Panathon aims to continue a successful trend of program analysis workshops such as SOAP, DECAF at ISSTA, WALA, Panathon(2018). Workshops of this style not only demonstrate emerging technologies but also provide student participants with an opportunity to discover their own research interests, encourage discovery of the contributions that new students and researchers alike can make to existing projects, facilitate the expansion of existing topics by all participants, and encourage the generation of new ideas.

Panathon is structured as a hackathon, with workshop activities centering on extending the static analysis tool CogniCrypt. CogniCrypt is an official Eclipse project implementing a Soot-based static analysis to detect misuses of cryptographic APIs.

The workshop aims at giving attendees an interactive experience in contributing to a valuable industry-relevant tool. Through a guided experience extending the framework for a typical use case for CogniCrypt, not only can participants become familiar with the tool, but they will also have an opportunity to observe its usability, extendability, and purpose.

Participants are encouraged to discuss how they have used this/similar tools, as well as how this research relates to their own work, and any other contributions that could be made in the future to the advancement of program analysis and software security.

Activities

The following is a general outline of some sessions that will be held:

  • Introduction: an overview of CogniCrypt will be presented and participants will be guided through running the tool on an example

  • CrySL Rule extension: participants will iteratively build a CrySL rule in order to enable detecting an error!

  • CogniCrypt Extension: CogniCrypt is being extended to use runtime information! Some details and exploration of this extension provided here!

Workshop Sessions

Title
Guest Talk: One Is Not Enough: Integrating CogniCrypt into Multiple IDEs and Editors with MagpieBridge
Panathon
Session 1: Introduction to CogniCrypt
Panathon
Session 2: CrySL – How does CogniCrypt Know What is Right or Wrong, Anyway?
Panathon
Session 3: Dynamic CogniCrypt – Static Failures and Dynamic Successes
Panathon
Session 4: Crypto Task Hackathon
Panathon

Plenary
You're viewing the program in a time zone which is different from your device's time zone change time zone

Tue 16 Jul

Displayed time zone: Belfast change

09:00 - 10:15
Introduction to CogniCryptPanathon at Epernay
09:00
75m
Tutorial
Session 1: Introduction to CogniCrypt
Panathon
P: Stefan Krüger Paderborn University
10:45 - 12:15
CrySL – How does CogniCrypt Know What is Right or Wrong, Anyway?Panathon at Epernay
10:45
15m
Demonstration
Guest Talk: One Is Not Enough: Integrating CogniCrypt into Multiple IDEs and Editors with MagpieBridge
Panathon
P: Linghui Luo Paderborn University
11:00
75m
Session 2: CrySL – How does CogniCrypt Know What is Right or Wrong, Anyway?
Panathon
Stefan Krüger Paderborn University
13:30 - 15:00
Dynamic CogniCrypt – Static Failures and Dynamic SuccessesPanathon at Epernay
13:30
90m
Demonstration
Session 3: Dynamic CogniCrypt – Static Failures and Dynamic Successes
Panathon
Kristen Newbury University of Alberta
15:30 - 17:00
Crypto Task HackathonPanathon at Epernay
15:30
90m
Session 4: Crypto Task Hackathon
Panathon

17:30 - 19:30
Social HourCatering at Socials

CogniCrypt Setup: Session 1+2

For the purpose of this Panathon, you need to set up Eclipse. During the first session, we will ask you to implement a small challenge. You can find the stub related to this challenge here. It is a regular Java project that may be imported into Eclipse.

For the second part of session 1 and session 2, you will need to install CogniCrypt to it. We recommend to pick a Eclipse IDE for Java Developers package at least in version 2018-12. CogniCrypt can be most easily installed through its update site. We refer participants unfamiliar with Eclipse plugin installation to this tutorial for further information. Upon reaching the screen below, please select all five available plugins in both categories as they are all needed over the course of the Panathon.


drawing

Once installation has been completed by restarting Eclipse, you may test whether the basic functionality is working. For the code generator, click the CogniCrypt button in the Eclipse toolbar. If it causes the CogniCrypt code-generation wizard to launch, the plugin has been installed successfully.



1553511869323


The analysis can be triggered by right-clicking on a sample project in the Package Explorer view, and then selecting “Run CogniCrypt Analysis on Selected Project”.


1553511883178

CogniCrypt Setup: Session 4

For the hackathon challenge in this session, you need to download this project stub.