There is a wide variety of cryptographic components and algorithms (e.g., ciphers, digests, signatures, etc.). Each of these components comes with its own variability. For example, a cipher can be symmetric or asymmetric. If it is symmetric, it can operate on blocks or streams. Additionally, there are different modes of operations (e.g., ECB vs CBC) as well as different padding schemes. In order to deal with this huge variability space, we model cryptographic components using concepts from feature modeling. However, such components have many attributes. Additionally, some cryptography solutions may use multiple components at the same time. We, therefore, need additional modeling notations than those offered by basic feature modeling.
We are currently using Clafer as a modeling language and investigating its ability to successfully model cryptography components. You can read more about our experience using Clafer in our VaMoS ‘16 paper. The variability model we are developing will be used as a part of a software product line solution for automatically generating code snippets corresponding to common cryptography tasks. Thus, application developers can select the tasks they need (e.g., store password) and configure components according to their needs before getting the corresponding code snippet. More details about how our proposed solution works can be found in our ONWARD! ‘15 paper.