[{"title":"Model Generation For Java Frameworks","user_id":"15249","date_created":"2023-02-06T10:37:23Z","status":"public","publication":"IEEE International Conference on Software Testing, Verification and Validation (ICST)","department":[{"_id":"76"},{"_id":"662"}],"author":[{"last_name":"Luo","first_name":"Linghui","full_name":"Luo, Linghui"},{"id":"41936","last_name":"Piskachev","orcid":"0000-0003-4424-5838","full_name":"Piskachev, Goran","first_name":"Goran"},{"id":"78060","last_name":"Krishnamurthy","full_name":"Krishnamurthy, Ranjith","orcid":"0000-0002-0906-5463","first_name":"Ranjith"},{"full_name":"Dolby, Julian","first_name":"Julian","last_name":"Dolby"},{"first_name":"Martin","full_name":"Schäf, Martin","last_name":"Schäf"},{"first_name":"Eric","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","id":"59256"}],"_id":"41812","date_updated":"2023-02-06T10:42:29Z","citation":{"ieee":"L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden, “Model Generation For Java Frameworks,” 2023.","short":"L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, E. Bodden, in: IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023.","bibtex":"@inproceedings{Luo_Piskachev_Krishnamurthy_Dolby_Schäf_Bodden_2023, title={Model Generation For Java Frameworks}, booktitle={IEEE International Conference on Software Testing, Verification and Validation (ICST)}, author={Luo, Linghui and Piskachev, Goran and Krishnamurthy, Ranjith and Dolby, Julian and Schäf, Martin and Bodden, Eric}, year={2023} }","mla":"Luo, Linghui, et al. “Model Generation For Java Frameworks.” IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023.","apa":"Luo, L., Piskachev, G., Krishnamurthy, R., Dolby, J., Schäf, M., & Bodden, E. (2023). Model Generation For Java Frameworks. IEEE International Conference on Software Testing, Verification and Validation (ICST).","ama":"Luo L, Piskachev G, Krishnamurthy R, Dolby J, Schäf M, Bodden E. Model Generation For Java Frameworks. In: IEEE International Conference on Software Testing, Verification and Validation (ICST). ; 2023.","chicago":"Luo, Linghui, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin Schäf, and Eric Bodden. “Model Generation For Java Frameworks.” In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023."},"type":"conference","year":"2023","language":[{"iso":"eng"}]},{"year":"2023","citation":{"short":"R. Trentinaglia, S. Merschjohann, M. Fockel, H. Eikerling, in: REFSQ 2023: Requirements Engineering: Foundation for Software Quality, Springer Nature Switzerland, Cham, 2023.","ieee":"R. Trentinaglia, S. Merschjohann, M. Fockel, and H. Eikerling, “Eliciting Security Requirements – An Experience Report,” 2023, doi: 10.1007/978-3-031-29786-1_25.","apa":"Trentinaglia, R., Merschjohann, S., Fockel, M., & Eikerling, H. (2023). Eliciting Security Requirements – An Experience Report. REFSQ 2023: Requirements Engineering: Foundation for Software Quality. https://doi.org/10.1007/978-3-031-29786-1_25","ama":"Trentinaglia R, Merschjohann S, Fockel M, Eikerling H. Eliciting Security Requirements – An Experience Report. In: REFSQ 2023: Requirements Engineering: Foundation for Software Quality. Springer Nature Switzerland; 2023. doi:10.1007/978-3-031-29786-1_25","chicago":"Trentinaglia, Roman, Sven Merschjohann, Markus Fockel, and Hendrik Eikerling. “Eliciting Security Requirements – An Experience Report.” In REFSQ 2023: Requirements Engineering: Foundation for Software Quality. Cham: Springer Nature Switzerland, 2023. https://doi.org/10.1007/978-3-031-29786-1_25.","mla":"Trentinaglia, Roman, et al. “Eliciting Security Requirements – An Experience Report.” REFSQ 2023: Requirements Engineering: Foundation for Software Quality, Springer Nature Switzerland, 2023, doi:10.1007/978-3-031-29786-1_25.","bibtex":"@inproceedings{Trentinaglia_Merschjohann_Fockel_Eikerling_2023, place={Cham}, title={Eliciting Security Requirements – An Experience Report}, DOI={10.1007/978-3-031-29786-1_25}, booktitle={REFSQ 2023: Requirements Engineering: Foundation for Software Quality}, publisher={Springer Nature Switzerland}, author={Trentinaglia, Roman and Merschjohann, Sven and Fockel, Markus and Eikerling, Hendrik}, year={2023} }"},"type":"conference","language":[{"iso":"eng"}],"doi":"10.1007/978-3-031-29786-1_25","date_updated":"2023-04-04T12:51:41Z","_id":"43395","publication_status":"published","publication_identifier":{"issn":["0302-9743","1611-3349"],"isbn":["9783031297854","9783031297861"]},"date_created":"2023-04-04T12:47:31Z","status":"public","publication":"REFSQ 2023: Requirements Engineering: Foundation for Software Quality","department":[{"_id":"241"},{"_id":"662"}],"publisher":"Springer Nature Switzerland","author":[{"full_name":"Trentinaglia, Roman","orcid":"0000-0001-9728-4991","first_name":"Roman","id":"49934","last_name":"Trentinaglia"},{"first_name":"Sven","full_name":"Merschjohann, Sven","last_name":"Merschjohann","id":"11394"},{"first_name":"Markus","full_name":"Fockel, Markus","orcid":"0000-0002-1269-0702","last_name":"Fockel","id":"8472"},{"full_name":"Eikerling, Hendrik","first_name":"Hendrik","id":"29279","last_name":"Eikerling"}],"title":"Eliciting Security Requirements – An Experience Report","user_id":"8472","place":"Cham"},{"title":"Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study","department":[{"_id":"76"},{"_id":"662"}],"publication_identifier":{"issn":["1382-3256","1573-7616"]},"publication_status":"published","date_updated":"2023-12-04T11:29:49Z","doi":"10.1007/s10664-023-10354-3","language":[{"iso":"eng"}],"abstract":[{"text":"AbstractThe use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, Fortify and CheckMarx, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope.","lang":"eng"}],"user_id":"15249","publisher":"Springer Science and Business Media LLC","author":[{"id":"41936","last_name":"Piskachev","orcid":"0000-0003-4424-5838","full_name":"Piskachev, Goran","first_name":"Goran"},{"last_name":"Becker","id":"4870","first_name":"Matthias","orcid":"https://orcid.org/0000-0003-2465-9347","full_name":"Becker, Matthias"},{"last_name":"Bodden","id":"59256","first_name":"Eric","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric"}],"publication":"Empirical Software Engineering","keyword":["Software"],"status":"public","date_created":"2023-12-04T11:14:34Z","volume":28,"intvolume":" 28","_id":"49439","issue":"5","article_number":"118","citation":{"ieee":"G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study,” Empirical Software Engineering, vol. 28, no. 5, Art. no. 118, 2023, doi: 10.1007/s10664-023-10354-3.","short":"G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023).","mla":"Piskachev, Goran, et al. