SlideShare a Scribd company logo
1 of 57
Download to read offline
ONWARD! ’15
Towards Secure Integration of
Cryptographic Software
Steven
Arzt
Sarah
Nadi
Karim
Ali
Eric
Bodden
Sebastian
Erdweg
Mira
Mezini
An Application Developer’s World
2
An Application Developer’s World
2
User accounts
Sensitive user
documents
Payment info.
An Application Developer’s World
2
User accounts
Sensitive user
documents
Payment info.
How to securely connect
to a server?
How to encrypt data?
Encryption vs
Hashing?
Encryption mode?
Salted hashing?
Problem Definition
3
Application developers are not
cryptographic experts!
Problem Definition
3
Application developers are not
cryptographic experts!
83% of 269 examined Common Vulnerabilities &
Exposures (CVE) are due to misuse of crypto libraries
[Lazar et al., APSys ’14]
Problem Definition
3
Application developers are not
cryptographic experts!
83% of 269 examined Common Vulnerabilities &
Exposures (CVE) are due to misuse of crypto libraries
[Lazar et al., APSys ’14]
Even companies like Amazon & Paypal
misuse SSL certificate validation
[Georgiev et al., CCS ‘12]
Problem Definition
3
Application developers are not
cryptographic experts!
83% of 269 examined Common Vulnerabilities &
Exposures (CVE) are due to misuse of crypto libraries
[Lazar et al., APSys ’14]
Even companies like Amazon & Paypal
misuse SSL certificate validation
[Georgiev et al., CCS ‘12] 88% of Android apps misuse
cryptography APIs in at least one way
[Egele et al., CCS ‘13]
4
So what exactly is a misuse?
4
So what exactly is a misuse?
Scope:
Java Cryptography Architecture (JCA)
5
Example of an API Misuse
6
1 byte[] key = ...
2
3 Cipher cipher = Cipher.getInstance("AES");
4
5 SecretKey keyObj = new SecretKeySpec(key,"AES");
6
7 cipher.init(Cipher.ENCRYPT_MODE, keyObj);
8 byte[] cipherText = cipher.doFinal(input);
Figure 1. Example of using an AES cipher
Example of an API Misuse
7
Depending on the provider, default mode
for AES is Electronic Codebook (ECB)
which is insecure
1 byte[] key = ...
2
3 Cipher cipher = Cipher.getInstance("AES");
4
5 SecretKey keyObj = new SecretKeySpec(key,"AES");
6
7 cipher.init(Cipher.ENCRYPT_MODE, keyObj);
8 byte[] cipherText = cipher.doFinal(input);
Figure 1. Example of using an AES cipher
ion must first check the issuer of a certificate before passing
his certificate on to the authentication primitive. Such usage
protocols can then be translated into static analyses that au-
Goals
8
Bridge the gap between application
developers & cryptography experts
Goals
8
Assist developers in choosing
appropriate components &
configurations
Bridge the gap between application
developers & cryptography experts
Goals
8
Assist developers in choosing
appropriate components &
configurations
Support automatic generation of
code that uses cryptography
securely
Bridge the gap between application
developers & cryptography experts
Goals
8
Assist developers in choosing
appropriate components &
configurations
Support automatic generation of
code that uses cryptography
securely
Support automatic validation of
code that uses cryptography &
notify developer of any problems
Bridge the gap between application
developers & cryptography experts
Long-term Vision
9
Crypto Algorithms &
correct configurations
Available on the
Crypto Store
Configured crypto
tasks
Observations
10
Observations
11
Different types of cryptography algorithms
Different types of cryptography algorithms
Observations
12
Different configurations within one class of algorithms
Observations
13
Different types of cryptography algorithms
 Different configurations within one class of algorithms
Tasks combine different algorithms
(often with some restrictions)
Observations
14
Lots of variability in cryptography!
Tasks combine different algorithms
(often with some restrictions)
Different types of cryptography algorithms
 Different configurations within one class of algorithms
Proposed Solution: IDE Plugin
15
Task-based
Software Product Line
of
Cryptography Components
Working Example: Password-based Encryption
16
1 // Key generation code
2 SecureRandom random = new SecureRandom();
3 byte[] salt = new byte[32];
4 random.nextBytes(salt);
5 PBEKeySpec spec = new PBEKeySpec(pwdChar, salt, 1000, 128);
6 SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
7 SecretKey key = skf.generateSecret(spec);
8
9 // Encryption code
0 Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
1 cipher.init(Cipher.ENCRYPT_MODE, key);
2 byte[] cipherText = cipher.doFinal(inputMsg);
Figure 3. Example of password-based encryption which requires the composition
1 abstract Algorithm
17
Modeling Language
18
Modeling Language
18
Attribute-based feature models with support for referencing
Modeling Language
18
Attribute-based feature models with support for referencing
www.clafer.org
Cryptography Feature Model in Clafer
19
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
Cryptography Feature Model in Clafer
20
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
Cryptography Feature Model in Clafer
21
17 [memory >=1 && memory
18 }
19
20 abstract SymmetricCipher : Ci
21 keySize -> integer
22
23 abstract SymmetricBlockCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCiph
32 [ name = "AES with 128b
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
Cryptography Feature Model in Clafer
22
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
42 [ secure ]
43 [ memory = 1 ]
44 [ keySize = 256 ]
45 [ blockSize = 128 ]
Figure 4. Clafer model for sample hash functions ciph
based encryption task
hash function) is a type of algorithm. It includes all pro
ties from Algorithm, but also adds more specific proper
such as outputSize. The outputSize property determi
orithm
tring
ce -> integer //Levels 1 - 4 (4 fastest)
mance >=1 && performance <= 4]
s
e
est : Algorithm
e -> integer //in bits
DerivationAlgorithm : Algorithm
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a password"]
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
Cryptography Feature Model in Clafer
23
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
42 [ secure ]
43 [ memory = 1 ]
44 [ keySize = 256 ]
45 [ blockSize = 128 ]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a pass
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
85 [cipher.keySize > 128]
Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als
based encryption task
hash function) is a type of algorithm. It includes all proper-
ties from Algorithm, but also adds more specific properties
such as outputSize. The outputSize property determines
the fixed length of the output produced by this hash func-
tion, measured in bits. Generally, the higher the number, the
harder it is to conduct a brute force attack against the hash
function. Similarly, Line 13 introduces an abstract Clafer
called KeyDerivationAlgorithm. In our example, it does
