@inproceedings{28199, author = {{Pauck, Felix and Wehrheim, Heike}}, booktitle = {{2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}}, title = {{{Jicer: Simplifying Cooperative Android App Analysis Tasks}}}, doi = {{10.1109/scam52516.2021.00031}}, year = {{2021}}, } @article{27841, abstract = {{Verification of software and processor hardware usually proceeds separately, software analysis relying on the correctness of processors executing machine instructions. This assumption is valid as long as the software runs on standard CPUs that have been extensively validated and are in wide use. However, for processors exploiting custom instruction set extensions to meet performance and energy constraints the validation might be less extensive, challenging the correctness assumption. In this paper we present a novel formal approach for hardware/software co-verification targeting processors with custom instruction set extensions. We detail two different approaches for checking whether the hardware fulfills the requirements expected by the software analysis. The approaches are designed to explore a trade-off between generality of the verification and computational effort. Then, we describe the integration of software and hardware analyses for both techniques and describe a fully automated tool chain implementing the approaches. Finally, we demonstrate and compare the two approaches on example source code with custom instructions, using state-of-the-art software analysis and hardware verification techniques.}}, author = {{Jakobs, Marie-Christine and Pauck, Felix and Platzner, Marco and Wehrheim, Heike and Wiersema, Tobias}}, journal = {{IEEE Access}}, keywords = {{Software Analysis, Abstract Interpretation, Custom Instruction, Hardware Verification}}, publisher = {{IEEE}}, title = {{{Software/Hardware Co-Verification for Custom Instruction Set Processors}}}, doi = {{10.1109/ACCESS.2021.3131213}}, year = {{2021}}, } @inproceedings{21238, author = {{Pauck, Felix and Wehrheim, Heike}}, booktitle = {{Software Engineering 2021}}, editor = {{Koziolek, Anne and Schaefer, Ina and Seidl, Christoph}}, pages = {{ 83--84 }}, publisher = {{Gesellschaft für Informatik e.V.}}, title = {{{Cooperative Android App Analysis with CoDiDroid}}}, doi = {{10.18420/SE2021_30 }}, year = {{2021}}, } @inproceedings{29138, author = {{Ahmed, Qazi Arbab}}, booktitle = {{2021 IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC)}}, title = {{{Hardware Trojans in Reconfigurable Computing}}}, doi = {{10.1109/vlsi-soc53125.2021.9606974}}, year = {{2021}}, } @inproceedings{20681, abstract = {{The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. The advanced stealthy malicious look-up-table (LUT) attack activates a Trojan only when generating the FPGA bitstream and can thus not be detected by register transfer and gate level testing and verification. However, also this attack was recently revealed by a bitstream-level proof-carrying hardware (PCH) approach. In this paper, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. The Trojan's payload is connected to primary inputs/outputs of the FPGA via a programmable interconnect point (PIP). The Trojan is detached from inputs/outputs during place-and-route and re-connected only when the FPGA is being programmed, thus activating the Trojan circuit without any need for a trigger logic. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by recent bitstream-level verification techniques.}}, author = {{Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}}, booktitle = {{2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)}}, location = {{Alpexpo | Grenoble, France}}, publisher = {{2021 Design, Automation and Test in Europe Conference (DATE)}}, title = {{{Malicious Routing: Circumventing Bitstream-level Verification for FPGAs}}}, doi = {{10.23919/DATE51398.2021.9474026}}, year = {{2021}}, } @inproceedings{26406, author = {{Schubert, Philipp and Hermann, Ben and Bodden, Eric and Leer, Richard}}, booktitle = {{SCAM '21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track)}}, title = {{{Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++}}}, year = {{2021}}, } @inproceedings{26405, author = {{Schubert, Philipp and Sattler, Florian and Schiebel, Fabian Benedikt and Hermann, Ben and Bodden, Eric}}, booktitle = {{2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}}, title = {{{Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++}}}, year = {{2021}}, } @article{17358, abstract = {{Approximate circuits trade-off computational accuracy against improvements in hardware area, delay, or energy consumption. IP core vendors who wish to create such circuits need to convince consumers of the resulting approximation quality. As a solution we propose proof-carrying approximate circuits: The vendor creates an approximate IP core together with a certificate that proves the approximation quality. The proof certificate is bundled with the approximate IP core and sent off to the consumer. The consumer can formally verify the approximation quality of the IP core at a fraction of the typical computational cost for formal verification. In this paper, we first make the case for proof-carrying approximate circuits and then demonstrate the feasibility of the approach by a set of synthesis experiments using an exemplary approximation framework.