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” Empirical Software Engineering, vol. 28, no. 5, 118, Springer Science and Business Media LLC, 2023, doi:10.1007/s10664-023-10354-3.","bibtex":"@article{Piskachev_Becker_Bodden_2023, title={Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study}, volume={28}, DOI={10.1007/s10664-023-10354-3}, number={5118}, journal={Empirical Software Engineering}, publisher={Springer Science and Business Media LLC}, author={Piskachev, Goran and Becker, Matthias and Bodden, Eric}, year={2023} }","chicago":"Piskachev, Goran, Matthias Becker, and Eric Bodden. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” Empirical Software Engineering 28, no. 5 (2023). https://doi.org/10.1007/s10664-023-10354-3.","ama":"Piskachev G, Becker M, Bodden E. Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. Empirical Software Engineering. 2023;28(5). doi:10.1007/s10664-023-10354-3","apa":"Piskachev, G., Becker, M., & Bodden, E. (2023). Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. Empirical Software Engineering, 28(5), Article 118. https://doi.org/10.1007/s10664-023-10354-3"},"year":"2023","type":"journal_article"},{"author":[{"orcid":"0000-0002-1269-0702","full_name":"Fockel, Markus","first_name":"Markus","id":"8472","last_name":"Fockel"},{"first_name":"David","full_name":"Schubert, David","last_name":"Schubert","id":"9106"},{"full_name":"Trentinaglia, Roman","orcid":"0000-0001-9728-4991","first_name":"Roman","id":"49934","last_name":"Trentinaglia"},{"first_name":"Hannes","full_name":"Schulz, Hannes","last_name":"Schulz"},{"first_name":"Wolfgang","full_name":"Kirmair, Wolfgang","last_name":"Kirmair"}],"publisher":"SCITEPRESS - Science and Technology Publications","publication":"Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development","department":[{"_id":"241"},{"_id":"662"}],"publication_status":"published","status":"public","date_created":"2022-02-15T08:07:15Z","title":"Semi-automatic Integrated Safety and Security Analysis for Automotive Systems","user_id":"49934","type":"conference","citation":{"bibtex":"@inproceedings{Fockel_Schubert_Trentinaglia_Schulz_Kirmair_2022, title={Semi-automatic Integrated Safety and Security Analysis for Automotive Systems}, DOI={10.5220/0010778500003119}, booktitle={Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}, publisher={SCITEPRESS - Science and Technology Publications}, author={Fockel, Markus and Schubert, David and Trentinaglia, Roman and Schulz, Hannes and Kirmair, Wolfgang}, year={2022} }","mla":"Fockel, Markus, et al. “Semi-Automatic Integrated Safety and Security Analysis for Automotive Systems.” Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development, SCITEPRESS - Science and Technology Publications, 2022, doi:10.5220/0010778500003119.","chicago":"Fockel, Markus, David Schubert, Roman Trentinaglia, Hannes Schulz, and Wolfgang Kirmair. “Semi-Automatic Integrated Safety and Security Analysis for Automotive Systems.” In Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. SCITEPRESS - Science and Technology Publications, 2022. https://doi.org/10.5220/0010778500003119.","apa":"Fockel, M., Schubert, D., Trentinaglia, R., Schulz, H., & Kirmair, W. (2022). Semi-automatic Integrated Safety and Security Analysis for Automotive Systems. Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. https://doi.org/10.5220/0010778500003119","ama":"Fockel M, Schubert D, Trentinaglia R, Schulz H, Kirmair W. Semi-automatic Integrated Safety and Security Analysis for Automotive Systems. In: Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. SCITEPRESS - Science and Technology Publications; 2022. doi:10.5220/0010778500003119","ieee":"M. Fockel, D. Schubert, R. Trentinaglia, H. Schulz, and W. Kirmair, “Semi-automatic Integrated Safety and Security Analysis for Automotive Systems,” 2022, doi: 10.5220/0010778500003119.","short":"M. Fockel, D. Schubert, R. Trentinaglia, H. Schulz, W. Kirmair, in: Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development, SCITEPRESS - Science and Technology Publications, 2022."},"year":"2022","language":[{"iso":"eng"}],"_id":"29847","date_updated":"2022-02-15T08:14:07Z","doi":"10.5220/0010778500003119"},{"doi":"10.5220/0010783300003119","_id":"29844","date_updated":"2022-02-15T07:48:53Z","language":[{"iso":"eng"}],"type":"conference","citation":{"short":"T. Koch, S. Trippel, S. Dziwok, E. Bodden, in: Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development, SCITEPRESS - Science and Technology Publications, 2022.","ieee":"T. Koch, S. Trippel, S. Dziwok, and E. Bodden, “Integrating Security Protocols in Scenario-based Requirements Specifications,” 2022, doi: 10.5220/0010783300003119.","apa":"Koch, T., Trippel, S., Dziwok, S., & Bodden, E. (2022). Integrating Security Protocols in Scenario-based Requirements Specifications. Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. https://doi.org/10.5220/0010783300003119","ama":"Koch T, Trippel S, Dziwok S, Bodden E. Integrating Security Protocols in Scenario-based Requirements Specifications. In: Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. SCITEPRESS - Science and Technology Publications; 2022. doi:10.5220/0010783300003119","chicago":"Koch, Thorsten, Sascha Trippel, Stefan Dziwok, and Eric Bodden. “Integrating Security Protocols in Scenario-Based Requirements Specifications.” In Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development. SCITEPRESS - Science and Technology Publications, 2022. https://doi.org/10.5220/0010783300003119.","bibtex":"@inproceedings{Koch_Trippel_Dziwok_Bodden_2022, title={Integrating Security Protocols in Scenario-based Requirements Specifications}, DOI={10.5220/0010783300003119}, booktitle={Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}, publisher={SCITEPRESS - Science and Technology Publications}, author={Koch, Thorsten and Trippel, Sascha and Dziwok, Stefan and Bodden, Eric}, year={2022} }","mla":"Koch, Thorsten, et al. “Integrating Security Protocols in Scenario-Based Requirements Specifications.” Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development, SCITEPRESS - Science and Technology Publications, 2022, doi:10.5220/0010783300003119."