not have any additional properties. Lines 15–24 define the
different types of ciphers and the additional properties each
type might add to Algorithm. Lines 26–27 define an abstract
clafer called Task that we use to represent a cryptography-
related task (e.g., secure password storage, email transmis-
sion, data encryption, etc.).
Lines 30–71 define several instances of Cipher and
property to 4 and the outputSize to
variability for these properties. Simi
one instance of a key-derivation alg
as opposed to regular feature mode
actual instances and not just rely o
ble instances from Digest or Ciphe
combinations do not exist. For exam
pher with a key of 100 bits is a va
corresponding algorithm that suppor
A task that developers can later c
figurator is represented by a concrete
abstract clafer Task. Line 80 define
cryption task. Such a task needs a k
(Line 82), a digest to use with the k
(Line 83), and a cipher to perform
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a password"]
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
ipher
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf2 : KeyDerivationAlgorithm
72 [name = "PBKDF2"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
Cryptography Feature Model in Clafer
24
cCipher
67 [insecure]
68 [outputSize = 160]
69
70 sha_256: Digest
71 [name = "SHA-256"]
72 [outputSize = 256 ]
73 [secure]
74 [performance = 2]
75
76 KeyDerivationAlgorithms
77 pbkdf : KeyDerivationAlgorithm
78 [name = "PBKDF"]
79 [performance = 2]
80 [secure]
81 }
82
83 PasswordBasedEncryption : Task
84 [name = "Encrypt data using a given password"]
85 kda -> KeyDerivationAlgorithm
86 cipher -> SymmetricBlockCipher
87 [cipher.keySize = kda.outputKeySize]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a password"]
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
41 [ keySize = 256 ]
42 [ blockSize = 128 ]
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf2 : KeyDerivationAlgorithm
72 [name = "PBKDF2"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
81 [cipher.keySize > 128]
Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model also inclu
based encryption task
hash function) is a type of algorithm. It includes all proper-
ties from Algorithm, but also adds more specific properties
such as outputSize. The outputSize property determines
the fixed length of the output produced by this hash func-
tion, measured in bits. Generally, the higher the number, the
harder it is to conduct a brute force attack against the hash
function. Similarly, Line 12 introduces an abstract Clafer
called KeyDerivationAlgorithm. In our example, it does
not have any additional properties. Lines 14–22 define the
different types of ciphers and the additional properties each
type might add to Algorithm. Lines 24–25 define an abstract
clafer called Task that we use to represent a cryptography-
related task (e.g., secure password storage, email transmis-
one instance of a key-derivation algorithm.
as opposed to regular feature modeling, w
actual instances and not just rely on gene
ble instances from Digest or Cipher, simpl
combinations do not exist. For example, ev
pher with a key of 100 bits is a valid insta
corresponding algorithm that supports that.
A task that developers can later choose t
figurator is represented by a concrete clafer
abstract clafer Task. Line 76 defines a pass
cryption task. Such a task needs a key deriv
(Line 78), a digest to use with the key deriv
(Line 79), and a cipher to perform the ac
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
42 [ secure ]
43 [ memory = 1 ]
44 [ keySize = 256 ]
45 [ blockSize = 128 ]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a pass
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
85 [cipher.keySize > 128]
Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als
based encryption task
hash function) is a type of algorithm. It includes all proper-
ties from Algorithm, but also adds more specific properties
such as outputSize. The outputSize property determines
the fixed length of the output produced by this hash func-
tion, measured in bits. Generally, the higher the number, the
harder it is to conduct a brute force attack against the hash
function. Similarly, Line 13 introduces an abstract Clafer
called KeyDerivationAlgorithm. In our example, it does
not have any additional properties. Lines 15–24 define the
different types of ciphers and the additional properties each
type might add to Algorithm. Lines 26–27 define an abstract
clafer called Task that we use to represent a cryptography-
related task (e.g., secure password storage, email transmis-
sion, data encryption, etc.).
Lines 30–71 define several instances of Cipher and
property to 4 and the outputSize to
variability for these properties. Simi
one instance of a key-derivation alg
as opposed to regular feature mode
actual instances and not just rely o
ble instances from Digest or Ciphe
combinations do not exist. For exam
pher with a key of 100 bits is a va
corresponding algorithm that suppor
A task that developers can later c
figurator is represented by a concrete
abstract clafer Task. Line 80 define
cryption task. Such a task needs a k
(Line 82), a digest to use with the k
(Line 83), and a cipher to perform
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
Cryptography Feature Model in Clafer
25
Cipher
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a password"]
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
85 [cipher.keySize > 128]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a password"]
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >= 1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11
12 abstract KeyDerivationAlgorithm : Algorithm
13
14 abstract Cipher : Algorithm
15 memory -> integer //Levels 1 - 4 (1 lowest)
16 [memory >= 1 && memory <= 4]
17
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
43 DES: SymmetricBlockCipher
44 [ name = "DES"]
45 [ performance = 2 ]
46 [ memory = 2 ]
47 [ secure ]
48 [ keySize = 56 ]
49 [ blockSize = 64 ]
50
51 DigestAlgorithms
52 md5: Digest
53 [name = "MD5"]
54 [performance = 4]
55 [insecure]
56 [outputSize = 128]
57
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf : KeyDerivationAlgorithm
72 [name = "PBKDF"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
18 abstract SymmetricCipher : Cipher
19 keySize -> integer
20
21 abstract SymmetricBlockCipher : SymmetricCipher
22 blockSize -> integer
23
24 abstract Task
25 name -> string
26
27 Ciphers
28 AES128 : SymmetricBlockCipher
29 [ name = "AES with 128bit key" ]
30 [ performance = 3 ]
31 [ secure ]
32 [ memory = 1 ]
33 [ keySize = 128 ]
34 [ blockSize = 128 ]
35
36 AES256 : SymmetricBlockCipher
37 [ name = "AES with 256bit key"]
38 [ performance = 3 ]
39 [ secure ]
40 [ memory = 1 ]
41 [ keySize = 256 ]
42 [ blockSize = 128 ]
58 sha_1: Digest
59 [name = "SHA-1"]
60 [performance = 4]
