E1 - Secure Integration of Cryptographic Software

E1 – Secure Integration of Cryptographic Software

Download

Software engineers are known to often misuse cryptography, causing the applications that they develop to become insecure. The overall goal of the project is to support developers by providing them tool automation to facilitate secure integration of cryptographic software. For this purpose, the project designs software development and analysis techniques and implements those in the tool CogniCrypt. In CROSSING II the project focuses on providing crypto experts tool automation to facilitate the complete and correct specification of how cryptographic components must be used.

Researchers

Dr. Michael Eichberg
Software Technology Group

Research Interests:

  • Software architectures and static analyses.
  • Software engineering.

Stefan Krüger
Secure Software Engineering Group

Research Interests:

  • API Misuse.
  • Variability Modeling and Code Generation.

Michael Reif
Software Technology Group

Research Interests:

  • Intersection of programming languages and security.
  • Static analysis and call graphs in a security context.

Anna-Katharina Wickert
Software Technology Group

Research Interests:

  • Static analysis focused on software security.
  • API misuse.

Publications

Wickert, Anna-Katharina ; Reif, Michael ; Eichberg, Michael ; Dodhy, Anam ; Mezini, Mira :
A Dataset of Parametric Cryptographic Misuses.
In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE
[ Konferenzveröffentlichung] , (2019)

Fasihi Yazdi, Mohsen :
Study on Security Level of "Security Stack Exchange": How Trustable are Code Snippet on this Plattform?!
TU Darmstadt
[Masterarbeit] , (2018)

Keshavaprakash, Manoj :
A Benchmark for New and Existing Model Comparison.
TU Darmstadt
[Masterarbeit] , (2018)

Schmid, Jakob :
Independent Compilation for the Arithmetic Black Box.
TU Darmstadt
[Masterarbeit] , (2018)

Helm, Dominik ; Kübler, Florian ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira :
A unified lattice model and framework for purity analyses.
[Online-Edition: https://dl.acm.org/citation.cfm?id=3238226]
In: ASE 2018, 3.-7.9.2018, Corum, Montpellier, France. Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering ACM
[ Konferenzveröffentlichung] , (2018)

Helm, Dominik :
A Framework for Modular Purity Analyses.
TU Darmstadt
[Masterarbeit] , (2018)

Dodhy, Anam :
Misuses of Parameters for Cryptographic APIs.
TU Darmstadt
[Masterarbeit] , (2018)

Nanjunde Gowda, Vidyashree :
Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities.
TU Darmstadt
[Masterarbeit] , (2018)

Eichberg, Michael ; Kübler, Florian ; Helm, Dominik ; Reif, Michael ; Salvaneschi, Guido ; Mezini, Mira :
Lattice Based Modularization of Static Analyses.
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236509]
In: SOAP 2018, Amsterdam, Netherlands. Companion Proceedings for the ISSTA/ECOOP 2018 Workshops ACM
[ Konferenzveröffentlichung] , (2018)

Krüger, Stefan ; Späth, Johannes ; Ali, Karim ; Bodden, Eric ; Mezini, Mira :
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
[Online-Edition: https://2018.ecoop.org/]
In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), 15.-21.07.2018, Amsterdam, The Netherlands. 32nd European Conference on Object-Oriented Programming (ECOOP 2018) Schloss Dagstuhl-Leibniz-Zentrum für Informatik
[ Konferenzveröffentlichung] , (2018)

Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira :
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236503]
In: SOAP 2018, Amsterdam, Netherlands. Companion Proceedings for the ISSTA/ECOOP 2018 Workshops ACM
[ Konferenzveröffentlichung] , (2018)

Nguyen, Lisa ; Krüger, Stefan ; Hill, Patrick ; Ali, Karim ; Bodden, Eric :
VisuFlow: a Debugging Environment for Static Analyses.
ICSE ACM
[ Konferenzveröffentlichung] , (2018)

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) :

CodeMatch: Obfuscation Won't Conceal Your Repackaged App.
In: Software Engineering und Software Management 2018. Gesellschaft für Informatik , S. 117-118.
[Book section] , (2018)

Amann, Sven ; Nguyen, Hoan Anh ; Nadi, Sarah ; Nguyen, Tien ; Mezini, Mira :
A Systematic Evaluation of API-Misuse Detectors.
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
[Article] , (2018)

Reif, Michael ; Eichberg, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) :

Call Graph Construction for Java Libraries.
In: Software Engineering und Software Management 2018, Bonn. Gesellschaft für Informatik , Bonn
[ Konferenzveröffentlichung] , (2018)

Kübler, Florian :
Foundations of a refinement-based framework for escape analyses.
TU Darmstadt
[Masterarbeit] , (2017)