},"year":"2022","user_id":"13616","title":"Integrating Security Protocols in Scenario-based Requirements Specifications","status":"public","date_created":"2022-02-15T07:47:51Z","publication_status":"published","publisher":"SCITEPRESS - Science and Technology Publications","author":[{"full_name":"Koch, Thorsten","first_name":"Thorsten","id":"13616","last_name":"Koch"},{"full_name":"Trippel, Sascha","first_name":"Sascha","last_name":"Trippel"},{"full_name":"Dziwok, Stefan","orcid":"http://orcid.org/0000-0002-8679-6673","first_name":"Stefan","id":"3901","last_name":"Dziwok"},{"last_name":"Bodden","id":"59256","first_name":"Eric","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric"}],"publication":"Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development","department":[{"_id":"241"},{"_id":"662"}]},{"year":"2022","type":"conference","citation":{"short":"R. Trentinaglia, in: Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings, ACM, 2022.","ieee":"R. Trentinaglia, “Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns,” 2022, doi: 10.1145/3550356.3558508.","ama":"Trentinaglia R. Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns. In: Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings. ACM; 2022. doi:10.1145/3550356.3558508","apa":"Trentinaglia, R. (2022). Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns. Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings. https://doi.org/10.1145/3550356.3558508","chicago":"Trentinaglia, Roman. “Deriving Model-Based Safety and Security Assurance Cases from Design Rationale of Countermeasure Patterns.” In Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings. ACM, 2022. https://doi.org/10.1145/3550356.3558508.","bibtex":"@inproceedings{Trentinaglia_2022, title={Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns}, DOI={10.1145/3550356.3558508}, booktitle={Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings}, publisher={ACM}, author={Trentinaglia, Roman}, year={2022} }","mla":"Trentinaglia, Roman. “Deriving Model-Based Safety and Security Assurance Cases from Design Rationale of Countermeasure Patterns.” Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings, ACM, 2022, doi:10.1145/3550356.3558508."},"doi":"10.1145/3550356.3558508","date_updated":"2022-12-09T08:51:54Z","_id":"34298","publication_status":"published","status":"public","date_created":"2022-12-09T08:50:22Z","author":[{"last_name":"Trentinaglia","full_name":"Trentinaglia, Roman","first_name":"Roman"}],"publisher":"ACM","publication":"Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings","department":[{"_id":"241"},{"_id":"662"}],"title":"Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns","user_id":"49934"},{"_id":"31071","date_updated":"2022-05-05T14:09:41Z","doi":"10.1007/s10270-022-01002-3","year":"2022","type":"journal_article","citation":{"ama":"Holtmann J, Deantoni J, Fockel M. Early timing analysis based on scenario requirements and platform models. Software and Systems Modeling. Published online 2022. doi:10.1007/s10270-022-01002-3","apa":"Holtmann, J., Deantoni, J., & Fockel, M. (2022). Early timing analysis based on scenario requirements and platform models. Software and Systems Modeling. https://doi.org/10.1007/s10270-022-01002-3","chicago":"Holtmann, Jörg, Julien Deantoni, and Markus Fockel. “Early Timing Analysis Based on Scenario Requirements and Platform Models.” Software and Systems Modeling, 2022. https://doi.org/10.1007/s10270-022-01002-3.","bibtex":"@article{Holtmann_Deantoni_Fockel_2022, title={Early timing analysis based on scenario requirements and platform models}, DOI={10.1007/s10270-022-01002-3}, journal={Software and Systems Modeling}, publisher={Springer Science and Business Media LLC}, author={Holtmann, Jörg and Deantoni, Julien and Fockel, Markus}, year={2022} }","mla":"Holtmann, Jörg, et al. “Early Timing Analysis Based on Scenario Requirements and Platform Models.” Software and Systems Modeling, Springer Science and Business Media LLC, 2022, doi:10.1007/s10270-022-01002-3.","short":"J. Holtmann, J. Deantoni, M. Fockel, Software and Systems Modeling (2022).","ieee":"J. Holtmann, J. Deantoni, and M. Fockel, “Early timing analysis based on scenario requirements and platform models,” Software and Systems Modeling, 2022, doi: 10.1007/s10270-022-01002-3."},"language":[{"iso":"eng"}],"abstract":[{"lang":"eng","text":"Distributed, software-intensive systems (e.g., in the automotive sector) must fulfill communication requirements under hard real-time constraints. The requirements have to be documented and validated carefully using a systematic requirements engineering (RE) approach, for example, by applying scenario-based requirements notations. The resources of the execution platforms and their properties (e.g., CPU frequency or bus throughput) induce effects on the timing behavior, which may lead to violations of the real-time requirements. Nowadays, the platform properties and their induced timing effects are verified against the real-time requirements by means of timing analysis techniques mostly implemented in commercial-off-the-shelf tools. However, such timing analyses are conducted in late development phases since they rely on artifacts produced during these phases (e.g., the platform-specific code). In order to enable early timing analyses already during RE, we extend a scenario-based requirements notation with allocation means to platform models and define operational semantics for the purpose of simulation-based, platform-aware timing analyses. We illustrate and evaluate the approach with an automotive software-intensive system."}],"title":"Early timing analysis based on scenario requirements and platform models","user_id":"8472","keyword":["Modeling and Simulation","Software"],"department":[{"_id":"241"},{"_id":"662"}],"publication":"Software and Systems Modeling","author":[{"last_name":"Holtmann","id":"3875","first_name":"Jörg","orcid":"0000-0001-6141-4571","full_name":"Holtmann, Jörg"},{"last_name":"Deantoni","full_name":"Deantoni, Julien","first_name":"Julien"},{"id":"8472","last_name":"Fockel","orcid":"0000-0002-1269-0702","full_name":"Fockel, Markus","first_name":"Markus"}],"publisher":"Springer Science and Business Media LLC","publication_identifier":{"issn":["1619-1366","1619-1374"]},"publication_status":"published","date_created":"2022-05-05T14:05:32Z","status":"public"},{"language":[{"iso":"eng"}],"year":"2022","citation":{"ieee":"G. Piskachev, J. Späth, I. Budde, and E. Bodden, “Fluently specifying taint-flow queries with fluentTQL,” Empirical Software Engineering, vol. 27, no. 5, pp. 1–33, 2022.","short":"G. Piskachev, J. Späth, I. Budde, E. Bodden, Empirical Software Engineering 27 (2022) 1–33.","bibtex":"@article{Piskachev_Späth_Budde_Bodden_2022, title={Fluently specifying taint-flow queries with fluentTQL}, volume={27}, number={5}, journal={Empirical Software Engineering}, publisher={Springer}, author={Piskachev, Goran and Späth, Johannes and Budde, Ingo and Bodden, Eric}, year={2022}, pages={1–33} }","mla":"Piskachev, Goran, et al. “Fluently Specifying Taint-Flow Queries with FluentTQL.” Empirical Software Engineering, vol. 27, no. 5, Springer, 2022, pp. 1–33.","apa":"Piskachev, G., Späth, J., Budde, I., & Bodden, E. (2022). Fluently specifying taint-flow queries with fluentTQL. Empirical Software Engineering, 27(5), 1–33.","ama":"Piskachev G, Späth J, Budde I, Bodden E. Fluently specifying taint-flow queries with fluentTQL. Empirical Software Engineering. 