61 [insecure]
62 [outputSize = 160]
63
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf2 : KeyDerivationAlgorithm
72 [name = "PBKDF2"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
81 [cipher.keySize > 128]
Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model also inclu
based encryption task
hash function) is a type of algorithm. It includes all proper-
ties from Algorithm, but also adds more specific properties
such as outputSize. The outputSize property determines
the fixed length of the output produced by this hash func-
tion, measured in bits. Generally, the higher the number, the
harder it is to conduct a brute force attack against the hash
function. Similarly, Line 12 introduces an abstract Clafer
called KeyDerivationAlgorithm. In our example, it does
not have any additional properties. Lines 14–22 define the
different types of ciphers and the additional properties each
type might add to Algorithm. Lines 24–25 define an abstract
clafer called Task that we use to represent a cryptography-
related task (e.g., secure password storage, email transmis-
one instance of a key-derivation algorithm.
as opposed to regular feature modeling, w
actual instances and not just rely on gene
ble instances from Digest or Cipher, simpl
combinations do not exist. For example, ev
pher with a key of 100 bits is a valid insta
corresponding algorithm that supports that.
A task that developers can later choose t
figurator is represented by a concrete clafer
abstract clafer Task. Line 76 defines a pass
cryption task. Such a task needs a key deriv
(Line 78), a digest to use with the key deriv
(Line 79), and a cipher to perform the ac
cCipher
67 [insecure]
68 [outputSize = 160]
69
70 sha_256: Digest
71 [name = "SHA-256"]
72 [outputSize = 256 ]
73 [secure]
74 [performance = 2]
75
76 KeyDerivationAlgorithms
77 pbkdf : KeyDerivationAlgorithm
78 [name = "PBKDF"]
79 [performance = 2]
80 [secure]
81 }
82
83 PasswordBasedEncryption : Task
84 [name = "Encrypt data using a given password"]
85 kda -> KeyDerivationAlgorithm
86 cipher -> SymmetricBlockCipher
87 [cipher.keySize = kda.outputKeySize]
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
37 [ blockSize = 128 ]
38
39 AES256 : SymmetricBlockCipher
40 [ name = "AES with 256bit key"]
41 [ performance = 3 ]
42 [ secure ]
43 [ memory = 1 ]
44 [ keySize = 256 ]
45 [ blockSize = 128 ]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
75 [name = "PBKDF"]
76 [performance = 2]
77 [secure]
78 }
79
80 PasswordBasedEncryption : Task
81 [name = "Encrypt data based on a pass
82 kda -> KeyDerivationAlgorithm
83 digest -> Digest
84 cipher -> SymmetricBlockCipher
85 [cipher.keySize > 128]
Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als
based encryption task
hash function) is a type of algorithm. It includes all proper-
ties from Algorithm, but also adds more specific properties
such as outputSize. The outputSize property determines
the fixed length of the output produced by this hash func-
tion, measured in bits. Generally, the higher the number, the
harder it is to conduct a brute force attack against the hash
function. Similarly, Line 13 introduces an abstract Clafer
called KeyDerivationAlgorithm. In our example, it does
not have any additional properties. Lines 15–24 define the
different types of ciphers and the additional properties each
type might add to Algorithm. Lines 26–27 define an abstract
clafer called Task that we use to represent a cryptography-
related task (e.g., secure password storage, email transmis-
sion, data encryption, etc.).
Lines 30–71 define several instances of Cipher and
property to 4 and the outputSize to
variability for these properties. Simi
one instance of a key-derivation alg
as opposed to regular feature mode
actual instances and not just rely o
ble instances from Digest or Ciphe
combinations do not exist. For exam
pher with a key of 100 bits is a va
corresponding algorithm that suppor
A task that developers can later c
figurator is represented by a concrete
abstract clafer Task. Line 80 define
cryption task. Such a task needs a k
(Line 82), a digest to use with the k
(Line 83), and a cipher to perform
1 abstract Algorithm
2 name -> string
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
46 DES: SymmetricBlockCipher
47 [ name = "DES"]
48 [ performance = 2 ]
49 [ memory = 2 ]
50 [ secure ]
51 [ keySize = 56 ]
52 [ blockSize = 64 ]
53
54 DigestAlgorithms
55 md5: Digest
56 [name = "MD5"]
57 [performance = 4]
58 [insecure]
59 [outputSize = 128]
60
61 sha_1: Digest
62 [name = "SHA-1"]
63 [performance = 4]
64 [insecure]
65 [outputSize = 160]
66
67 sha_256: Digest
68 [name = "SHA-256"]
69 [outputSize = 256 ]
70 [secure]
71 [performance = 2]
72
73 KeyDerivationAlgorithms
74 pbkdf : KeyDerivationAlgorithm
26
27
• Support method order restrictions
• Support parameter restrictions
Usage Protocol Language
28
• Support method order restrictions
• Support parameter restrictions
Usage Protocol Language
28
TS4J
[Bodden, SOAP ’14]
• Relies on fluent interfaces to build a domain specific
language (DSL), in Java
• Underlying typestate analysis
Typestate for Java (TS4J)
29
• Relies on fluent interfaces to build a domain specific
language (DSL), in Java
• Underlying typestate analysis
Typestate for Java (TS4J)
29
String CONS =
"<javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>";
return UsageProtocolAPI
.atCallTo(CONS)
.ifParameter(0, p -> !p.contains("/") || p.contains("/ECB"))
.reportError("Insecure block cipher mode");
Figure 6. TSJ4 Specification for Checking Block Cip
ert Java developers. Since our goal is to allow crypto-
Mapping to Code & Usage Protocols
30
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
46 DE
47 [
48 [
49 [
50 [
51 [
52 [
53
54 Digest
55 md5:
56 [n
57 [p
58 [i
59 [o
60
61 sha_
62 [n
63 [p
64 [i
65 [o
66
67 sha_
68 [n
69 [o
70 [s
71 [p
72
73 KeyDer
74 pbkd
75 [n
76 [p
77 [s
78 }
79
1 public class KeyDeriv {
2 private String algorithm = "";
3
4 public SecretKey getKey(String pwd) throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13 }
Figure 7. Generic key derivation code
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
1 String CONS =
2 "<javax.crypto.spec.PBEKEYSpec: void
<init>(char[],byte[],int,int)>";
3
4 return UsageProtocolAPI
5 .atCallTo(CONS)
6 .ifParameter(2, p -> p < 500)
7 .reportError("Not enough iterations");
Figure 5. TSJ4 Specification for Checking PBEKey
Iteration Count
by view count and score) asked on StackOverflow. W
currently preparing a questionnaire to extract more info
tion on the concrete problems faced by these developer
the causes of requesting help from the community. In
allel, we are currently conducting an empirical study o
uses of cryptography in real-world application code to
Code Template
Usage protocol
Mapping to Code & Usage Protocols
30
3 performance -> integer //Levels 1 - 4 (4 fastest)
