E1 - Secure Integration of Cryptographic Software

E1 – Secure Integration of Cryptographic Software

Download

Software engineers are regularly overwhelmed by the usage constraints that cryptographic components impose on their application interfaces. Frequently, components are initialized incorrectly, or security-sensitive error situations remain unhandled. Furthermore, programmers may disregard composition rules, leading to insecure combinations of cryptographic components. This project addresses these issues by providing an integrated system that not only pre-selects sensible combinations of components according to the developer's security demands, but also helps the developer to securely integrate them into his software system.

Researchers

Dr. Michael Eichberg
Software Technology Group

Research Interests:

  • Software architectures and static analyses.
  • Software engineering.

Stefan Krüger
Secure Software Engineering Group

Research Interests:

  • API Misuse.
  • Variability Modeling and Code Generation.

Michael Reif
Software Technology Group

Research Interests:

  • Intersection of programming languages and security.
  • Static analysis and call graphs in a security context.

Anna-Katharina Wickert
Software Technology Group

Research Interests:

  • Static analysis focused on software security.
  • API misuse.

Publications

Fasihi Yazdi, Mohsen :
Study on Security Level of "Security Stack Exchange": How Trustable are Code Snippet on this Plattform?!
TU Darmstadt
[Masterarbeit] , (2018)

Keshavaprakash, Manoj :
A Benchmark for New and Existing Model Comparison.
TU Darmstadt
[Masterarbeit] , (2018)

Schmid, Jakob :
Independent Compilation for the Arithmetic Black Box.
TU Darmstadt
[Masterarbeit] , (2018)

Helm, Dominik ; Kübler, Florian ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira :
A unified lattice model and framework for purity analyses.
[Online-Edition: http://www.ase2018.com/]
In: ASE 2018, 3.-7.9.2018, Corum, Montpellier, France. Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering ACM
[Conference or workshop item] , (2018)

Helm, Dominik :
A Framework for Modular Purity Analyses.
TU Darmstadt
[Masterarbeit] , (2018)

Dodhy, Anam :
Misuses of Parameters for Cryptographic APIs.
TU Darmstadt
[Masterarbeit] , (2018)

Nanjunde Gowda, Vidyashree :
Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities.
TU Darmstadt
[Masterarbeit] , (2018)

Krüger, Stefan ; Späth, Johannes ; Ali, Karim ; Bodden, Eric ; Mezini, Mira :
CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
[Online-Edition: https://2018.ecoop.org/]
In: 32nd European Conference on Object-Oriented Programming (ECOOP 2018), 15.-21.07.2018, Amsterdam, The Netherlands. 32nd European Conference on Object-Oriented Programming (ECOOP 2018) Schloss Dagstuhl-Leibniz-Zentrum für Informatik
[Conference or workshop item] , (2018)

Nguyen, Lisa ; Krüger, Stefan ; Hill, Patrick ; Ali, Karim ; Bodden, Eric :
VisuFlow: a Debugging Environment for Static Analyses.
ICSE ACM
[Conference or workshop item] , (2018)

Amann, Sven ; Nguyen, Hoan Anh ; Nadi, Sarah ; Nguyen, Tien ; Mezini, Mira :
A Systematic Evaluation of API-Misuse Detectors.
In: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
[Article] , (2018)

Eichberg, Michael ; Kübler, Florian ; Helm, Dominik ; Reif, Michael ; Salvaneschi, Guido ; Mezini, Mira :
Lattice Based Modularization of Static Analyses.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops. In: ACM .
[Conference or workshop item] , (2018)

Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira :
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
In: ACM .
[Conference or workshop item] , (2018)

Reif, Michael ; Eichberg, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) :

Call Graph Construction for Java Libraries.
In: Software Engineering und Software Management 2018, Bonn. Gesellschaft für Informatik , Bonn
[Conference or workshop item] , (2018)

Kübler, Florian :
Foundations of a refinement-based framework for escape analyses.
TU Darmstadt
[Masterarbeit] , (2017)

Singh, Govind :
o Static Bug Finders Identify API Misuses?
TU Darmstadt
[Masterarbeit] , (2017)