2022;27(5):1–33.","chicago":"Piskachev, Goran, Johannes Späth, Ingo Budde, and Eric Bodden. “Fluently Specifying Taint-Flow Queries with FluentTQL.” Empirical Software Engineering 27, no. 5 (2022): 1–33."},"type":"journal_article","page":"1–33","issue":"5","_id":"33836","intvolume":" 27","date_updated":"2022-10-20T12:36:23Z","status":"public","date_created":"2022-10-20T12:34:04Z","volume":27,"author":[{"last_name":"Piskachev","id":"41936","first_name":"Goran","full_name":"Piskachev, Goran","orcid":"0000-0003-4424-5838"},{"last_name":"Späth","first_name":"Johannes","full_name":"Späth, Johannes"},{"first_name":"Ingo","orcid":"https://orcid.org/0000-0003-0124-6291","full_name":"Budde, Ingo","last_name":"Budde","id":"13693"},{"orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","first_name":"Eric","id":"59256","last_name":"Bodden"}],"publisher":"Springer","publication":"Empirical Software Engineering","department":[{"_id":"76"},{"_id":"662"}],"user_id":"15249","title":"Fluently specifying taint-flow queries with fluentTQL"},{"date_updated":"2022-10-20T12:38:32Z","_id":"33838","language":[{"iso":"eng"}],"type":"conference","year":"2022","citation":{"short":"R. Krishnamurthy, G. Piskachev, E. Bodden, (2022).","ieee":"R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze Kotlin programs using existing Java taint analysis tools?” 2022.","ama":"Krishnamurthy R, Piskachev G, Bodden E. To what extent can we analyze Kotlin programs using existing Java taint analysis tools? Published online 2022.","apa":"Krishnamurthy, R., Piskachev, G., & Bodden, E. (2022). To what extent can we analyze Kotlin programs using existing Java taint analysis tools?","chicago":"Krishnamurthy, Ranjith, Goran Piskachev, and Eric Bodden. “To What Extent Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools?” IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2022.","bibtex":"@article{Krishnamurthy_Piskachev_Bodden_2022, series={IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)}, title={To what extent can we analyze Kotlin programs using existing Java taint analysis tools?}, author={Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric}, year={2022}, collection={IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)} }","mla":"Krishnamurthy, Ranjith, et al. To What Extent Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools? 2022."},"series_title":"IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)","user_id":"15249","title":"To what extent can we analyze Kotlin programs using existing Java taint analysis tools?","status":"public","date_created":"2022-10-20T12:38:09Z","author":[{"id":"78060","last_name":"Krishnamurthy","orcid":"0000-0002-0906-5463","full_name":"Krishnamurthy, Ranjith","first_name":"Ranjith"},{"id":"41936","last_name":"Piskachev","orcid":"0000-0003-4424-5838","full_name":"Piskachev, Goran","first_name":"Goran"},{"id":"59256","last_name":"Bodden","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","first_name":"Eric"}],"department":[{"_id":"76"},{"_id":"662"}]},{"type":"conference","citation":{"short":"G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, E. Bodden, (2022).","ieee":"G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far are German companies in improving security through static program analysis tools?” 2022.","apa":"Piskachev, G., Dziwok, S., Koch, T., Merschjohann, S., & Bodden, E. (2022). How far are German companies in improving security through static program analysis tools?","ama":"Piskachev G, Dziwok S, Koch T, Merschjohann S, Bodden E. How far are German companies in improving security through static program analysis tools? Published online 2022.","chicago":"Piskachev, Goran, Stefan Dziwok, Thorsten Koch, Sven Merschjohann, and Eric Bodden. “How Far Are German Companies in Improving Security through Static Program Analysis Tools?” IEEE Secure Development Conference (SecDev), 2022.","bibtex":"@article{Piskachev_Dziwok_Koch_Merschjohann_Bodden_2022, series={IEEE Secure Development Conference (SecDev)}, title={How far are German companies in improving security through static program analysis tools?}, author={Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}, year={2022}, collection={IEEE Secure Development Conference (SecDev)} }","mla":"Piskachev, Goran, et al. How Far Are German Companies in Improving Security through Static Program Analysis Tools? 2022."},"year":"2022","language":[{"iso":"eng"}],"series_title":"IEEE Secure Development Conference (SecDev)","date_updated":"2022-10-20T12:37:44Z","_id":"33837","date_created":"2022-10-20T12:37:14Z","status":"public","department":[{"_id":"76"},{"_id":"662"}],"author":[{"orcid":"0000-0003-4424-5838","full_name":"Piskachev, Goran","first_name":"Goran","id":"41936","last_name":"Piskachev"},{"orcid":"http://orcid.org/0000-0002-8679-6673","full_name":"Dziwok, Stefan","first_name":"Stefan","id":"3901","last_name":"Dziwok"},{"full_name":"Koch, Thorsten","first_name":"Thorsten","id":"13616","last_name":"Koch"},{"last_name":"Merschjohann","id":"11394","first_name":"Sven","full_name":"Merschjohann, Sven"},{"full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","first_name":"Eric","id":"59256","last_name":"Bodden"}],"title":"How far are German companies in improving security through static program analysis tools?","user_id":"15249"},{"language":[{"iso":"eng"}],"series_title":"Lecture Notes in Informatics (LNI)","doi":"10.18420/SE2021_18","date_updated":"2022-01-06T06:54:54Z","publication_identifier":{"eisbn":["978-3-88579-704-3"]},"editor":[{"full_name":"Koziolek, Anne","first_name":"Anne","last_name":"Koziolek"},{"full_name":"Schaefer, Ina","first_name":"Ina","last_name":"Schaefer"},{"full_name":"Seidl, Christoph","first_name":"Christoph","last_name":"Seidl"}],"department":[{"_id":"241"},{"_id":"662"}],"title":"Cutting through the Jungle: Disambiguating Model-based Traceability Terminology (Extended Abstract)","page":"59-60","citation":{"ieee":"J. Holtmann, J.