CogniCrypt: Supporting developers in using cryptography

Stefan Kruger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Gopfert, Felix Gunther, Christian Weinert, Daniel Demmler, Ram Kamath

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Previous research suggests that developers often struggle using low-level cryptographic APIs and, as a result, produce insecure code. When asked, developers desire, among other things, more tool support to help them use such APIs. In this paper, we present CogniCrypt, a tool that supports developers with the use of cryptographic APIs. CogniCrypt assists the developer in two ways. First, for a number of common cryptographic tasks, CogniCrypt generates code that implements the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously runs static analyses in the background to ensure a secure integration of the generated code into the developer's workspace. This video demo showcases the main features of CogniCrypt: youtube.com/watch?v=JUq5mRHfAWY.

Original languageEnglish (US)
Title of host publicationASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering
EditorsTien N. Nguyen, Grigore Rosu, Massimiliano Di Penta
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages931-936
Number of pages6
ISBN (Electronic)9781538626849
DOIs
StatePublished - Nov 20 2017
Event32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017 - Urbana-Champaign, United States
Duration: Oct 30 2017Nov 3 2017

Publication series

NameASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

Conference

Conference32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017
Country/TerritoryUnited States
CityUrbana-Champaign
Period10/30/1711/3/17

Keywords

  • Code Analysis
  • Code Generation
  • Cryptography
  • Variability Modeling

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Optimization

Fingerprint

Dive into the research topics of 'CogniCrypt: Supporting developers in using cryptography'. Together they form a unique fingerprint.

Cite this