Onward! 2016
Sun 30 October - Fri 4 November 2016 Amsterdam, Netherlands
co-located with SPLASH 2016
Fri 4 Nov 2016 11:20 - 11:45 at Matterhorn 2 - Session 4 Chair(s): Veselin Raychev

Several mature cryptographic frameworks are available, and they have been utilized for building complex applications. However, developers often use these frameworks incorrectly and introduce security vulnerabilities. This is because current cryptographic frameworks erode abstraction boundaries, as they do not encapsulate all the framework-specific knowledge and expect developers to understand security attacks and defenses. Starting from the documented misuse cases of cryptographic APIs, we infer five developer needs and we show that a good API design would address these needs only partially. Building on this observation, we propose APIs that are semantically meaningful for developers, we show how these interfaces can be implemented consistently on top of existing frameworks using novel and known design patterns, and we propose build management hooks for isolating security workarounds needed during the development and test phases. Through two case studies, we show that our APIs can be utilized to implement non-trivial client-server protocols and that they provide a better separation of concerns than existing frameworks. We also discuss the challenges and potential approaches for evaluating our solution. Our semantic interfaces represent a first step toward preventing misuses of cryptographic APIs.

Fri 4 Nov

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:10
Session 4Onward! Papers at Matterhorn 2
Chair(s): Veselin Raychev ETH Zurich, Switzerland
10:30
25m
Talk
Exploring the Role of Sequential Computation in Distributed Systems: Motivating a Programming Paradigm Shift
Onward! Papers
Ivan Kuraj MIT CSAIL, USA, Daniel Jackson MIT
DOI
10:55
25m
Talk
Gramada: Immediacy in Programming Language Development
Onward! Papers
Patrick Rein Hasso Plattner Institute, Marcel Taeumel Hasso Plattner Institute, Robert Hirschfeld HPI
DOI
11:20
25m
Talk
Helping Johnny Encrypt: Toward Semantic Interfaces for Cryptographic Frameworks
Onward! Papers
Soumya Indela University of Maryland at College Park, Mukul Kulkarni University of Maryland at College Park, Kartik Nayak University of Maryland at College Park, Tudor Dumitras University of Maryland at College Park
DOI
11:45
25m
Talk
Leveraging a Corpus of Natural Language Descriptions for Program Similarity
Onward! Papers
Meital Zilberstein Technion, Eran Yahav Technion
DOI