4 [performance >=1 && performance <= 4]
5 xor status
6 secure
7 insecure
8
9 abstract Digest : Algorithm
10 outputSize -> integer //in bits
11 }
12
13 abstract KeyDerivationAlgorithm : Algorithm
14
15 abstract Cipher : Algorithm
16 memory -> integer //Levels 1 - 4 (1 lowest)
17 [memory >=1 && memory <= 4]
18 }
19
20 abstract SymmetricCipher : Cipher
21 keySize -> integer
22
23 abstract SymmetricBlockCipher : SymmetricCipher
24 blockSize -> integer
25
26 abstract Task
27 name -> string
28 }
29
30 Ciphers
31 AES128 : SymmetricBlockCipher
32 [ name = "AES with 128bit key" ]
33 [ performance = 3 ]
34 [ secure ]
35 [ memory = 1 ]
36 [ keySize = 128 ]
46 DE
47 [
48 [
49 [
50 [
51 [
52 [
53
54 Digest
55 md5:
56 [n
57 [p
58 [i
59 [o
60
61 sha_
62 [n
63 [p
64 [i
65 [o
66
67 sha_
68 [n
69 [o
70 [s
71 [p
72
73 KeyDer
74 pbkd
75 [n
76 [p
77 [s
78 }
79
1 public class KeyDeriv {
2 private String algorithm = "";
3
4 public SecretKey getKey(String pwd) throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13 }
Figure 7. Generic key derivation code
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
1 String CONS =
2 "<javax.crypto.spec.PBEKEYSpec: void
<init>(char[],byte[],int,int)>";
3
4 return UsageProtocolAPI
5 .atCallTo(CONS)
6 .ifParameter(2, p -> p < 500)
7 .reportError("Not enough iterations");
Figure 5. TSJ4 Specification for Checking PBEKey
Iteration Count
by view count and score) asked on StackOverflow. W
currently preparing a questionnaire to extract more info
tion on the concrete problems faced by these developer
the causes of requesting help from the community. In
allel, we are currently conducting an empirical study o
uses of cryptography in real-world application code to
Code Template
Usage protocol
Mapping to Code & Usage Protocols
31
3
4 public SecretKey getKey(String pwd) throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13 }
Figure 7. Generic key derivation code
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
3
4 public SecretKey getKey(String pwd) throws ... {
5 return original(pwd);
6 }
7 }
Figure 8. Refining the generic key derivation code in Fig-
ure 7 using FeatureHouse to use the PBKDF2 algorithm
challenge to detect such inconsistencies and report them to
the developer in an understandable terminology.
Code Template
No additional usage
protocol necessary
64 sha_256: Digest
65 [name = "SHA-256"]
66 [outputSize = 256 ]
67 [secure]
68 [performance = 2]
69
70 KeyDerivationAlgorithms
71 pbkdf2 : KeyDerivationAlgorithm
72 [name = "PBKDF2"]
73 [performance = 2]
74 [secure]
75
76 PasswordBasedEncryption : Task
77 [name = "Encrypt data based on a password"]
78 kda -> KeyDerivationAlgorithm
79 digest -> Digest
80 cipher -> SymmetricBlockCipher
81 [cipher.keySize > 128]
unctions ciphers and key derivation algorithms. Model also includes a pas
cludes all proper- one instance of a key-derivation algorithm. Note he
32
32
Boundary between feature model
& usage protocol?
33
Configurator
34
Configurator
35
Configurator
36
PasswordBasedEncryption
kda = pbkdf2
cipher = AES with 128bit key
Composer
37
Composer
PBKDF2
1 public class KeyDeriv {
2 private String algorithm = "";
3
4 public SecretKey getKey(String pwd) throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13 }
Figure 7. Generic key derivation code
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
3
4 public SecretKey getKey(String pwd) throws ... {
5 return original(pwd);
6 }
7 }
Figure 8. Refining the generic key derivation code in Fig-
ure 7 using FeatureHouse to use the PBKDF2 algorithm
challenge to detect such inconsistencies and report them to
the developer in an understandable terminology.
In the background, ClaferIG uses a SAT solver to gener-
ate the instances that satisfy the given constraints7
. We are
currently developing the configurator as an Eclipse plugin
and exploring the tradeoffs between a filtering approach and
KeyDerivationAlgorithm
applied
om be-
ery call
omplex
rameter
ementa-
ensions
urrently
e TS4J
ily ex-
crypto-
thms to
domain
e proto-
he tasks
Clafer
ces that
ces are
straints.
oncrete
shown
xample
es that
s to as-
n other
devel-
laferIG
ble key
n task.
specify
ad a re-
greater
nt from
Line 85
stances
ES_128
not sat-
genera-
on [38].
1 public class KeyDeriv {
2 private String algorithm = "";
3
4 public SecretKey getKey(String pwd) throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13 }
Figure 7. Generic key derivation code
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
3
4 public SecretKey getKey(String pwd) throws ... {
5 return original(pwd);
6 }
7 }
Figure 8. Refining the generic key derivation code in Fig-
ure 7 using FeatureHouse to use the PBKDF2 algorithm
challenge to detect such inconsistencies and report them to
the developer in an understandable terminology.
In the background, ClaferIG uses a SAT solver to gener-
ate the instances that satisfy the given constraints7
. We are
currently developing the configurator as an Eclipse plugin
and exploring the tradeoffs between a filtering approach and
a step-wise approach.
The filtering approach is currently used in the online
Clafer configurator8
where all valid instances of a given
model are generated. Such instances are then filtered based
on the constraints enforced by the user selection. The down-
side to such a solution is that if the configuration space is
large, an extremely large number of instances would be gen-
erated, which is time-consuming.
In a step-wise approach (which is our current design ap-
proach), we present only valid selections to the user at each
step during the configuration process. The idea is that only
1 public class KeyDeriv {
2 private String algorithm = "PBKDF2WithHmacSHA1";
3
4 private SecretKey
getKey__wrappee__KeyDerivation(String pwd)
throws ... {
5 SecureRandom r = new SecureRandom();
6 byte[] salt = new byte[32];
7 r.nextBytes(salt);
8
9 PBEKeySpec spec = new
PBEKeySpec(pwd.toCharArray(), salt, 1000,
128);
10 SecretKeyFactory skf =
SecretKeyFactory.getInstance(algorithm);
11 return skf.generateSecret(spec);
12 }
13
14 public SecretKey getKey(String pwd) throws ... {
15 return getKey__wrappee__KeyDerivation(pwd);
16 }
17 }
Figure 9. Resulting composition of Figure 7 and Figure 8
3.4 Composer
Now that the right features (i.e., algorithms) needed to per
form the task have been selected by the configurator, we
[FeatureIDE, Thüm et al. 2014 & FeatureHouse, Apel et al. 2009]
FeatureHouse
(Feature-oriented programming
+ superimposition)
38
38
Feature interactions
during composition?
39
Challenges/Future Work
40
Mapping user’s selections
to parameters
Finding secure
code snippets
Different libraries
& library versions
Cryptography & library
evolution
More user-friendly
specification languages
41
Towards Secure Integration of
Cryptographic Software
S. Arzt, S. Nadi, K. Ali, E. Bodden, S. Erdweg, M. Mezini
Check out our poster
@6pm tonight

