Onward! 2016
Sun 30 October - Fri 4 November 2016 Amsterdam, Netherlands
co-located with SPLASH 2016
Fri 4 Nov 2016 11:20 - 11:45 at Matterhorn 2 - Session 4 Chair(s): Veselin Raychev

Several mature cryptographic frameworks are available, and they have been utilized for building complex applications. However, developers often use these frameworks incorrectly and introduce security vulnerabilities. This is because current cryptographic frameworks erode abstraction boundaries, as they do not encapsulate all the framework-specific knowledge and expect developers to understand security attacks and defenses. Starting from the documented misuse cases of cryptographic APIs, we infer five developer needs and we show that a good API design would address these needs only partially. Building on this observation, we propose APIs that are semantically meaningful for developers, we show how these interfaces can be implemented consistently on top of existing frameworks using novel and known design patterns, and we propose build management hooks for isolating security workarounds needed during the development and test phases. Through two case studies, we show that our APIs can be utilized to implement non-trivial client-server protocols and that they provide a better separation of concerns than existing frameworks. We also discuss the challenges and potential approaches for evaluating our solution. Our semantic interfaces represent a first step toward preventing misuses of cryptographic APIs.

Fri 4 Nov
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:10: Session 4Onward! Papers at Matterhorn 2
Chair(s): Veselin RaychevETH Zurich, Switzerland
10:30 - 10:55
Talk
Exploring the Role of Sequential Computation in Distributed Systems: Motivating a Programming Paradigm Shift
Onward! Papers
Ivan KurajMIT CSAIL, USA, Daniel JacksonMIT
DOI
10:55 - 11:20
Talk
Gramada: Immediacy in Programming Language Development
Onward! Papers
Patrick ReinHasso Plattner Institute, Marcel TaeumelHasso Plattner Institute, Robert HirschfeldHPI
DOI
11:20 - 11:45
Talk
Helping Johnny Encrypt: Toward Semantic Interfaces for Cryptographic Frameworks
Onward! Papers
Soumya IndelaUniversity of Maryland at College Park, Mukul KulkarniUniversity of Maryland at College Park, Kartik NayakUniversity of Maryland at College Park, Tudor DumitrasUniversity of Maryland at College Park
DOI
11:45 - 12:10
Talk
Leveraging a Corpus of Natural Language Descriptions for Program Similarity
Onward! Papers
DOI