Panathon aims to continue a successful trend of program analysis workshops such as SOAP, DECAF at ISSTA, WALA, Panathon(2018). Workshops of this style not only demonstrate emerging technologies but also provide student participants with an opportunity to discover their own research interests, encourage discovery of the contributions that new students and researchers alike can make to existing projects, facilitate the expansion of existing topics by all participants, and encourage the generation of new ideas.
Panathon is structured as a hackathon, with workshop activities centering on extending the static analysis tool CogniCrypt. CogniCrypt is an official Eclipse project implementing a Soot-based static analysis to detect misuses of cryptographic APIs.
The workshop aims at giving attendees an interactive experience in contributing to a valuable industry-relevant tool. Through a guided experience extending the framework for a typical use case for CogniCrypt, not only can participants become familiar with the tool, but they will also have an opportunity to observe its usability, extendability, and purpose.
Participants are encouraged to discuss how they have used this/similar tools, as well as how this research relates to their own work, and any other contributions that could be made in the future to the advancement of program analysis and software security.
The following is a general outline of some sessions that we intend to hold:
Introduction: an overview of CogniCrypt will be presented and participants will be guided through running the tool on an example
CrySL Rule extension: participants will iteratively build a CrySL rule in order to enable detecting an error!
CogniCrypt Extension: CogniCrypt is being extended to use runtime information! Some details and exploration of this extension provided here!