Onward! 2015
Sun 25 - Fri 30 October 2015 Pittsburgh, Pennsylvania, United States
co-located with SPLASH 2015
Wed 28 Oct 2015 13:30 - 13:52 at Grand Station 2 - Session the First Chair(s): Stéphane Ducasse

While cryptography is now readily available to everyone and can, provably, protect private information from attackers, we still frequently hear about major data leakages, many of which are due to improper use of cryptographic mechanisms. The problem is that many application developers are not cryptographic experts. Even though high-quality cryptographic APIs are widely available, programmers often select the wrong algorithms or misuse APIs due to a lack of understanding. Such issues arise with both simple operations such as encryption as well as with complex secure communication protocols such as SSL. In this paper, we provide a long-term solution that helps application developers integrate cryptographic components correctly and securely by bridging the gap between cryptographers and application developers. Our solution consists of a software product line (with an underlying feature model) that automatically identifies the correct cryptographic algorithms to use, based on the developer's answers to high-level questions in non-expert terminology. Each feature (i.e., cryptographic algorithm) maps into corresponding Java code and a usage protocol describing API restrictions. By composing the user's selected features, we automatically synthesize a secure code blueprint and a usage protocol that corresponds to the selected usage scenario. Since the developer may change the application code over time, we use the usage protocols to statically analyze the program and ensure that the correct use of the API is not violated over time.

Wed 28 Oct

Displayed time zone: Eastern Time (US & Canada) change

13:30 - 15:00
Session the FirstOnward! Papers at Grand Station 2
Chair(s): Stéphane Ducasse INRIA, France
13:30
22m
Talk
Towards Secure Integration of Cryptographic Software
Onward! Papers
Steven Arzt TU Darmstadt, Sarah Nadi Technische Universität Darmstadt, Karim Ali TU Darmstadt, Sebastian Erdweg TU Darmstadt, Germany, Eric Bodden Fraunhofer SIT and TU Darmstadt, Mira Mezini TU Darmstadt
Link to publication DOI Media Attached
13:52
22m
Talk
Runtime Metric Meets Developer - Building Better Cloud Applications Using Feedback
Onward! Papers
Jürgen Cito University of Zurich, Philipp Leitner University of Zurich, Harald Gall University of Zurich, Aryan Dadashi SAP, Anne Keller SAP, Andreas Roth SAP
Pre-print Media Attached
14:15
22m
Talk
Constraints as a Design Pattern
Onward! Papers
Hesam Samimi SAP Labs, Alessandro Warth SAP Labs, Mahdi Eslamimehr SAP Labs, Alan Borning University of Washington, USA
14:37
22m
Talk
The Moldable Inspector
Onward! Papers
Andrei Chiş University of Bern, Switzerland, Tudor Gîrba tudorgirba.com, Switzerland, Oscar Nierstrasz University of Bern, Switzerland, Aliaksei Syrel University of Bern, Switzerland
DOI Pre-print Media Attached