February 27, 2013
Title: Design And Implementation Of The Crypto Assistant: An Eclipse Plugin For Usable Password: An Eclipse Plugin For Usable Password-Based Column Level Encryption Based on Hibernate and Jasypt
Speaker: Ricardo Rodriguez Garcia, Ontario Tech University
Abstract: The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities according to team SHATTER [63]. In the quest to improve the security landscape, we identified an opportunity area: two tools Hibernate and Jasypt that work together to provide password-based database encryption. The goal is to encourage developers to think about security and incorporate security-related tasks early in the development process through the improvement of their programming system or IDE. To this end, we modified the Hibernate Tools plugin for the popular Eclipse IDE, with the purpose of mitigating the impact of the lack of security knowledge with the integration of these three tools. We designed an experiment to simulate a situation where the developers had to deal with time constraints, functional requirements, and lack of familiarity with the technology and the code they are modifying. We provide a report on the observations drawn from this preliminary evaluation. We hope that, in the near future, the prototype could be released to the public domain and encourage IDE developers to create more tools like Crypto-Assistant to help developers create more secure applications.