Skip to main content
Ontario Tech acknowledges the lands and people of the Mississaugas of Scugog Island First Nation.

We are thankful to be welcome on these lands in friendship. The lands we are situated on are covered by the Williams Treaties and are the traditional territory of the Mississaugas, a branch of the greater Anishinaabeg Nation, including Algonquin, Ojibway, Odawa and Pottawatomi. These lands remain home to many Indigenous nations and peoples.

We acknowledge this land out of respect for the Indigenous nations who have cared for Turtle Island, also called North America, from before the arrival of settler peoples until this day. Most importantly, we acknowledge that the history of these lands has been tainted by poor treatment and a lack of friendship with the First Nations who call them home.

This history is something we are all affected by because we are all treaty people in Canada. We all have a shared history to reflect on, and each of us is affected by this history in different ways. Our past defines our present, but if we move forward as friends and allies, then it does not have to define our future.

Learn more about Indigenous Education and Cultural Services

February 27, 2013

Title: Design And Implementation Of The Crypto Assistant: An Eclipse Plugin For Usable Password: An Eclipse Plugin For Usable Password-Based Column Level Encryption Based on Hibernate and Jasypt

Speaker: Ricardo Rodriguez Garcia, Ontario Tech University

Abstract: The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities according to team SHATTER [63]. In the quest to improve the security landscape, we identified an opportunity area: two tools Hibernate and Jasypt that work together to provide password-based database encryption. The goal is to encourage developers to think about security and incorporate security-related tasks early in the development process through the improvement of their programming system or IDE. To this end, we modified the Hibernate Tools plugin for the popular Eclipse IDE, with the purpose of mitigating the impact of the lack of security knowledge with the integration of these three tools. We designed an experiment to simulate a situation where the developers had to deal with time constraints, functional requirements, and lack of familiarity with the technology and the code they are modifying. We provide a report on the observations drawn from this preliminary evaluation.  We hope that, in the near future, the prototype could be released to the public domain and encourage IDE developers to create more tools like Crypto-Assistant to help developers create more secure applications.