Singh, Govind :
o Static Bug Finders Identify API Misuses?
TU Darmstadt
[Masterarbeit] , (2017)

Müller, Patrick :
Reconstruction of Obfuscated Strings.
TU Darmstadt
[Masterarbeit] , (2017)

Krüger, Stefan ; Nadi, Sarah ; Reif, Michael ; Ali, Karim ; Mezini, Mira ; Bodden, Eric ; Göpfert, Florian ; Günther, Felix ; Weinert, Christian ; Demmler, Daniel ; Kamath, Ram :
CogniCrypt: Supporting Developers in using Cryptography.
[Online-Edition: http://dl.acm.org/citation.cfm?id=3155562.3155681]
Automated Software Engineering (ASE'17) ACM , Piscataway, NJ, USA
[ Konferenzveröffentlichung] , (2017)

Späth, Johannes ; Ali, Karim ; Bodden, Eric :
IDEal: Efficient and Precise Alias-aware Dataflow Analysis.
2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH) ACM Press
[ Konferenzveröffentlichung] , (2017)

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira :
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
[Online-Edition: http://dl.acm.org/citation.cfm?id=3106305]
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering Paderborn, Germany
[ Konferenzveröffentlichung] , (2017)

Hauck, Markus ; Savvides, Savvas ; Eugster, Patrick ; Mezini, Mira ; Salvaneschi, Guido :
SecureScala: Scala embedding of secure computations.
Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala ACM
[ Konferenzveröffentlichung] , (2016)

Späth, Johannes ; Nguyen, Lisa ; Ali, Karim ; Bodden, Eric :
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
European Conference on Object-Oriented Programming Dagstuhl
[ Konferenzveröffentlichung] , (2016)

Nadi, Sarah ; Krüger, Stefan ; Mezini, Mira ; Bodden, Eric :
"Jumping Through Hoops" Why do Java Developers Struggle With Cryptography APIs?
International Conference on Software Engineering ACM
[ Konferenzveröffentlichung] , (2016)

Amann, Sven ; Nadi, Sarah ; Nguyen, Hoan A. ; Nguyen, Tien N. ; Mezini, Mira :
MUBench: A Benchmark for API-Misuse Detectors.
In: 13th International Conference on Mining Software Repositories, May 14–15, 2016, Austin, Texas, USA. In: MSR'16 .
[ Konferenzveröffentlichung] , (2016)

Nadi, Sarah ; Krüger, Stefan :
Variability Modeling of Cryptographic Components (Clafer Experience Report).
In: Tenth International Workshop on Variability Modelling of Software-intensive Systems, 27. - 29.1.2016, Salvador, Brazil. In: Proceedings of the Tenth International Workshop on Variability Modelling of Software-intensive Systems .
[ Konferenzveröffentlichung] , (2016)

Reif, Michael ; Eichberg, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira :
Call graph construction for Java libraries.
In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering.
[ Konferenzveröffentlichung] , (2016)

Proksch, Sebastian ; Lerch, Johannes ; Mezini, Mira :
Intelligent Code Completion with Bayesian Networks.
[Online-Edition: http://doi.acm.org/10.1145/2744200]
In: ACM Transactions on Software Engineering and Methodology (TOSEM), 25 (1) 3:1-3:31.
[Article] , (2015)

Lerch, Johannes ; Späth, Johannes ; Bodden, Eric ; Mezini, Mira :
Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths.
[Online-Edition: https://dl.acm.org/citation.cfm?id=2916135&picked=prox]
In: Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on, 9.-13. November 2015, Lincoln, Nebraska, USA. Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) IEEE Computer Society , Washington, DC, USA
[ Konferenzveröffentlichung] , (2015)

Arzt, Steven ; Nadi, Sarah ; Ali, Karim ; Bodden, Eric ; Erdweg, Sebastian ; Mezini, Mira :
Towards Secure Integration of Cryptographic Software.
[Online-Edition: http://2015.splashcon.org/track/onward2015-papers]
In: OOPSLA Onward!, 25.10.2015, Piitsburgh. In: Proceedings of the 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software .
[ Konferenzveröffentlichung] , (2015)

Medeiros, Flávio ; Kästner, Christian ; Ribeiro, Márcio ; Nadi, Sarah ; Gheyi, Rohit :
The Love/Hate Relationship with the C Preprocessor: An Interview Study.
European Conference on Object-Oriented Programming
[ Konferenzveröffentlichung] , (2015)

Zhou, Shurui ; Al-Kofahi, Jafar ; Nguyen, Tien ; Kaestner, Christian ; Nadi, Sarah :
Extracting Configuration Knowledge from Build Files with Symbolic Analysis.
3rd International Workshop on Release Engineering
[ Konferenzveröffentlichung] , (2015)

go to TU-biblio search on ULB website