This transfer project builds on top of work from another project and transfers its results into a sustainably maintainable code analysis tool. With the tool, expert developers of security APIs define allow-listing specifications that enforce how the API should be used. The tool’s integrated code analysis then automatically warns about security-critical deviations from that norm. Researchers from TU Darmstadt and Fraunhofer IEM team up with engineers from SonarSource to engineer an analysis tool that supports Java, .NET and JavaScript, yet supports powerful optimizations to yield good precision, recall and speed. Additionally, novel concepts to optimize the user experience for both API experts and API users, for instance by providing a versatile yet easy to use specification language that allows API rule definitions for all three supported programming languages.

DFG Programme Collaborative Research Centres (Transfer Project)

Subproject of SFB 1119:  CROSSING - Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments

International Connection Switzerland

Applicant Institution Technische Universität Darmstadt

Business and Industry P.O. Box 765, CH-1215 Geneva 15

Participating Institution Fraunhofer-Institut für Entwurfstechnik Mechatronik (IEM)

Project Heads Professor Dr. Eric Bodden; Professorin Dr.-Ing. Mira Mezini