CogniCrypt: supporting developers in using cryptography

by Stefan Krüger, Sarah Nadi, Karim Ali, Michael Reif, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, and Ram Kamath

Abstract: Previous research suggests that developers often struggle using low-level cryptographic APIs and, as a result, produce insecure code. When asked, developers desire, among other things, more tool support to help them use such APIs. In this paper, we present CogniCrypt, a tool that supports developers with the use of cryptographic APIs. CogniCrypt assists the developer in two ways. First, for a number of common cryptographic tasks, CogniCrypt generates code that implements the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously runs static analyses in the background to ensure a secure integration of the generated code into the developer’s workspace. This video demo showcases the main features of CogniCrypt: youtube.com/watch?v=JUq5mRHfAWY.

Resources

• Download preprint
• Visit website

BibTeX

@inproceedings {KNAR+,
  title = {{CogniCrypt: supporting developers in using cryptography}},
  author = {Krüger, Stefan and Nadi, Sarah and Ali, Karim and Reif, Michael and Mezini, Mira and Bodden, Eric and Göpfert, Florian and Günther, Felix and Weinert, Christian and Demmler, Daniel and Kamath, Ram},
  booktitle = {{Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering}},
  series = {ASE 2017},
  pages = {931-936},
  year = {2017},
}
        

---