Eclipse CogniCrypt

Eclipse CogniCrypt is an intelligent open-source platform ensuring the secure usage of crypto components.

Publications

Learn more about the cutting-edge technology behind CogniCrypt

Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems

Johannes Späth, Karim Ali, Eric Bodden

POPL 2019

In this paper we show how Pushdown Systems allow CogniCrypt to conduct an analysis with near perfect precision.
    PDF

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini

ECOOP 2018

This paper describes the syntax and semantics of our specification language CrySL.
     Awarded: Artifact Evaluation Award
    PDF

IDEal: Efficient and Precise Alias-aware Dataflow Analysis

Johannes Späth, Karim Ali, Eric Bodden

OOPSLA/SPLASH 2017

A general purpose static data-flow framework that CogniCrypt uses to detect incorrect call sequences.
     Awarded: Artifact Evaluation Award
    PDF

CogniCrypt: Supporting Developers in using Cryptography

Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath

ASE 2017 (Tool Track)

This paper gives a high-level overview of the CogniCrypt tool.
    PDF

Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?

Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden

ICSE 2016

A study evaluating why developers struggle with security using crypto, and how they can be helped.
    PDF