More Related Content

What's hot

What's hot (20)

ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin Infrastructure
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
CodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server APICodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server API
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
A tale of application development
A tale of application developmentA tale of application development
A tale of application development
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
 
SAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeSAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the code
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
 
JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 

Similar to Onward15

Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
QAware GmbH
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
Ramakanta Behera
 

Similar to Onward15 (20)

Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Application Security from the Inside - OWASP
Application Security from the Inside - OWASPApplication Security from the Inside - OWASP
Application Security from the Inside - OWASP
 
Application Security
Application SecurityApplication Security
Application Security
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
 
Up and Running with Angular
Up and Running with AngularUp and Running with Angular
Up and Running with Angular
 
Hyperledger 구조 분석
Hyperledger 구조 분석Hyperledger 구조 분석
Hyperledger 구조 분석
 
Groovy In the Cloud
Groovy In the CloudGroovy In the Cloud
Groovy In the Cloud
 
Everything as a Code / Александр Тарасов (Одноклассники)
Everything as a Code / Александр Тарасов (Одноклассники)Everything as a Code / Александр Тарасов (Одноклассники)
Everything as a Code / Александр Тарасов (Одноклассники)
 
Everything as a code
Everything as a codeEverything as a code
Everything as a code
 
Null meet Code Review
Null meet Code ReviewNull meet Code Review
Null meet Code Review
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 