-P. Steghöfer, M. Rath, and D. Schmelter, “Cutting through the Jungle: Disambiguating Model-based Traceability Terminology (Extended Abstract),” in Software Engineering 2021, Remote / Braunschweig, Germany , 2021, vol. P-310, pp. 59–60.","short":"J. Holtmann, J.-P. Steghöfer, M. Rath, D. Schmelter, in: A. Koziolek, I. Schaefer, C. Seidl (Eds.), Software Engineering 2021, 2021, pp. 59–60.","bibtex":"@inproceedings{Holtmann_Steghöfer_Rath_Schmelter_2021, series={Lecture Notes in Informatics (LNI)}, title={Cutting through the Jungle: Disambiguating Model-based Traceability Terminology (Extended Abstract)}, volume={P-310}, DOI={10.18420/SE2021_18}, booktitle={Software Engineering 2021}, author={Holtmann, Jörg and Steghöfer, Jan-Phillipp and Rath, Michael and Schmelter, David}, editor={Koziolek, Anne and Schaefer, Ina and Seidl, ChristophEditors}, year={2021}, pages={59–60}, collection={Lecture Notes in Informatics (LNI)} }","mla":"Holtmann, Jörg, et al. “Cutting through the Jungle: Disambiguating Model-Based Traceability Terminology (Extended Abstract).” Software Engineering 2021, edited by Anne Koziolek et al., vol. P-310, 2021, pp. 59–60, doi:10.18420/SE2021_18.","apa":"Holtmann, J., Steghöfer, J.-P., Rath, M., & Schmelter, D. (2021). Cutting through the Jungle: Disambiguating Model-based Traceability Terminology (Extended Abstract). In A. Koziolek, I. Schaefer, & C. Seidl (Eds.), Software Engineering 2021 (Vol. P-310, pp. 59–60). Remote / Braunschweig, Germany . https://doi.org/10.18420/SE2021_18","ama":"Holtmann J, Steghöfer J-P, Rath M, Schmelter D. Cutting through the Jungle: Disambiguating Model-based Traceability Terminology (Extended Abstract). In: Koziolek A, Schaefer I, Seidl C, eds. Software Engineering 2021. Vol P-310. Lecture Notes in Informatics (LNI). ; 2021:59-60. doi:10.18420/SE2021_18","chicago":"Holtmann, Jörg, Jan-Phillipp Steghöfer, Michael Rath, and David Schmelter. “Cutting through the Jungle: Disambiguating Model-Based Traceability Terminology (Extended Abstract).” In Software Engineering 2021, edited by Anne Koziolek, Ina Schaefer, and Christoph Seidl, P-310:59–60. Lecture Notes in Informatics (LNI), 2021. https://doi.org/10.18420/SE2021_18."},"year":"2021","type":"conference","conference":{"start_date":"2021-02-22","name":"Software Engineering 2021","location":"Remote / Braunschweig, Germany ","end_date":"2021-02-26"},"_id":"21326","volume":"P-310","date_created":"2021-03-01T09:36:39Z","status":"public","has_accepted_license":"1","file_date_updated":"2021-03-01T09:34:38Z","publication":"Software Engineering 2021","author":[{"first_name":"Jörg","full_name":"Holtmann, Jörg","orcid":"0000-0001-6141-4571","last_name":"Holtmann","id":"3875"},{"last_name":"Steghöfer","full_name":"Steghöfer, Jan-Phillipp","first_name":"Jan-Phillipp"},{"first_name":"Michael","full_name":"Rath, Michael","last_name":"Rath"},{"id":"40982","last_name":"Schmelter","orcid":"0000-0001-7787-5380","full_name":"Schmelter, David","first_name":"David"}],"file":[{"access_level":"closed","file_name":"HSRS21.pdf","date_created":"2021-03-01T09:34:38Z","success":1,"relation":"main_file","date_updated":"2021-03-01T09:34:38Z","content_type":"application/pdf","creator":"chrome","file_id":"21329","file_size":148240}],"ddc":["000"],"user_id":"40982"},{"oa":"1","doi":"10.3389/fcomp.2021.567873","date_updated":"2022-01-06T06:55:56Z","language":[{"iso":"eng"}],"title":"Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML","publication_status":"published","publication_identifier":{"issn":["2624-9898"]},"department":[{"_id":"241"},{"_id":"662"}],"_id":"23526","intvolume":" 3","citation":{"ieee":"D. Schubert, H. Eikerling, and J. Holtmann, “Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML,” Frontiers in Computer Science, vol. 3, 2021.","short":"D. Schubert, H. Eikerling, J. Holtmann, Frontiers in Computer Science 3 (2021).","bibtex":"@article{Schubert_Eikerling_Holtmann_2021, title={Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML}, volume={3}, DOI={10.3389/fcomp.2021.567873}, journal={Frontiers in Computer Science}, publisher={Frontiers Media}, author={Schubert, David and Eikerling, Hendrik and Holtmann, Jörg}, year={2021} }","mla":"Schubert, David, et al. “Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML.” Frontiers in Computer Science, vol. 3, Frontiers Media, 2021, doi:10.3389/fcomp.2021.567873.","apa":"Schubert, D., Eikerling, H., & Holtmann, J. (2021). Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML. Frontiers in Computer Science, 3. https://doi.org/10.3389/fcomp.2021.567873","ama":"Schubert D, Eikerling H, Holtmann J. Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML. Frontiers in Computer Science. 2021;3. doi:10.3389/fcomp.2021.567873","chicago":"Schubert, David, Hendrik Eikerling, and Jörg Holtmann. “Application-Aware Intrusion Detection: A Systematic Literature Review, Implications for Automotive Systems, and Applicability of AutoML.” Frontiers in Computer Science 3 (2021). https://doi.org/10.3389/fcomp.2021.567873."},"type":"journal_article","year":"2021","main_file_link":[{"url":"https://www.frontiersin.org/articles/10.3389/fcomp.2021.567873/full","open_access":"1"}],"user_id":"29279","abstract":[{"text":"Modern and flexible application-level software platforms increase the attack surface of connected vehicles and thereby require automotive engineers to adopt additional security control techniques. These techniques encompass host-based intrusion detection systems (HIDSs) that detect suspicious activities in application contexts. Such application-aware HIDSs originate in information and communications technology systems and have a great potential to deal with the flexible nature of application-level software platforms. However, the elementary characteristics of known application-aware HIDS approaches and thereby the implications for their transfer to the automotive sector are unclear. In previous work, we presented a systematic literature review (SLR) covering the state of the art of application-aware HIDS approaches. We synthesized our findings by means of a fine-grained classification for each approach specified through a feature model and corresponding variant models. These models represent the approaches’ elementary characteristics. Furthermore, we summarized key findings and inferred implications for the transfer of application-aware HIDSs to the automotive sector. In this article, we extend the previous work by several aspects. We adjust the quality evaluation process within the SLR to be able to consider high quality conference publications, which results in an extended final pool of publications. For supporting HIDS developers on the task of configuring HIDS analysis