Eclipse CogniCrypt

Eclipse CogniCrypt is an intelligent open-source platform ensuring the secure usage of crypto components.


Learn more about the cutting-edge technology behind CogniCrypt

Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems

Johannes Späth, Karim Ali, Eric Bodden

POPL 2019

In this paper we show how Pushdown Systems allow CogniCrypt to conduct an analysis with near perfect precision.

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini

ECOOP 2018

This paper describes the syntax and semantics of our specification language CrySL.
     Awarded: Artifact Evaluation Award

IDEal: Efficient and Precise Alias-aware Dataflow Analysis

Johannes Späth, Karim Ali, Eric Bodden


A general purpose static data-flow framework that CogniCrypt uses to detect incorrect call sequences.
     Awarded: Artifact Evaluation Award

CogniCrypt: Supporting Developers in using Cryptography

Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath

ASE 2017 (Tool Track)

This paper gives a high-level overview of the CogniCrypt tool.

Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?

Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden

ICSE 2016

A study evaluating why developers struggle with security using crypto, and how they can be helped.