Onward15

  • 1. ONWARD! ’15 Towards Secure Integration of Cryptographic Software Steven Arzt Sarah Nadi Karim Ali Eric Bodden Sebastian Erdweg Mira Mezini
  • 3. An Application Developer’s World 2 User accounts Sensitive user documents Payment info.
  • 4. An Application Developer’s World 2 User accounts Sensitive user documents Payment info. How to securely connect to a server? How to encrypt data? Encryption vs Hashing? Encryption mode? Salted hashing?
  • 5. Problem Definition 3 Application developers are not cryptographic experts!
  • 6. Problem Definition 3 Application developers are not cryptographic experts! 83% of 269 examined Common Vulnerabilities & Exposures (CVE) are due to misuse of crypto libraries [Lazar et al., APSys ’14]
  • 7. Problem Definition 3 Application developers are not cryptographic experts! 83% of 269 examined Common Vulnerabilities & Exposures (CVE) are due to misuse of crypto libraries [Lazar et al., APSys ’14] Even companies like Amazon & Paypal misuse SSL certificate validation [Georgiev et al., CCS ‘12]
  • 8. Problem Definition 3 Application developers are not cryptographic experts! 83% of 269 examined Common Vulnerabilities & Exposures (CVE) are due to misuse of crypto libraries [Lazar et al., APSys ’14] Even companies like Amazon & Paypal misuse SSL certificate validation [Georgiev et al., CCS ‘12] 88% of Android apps misuse cryptography APIs in at least one way [Egele et al., CCS ‘13]
  • 9. 4 So what exactly is a misuse?
  • 10. 4 So what exactly is a misuse? Scope:
  • 12. Example of an API Misuse 6 1 byte[] key = ... 2 3 Cipher cipher = Cipher.getInstance("AES"); 4 5 SecretKey keyObj = new SecretKeySpec(key,"AES"); 6 7 cipher.init(Cipher.ENCRYPT_MODE, keyObj); 8 byte[] cipherText = cipher.doFinal(input); Figure 1. Example of using an AES cipher
  • 13. Example of an API Misuse 7 Depending on the provider, default mode for AES is Electronic Codebook (ECB) which is insecure 1 byte[] key = ... 2 3 Cipher cipher = Cipher.getInstance("AES"); 4 5 SecretKey keyObj = new SecretKeySpec(key,"AES"); 6 7 cipher.init(Cipher.ENCRYPT_MODE, keyObj); 8 byte[] cipherText = cipher.doFinal(input); Figure 1. Example of using an AES cipher ion must first check the issuer of a certificate before passing his certificate on to the authentication primitive. Such usage protocols can then be translated into static analyses that au-
  • 14. Goals 8 Bridge the gap between application developers & cryptography experts
  • 15. Goals 8 Assist developers in choosing appropriate components & configurations Bridge the gap between application developers & cryptography experts
  • 16. Goals 8 Assist developers in choosing appropriate components & configurations Support automatic generation of code that uses cryptography securely Bridge the gap between application developers & cryptography experts
  • 17. Goals 8 Assist developers in choosing appropriate components & configurations Support automatic generation of code that uses cryptography securely Support automatic validation of code that uses cryptography & notify developer of any problems Bridge the gap between application developers & cryptography experts
  • 18. Long-term Vision 9 Crypto Algorithms & correct configurations Available on the Crypto Store Configured crypto tasks
  • 20. Observations 11 Different types of cryptography algorithms
  • 21. Different types of cryptography algorithms Observations 12 Different configurations within one class of algorithms
  • 22. Observations 13 Different types of cryptography algorithms Different configurations within one class of algorithms Tasks combine different algorithms (often with some restrictions)
  • 23. Observations 14 Lots of variability in cryptography! Tasks combine different algorithms (often with some restrictions) Different types of cryptography algorithms Different configurations within one class of algorithms
  • 24. Proposed Solution: IDE Plugin 15 Task-based Software Product Line of Cryptography Components
  • 25. Working Example: Password-based Encryption 16 1 // Key generation code 2 SecureRandom random = new SecureRandom(); 3 byte[] salt = new byte[32]; 4 random.nextBytes(salt); 5 PBEKeySpec spec = new PBEKeySpec(pwdChar, salt, 1000, 128); 6 SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); 7 SecretKey key = skf.generateSecret(spec); 8 9 // Encryption code 0 Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); 1 cipher.init(Cipher.ENCRYPT_MODE, key); 2 byte[] cipherText = cipher.doFinal(inputMsg); Figure 3. Example of password-based encryption which requires the composition 1 abstract Algorithm
  • 26. 17
  • 28. Modeling Language 18 Attribute-based feature models with support for referencing
  • 29. Modeling Language 18 Attribute-based feature models with support for referencing www.clafer.org
  • 30. Cryptography Feature Model in Clafer 19 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13
  • 31. 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string Cryptography Feature Model in Clafer 20 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"]
  • 32. Cryptography Feature Model in Clafer 21 17 [memory >=1 && memory 18 } 19 20 abstract SymmetricCipher : Ci 21 keySize -> integer 22 23 abstract SymmetricBlockCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCiph 32 [ name = "AES with 128b 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher
  • 33. Cryptography Feature Model in Clafer 22 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 42 [ secure ] 43 [ memory = 1 ] 44 [ keySize = 256 ] 45 [ blockSize = 128 ] Figure 4. Clafer model for sample hash functions ciph based encryption task hash function) is a type of algorithm. It includes all pro ties from Algorithm, but also adds more specific proper such as outputSize. The outputSize property determi orithm tring ce -> integer //Levels 1 - 4 (4 fastest) mance >=1 && performance <= 4] s e est : Algorithm e -> integer //in bits DerivationAlgorithm : Algorithm 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a password"] 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher
  • 34. Cryptography Feature Model in Clafer 23 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 42 [ secure ] 43 [ memory = 1 ] 44 [ keySize = 256 ] 45 [ blockSize = 128 ] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a pass 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 85 [cipher.keySize > 128] Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als based encryption task hash function) is a type of algorithm. It includes all proper- ties from Algorithm, but also adds more specific properties such as outputSize. The outputSize property determines the fixed length of the output produced by this hash func- tion, measured in bits. Generally, the higher the number, the harder it is to conduct a brute force attack against the hash function. Similarly, Line 13 introduces an abstract Clafer called KeyDerivationAlgorithm. In our example, it does not have any additional properties. Lines 15–24 define the different types of ciphers and the additional properties each type might add to Algorithm. Lines 26–27 define an abstract clafer called Task that we use to represent a cryptography- related task (e.g., secure password storage, email transmis- sion, data encryption, etc.). Lines 30–71 define several instances of Cipher and property to 4 and the outputSize to variability for these properties. Simi one instance of a key-derivation alg as opposed to regular feature mode actual instances and not just rely o ble instances from Digest or Ciphe combinations do not exist. For exam pher with a key of 100 bits is a va corresponding algorithm that suppor A task that developers can later c figurator is represented by a concrete abstract clafer Task. Line 80 define cryption task. Such a task needs a k (Line 82), a digest to use with the k (Line 83), and a cipher to perform 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a password"] 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher ipher 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf2 : KeyDerivationAlgorithm 72 [name = "PBKDF2"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task