techniques based on machine learning, we report on initial results on the applicability of AutoML. Furthermore, we present lessons learned regarding the application of the feature and variant model approach for SLRs. Finally, we more thoroughly describe the SLR study design.","lang":"eng"}],"status":"public","date_created":"2021-08-26T09:53:54Z","volume":3,"author":[{"last_name":"Schubert","id":"9106","first_name":"David","full_name":"Schubert, David"},{"first_name":"Hendrik","full_name":"Eikerling, Hendrik","last_name":"Eikerling","id":"29279"},{"orcid":"0000-0001-6141-4571","full_name":"Holtmann, Jörg","first_name":"Jörg","id":"3875","last_name":"Holtmann"}],"publisher":"Frontiers Media","publication":"Frontiers in Computer Science"},{"author":[{"id":"3901","last_name":"Dziwok","orcid":"http://orcid.org/0000-0002-8679-6673","full_name":"Dziwok, Stefan","first_name":"Stefan"},{"id":"13616","last_name":"Koch","full_name":"Koch, Thorsten","first_name":"Thorsten"},{"first_name":"Sven","full_name":"Merschjohann, Sven","last_name":"Merschjohann","id":"11394"},{"last_name":"Budweg","first_name":"Boris","full_name":"Budweg, Boris"},{"first_name":"Sebastian","full_name":"Leuer, Sebastian","last_name":"Leuer"}],"department":[{"_id":"241"},{"_id":"662"}],"publication":"arXiv:2108.11752","status":"public","date_created":"2021-08-27T04:57:00Z","abstract":[{"lang":"eng","text":"In recent years, the World Economic Forum has identified software security as\r\nthe most significant technological risk to the world's population, as\r\nsoftware-intensive systems process critical data and provide critical services.\r\nThis raises the question of the extent to which German companies are addressing\r\nsoftware security in developing and operating their software products. This\r\npaper reports on the results of an extensive study among developers, product\r\nowners, and managers to answer this question. Our results show that ensuring\r\nsecurity is a multi-faceted challenge for companies, involving low awareness,\r\ninaccurate self-assessment, and a lack of competence on the topic of secure\r\nsoftware development among all stakeholders. The current situation in software\r\ndevelopment is therefore detrimental to the security of software products in\r\nthe medium and long term."}],"title":"AppSecure.nrw Software Security Study","user_id":"13616","citation":{"mla":"Dziwok, Stefan, et al. “AppSecure.Nrw Software Security Study.” ArXiv:2108.11752, 2021.","bibtex":"@article{Dziwok_Koch_Merschjohann_Budweg_Leuer_2021, title={AppSecure.nrw Software Security Study}, journal={arXiv:2108.11752}, author={Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Budweg, Boris and Leuer, Sebastian}, year={2021} }","ama":"Dziwok S, Koch T, Merschjohann S, Budweg B, Leuer S. AppSecure.nrw Software Security Study. arXiv:210811752. 2021.","apa":"Dziwok, S., Koch, T., Merschjohann, S., Budweg, B., & Leuer, S. (2021). AppSecure.nrw Software Security Study. ArXiv:2108.11752.","chicago":"Dziwok, Stefan, Thorsten Koch, Sven Merschjohann, Boris Budweg, and Sebastian Leuer. “AppSecure.Nrw Software Security Study.” ArXiv:2108.11752, 2021.","ieee":"S. Dziwok, T. Koch, S. Merschjohann, B. Budweg, and S. Leuer, “AppSecure.nrw Software Security Study,” arXiv:2108.11752. 2021.","short":"S. Dziwok, T. Koch, S. Merschjohann, B. Budweg, S. Leuer, ArXiv:2108.11752 (2021)."},"type":"preprint","year":"2021","language":[{"iso":"eng"}],"_id":"23534","date_updated":"2022-01-06T06:55:56Z"},{"title":"Qualitative and Quantitative Analysis of Callgraph Algorithms for Python","user_id":"5786","author":[{"last_name":"Kummita","full_name":"Kummita, Sriteja","first_name":"Sriteja"},{"first_name":"Goran","full_name":"Piskachev, Goran","last_name":"Piskachev"},{"first_name":"Johannes","full_name":"Spath, Johannes","last_name":"Spath"},{"last_name":"Bodden","full_name":"Bodden, Eric","first_name":"Eric"}],"department":[{"_id":"241"},{"_id":"662"},{"_id":"76"}],"publication":"2021 International Conference on Code Quality (ICCQ)","publication_status":"published","status":"public","date_created":"2021-08-09T12:01:11Z","date_updated":"2022-01-06T06:55:50Z","_id":"23374","doi":"10.1109/iccq51190.2021.9392986","type":"conference","citation":{"short":"S. Kummita, G. Piskachev, J. Spath, E. Bodden, in: 2021 International Conference on Code Quality (ICCQ), 2021.","ieee":"S. Kummita, G. Piskachev, J. Spath, and E. Bodden, “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python,” 2021, doi: 10.1109/iccq51190.2021.9392986.","chicago":"Kummita, Sriteja, Goran Piskachev, Johannes Spath, and Eric Bodden. “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python.” In 2021 International Conference on Code Quality (ICCQ), 2021. https://doi.org/10.1109/iccq51190.2021.9392986.","ama":"Kummita S, Piskachev G, Spath J, Bodden E. Qualitative and Quantitative Analysis of Callgraph Algorithms for Python. In: 2021 International Conference on Code Quality (ICCQ). ; 2021. doi:10.1109/iccq51190.2021.9392986","apa":"Kummita, S., Piskachev, G., Spath, J., & Bodden, E. (2021). Qualitative and Quantitative Analysis of Callgraph Algorithms for Python. 2021 International Conference on Code Quality (ICCQ). https://doi.org/10.1109/iccq51190.2021.9392986","mla":"Kummita, Sriteja, et al. “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python.” 2021 International Conference on Code Quality (ICCQ), 2021, doi:10.1109/iccq51190.2021.9392986.","bibtex":"@inproceedings{Kummita_Piskachev_Spath_Bodden_2021, title={Qualitative and Quantitative Analysis of Callgraph Algorithms for Python}, DOI={10.1109/iccq51190.2021.9392986}, booktitle={2021 International Conference on Code Quality (ICCQ)}, author={Kummita, Sriteja and Piskachev, Goran and Spath, Johannes and Bodden, Eric}, year={2021} }"},"year":"2021","language":[{"iso":"eng"}]},{"date_created":"2022-02-01T10:21:54Z","status":"public","publication_status":"published","publication":"2021 IEEE 29th International Requirements Engineering Conference (RE)","department":[{"_id":"241"},{"_id":"662"}],"publisher":"IEEE","author":[{"last_name":"Steghofer","first_name":"Jan-Philipp","full_name":"Steghofer, Jan-Philipp"},{"last_name":"Koopmann","first_name":"Bjorn","full_name":"Koopmann, Bjorn"},{"full_name":"Steffen Becker, Jan","first_name":"Jan","last_name":"Steffen Becker"},{"first_name":"Ingo","full_name":"Stierand, Ingo","last_name":"Stierand"},{"last_name":"Zeller","full_name":"Zeller, Marc","first_name":"Marc"},{"first_name":"Maria","full_name":"Bonner, Maria","last_name":"Bonner"},{"first_name":"David","full_name":"Schmelter, David","orcid":"0000-0001-7787-5380","last_name":"Schmelter","id":"40982"},{"last_name":"Maro","first_name":"Salome","full_name":"Maro, Salome"}],"user_id":"40982","title":"The MobSTr Dataset – An Exemplar for Traceability and Model-based Safety Assessment","language":[{"iso":"eng"}],"citation":{"chicago":"Steghofer, Jan-Philipp, Bjorn Koopmann, Jan Steffen Becker, Ingo Stierand, Marc Zeller, Maria Bonner, David Schmelter, and Salome Maro. “The MobSTr Dataset – An Exemplar for Traceability and Model-Based Safety Assessment.” In 2021 IEEE 29th International Requirements Engineering Conference (RE). IEEE, 2021. https://doi.org/10.1109/re51729.2021.00062.","apa":"Steghofer, J.