CogniCrypt - the secure integration of cryptographic software / Stefan Krüger ; Advisors: Prof. Dr. Eric Bodden, Prof. Dr. Karim Ali. Paderborn, 2020
Inhalt
- Introduction
- Background
- CogniCrypt
- Related Work
- Usability & Re-design of Crypto APIs
- Propping up Libraries
- Fixing Existing Resources for Helping Software Developers
- Security Awareness in Organisations
- Conclusion
- CrySL
- CogniCryptsast
- Detecting Misuses of Crypto APIs
- Implementation
- Crypto-API Misuse in Android Apps
- Precision and Recall (RQ1)
- Types of Misuses (RQ2)
- Performance (RQ3)
- Comparison to Existing Tools (RQ4)
- Threats to Validity
- Crypto-API Misuse in Secruity-critical Android Apps
- Crypto-API Misuse in Java Software
- Related Work
- Conclusion
- CogniCryptgen
- Generating Secure Code From CrySL
- Design Considerations
- Configuring Solutions with Java Code Templates
- Generating Secure Code from Templates
- Implementation Details
- Evaluation
- Implementation of common use cases (RQ11)
- Performance (RQ12 and RQ13)
- Effort of Artefact Creation and Maintenance (RQ14)
- Usability (RQ15)
- Discussion
- Threats To Validity
- Related Work
- Conclusion
- User Study
- Related Work
- Experimental Design
- Object of the Experiment and Methodology
- Participants and Experiment Context
- Collected Measurements
- Survey Questionnaire
- Pre-Testing
- Results
- Discussion
- Threats to Validity
- Conclusion
- Further Applications of CrySL
- CryptoOracle – Wrapper Library with Runtime Checks
- CogniCryptfix – Fixing Cryptographic Misuses in Vulnerable Code
- CogniCrypttest – Generating Test Suites for APIs
- CogniCryptdoc – Generating documentation for hard-to-use APIs
- Conclusion
- Conclusion
- Bibliography