  • 35. Cryptography Feature Model in Clafer 24 cCipher 67 [insecure] 68 [outputSize = 160] 69 70 sha_256: Digest 71 [name = "SHA-256"] 72 [outputSize = 256 ] 73 [secure] 74 [performance = 2] 75 76 KeyDerivationAlgorithms 77 pbkdf : KeyDerivationAlgorithm 78 [name = "PBKDF"] 79 [performance = 2] 80 [secure] 81 } 82 83 PasswordBasedEncryption : Task 84 [name = "Encrypt data using a given password"] 85 kda -> KeyDerivationAlgorithm 86 cipher -> SymmetricBlockCipher 87 [cipher.keySize = kda.outputKeySize] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a password"] 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 41 [ keySize = 256 ] 42 [ blockSize = 128 ] 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf2 : KeyDerivationAlgorithm 72 [name = "PBKDF2"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher 81 [cipher.keySize > 128] Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model also inclu based encryption task hash function) is a type of algorithm. It includes all proper- ties from Algorithm, but also adds more specific properties such as outputSize. The outputSize property determines the fixed length of the output produced by this hash func- tion, measured in bits. Generally, the higher the number, the harder it is to conduct a brute force attack against the hash function. Similarly, Line 12 introduces an abstract Clafer called KeyDerivationAlgorithm. In our example, it does not have any additional properties. Lines 14–22 define the different types of ciphers and the additional properties each type might add to Algorithm. Lines 24–25 define an abstract clafer called Task that we use to represent a cryptography- related task (e.g., secure password storage, email transmis- one instance of a key-derivation algorithm. as opposed to regular feature modeling, w actual instances and not just rely on gene ble instances from Digest or Cipher, simpl combinations do not exist. For example, ev pher with a key of 100 bits is a valid insta corresponding algorithm that supports that. A task that developers can later choose t figurator is represented by a concrete clafer abstract clafer Task. Line 76 defines a pass cryption task. Such a task needs a key deriv (Line 78), a digest to use with the key deriv (Line 79), and a cipher to perform the ac 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 42 [ secure ] 43 [ memory = 1 ] 44 [ keySize = 256 ] 45 [ blockSize = 128 ] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a pass 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 85 [cipher.keySize > 128] Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als based encryption task hash function) is a type of algorithm. It includes all proper- ties from Algorithm, but also adds more specific properties such as outputSize. The outputSize property determines the fixed length of the output produced by this hash func- tion, measured in bits. Generally, the higher the number, the harder it is to conduct a brute force attack against the hash function. Similarly, Line 13 introduces an abstract Clafer called KeyDerivationAlgorithm. In our example, it does not have any additional properties. Lines 15–24 define the different types of ciphers and the additional properties each type might add to Algorithm. Lines 26–27 define an abstract clafer called Task that we use to represent a cryptography- related task (e.g., secure password storage, email transmis- sion, data encryption, etc.). Lines 30–71 define several instances of Cipher and property to 4 and the outputSize to variability for these properties. Simi one instance of a key-derivation alg as opposed to regular feature mode actual instances and not just rely o ble instances from Digest or Ciphe combinations do not exist. For exam pher with a key of 100 bits is a va corresponding algorithm that suppor A task that developers can later c figurator is represented by a concrete abstract clafer Task. Line 80 define cryption task. Such a task needs a k (Line 82), a digest to use with the k (Line 83), and a cipher to perform 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm
  • 36. Cryptography Feature Model in Clafer 25 Cipher 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a password"] 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 85 [cipher.keySize > 128] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a password"] 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >= 1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 12 abstract KeyDerivationAlgorithm : Algorithm 13 14 abstract Cipher : Algorithm 15 memory -> integer //Levels 1 - 4 (1 lowest) 16 [memory >= 1 && memory <= 4] 17 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 43 DES: SymmetricBlockCipher 44 [ name = "DES"] 45 [ performance = 2 ] 46 [ memory = 2 ] 47 [ secure ] 48 [ keySize = 56 ] 49 [ blockSize = 64 ] 50 51 DigestAlgorithms 52 md5: Digest 53 [name = "MD5"] 54 [performance = 4] 55 [insecure] 56 [outputSize = 128] 57 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf : KeyDerivationAlgorithm 72 [name = "PBKDF"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher 18 abstract SymmetricCipher : Cipher 19 keySize -> integer 20 21 abstract SymmetricBlockCipher : SymmetricCipher 22 blockSize -> integer 23 24 abstract Task 25 name -> string 26 27 Ciphers 28 AES128 : SymmetricBlockCipher 29 [ name = "AES with 128bit key" ] 30 [ performance = 3 ] 31 [ secure ] 32 [ memory = 1 ] 33 [ keySize = 128 ] 34 [ blockSize = 128 ] 35 36 AES256 : SymmetricBlockCipher 37 [ name = "AES with 256bit key"] 38 [ performance = 3 ] 39 [ secure ] 40 [ memory = 1 ] 41 [ keySize = 256 ] 42 [ blockSize = 128 ] 58 sha_1: Digest 59 [name = "SHA-1"] 60 [performance = 4] 61 [insecure] 62 [outputSize = 160] 63 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf2 : KeyDerivationAlgorithm 72 [name = "PBKDF2"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher 81 [cipher.keySize > 128] Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model also inclu based encryption task hash function) is a type of algorithm. It includes all proper- ties from Algorithm, but also adds more specific properties such as outputSize. The outputSize property determines the fixed length of the output produced by this hash func- tion, measured in bits. Generally, the higher the number, the harder it is to conduct a brute force attack against the hash function. Similarly, Line 12 introduces an abstract Clafer called KeyDerivationAlgorithm. In our example, it does not have any additional properties. Lines 14–22 define the different types of ciphers and the additional properties each type might add to Algorithm. Lines 24–25 define an abstract clafer called Task that we use to represent a cryptography- related task (e.g., secure password storage, email transmis- one instance of a key-derivation algorithm. as opposed to regular feature modeling, w actual instances and not just rely on gene ble instances from Digest or Cipher, simpl combinations do not exist. For example, ev pher with a key of 100 bits is a valid insta corresponding algorithm that supports that. A task that developers can later choose t figurator is represented by a concrete clafer abstract clafer Task. Line 76 defines a pass cryption task. Such a task needs a key deriv (Line 78), a digest to use with the key deriv (Line 79), and a cipher to perform the ac cCipher 67 [insecure] 68 [outputSize = 160] 69 70 sha_256: Digest 71 [name = "SHA-256"] 72 [outputSize = 256 ] 73 [secure] 74 [performance = 2] 75 76 KeyDerivationAlgorithms 77 pbkdf : KeyDerivationAlgorithm 78 [name = "PBKDF"] 79 [performance = 2] 80 [secure] 81 } 82 83 PasswordBasedEncryption : Task 84 [name = "Encrypt data using a given password"] 85 kda -> KeyDerivationAlgorithm 86 cipher -> SymmetricBlockCipher 87 [cipher.keySize = kda.outputKeySize] 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 37 [ blockSize = 128 ] 38 39 AES256 : SymmetricBlockCipher 40 [ name = "AES with 256bit key"] 41 [ performance = 3 ] 42 [ secure ] 43 [ memory = 1 ] 44 [ keySize = 256 ] 45 [ blockSize = 128 ] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm 75 [name = "PBKDF"] 76 [performance = 2] 77 [secure] 78 } 79 80 PasswordBasedEncryption : Task 81 [name = "Encrypt data based on a pass 82 kda -> KeyDerivationAlgorithm 83 digest -> Digest 84 cipher -> SymmetricBlockCipher 85 [cipher.keySize > 128] Figure 4. Clafer model for sample hash functions ciphers and key derivation algorithms. Model als based encryption task hash function) is a type of algorithm. It includes all proper- ties from Algorithm, but also adds more specific properties such as outputSize. The outputSize property determines the fixed length of the output produced by this hash func- tion, measured in bits. Generally, the higher the number, the harder it is to conduct a brute force attack against the hash function. Similarly, Line 13 introduces an abstract Clafer called KeyDerivationAlgorithm. In our example, it does not have any additional properties. Lines 15–24 define the different types of ciphers and the additional properties each type might add to Algorithm. Lines 26–27 define an abstract clafer called Task that we use to represent a cryptography- related task (e.g., secure password storage, email transmis- sion, data encryption, etc.). Lines 30–71 define several instances of Cipher and property to 4 and the outputSize to variability for these properties. Simi one instance of a key-derivation alg as opposed to regular feature mode actual instances and not just rely o ble instances from Digest or Ciphe combinations do not exist. For exam pher with a key of 100 bits is a va corresponding algorithm that suppor A task that developers can later c figurator is represented by a concrete abstract clafer Task. Line 80 define cryption task. Such a task needs a k (Line 82), a digest to use with the k (Line 83), and a cipher to perform 1 abstract Algorithm 2 name -> string 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 46 DES: SymmetricBlockCipher 47 [ name = "DES"] 48 [ performance = 2 ] 49 [ memory = 2 ] 50 [ secure ] 51 [ keySize = 56 ] 52 [ blockSize = 64 ] 53 54 DigestAlgorithms 55 md5: Digest 56 [name = "MD5"] 57 [performance = 4] 58 [insecure] 59 [outputSize = 128] 60 61 sha_1: Digest 62 [name = "SHA-1"] 63 [performance = 4] 64 [insecure] 65 [outputSize = 160] 66 67 sha_256: Digest 68 [name = "SHA-256"] 69 [outputSize = 256 ] 70 [secure] 71 [performance = 2] 72 73 KeyDerivationAlgorithms 74 pbkdf : KeyDerivationAlgorithm
