In a joint CogniCrypt transfer project, Fraunhofer IEM and achelos improve the quality for secure software implementation

There are many potential pitfalls when using cryptographic APIs

The Eclipse CogniCrypt plug-in detects misuse of cryptography directly in the development environment. (Photo: Copyright: Fraunhofer IEM)
(PresseBox) ( Paderborn, )
Veracode published its new State of Software Security Report in January 2019. Producing this report involved analysing over two trillion lines of code over a full year. The results are alarming. More than 85 percent of all applications investigated display at least one weakness, many of which have been occurring for years and often affect cryptography.

This is precisely where the Fraunhofer IEM comes in with CogniCrypt, a tool for static code analysis. The product provides information on the quality of the program code and the cryptographic libraries used. In the "It’s OWL" transfer project, Fraunhofer IEM and achelos GmbH spent four months working together on further developing CogniCrypt. The results were incorporated in the open source product in the form of a knowledge transfer and added support for other cryptographic libraries.  

Continuous knowledge transfer in the transfer project

The security experts at achelos incorporated the product in the continuous integration process of their software development operations and tested the tool. achelos was able to contribute its profound cryptographic knowledge within the scope of the project and made a valuable contribution to the development of CogniCrypt. Within the project, CogniCrypt was enhanced by new sets of rules. The new rules allow CogniCrypt to detect security vulnerabilities when using other libraries (Bouncy Castle). The rules defined within the project are fully compliant with Technical Guidelines 02102-1 of the German Federal Office for Information Security (BSI).

CogniCrypt makes software development more secure and high-grade: The tool also supports the experts at achelos during code reviews, as the tool provides proof that the application interfaces (APIs) have been used correctly. "The cryptographic expertise of achelos brought us significant added value in the further development of CogniCrypt," comments Dr. Johannes Späth, Senior Expert at Fraunhofer IEM, summarising the successful cooperation with achelos. "Security and cryptography rank among our core competencies. In the project with Fraunhofer IEM, we were able to incorporate our practical experience in the high-performance tool," adds Kathrin Asmuth, Managing Partner at achelos GmbH.

About CogniCrypt
The CogniCrypt tool was developed within the scope of the CROSSING Collaborative Research Initiative at the Technical University of Darmstadt and in cooperation with the Heinz Nixdorf Institute at the University of Paderborn. It allows companies operating in the field of security and cryptography to identify and then eliminate security-critical misuse of cryptographic libraries quickly and reliably, as well as to generate secure cryptographic integration code for various common usage scenarios fully automatically. With the support of the Fraunhofer IEM, CogniCrypt was further developed to market maturity and can be integrated into the Eclipse development environment.
www.eclipse.org/cognicrypt/

About the Fraunhofer IEM:
From its location in Paderborn, Germany, the Fraunhofer Institute for Mechatronic Systems Design IEM offers expertise for intelligent mechatronic solutions in the context of Industry 4.0. Scientists from the fields of mechanical engineering, software engineering and electrical engineering engage in interdisciplinary collaboration here, researching innovative methods and tools for development of intelligent products, production systems and services.
www.iem.fraunhofer.de/en.html

About the "It’s OWL" technology network
In the "It's OWL – intelligent technical systems OstWestfalenLippe" technology network, over 200 companies, research institutes and organisations develop solutions for intelligent products and production methods. With the support of the State of North Rhine-Westphalia, projects with a total value of €100 million are set to be implemented between 2018 and 2022. The key focus topics are artificial intelligence, digital platforms, digital twins and work in the fourth industrial revolution, Industry 4.0. Having won awards in the German government's Top Cluster competition, the "It's OWL" network ranks as one of the largest SME initiatives for Industry 4.0.
www.its-owl.com/home/

Contact Person

Daniela Meschede
achelos GmbH
Tel.: +49 (5251) 14212-345
Mobil: +49 (172) 4211193
E-Mail: daniela.meschede@achelos.de
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to service@pressebox.de.