
pp. 251-261, 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'19), Beijing, China, 15.07.-19.0.7. 2019, ISBN 978-1-4503-6224-5,
DOI: 10.1145/3293882.3330555,
[Conference or Workshop Item]

Amann, Sven ; Nguyen, Hoan Anh ; Nadi, Sarah ; Nguyen, Tien N. ; Mezini, Mira (2019):
Investigating Next Steps in Static API-Misuse Detection.
In: MSR, In: Proceedings of the 16th International Conference on Mining Software Repositories,
k.A., IEEE, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), Montreal, QC, Canada, Sun 26 - Mon 27 May 2019, [Conference or Workshop Item]

Speth, Jonathan (2019):
How secure are business applications? An in-depth study on the security of business applications.
Darmstadt, TU Darmstadt, [Bachelor Thesis]

Wickert, Anna-Katharina ; Reif, Michael ; Eichberg, Michael ; Dodhy, Anam ; Mezini, Mira (2019):
A Dataset of Parametric Cryptographic Misuses.
IEEE, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), [Conference or Workshop Item]

Krüger, Stefan ; Hermann, Ben (2019):
Can an online service predict gender?: on the state-of-the-art in gender identification from texts.
GE@ICSE 2019 : 2nd Workshop on Gender Equality in Software Engineering, Montreal, Canada, May 27, 2019, DOI: 10.1109/GE.2019.00012,
[Conference or Workshop Item]

Fasihi Yazdi, Mohsen (2018):
Study on Security Level of "Security Stack Exchange": How Trustable are Code Snippet on this Plattform?!
TU Darmstadt, [Master Thesis]

Keshavaprakash, Manoj (2018):
A Benchmark for New and Existing Model Comparison.
TU Darmstadt, [Master Thesis]

Schmid, Jakob (2018):
Independent Compilation for the Arithmetic Black Box.
TU Darmstadt, [Master Thesis]

Helm, Dominik ; Kübler, Florian ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira (2018):
A unified lattice model and framework for purity analyses.
In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 340-350,
ACM, ASE 2018, Corum, Montpellier, France, 3.-7.9.2018, DOI: 10.1145/3238147.3238226,
[Conference or Workshop Item]

Helm, Dominik (2018):
A Framework for Modular Purity Analyses.
TU Darmstadt, [Master Thesis]

Dodhy, Anam (2018):
Misuses of Parameters for Cryptographic APIs.
TU Darmstadt, [Master Thesis]

Nanjunde Gowda, Vidyashree (2018):
Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities.
TU Darmstadt, [Master Thesis]

Eichberg, Michael ; Kübler, Florian ; Helm, Dominik ; Reif, Michael ; Salvaneschi, Guido ; Mezini, Mira (2018):
Lattice Based Modularization of Static Analyses.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, pp. 113-118,
ACM, SOAP 2018, Amsterdam, Netherlands, DOI: 10.1145/3236454.3236509,
[Conference or Workshop Item]

Krüger, Stefan ; Späth, Johannes ; Ali, Karim ; Bodden, Eric ; Mezini, Mira (2018):
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), pp. 10:1-10:27,
Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 32nd European Conference on Object-Oriented Programming (ECOOP 2018), Amsterdam, The Netherlands, 15.-21.07.2018, DOI: 10.4230/LIPIcs.ECOOP.2018.10,
[Conference or Workshop Item]

Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira (2018):
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, pp. 107-112,
ACM, SOAP 2018, Amsterdam, Netherlands, DOI: 10.1145/3236454.3236503,
[Conference or Workshop Item]

Nguyen, Lisa ; Krüger, Stefan ; Hill, Patrick ; Ali, Karim ; Bodden, Eric (2018):
VisuFlow: a Debugging Environment for Static Analyses.
In: ICSE,
ACM, [Conference or Workshop Item]

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) (2018):
CodeMatch: Obfuscation Won't Conceal Your Repackaged App.
In: Software Engineering und Software Management 2018, pp. 117-118, Gesellschaft für Informatik, [Book Section]

Amann, Sven ; Nguyen, Hoan Anh ; Nadi, Sarah ; Nguyen, Tien ; Mezini, Mira (2018):
A Systematic Evaluation of API-Misuse Detectors.
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, [Article]

Reif, Michael ; Eichberg, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) (2018):
Call Graph Construction for Java Libraries.
pp. 119-120, Bonn, Gesellschaft für Informatik, Software Engineering und Software Management 2018, Bonn, [Conference or Workshop Item]

Kübler, Florian (2017):
Foundations of a refinement-based framework for escape analyses.
Darmstadt, Technische Universität, [Master Thesis]

