The NAFOSTED Conference on Information and Computer Science (NICS) is an International Conference on Electronics, Information, Computer Science and related areas, technical sponsored by IEEE, IEEE Vietnam and organized by the National Foundation for Science and Technology Development (NAFOSTED) of Vietnam. It aims to build a durable, innovative and conducive forum for international researchers to present and discuss recent advancements and future directions in the field of electronics, information, computer science and related areas.
The 2021 8th NAFOSTED Conference on Information and Computer Science (NICS 2021) will be hosted by Le Quy Don Technical University at Hanoi city, the capital of Vietnam during December 21 – 22, 2021 and organized in a Hybrid model of onsite-online.
Sylvain Guilley, CTO of Secure-IC will give the keynote speech of the event on “CRYScanner: Finding cryptographic libraries misuse.”
Cryptographic libraries have become an integral part of every digital device. Studies have shown that these systems are not only vulnerable due to bugs in cryptographic libraries, but also due to misuse of these libraries. In this paper, we focus on vulnerabilities introduced by the application developer. We performed a survey on the potential misuse of well-known libraries such as PKCS #11. We introduce a generic tool CRYScanner, which is designed to identify such misuses during and post development. It works on the similar philosophy of an intrusion detection system for an internal network. The tool provides verification functions needed to check the safety of code, such as detecting incorrect call flow and input parameters. We performed a feature-wise comparison with the existing state of the art solutions. Our tool aimed to add more features, keeping all the capabilities of both static and dynamic analysis. We also show the detection of potential vulnerabilities in the several sample codes found online.