}}, author = {{Witschen, Linus Matthias and Wiersema, Tobias and Platzner, Marco}}, issn = {{1557-9999}}, journal = {{IEEE Transactions On Very Large Scale Integration Systems}}, keywords = {{Approximate circuit synthesis, approximate computing, error metrics, formal verification, proof-carrying hardware}}, number = {{9}}, pages = {{2084 -- 2088}}, publisher = {{IEEE}}, title = {{{Proof-carrying Approximate Circuits}}}, doi = {{10.1109/TVLSI.2020.3008061}}, volume = {{28}}, year = {{2020}}, } @techreport{20712, author = {{Schubert, Philipp and Bodden, Eric and Hermann, Ben}}, title = {{{Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries}}}, year = {{2020}}, } @unpublished{20748, abstract = {{On the circuit level, the design paradigm Approximate Computing seeks to trade off computational accuracy against a target metric, e.g., energy consumption. This trade-off is possible for many applications due to their inherent resiliency against inaccuracies. In the past, several automated approximation frameworks have been presented, which either utilize designated approximation techniques or libraries to replace approximable circuit parts with inaccurate versions. The frameworks invoke a search algorithm to iteratively explore the search space of performance degraded circuits, and validate their quality individually. In this paper, we propose to reverse this procedure. Rather than exploring the search space, we delineate the approximate parts of the search space which are guaranteed to lead to valid approximate circuits. Our methodology is supported by formal verification and independent of approximation techniques. Eventually, the user is provided with quality bounds of the individual approximable circuit parts. Consequently, our approach guarantees that any approximate circuit which implements these parts within the determined quality constraints satisfies the global quality constraints, superseding a subsequent quality verification. In our experimental results, we present the runtimes of our approach.}}, author = {{Witschen, Linus Matthias and Wiersema, Tobias and Platzner, Marco}}, booktitle = {{Fifth Workshop on Approximate Computing (AxC 2020)}}, pages = {{2}}, title = {{{Search Space Characterization for AxC Synthesis}}}, year = {{2020}}, } @article{16725, author = {{Richter, Cedric and Hüllermeier, Eyke and Jakobs, Marie-Christine and Wehrheim, Heike}}, journal = {{Journal of Automated Software Engineering}}, publisher = {{Springer}}, title = {{{Algorithm Selection for Software Validation Based on Graph Kernels}}}, year = {{2020}}, } @article{13770, author = {{Karl, Holger and Kundisch, Dennis and Meyer auf der Heide, Friedhelm and Wehrheim, Heike}}, journal = {{Business & Information Systems Engineering}}, number = {{6}}, pages = {{467--481}}, publisher = {{Springer}}, title = {{{A Case for a New IT Ecosystem: On-The-Fly Computing}}}, doi = {{10.1007/s12599-019-00627-x}}, volume = {{62}}, year = {{2020}}, } @article{3585, abstract = {{Existing approaches and tools for the generation of approximate circuits often lack generality and are restricted to certain circuit types, approximation techniques, and quality assurance methods. Moreover, only few tools are publicly available. This hinders the development and evaluation of new techniques for approximating circuits and their comparison to previous approaches. In this paper, we first analyze and classify related approaches and then present CIRCA, our flexible framework for search-based approximate circuit generation. CIRCA is developed with a focus on modularity and extensibility. We present the architecture of CIRCA with its clear separation into stages and functional blocks, report on the current prototype, and show initial experiments.}}, author = {{Witschen, Linus Matthias and Wiersema, Tobias and Ghasemzadeh Mohammadi, Hassan and Awais, Muhammad and Platzner, Marco}}, issn = {{0026-2714}}, journal = {{Microelectronics Reliability}}, keywords = {{Approximate Computing, Framework, Pareto Front, Accuracy}}, pages = {{277--290}}, publisher = {{Elsevier}}, title = {{{CIRCA: Towards a Modular and Extensible Framework for Approximate Circuit Generation}}}, doi = {{10.1016/j.microrel.2019.04.003}}, volume = {{99}}, year = {{2019}}, } @misc{7623, author = {{Zhang, Shikun}}, pages = {{64}}, publisher = {{Universität Paderborn}}, title = {{{Combining Android Apps for Analysis Purposes}}}, year = {{2019}}, } @misc{7628, author = {{Selbach, Nils}}, publisher = {{Universität Paderborn}}, title = {{{Modeling Crypto API usages in OpenSSL's EVP library}}}, year = {{2019}}, } @inproceedings{15838, abstract = {{In the field of software analysis a trade-off between scalability and accuracy always exists. In this respect, Android app analysis is no exception, in particular, analyzing large or many apps can be challenging. Dealing with many small apps is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH. These particular benchmarks are not