Sciweavers

OOPSLA
2015
Springer

Towards secure integration of cryptographic software

8 years 11 days ago
Towards secure integration of cryptographic software
While cryptography is now readily available to everyone and can, provably, protect private information from attackers, we still frequently hear about major data leakages, many of which are due to improper use of cryptographic mechanisms. The problem is that many application developers are not cryptographic experts. Even though high-quality cryptographic APIs are widely available, programmers often select the wrong algorithms or misuse APIs due to a lack of understanding. Such issues arise with both simple operations such as encryption as well as with complex secure communication protocols such as SSL. In this paper, we provide a long-term solution that helps application developers integrate cryptographic components correctly and securely by bridging the gap between cryptographers and application developers. Our solution consists of a software product line (with an underlying feature model) that automatically identifies the correct cryptographic algorithms to use, based on the develop...
Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, S
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where OOPSLA
Authors Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, Sebastian Erdweg, Mira Mezini
Comments (0)