-P., Koopmann, B., Steffen Becker, J., Stierand, I., Zeller, M., Bonner, M., Schmelter, D., & Maro, S. (2021). The MobSTr Dataset – An Exemplar for Traceability and Model-based Safety Assessment. 2021 IEEE 29th International Requirements Engineering Conference (RE). https://doi.org/10.1109/re51729.2021.00062","ama":"Steghofer J-P, Koopmann B, Steffen Becker J, et al. The MobSTr Dataset – An Exemplar for Traceability and Model-based Safety Assessment. In: 2021 IEEE 29th International Requirements Engineering Conference (RE). IEEE; 2021. doi:10.1109/re51729.2021.00062","bibtex":"@inproceedings{Steghofer_Koopmann_Steffen Becker_Stierand_Zeller_Bonner_Schmelter_Maro_2021, title={The MobSTr Dataset – An Exemplar for Traceability and Model-based Safety Assessment}, DOI={10.1109/re51729.2021.00062}, booktitle={2021 IEEE 29th International Requirements Engineering Conference (RE)}, publisher={IEEE}, author={Steghofer, Jan-Philipp and Koopmann, Bjorn and Steffen Becker, Jan and Stierand, Ingo and Zeller, Marc and Bonner, Maria and Schmelter, David and Maro, Salome}, year={2021} }","mla":"Steghofer, Jan-Philipp, et al. “The MobSTr Dataset – An Exemplar for Traceability and Model-Based Safety Assessment.” 2021 IEEE 29th International Requirements Engineering Conference (RE), IEEE, 2021, doi:10.1109/re51729.2021.00062.","short":"J.-P. Steghofer, B. Koopmann, J. Steffen Becker, I. Stierand, M. Zeller, M. Bonner, D. Schmelter, S. Maro, in: 2021 IEEE 29th International Requirements Engineering Conference (RE), IEEE, 2021.","ieee":"J.-P. Steghofer et al., “The MobSTr Dataset – An Exemplar for Traceability and Model-based Safety Assessment,” 2021, doi: 10.1109/re51729.2021.00062."},"type":"conference","year":"2021","doi":"10.1109/re51729.2021.00062","_id":"29715","date_updated":"2022-02-01T10:24:24Z"},{"year":"2021","citation":{"bibtex":"@inproceedings{Piskachev_Krishnamurthy_Bodden_2021, title={SecuCheck: Engineering configurable taint analysis for software developers}, booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}, author={Piskachev, Goran and Krishnamurthy, Ranjith and Bodden, Eric}, year={2021} }","mla":"Piskachev, Goran, et al. “SecuCheck: Engineering Configurable Taint Analysis for Software Developers.” 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.","chicago":"Piskachev, Goran, Ranjith Krishnamurthy, and Eric Bodden. “SecuCheck: Engineering Configurable Taint Analysis for Software Developers.” In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.","ama":"Piskachev G, Krishnamurthy R, Bodden E. SecuCheck: Engineering configurable taint analysis for software developers. In: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). ; 2021.","apa":"Piskachev, G., Krishnamurthy, R., & Bodden, E. (2021). SecuCheck: Engineering configurable taint analysis for software developers. 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM).","ieee":"G. Piskachev, R. Krishnamurthy, and E. Bodden, “SecuCheck: Engineering configurable taint analysis for software developers,” 2021.","short":"G. Piskachev, R. Krishnamurthy, E. Bodden, in: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021."},"type":"conference","language":[{"iso":"eng"}],"date_updated":"2022-10-20T12:44:31Z","_id":"26407","author":[{"first_name":"Goran","full_name":"Piskachev, Goran","orcid":"0000-0003-4424-5838","last_name":"Piskachev","id":"41936"},{"last_name":"Krishnamurthy","first_name":"Ranjith","full_name":"Krishnamurthy, Ranjith"},{"first_name":"Eric","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","last_name":"Bodden","id":"59256"}],"publication":"2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)","department":[{"_id":"76"},{"_id":"662"}],"status":"public","date_created":"2021-10-18T12:53:15Z","title":"SecuCheck: Engineering configurable taint analysis for software developers","user_id":"15249"},{"language":[{"iso":"eng"}],"year":"2020","type":"conference","citation":{"chicago":"Holtmann, Jörg, Jan-Philipp Steghofer, Michael Rath, and David Schmelter. “Cutting through the Jungle: Disambiguating Model-Based Traceability Terminology.” In 2020 IEEE 28th International Requirements Engineering Conference (RE). IEEE, 2020. https://doi.org/10.1109/re48521.2020.00014.","ama":"Holtmann J, Steghofer J-P, Rath M, Schmelter D. Cutting through the Jungle: Disambiguating Model-based Traceability Terminology. In: 2020 IEEE 28th International Requirements Engineering Conference (RE). IEEE; 2020. doi:10.1109/re48521.2020.00014","apa":"Holtmann, J., Steghofer, J.-P., Rath, M., & Schmelter, D. (2020). Cutting through the Jungle: Disambiguating Model-based Traceability Terminology. In 2020 IEEE 28th International Requirements Engineering Conference (RE). IEEE. https://doi.org/10.1109/re48521.2020.00014","mla":"Holtmann, Jörg, et al. “Cutting through the Jungle: Disambiguating Model-Based Traceability Terminology.” 2020 IEEE 28th International Requirements Engineering Conference (RE), IEEE, 2020, doi:10.1109/re48521.2020.00014.","bibtex":"@inproceedings{Holtmann_Steghofer_Rath_Schmelter_2020, title={Cutting through the Jungle: Disambiguating Model-based Traceability Terminology}, DOI={10.1109/re48521.2020.00014}, booktitle={2020 IEEE 28th International Requirements Engineering Conference (RE)}, publisher={IEEE}, author={Holtmann, Jörg and Steghofer, Jan-Philipp and Rath, Michael and Schmelter, David}, year={2020} }","short":"J. Holtmann, J.-P. Steghofer, M. Rath, D. Schmelter, in: 2020 IEEE 28th International Requirements Engineering Conference (RE), IEEE, 2020.","ieee":"J. Holtmann, J.-P. Steghofer, M. Rath, and D. Schmelter, “Cutting through the Jungle: Disambiguating Model-based Traceability Terminology,” in 2020 IEEE 28th International Requirements Engineering Conference (RE), 2020."