Singh, Govind (2017):
o Static Bug Finders Identify API Misuses?
Darmstadt, Technische Universität, [Master Thesis]

Müller, Patrick (2017):
Reconstruction of Obfuscated Strings.
TU Darmstadt, [Master Thesis]

Krüger, Stefan ; Nadi, Sarah ; Reif, Michael ; Ali, Karim ; Mezini, Mira ; Bodden, Eric ; Göpfert, Florian ; Günther, Felix ; Weinert, Christian ; Demmler, Daniel ; Kamath, Ram (2017):
CogniCrypt: Supporting Developers in using Cryptography.
In: Automated Software Engineering (ASE'17),
Piscataway, NJ, USA, ACM, Piscataway, NJ, USA, DOI: 10.1109/ASE.2017.8115707,
[Conference or Workshop Item]

Späth, Johannes ; Ali, Karim ; Bodden, Eric (2017):
IDEal: Efficient and Precise Alias-aware Dataflow Analysis.
In: 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH),
ACM Press, [Conference or Workshop Item]

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira (2017):
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 638-648,
Paderborn, Germany, Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ISBN 978-1-4503-5105-8,
DOI: 10.1145/3106237.3106305,
[Conference or Workshop Item]

Hauck, Markus ; Savvides, Savvas ; Eugster, Patrick ; Mezini, Mira ; Salvaneschi, Guido (2016):
SecureScala: Scala embedding of secure computations.
In: Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala,
ACM, [Conference or Workshop Item]

Späth, Johannes ; Nguyen, Lisa ; Ali, Karim ; Bodden, Eric (2016):
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
In: European Conference on Object-Oriented Programming, p. 25,
Dagstuhl, Rome, Italy, [Conference or Workshop Item]

Nadi, Sarah ; Krüger, Stefan ; Mezini, Mira ; Bodden, Eric (2016):
"Jumping Through Hoops" Why do Java Developers Struggle With Cryptography APIs?
In: International Conference on Software Engineering,
ACM, Austin, Texas, USA, [Conference or Workshop Item]

Amann, Sven ; Nadi, Sarah ; Nguyen, Hoan A. ; Nguyen, Tien N. ; Mezini, Mira (2016):
MUBench: A Benchmark for API-Misuse Detectors.
In: MSR'16, In: Proceedings of the 13th International Conference on Mining Software Repositories,
13th International Conference on Mining Software Repositories, Austin, Texas, USA, May 14–15, 2016, [Conference or Workshop Item]

Nadi, Sarah ; Krüger, Stefan (2016):
Variability Modeling of Cryptographic Components (Clafer Experience Report).
In: Proceedings of the Tenth International Workshop on Variability Modelling of Software-intensive Systems, Tenth International Workshop on Variability Modelling of Software-intensive Systems, Salvador, Brazil, 27. - 29.1.2016, [Conference or Workshop Item]

Reif, Michael ; Eichberg, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira (2016):
Call graph construction for Java libraries.
pp. 474-486, Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, DOI: 10.1145/2950290.2950312,
[Conference or Workshop Item]

Proksch, Sebastian ; Lerch, Johannes ; Mezini, Mira (2015):
Intelligent Code Completion with Bayesian Networks.
In: ACM Transactions on Software Engineering and Methodology (TOSEM), 25 (1), pp. 3:1-3:31. ACM Press, [Article]

Lerch, Johannes ; Späth, Johannes ; Bodden, Eric ; Mezini, Mira (2015):
Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths.
In: Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 619-629,
Washington, DC, USA, IEEE Computer Society, Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on, Lincoln, Nebraska, USA, 9.-13. November 2015, [Conference or Workshop Item]

Arzt, Steven ; Nadi, Sarah ; Ali, Karim ; Bodden, Eric ; Erdweg, Sebastian ; Mezini, Mira (2015):
Towards Secure Integration of Cryptographic Software.
In: Proceedings of the 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, OOPSLA Onward!, Piitsburgh, 25.10.2015, [Conference or Workshop Item]

Medeiros, Flávio ; Kästner, Christian ; Ribeiro, Márcio ; Nadi, Sarah ; Gheyi, Rohit (2015):
The Love/Hate Relationship with the C Preprocessor: An Interview Study.
In: European Conference on Object-Oriented Programming, pp. 999-1022,
Prague, Czech Republic, [Conference or Workshop Item]

Zhou, Shurui ; Al-Kofahi, Jafar ; Nguyen, Tien ; Kaestner, Christian ; Nadi, Sarah (2015):
Extracting Configuration Knowledge from Build Files with Symbolic Analysis.
In: 3rd International Workshop on Release Engineering, p. 4,
Florence, Italy, [Conference or Workshop Item]