Panathon aims to continue a successful trend of program analysis workshops such as SOAP, DECAF at ISSTA, WALA, Panathon(2018). Workshops of this style not only demonstrate emerging technologies but also provide student participants with an opportunity to discover their own research interests, encourage discovery of the contributions that new students and researchers alike can make to existing projects, facilitate the expansion of existing topics by all participants, and encourage the generation of new ideas.

Panathon is structured as a hackathon, with workshop activities centering on extending the static analysis tool CogniCrypt. CogniCrypt is an official Eclipse project implementing a Soot-based static analysis to detect misuses of cryptographic APIs.

The workshop aims at giving attendees an interactive experience in contributing to a valuable industry-relevant tool. Through a guided experience extending the framework for a typical use case for CogniCrypt, not only can participants become familiar with the tool, but they will also have an opportunity to observe its usability, extendability, and purpose.

Participants are encouraged to discuss how they have used this/similar tools, as well as how this research relates to their own work, and any other contributions that could be made in the future to the advancement of program analysis and software security.

Activities

The following is a general outline of some sessions that will be held:

  • Introduction: an overview of CogniCrypt will be presented and participants will be guided through running the tool on an example

  • CrySL Rule extension: participants will iteratively build a CrySL rule in order to enable detecting an error!

  • CogniCrypt Extension: CogniCrypt is being extended to use runtime information! Some details and exploration of this extension provided here!

Workshop Sessions

Title

Tue 16 Jul

panathon-2019-papers
09:00 - 10:15: Panathon 2019 - Introduction to CogniCrypt at Epernay
panathon-2019-papers09:00 - 10:15
Tutorial
Stefan KrügerPaderborn University
panathon-2019-papers
10:45 - 12:15: Panathon 2019 - CrySL – How does CogniCrypt Know What is Right or Wrong, Anyway? at Epernay
panathon-2019-papers10:45 - 11:00
Demonstration
Linghui LuoPaderborn University
panathon-2019-papers11:00 - 12:15
Stefan KrügerPaderborn University
panathon-2019-papers
13:30 - 15:00: Panathon 2019 - Dynamic CogniCrypt – Static Failures and Dynamic Successes at Epernay
panathon-2019-papers13:30 - 15:00
Demonstration
Kristen NewburyUniversity of Alberta
panathon-2019-papers
15:30 - 17:00: Panathon 2019 - Crypto Task Hackathon at Epernay
panathon-2019-papers15:30 - 17:00

CogniCrypt Setup: Session 1+2

For the purpose of this Panathon, you need to set up Eclipse. During the first session, we will ask you to implement a small challenge. You can find the stub related to this challenge here. It is a regular Java project that may be imported into Eclipse.

For the second part of session 1 and session 2, you will need to install CogniCrypt to it. We recommend to pick a Eclipse IDE for Java Developers package at least in version 2018-12. CogniCrypt can be most easily installed through its update site. We refer participants unfamiliar with Eclipse plugin installation to this tutorial for further information. Upon reaching the screen below, please select all five available plugins in both categories as they are all needed over the course of the Panathon.


drawing

Once installation has been completed by restarting Eclipse, you may test whether the basic functionality is working. For the code generator, click the CogniCrypt button in the Eclipse toolbar. If it causes the CogniCrypt code-generation wizard to launch, the plugin has been installed successfully.



1553511869323


The analysis can be triggered by right-clicking on a sample project in the Package Explorer view, and then selecting “Run CogniCrypt Analysis on Selected Project”.


1553511883178

CogniCrypt Setup: Session 4

For the hackathon challenge in this session, you need to download this project stub.