@article{20533,
  author       = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}},
  issn         = {{2326-3881}},
  journal      = {{IEEE Transactions on Software Engineering}},
  keywords     = {{Java, Encryption, Static analysis, Tools, Ciphers, Semantics, cryptography, domain-specific language, static analysis}},
  pages        = {{1--1}},
  title        = {{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}}},
  doi          = {{10.1109/TSE.2019.2948910}},
  year         = {{2019}},
}

@inproceedings{20534,
  author       = {{Piskachev, Goran and Nguyen Quang Do, Lisa and Bodden, Eric}},
  booktitle    = {{ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)}},
  title        = {{{Codebase-Adaptive Detection of Security-Relevant Methods}}},
  year         = {{2019}},
}

@inproceedings{20535,
  author       = {{Luo, Linghui and Dolby, Julian and Bodden, Eric}},
  booktitle    = {{European Conference on Object-Oriented Programming (ECOOP)}},
  title        = {{{MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors}}},
  year         = {{2019}},
}

@techreport{20537,
  author       = {{Piskachev, Goran and Nguyen, Lisa and Bodden, Eric}},
  title        = {{{Codebase-Adaptive Detection of Security-Relevant Methods}}},
  year         = {{2019}},
}

@inproceedings{20538,
  author       = {{Albert Gorski Iii, Sigmund and Andow, Benjamin and Nadkarni, Adwait and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre}},
  booktitle    = {{ACM Conference on Data and Application Security and Privacy (CODASPY 2019)}},
  keywords     = {{ITSECWEBSITE, CROSSING}},
  title        = {{{ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware}}},
  year         = {{2019}},
}

@article{20539,
  author       = {{Späth, Johannes and Ali, Karim and Bodden, Eric}},
  issn         = {{2475-1421}},
  journal      = {{Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages}},
  keywords     = {{ATTRACT, ITSECWEBSITE, CROSSING}},
  number       = {{POPL}},
  pages        = {{48:1--48:29}},
  publisher    = {{ACM}},
  title        = {{{Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems}}},
  doi          = {{10.1145/3290361}},
  volume       = {{3}},
  year         = {{2019}},
}

@article{14896,
  author       = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}},
  issn         = {{0098-5589}},
  journal      = {{IEEE Transactions on Software Engineering}},
  pages        = {{1--1}},
  title        = {{{ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules}}},
  doi          = {{10.1109/tse.2019.2931331}},
  year         = {{2019}},
}

@inproceedings{14897,
  author       = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}},
  booktitle    = {{Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019}},
  isbn         = {{9781450367202}},
  title        = {{{SootDiff: bytecode comparison across different Java compilers}}},
  doi          = {{10.1145/3315568.3329966}},
  year         = {{2019}},
}

@inproceedings{7626,
  author       = {{Schubert, Philipp and Hermann, Ben and Bodden, Eric}},
  booktitle    = {{Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019)}},
  location     = {{Prague, Czech Republic}},
  pages        = {{393--410}},
  title        = {{{PhASAR: An Inter-Procedural Static Analysis Framework for C/C++}}},
  doi          = {{10.1007/978-3-030-17465-1_22}},
  volume       = {{II}},
  year         = {{2019}},
}

@inproceedings{14898,
  author       = {{Schubert, Philipp and Leer, Richard and Hermann, Ben and Bodden, Eric}},
  booktitle    = {{Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019}},
  isbn         = {{9781450367202}},
  title        = {{{Know your analysis: how instrumentation aids understanding static analysis}}},
  doi          = {{10.1145/3315568.3329965}},
  year         = {{2019}},
}

