Home > Research Groups > Software Engineering > Teaching > Project Group CogniCrypt++ - Bringing Secure Cryptography to C/C++ Applications with PhASAR

Project Group CogniCrypt++ - Bringing Secure Cryptography to C/C++ Applications with PhASAR

Project Group

Multiple studies have shown that Crypto APIs are often misused by application developers. Such misuses are caused by a mix of too low-level API esign and a general lack of domain knowledge among developers.  Often, they do not know which algorithms are secure under which circumstances and make easy mistakes, causing their implementation to be insecure.

The tool  CogniCrypt aims to support for existing cryptographic APIs and to integrate cryptography securely into their application. It does so by lifting the level of abstraction to a more convenient level by generating task-based wrapper code for the APIs. Additionally, it runs static analyses on the code to alert the application developers when they are using an insecure algorithm or misuse the API.

The big drawback: CogniCrypt only supports Java. Crypto libraries in other languages come with very similar problems as the ones in Java. In this project, we hence plan to port CogniCrypt to C++ using the widely acclaimed static analysis framework PhASAR. This new tool - CogniCrypt++ - will come with the same feature set as the original for Java and will be integrated into Visual Studio Code using the Language Server Protocol.

To build this tool, knowledge in code generation and analysis is required. In the first phase of the project group, you will familiarize yourself with said topics and prepare a first design of how to combine these techniques in order to provide effective tool support.

In the second phase, the group will split into several sub groups that work on smaller components of the tool. At the end of the year, all components must be integrated with each other to build a stable prototype.

Requirements

  • Advanced C++ skills
  • Knowledge of good software design and efficient programming (beneficial)
  • Knowledge of cryptography, static analysis, and variability modeling (beneficial)

Registering:

To attend the project group, you have to adhere to the process which was announced during the kick-off on January 28th.

We will set up assignments in Jupyter and have short interviews with interested students.

Presentation Slides

You can find the kick-off slides here.