Panathon aims to continue a successful trend of program analysis workshops such as SOAP, DECAF at ISSTA, WALA, Panathon(2018). Workshops of this style not only demonstrate emerging technologies but also provide student participants with an opportunity to discover their own research interests, encourage discovery of the contributions that new students and researchers alike can make to existing projects, facilitate the expansion of existing topics by all participants, and encourage the generation of new ideas.
Panathon is structured as a hackathon, with workshop activities centering on extending the static analysis tool CogniCrypt. CogniCrypt is an official Eclipse project implementing a Soot-based static analysis to detect misuses of cryptographic APIs.
The workshop aims at giving attendees an interactive experience in contributing to a valuable industry-relevant tool. Through a guided experience extending the framework for a typical use case for CogniCrypt, not only can participants become familiar with the tool, but they will also have an opportunity to observe its usability, extendability, and purpose.
Participants are encouraged to discuss how they have used this/similar tools, as well as how this research relates to their own work, and any other contributions that could be made in the future to the advancement of program analysis and software security.
The following is a general outline of some sessions that will be held:
Introduction: an overview of CogniCrypt will be presented and participants will be guided through running the tool on an example
CrySL Rule extension: participants will iteratively build a CrySL rule in order to enable detecting an error!
CogniCrypt Extension: CogniCrypt is being extended to use runtime information! Some details and exploration of this extension provided here!
Tue 16 Jul Times are displayed in time zone: Greenwich Mean Time : Belfast change
|09:00 - 10:15|
|Session 1: Introduction to CogniCrypt|
P: Stefan KrügerPaderborn University
|10:45 - 11:00|
|Guest Talk: One Is Not Enough: Integrating CogniCrypt into Multiple IDEs and Editors with MagpieBridge|
P: Linghui LuoPaderborn University
|11:00 - 12:15||Session 2: CrySL – How does CogniCrypt Know What is Right or Wrong, Anyway?|
Stefan KrügerPaderborn University
|13:30 - 15:00|
|Session 3: Dynamic CogniCrypt – Static Failures and Dynamic Successes|
Kristen NewburyUniversity of Alberta
|15:30 - 17:00||Session 4: Crypto Task Hackathon|
Workshop Setup Information
For the purpose of this Panathon, you need to set up Eclipse. During the first session, we will ask you to implement a small challenge. You can find the stub related to this challenge here. It is a regular Java project that may be imported into Eclipse.
For the second part of session 1 and session 2, you will need to install CogniCrypt to it. We recommend to pick a Eclipse IDE for Java Developers package at least in version 2018-12. CogniCrypt can be most easily installed through its update site. We refer participants unfamiliar with Eclipse plugin installation to this tutorial for further information. Upon reaching the screen below, please select all five available plugins in both categories as they are all needed over the course of the Panathon.
Once installation has been completed by restarting Eclipse, you may test whether the basic functionality is working. For the code generator, click the CogniCrypt button in the Eclipse toolbar. If it causes the CogniCrypt code-generation wizard to launch, the plugin has been installed successfully.
The analysis can be triggered by right-clicking on a sample project in the Package Explorer view, and then selecting “Run CogniCrypt Analysis on Selected Project”.
For the hackathon challenge in this session, you need to download this project stub.