  • 37. 26
  • 38. 27
  • 39. • Support method order restrictions • Support parameter restrictions Usage Protocol Language 28
  • 40. • Support method order restrictions • Support parameter restrictions Usage Protocol Language 28 TS4J [Bodden, SOAP ’14]
  • 41. • Relies on fluent interfaces to build a domain specific language (DSL), in Java • Underlying typestate analysis Typestate for Java (TS4J) 29
  • 42. • Relies on fluent interfaces to build a domain specific language (DSL), in Java • Underlying typestate analysis Typestate for Java (TS4J) 29 String CONS = "<javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>"; return UsageProtocolAPI .atCallTo(CONS) .ifParameter(0, p -> !p.contains("/") || p.contains("/ECB")) .reportError("Insecure block cipher mode"); Figure 6. TSJ4 Specification for Checking Block Cip ert Java developers. Since our goal is to allow crypto-
  • 43. Mapping to Code & Usage Protocols 30 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 46 DE 47 [ 48 [ 49 [ 50 [ 51 [ 52 [ 53 54 Digest 55 md5: 56 [n 57 [p 58 [i 59 [o 60 61 sha_ 62 [n 63 [p 64 [i 65 [o 66 67 sha_ 68 [n 69 [o 70 [s 71 [p 72 73 KeyDer 74 pbkd 75 [n 76 [p 77 [s 78 } 79 1 public class KeyDeriv { 2 private String algorithm = ""; 3 4 public SecretKey getKey(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 } Figure 7. Generic key derivation code 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 1 String CONS = 2 "<javax.crypto.spec.PBEKEYSpec: void <init>(char[],byte[],int,int)>"; 3 4 return UsageProtocolAPI 5 .atCallTo(CONS) 6 .ifParameter(2, p -> p < 500) 7 .reportError("Not enough iterations"); Figure 5. TSJ4 Specification for Checking PBEKey Iteration Count by view count and score) asked on StackOverflow. W currently preparing a questionnaire to extract more info tion on the concrete problems faced by these developer the causes of requesting help from the community. In allel, we are currently conducting an empirical study o uses of cryptography in real-world application code to Code Template Usage protocol
  • 44. Mapping to Code & Usage Protocols 30 3 performance -> integer //Levels 1 - 4 (4 fastest) 4 [performance >=1 && performance <= 4] 5 xor status 6 secure 7 insecure 8 9 abstract Digest : Algorithm 10 outputSize -> integer //in bits 11 } 12 13 abstract KeyDerivationAlgorithm : Algorithm 14 15 abstract Cipher : Algorithm 16 memory -> integer //Levels 1 - 4 (1 lowest) 17 [memory >=1 && memory <= 4] 18 } 19 20 abstract SymmetricCipher : Cipher 21 keySize -> integer 22 23 abstract SymmetricBlockCipher : SymmetricCipher 24 blockSize -> integer 25 26 abstract Task 27 name -> string 28 } 29 30 Ciphers 31 AES128 : SymmetricBlockCipher 32 [ name = "AES with 128bit key" ] 33 [ performance = 3 ] 34 [ secure ] 35 [ memory = 1 ] 36 [ keySize = 128 ] 46 DE 47 [ 48 [ 49 [ 50 [ 51 [ 52 [ 53 54 Digest 55 md5: 56 [n 57 [p 58 [i 59 [o 60 61 sha_ 62 [n 63 [p 64 [i 65 [o 66 67 sha_ 68 [n 69 [o 70 [s 71 [p 72 73 KeyDer 74 pbkd 75 [n 76 [p 77 [s 78 } 79 1 public class KeyDeriv { 2 private String algorithm = ""; 3 4 public SecretKey getKey(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 } Figure 7. Generic key derivation code 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 1 String CONS = 2 "<javax.crypto.spec.PBEKEYSpec: void <init>(char[],byte[],int,int)>"; 3 4 return UsageProtocolAPI 5 .atCallTo(CONS) 6 .ifParameter(2, p -> p < 500) 7 .reportError("Not enough iterations"); Figure 5. TSJ4 Specification for Checking PBEKey Iteration Count by view count and score) asked on StackOverflow. W currently preparing a questionnaire to extract more info tion on the concrete problems faced by these developer the causes of requesting help from the community. In allel, we are currently conducting an empirical study o uses of cryptography in real-world application code to Code Template Usage protocol
  • 45. Mapping to Code & Usage Protocols 31 3 4 public SecretKey getKey(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 } Figure 7. Generic key derivation code 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 3 4 public SecretKey getKey(String pwd) throws ... { 5 return original(pwd); 6 } 7 } Figure 8. Refining the generic key derivation code in Fig- ure 7 using FeatureHouse to use the PBKDF2 algorithm challenge to detect such inconsistencies and report them to the developer in an understandable terminology. Code Template No additional usage protocol necessary 64 sha_256: Digest 65 [name = "SHA-256"] 66 [outputSize = 256 ] 67 [secure] 68 [performance = 2] 69 70 KeyDerivationAlgorithms 71 pbkdf2 : KeyDerivationAlgorithm 72 [name = "PBKDF2"] 73 [performance = 2] 74 [secure] 75 76 PasswordBasedEncryption : Task 77 [name = "Encrypt data based on a password"] 78 kda -> KeyDerivationAlgorithm 79 digest -> Digest 80 cipher -> SymmetricBlockCipher 81 [cipher.keySize > 128] unctions ciphers and key derivation algorithms. Model also includes a pas cludes all proper- one instance of a key-derivation algorithm. Note he
  • 46. 32
  • 47. 32 Boundary between feature model & usage protocol?
  • 48. 33
  • 52. Composer 37 Composer PBKDF2 1 public class KeyDeriv { 2 private String algorithm = ""; 3 4 public SecretKey getKey(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 } Figure 7. Generic key derivation code 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 3 4 public SecretKey getKey(String pwd) throws ... { 5 return original(pwd); 6 } 7 } Figure 8. Refining the generic key derivation code in Fig- ure 7 using FeatureHouse to use the PBKDF2 algorithm challenge to detect such inconsistencies and report them to the developer in an understandable terminology. In the background, ClaferIG uses a SAT solver to gener- ate the instances that satisfy the given constraints7 . We are currently developing the configurator as an Eclipse plugin and exploring the tradeoffs between a filtering approach and KeyDerivationAlgorithm applied om be- ery call omplex rameter ementa- ensions urrently e TS4J ily ex- crypto- thms to domain e proto- he tasks Clafer ces that ces are straints. oncrete shown xample es that s to as- n other devel- laferIG ble key n task. specify ad a re- greater nt from Line 85 stances ES_128 not sat- genera- on [38]. 1 public class KeyDeriv { 2 private String algorithm = ""; 3 4 public SecretKey getKey(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 } Figure 7. Generic key derivation code 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 3 4 public SecretKey getKey(String pwd) throws ... { 5 return original(pwd); 6 } 7 } Figure 8. Refining the generic key derivation code in Fig- ure 7 using FeatureHouse to use the PBKDF2 algorithm challenge to detect such inconsistencies and report them to the developer in an understandable terminology. In the background, ClaferIG uses a SAT solver to gener- ate the instances that satisfy the given constraints7 . We are currently developing the configurator as an Eclipse plugin and exploring the tradeoffs between a filtering approach and a step-wise approach. The filtering approach is currently used in the online Clafer configurator8 where all valid instances of a given model are generated. Such instances are then filtered based on the constraints enforced by the user selection. The down- side to such a solution is that if the configuration space is large, an extremely large number of instances would be gen- erated, which is time-consuming. In a step-wise approach (which is our current design ap- proach), we present only valid selections to the user at each step during the configuration process. The idea is that only 1 public class KeyDeriv { 2 private String algorithm = "PBKDF2WithHmacSHA1"; 3 4 private SecretKey getKey__wrappee__KeyDerivation(String pwd) throws ... { 5 SecureRandom r = new SecureRandom(); 6 byte[] salt = new byte[32]; 7 r.nextBytes(salt); 8 9 PBEKeySpec spec = new PBEKeySpec(pwd.toCharArray(), salt, 1000, 128); 10 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 11 return skf.generateSecret(spec); 12 } 13 14 public SecretKey getKey(String pwd) throws ... { 15 return getKey__wrappee__KeyDerivation(pwd); 16 } 17 } Figure 9. Resulting composition of Figure 7 and Figure 8 3.4 Composer Now that the right features (i.e., algorithms) needed to per form the task have been selected by the configurator, we [FeatureIDE, Thüm et al. 2014 & FeatureHouse, Apel et al. 2009] FeatureHouse (Feature-oriented programming + superimposition)
  • 53. 38
  • 55. 39
  • 56. Challenges/Future Work 40 Mapping user’s selections to parameters Finding secure code snippets Different libraries & library versions Cryptography & library evolution More user-friendly specification languages
  • 57. 41 Towards Secure Integration of Cryptographic Software S. Arzt, S. Nadi, K. Ali, E. Bodden, S. Erdweg, M. Mezini Check out our poster @6pm tonight