Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
jump to main content
Search Details
Quicksearch:
OK
Result-List
Title
Title
Content
Content
Page
Page
Search Book
CogniCrypt - the secure integration of cryptographic software / Stefan Krüger ; Advisors: Prof. Dr. Eric Bodden, Prof. Dr. Karim Ali. Paderborn, 2020
Content
Introduction
A Motivating Example
A Broader Perspective
Contributions of the Thesis
Structure of the thesis
Background
Cryptography
Low-level Cryptographic Operations
Transport Layer Security (TLS)
Implementation in Java
Static Data-Flow Analysis
Types of Analyses
Analysis Configuration
CogniCrypt
CogniCrypt in a Nutshell
Integrated Components
Use Cases
APIs
Conclusion
Related Work
Usability & Re-design of Crypto APIs
Propping up Libraries
Fixing Existing Resources for Helping Software Developers
Security Awareness in Organisations
Conclusion
CrySL
Syntax
Design Decisions Behind CrySL
Sections in a CrySL Rule
CrySL Formal Semantics
Basic Definitions
Runtime Semantics
Implementation
Limitations
Related Work
Languages for Specifying and Checking API Properties
Inference/Mining of API-usage Specifications
Conclusion
CogniCryptsast
Detecting Misuses of Crypto APIs
Implementation
Crypto-API Misuse in Android Apps
Precision and Recall (RQ1)
Types of Misuses (RQ2)
Performance (RQ3)
Comparison to Existing Tools (RQ4)
Threats to Validity
Crypto-API Misuse in Secruity-critical Android Apps
Setup
Results (RQ5 – RQ7)
Case Studies
Crypto-API Misuse in Java Software
Setup
Results (RQ8 – RQ10)
Case Studies
Related Work
Detecting Misuses of Crypto APIs
Repairing Misuses of Crypto APIs
Conclusion
CogniCryptgen
Generating Secure Code From CrySL
Design Considerations
Configuring Solutions with Java Code Templates
Generating Secure Code from Templates
Implementation Details
Evaluation
Implementation of common use cases (RQ11)
Performance (RQ12 and RQ13)
Effort of Artefact Creation and Maintenance (RQ14)
Usability (RQ15)
Discussion
Threats To Validity
Related Work
Generating API Usage Code
Generating Secure Code
Conclusion
User Study
Related Work
Experimental Design
Object of the Experiment and Methodology
Participants and Experiment Context
Collected Measurements
Survey Questionnaire
Pre-Testing
Results
Functionality (RQ16)
Security (RQ17)
Completion Time (RQ18)
Usability (RQ19)
Obstacles (RQ20)
Discussion
Threats to Validity
Conclusion
Further Applications of CrySL
CryptoOracle – Wrapper Library with Runtime Checks
CogniCryptfix – Fixing Cryptographic Misuses in Vulnerable Code
CogniCrypttest – Generating Test Suites for APIs
CogniCryptdoc – Generating documentation for hard-to-use APIs
Conclusion
Conclusion
Bibliography
The search-operation requires javascript to be activated.