CogniCrypt: Supporting developers in using cryptography

Previous research suggests that developers often struggle using low-level cryptographic APIs and, as a result, produce insecure code. When asked, developers desire, among other things, more tool support to help them use such APIs. In this paper, we present CogniCrypt, a tool that supports developers...

Full description

Saved in:
Bibliographic Details
Published in2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) pp. 931 - 936
Main Authors Kruger, Stefan, Nadi, Sarah, Reif, Michael, Ali, Karim, Mezini, Mira, Bodden, Eric, Gopfert, Florian, Gunther, Felix, Weinert, Christian, Demmler, Daniel, Kamath, Ram
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2017
Subjects
Ciphers
Code Analysis
Code Generation
Cryptography
Encryption
Java
Variability Modeling
Online AccessGet full text

Cover

More Information
Summary:Previous research suggests that developers often struggle using low-level cryptographic APIs and, as a result, produce insecure code. When asked, developers desire, among other things, more tool support to help them use such APIs. In this paper, we present CogniCrypt, a tool that supports developers with the use of cryptographic APIs. CogniCrypt assists the developer in two ways. First, for a number of common cryptographic tasks, CogniCrypt generates code that implements the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously runs static analyses in the background to ensure a secure integration of the generated code into the developer's workspace. This video demo showcases the main features of CogniCrypt: youtube.com/watch?v=JUq5mRHfAWY.
DOI:10.1109/ASE.2017.8115707