@unpublished{2711,
  abstract     = {{In recent years, researchers have developed a number of tools to conduct
taint analysis of Android applications. While all the respective papers aim at
providing a thorough empirical evaluation, comparability is hindered by varying
or unclear evaluation targets. Sometimes, the apps used for evaluation are not
precisely described. In other cases, authors use an established benchmark but
cover it only partially. In yet other cases, the evaluations differ in terms of
the data leaks searched for, or lack a ground truth to compare against. All
those limitations make it impossible to truly compare the tools based on those
published evaluations.
  We thus present ReproDroid, a framework allowing the accurate comparison of
Android taint analysis tools. ReproDroid supports researchers in inferring the
ground truth for data leaks in apps, in automatically applying tools to
benchmarks, and in evaluating the obtained results. We use ReproDroid to
comparatively evaluate on equal grounds the six prominent taint analysis tools
Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are
largely positive although four tools violate some promises concerning features
and accuracy. Finally, we contribute to the area of unbiased benchmarking with
a new and improved version of the open test suite DroidBench.}},
  author       = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}},
  booktitle    = {{arXiv:1804.02903}},
  title        = {{{Do Android Taint Analysis Tools Keep their Promises?}}},
  year         = {{2018}},
}

@inproceedings{20530,
  author       = {{Bodden, Eric and Nguyen Quang Do, Lisa}},
  booktitle    = {{Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany.}},
  isbn         = {{978-3-88579-673-2}},
  pages        = {{205--208}},
  title        = {{{Explainable Static Analysis}}},
  year         = {{2018}},
}

@article{20543,
  author       = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}},
  issn         = {{2326-3881}},
  journal      = {{IEEE Transactions on Software Engineering}},
  keywords     = {{Debugging, Static analysis, Tools, Computer bugs, Standards, Writing, Encoding, Testing and Debugging, Program analysis, Development tools, Integrated environments, Graphical environments, Usability testing}},
  pages        = {{1--1}},
  title        = {{{Debugging Static Analysis}}},
  doi          = {{10.1109/TSE.2018.2868349}},
  year         = {{2018}},
}

@proceedings{20544,
  editor       = {{Tichy, Matthias and Bodden, Eric and Kuhrmann, Marco and Wagner, Stefan and Steghöfer, Jan-Philipp}},
  isbn         = {{978-3-88579-673-2}},
  publisher    = {{Gesellschaft für Informatik}},
  title        = {{{Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany}}},
  volume       = {{{P-279}}},
  year         = {{2018}},
}

@inproceedings{20546,
  author       = {{Gerking, Christopher and Schubert, David and Bodden, Eric}},
  booktitle    = {{Engineering Secure Software and Systems}},
  editor       = {{Payer, Mathias and Rashid, Awais and Such, Jose M.}},
  pages        = {{27--43}},
  publisher    = {{Springer International Publishing}},
  title        = {{{Model Checking the Information Flow Security of Real-Time Systems}}},
  year         = {{2018}},
}

@inproceedings{20547,
  author       = {{Nguyen Quang Do, Lisa and Bodden, Eric}},
  booktitle    = {{Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}},
  isbn         = {{978-1-4503-5573-5}},
  keywords     = {{Gamification, Integrated Environments, Program analysis}},
  pages        = {{714--718}},
  publisher    = {{ACM}},
  title        = {{{Gamifying Static Analysis}}},
  doi          = {{10.1145/3236024.3264830}},
  year         = {{2018}},
}

@inproceedings{20548,
  author       = {{Bodden, Eric}},
  booktitle    = {{ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018)}},
  isbn         = {{978-1-4503-5939-9}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  pages        = {{85--93}},
  publisher    = {{ACM}},
  title        = {{{The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them)}}},
  doi          = {{10.1145/3236454.3236500}},
  year         = {{2018}},
}

@inproceedings{20549,
  author       = {{Geismann, Johannes and Gerking, Christopher and Bodden, Eric}},
  booktitle    = {{International Conference on Software and System Processes (ICSSP)}},
  keywords     = {{ITSECWEBSITE}},
  title        = {{{Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes}}},
  year         = {{2018}},
}

@inproceedings{20550,
  author       = {{Bodden, Eric}},
  booktitle    = {{Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results}},
  isbn         = {{978-1-4503-5662-6}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  pages        = {{45--48}},
  publisher    = {{ACM}},
  title        = {{{Self-adaptive Static Analysis}}},
  doi          = {{10.1145/3183399.3183401}},
  year         = {{2018}},
}

@inproceedings{20551,
  author       = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}},
  booktitle    = {{International Conference for Software Engineering (ICSE), Tool Demonstrations Track}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{VISUFLOW, a Debugging Environment for Static Analyses}}},
  year         = {{2018}},
}