only used for the evaluation of novel tools but also in continuous integration pipelines of existing mature tools to maintain and guarantee a certain quality-level. Considering this latter usage it becomes very important to be able to achieve benchmark results as fast as possible. Hence, benchmarks have to be optimized for this purpose. One approach to do so is app merging. We implemented the Android Merge Tool (AMT) following this approach and show that its novel aspects can be used to produce scaled up and accurate benchmarks. For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy trade-off anymore. We show this throughout detailed experiments on DROIDBENCH employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark execution times are largely reduced without losing benchmark accuracy. Moreover, we argue why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.}}, author = {{Pauck, Felix and Zhang, Shikun}}, booktitle = {{2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)}}, isbn = {{9781728141367}}, keywords = {{Program Analysis, Android App Analysis, Taint Analysis, App Merging, Benchmark}}, title = {{{Android App Merging for Benchmark Speed-Up and Analysis Lift-Up}}}, doi = {{10.1109/asew.2019.00019}}, year = {{2019}}, } @misc{15920, abstract = {{Secure hardware design is the most important aspect to be considered in addition to functional correctness. Achieving hardware security in today’s globalized Integrated Cir- cuit(IC) supply chain is a challenging task. One solution that is widely considered to help achieve secure hardware designs is Information Flow Tracking(IFT). It provides an ap- proach to verify that the systems adhere to security properties either by static verification during design phase or dynamic checking during runtime. Proof-Carrying Hardware(PCH) is an approach to verify a functional design prior to using it in hardware. It is a two-party verification approach, where the target party, the consumer requests new functionalities with pre-defined properties to the producer. In response, the producer designs the IP (Intellectual Property) cores with the requested functionalities that adhere to the consumer-defined properties. The producer provides the IP cores and a proof certificate combined into a proof-carrying bitstream to the consumer to verify it. If the verification is successful, the consumer can use the IP cores in his hardware. In essence, the consumer can only run verified IP cores. Correctly applied, PCH techniques can help consumers to defend against many unintentional modifications and malicious alterations of the modules they receive. There are numerous published examples of how to use PCH to detect any change in the functionality of a circuit, i.e., pairing a PCH approach with functional equivalence checking for combinational or sequential circuits. For non-functional properties, since opening new covert channels to leak secret information from secure circuits is a viable attack vector for hardware trojans, i.e., intentionally added malicious circuitry, IFT technique is employed to make sure that secret/untrusted information never reaches any unclassified/trusted outputs. This master thesis aims to explore the possibility of adapting Information Flow Tracking into a Proof-Carrying Hardware scenario. It aims to create a method that combines Infor- mation Flow Tracking(IFT) with a PCH approach at bitstream level enabling consumers to validate the trustworthiness of a module’s information flow without the computational costs of a complete flow analysis.}}, author = {{Keerthipati, Monica}}, publisher = {{Universität Paderborn}}, title = {{{A Bitstream-Level Proof-Carrying Hardware Technique for Information Flow Tracking}}}, year = {{2019}}, } @article{14896, author = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}}, issn = {{0098-5589}}, journal = {{IEEE Transactions on Software Engineering}}, pages = {{1--1}}, title = {{{ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules}}}, doi = {{10.1109/tse.2019.2931331}}, year = {{2019}}, } @inproceedings{10093, author = {{Beyer, Dirk and Jakobs, Marie-Christine and Lemberger, Thomas and Wehrheim, Heike}}, booktitle = {{Software Engineering and Software Management (SE/SWM 2019), Stuttgart, Germany, February 18-22, 2019}}, editor = {{Becker, Steffen and Bogicevic, Ivan and Herzwurm, Georg and Wagner, Stefan}}, pages = {{151----152}}, publisher = {{GI}}, title = {{{Combining Verifiers in Conditional Model Checking via Reducers}}}, doi = {{10.18420/se2019-46}}, volume = {{P-292}}, year = {{2019}}, } @inproceedings{10095, author = {{Richter, Cedric and Wehrheim, Heike}}, booktitle = {{Tools and Algorithms for the Construction and Analysis of Systems - 25 Years of {TACAS:} TOOLympics, Held as Part of {ETAPS} 2019, Prague, Czech Republic, April 6-11, 2019, Proceedings, Part {III}}}, editor = {{Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard}}, pages = {{229--233}}, publisher = {{Springer}}, title = {{{PeSCo: Predicting Sequential Combinations of Verifiers - (Competition Contribution)}}}, doi = {{10.1007/978-3-030-17502-3_19}}, volume = {{11429}}, year = {{2019}}, }