Müller, Patrick :
Reconstruction of Obfuscated Strings.
TU Darmstadt
[Masterarbeit] , (2017)

Krüger, Stefan ; Nadi, Sarah ; Reif, Michael ; Ali, Karim ; Mezini, Mira ; Bodden, Eric ; Göpfert, Florian ; Günther, Felix ; Weinert, Christian ; Demmler, Daniel ; Kamath, Ram :
CogniCrypt: Supporting Developers in using Cryptography.
[Online-Edition: http://dl.acm.org/citation.cfm?id=3155562.3155681]
Automated Software Engineering (ASE'17) ACM , Piscataway, NJ, USA
[Conference or workshop item] , (2017)

Späth, Johannes ; Ali, Karim ; Bodden, Eric :
IDEal: Efficient and Precise Alias-aware Dataflow Analysis.
2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH) ACM Press
[Conference or workshop item] , (2017)

Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira :
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
[Online-Edition: http://dl.acm.org/citation.cfm?id=3106305]
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering Paderborn, Germany
[Conference or workshop item] , (2017)

Hauck, Markus ; Savvides, Savvas ; Eugster, Patrick ; Mezini, Mira ; Salvaneschi, Guido :
SecureScala: Scala embedding of secure computations.
Proceedings of the 2016 7th ACM SIGPLAN Symposium on Scala ACM
[Conference or workshop item] , (2016)

Späth, Johannes ; Nguyen, Lisa ; Ali, Karim ; Bodden, Eric :
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
European Conference on Object-Oriented Programming Dagstuhl
[Conference or workshop item] , (2016)

Nadi, Sarah ; Krüger, Stefan ; Mezini, Mira ; Bodden, Eric :
"Jumping Through Hoops" Why do Java Developers Struggle With Cryptography APIs?
International Conference on Software Engineering ACM
[Conference or workshop item] , (2016)

Amann, Sven ; Nadi, Sarah ; Nguyen, Hoan A. ; Nguyen, Tien N. ; Mezini, Mira :
MUBench: A Benchmark for API-Misuse Detectors.
In: 13th International Conference on Mining Software Repositories, May 14–15, 2016, Austin, Texas, USA. In: MSR'16 .
[Conference or workshop item] , (2016)

Nadi, Sarah ; Krüger, Stefan :
Variability Modeling of Cryptographic Components (Clafer Experience Report).
In: Tenth International Workshop on Variability Modelling of Software-intensive Systems, 27. - 29.1.2016, Salvador, Brazil. In: Proceedings of the Tenth International Workshop on Variability Modelling of Software-intensive Systems .
[Conference or workshop item] , (2016)

Reif, Michael ; Eichberg, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira :
Call graph construction for Java libraries.
In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering.
[Conference or workshop item] , (2016)

Lerch, Johannes ; Späth, Johannes ; Bodden, Eric ; Mezini, Mira :
Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths.
[Online-Edition: https://dl.acm.org/citation.cfm?id=2916135&picked=prox]
In: Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on, 9.-13. November 2015, Lincoln, Nebraska, USA. Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) IEEE Computer Society , Washington, DC, USA
[Conference or workshop item] , (2015)

Arzt, Steven ; Nadi, Sarah ; Ali, Karim ; Bodden, Eric ; Erdweg, Sebastian ; Mezini, Mira :
Towards Secure Integration of Cryptographic Software.
[Online-Edition: http://2015.splashcon.org/track/onward2015-papers]
In: OOPSLA Onward!, 25.10.2015, Piitsburgh. In: Proceedings of the 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software .
[Conference or workshop item] , (2015)

Medeiros, Flávio ; Kästner, Christian ; Ribeiro, Márcio ; Nadi, Sarah ; Gheyi, Rohit :
The Love/Hate Relationship with the C Preprocessor: An Interview Study.
European Conference on Object-Oriented Programming
[Conference or workshop item] , (2015)

Zhou, Shurui ; Al-Kofahi, Jafar ; Nguyen, Tien ; Kaestner, Christian ; Nadi, Sarah :
Extracting Configuration Knowledge from Build Files with Symbolic Analysis.
3rd International Workshop on Release Engineering
[Conference or workshop item] , (2015)

go to TU-biblio search on ULB website