},"date_updated":"2022-01-06T06:54:29Z","_id":"20516","doi":"10.1109/re48521.2020.00014","publication":"2020 IEEE 28th International Requirements Engineering Conference (RE)","department":[{"_id":"241"},{"_id":"662"}],"author":[{"last_name":"Holtmann","id":"3875","first_name":"Jörg","full_name":"Holtmann, Jörg","orcid":"0000-0001-6141-4571"},{"first_name":"Jan-Philipp","full_name":"Steghofer, Jan-Philipp","last_name":"Steghofer"},{"full_name":"Rath, Michael","first_name":"Michael","last_name":"Rath"},{"last_name":"Schmelter","id":"40982","first_name":"David","orcid":"0000-0001-7787-5380","full_name":"Schmelter, David"}],"publisher":"IEEE","date_created":"2020-11-26T10:14:24Z","status":"public","publication_status":"published","publication_identifier":{"isbn":["9781728174389"]},"abstract":[{"text":"Traceability, a classic requirements engineering topic, is increasingly used in the context of model-based engineering. However, researchers and practitioners lack a concise terminology to discuss aspects of requirements traceability in situations in which engineers heavily rely on models and model-based engineering. While others have previously surveyed the domain, no one has so far provided a clear, unambiguous set of terms that can be used to discuss traceability in such a context. We therefore set out to cut a path through the jungle of terminology for model-based traceability, ground it in established terminology from requirements engineering, and derive an unambiguous set of relevant terms. We also map the terminology used in existing primary and secondary studies to our taxonomy to show differences and commonalities. The contribution of this paper is thus a terminology for model-based traceability that allows requirements engineers and engineers working with models to unambiguously discuss their joint traceability efforts.","lang":"eng"}],"user_id":"40982","title":"Cutting through the Jungle: Disambiguating Model-based Traceability Terminology"},{"_id":"20518","date_updated":"2022-01-06T06:54:29Z","doi":"10.1145/3365438.3410946","language":[{"iso":"eng"}],"type":"conference","year":"2020","citation":{"bibtex":"@inproceedings{Koch_Dziwok_Holtmann_Bodden_2020, title={Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers}, DOI={10.1145/3365438.3410946}, booktitle={ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20)}, publisher={ACM}, author={Koch, Thorsten and Dziwok, Stefan and Holtmann, Jörg and Bodden, Eric}, year={2020} }","mla":"Koch, Thorsten, et al. “Scenario-Based Specification of Security Protocols and Transformation to Security Model Checkers.” ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20), ACM, 2020, doi:10.1145/3365438.3410946.","chicago":"Koch, Thorsten, Stefan Dziwok, Jörg Holtmann, and Eric Bodden. “Scenario-Based Specification of Security Protocols and Transformation to Security Model Checkers.” In ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). ACM, 2020. https://doi.org/10.1145/3365438.3410946.","ama":"Koch T, Dziwok S, Holtmann J, Bodden E. Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers. In: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). ACM; 2020. doi:10.1145/3365438.3410946","apa":"Koch, T., Dziwok, S., Holtmann, J., & Bodden, E. (2020). Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers. ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). https://doi.org/10.1145/3365438.3410946","ieee":"T. Koch, S. Dziwok, J. Holtmann, and E. Bodden, “Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers,” 2020, doi: 10.1145/3365438.3410946.","short":"T. Koch, S. Dziwok, J. Holtmann, E. Bodden, in: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20), ACM, 2020."},"user_id":"5786","title":"Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers","author":[{"full_name":"Koch, Thorsten","first_name":"Thorsten","id":"13616","last_name":"Koch"},{"last_name":"Dziwok","id":"3901","first_name":"Stefan","full_name":"Dziwok, Stefan","orcid":"http://orcid.org/0000-0002-8679-6673"},{"orcid":"0000-0001-6141-4571","full_name":"Holtmann, Jörg","first_name":"Jörg","id":"3875","last_name":"Holtmann"},{"id":"59256","last_name":"Bodden","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","first_name":"Eric"}],"publisher":"ACM","publication":"ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20)","department":[{"_id":"76"},{"_id":"241"},{"_id":"662"}],"status":"public","date_created":"2020-11-26T10:19:54Z"},{"language":[{"iso":"eng"}],"citation":{"mla":"Piskachev, Goran, et al. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020, doi:10.1109/ase.2019.00110.","bibtex":"@inproceedings{Piskachev_Nguyen Quang Do_Johnson_Bodden_2020, title={SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods}, DOI={10.1109/ase.2019.00110}, booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)}, author={Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando and Bodden, Eric}, year={2020} }","chicago":"Piskachev, Goran, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020. https://doi.org/10.1109/ase.2019.00110.","ama":"Piskachev G, Nguyen Quang Do L, Johnson O, Bodden E. SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). ; 2020. doi:10.1109/ase.2019.00110","apa":"Piskachev, G., Nguyen Quang Do, L., Johnson, O., & Bodden, E. (2020). SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). https://doi.org/10.1109/ase.2019.00110","ieee":"G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2020, doi: 10.1109/ase.2019.00110.","short":"G. Piskachev, L. Nguyen Quang Do, O. Johnson, E. Bodden, in: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020."},"type":"conference","year":"2020","_id":"23376","date_updated":"2022-01-06T06:55:50Z","doi":"10.1109/ase.2019.00110","author":[{"last_name":"Piskachev","first_name":"Goran","full_name":"Piskachev, Goran"},{"full_name":"Nguyen Quang Do, Lisa","first_name":"Lisa","last_name":"Nguyen Quang Do"},{"full_name":"Johnson, Oshando","first_name":"Oshando","last_name":"Johnson"},{"first_name":"Eric","full_name":"Bodden, Eric","last_name":"Bodden"}],"publication":"2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)","department":[{"_id":"241"},{"_id":"662"},{"_id":"76"}],"status":"public","date_created":"2021-08-09T12:03:30Z","publication_status":"published","user_id":"5786","title":"SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods"},{"doi":"10.1007/978-3-030-54997-8_34","date_updated":"2022-01-06T06:55:50Z","_id":"23377","language":[{"iso":"eng"}],"type":"book_chapter","year":"2020","citation":{"chicago":"Piskachev, Goran, Tobias Petrasch, Johannes Späth, and Eric Bodden. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” In Lecture Notes in Computer Science. Cham, 2020. https://doi.org/10.1007/978-3-030-54997-8_34.","apa":"Piskachev, G., Petrasch, T., Späth, J., & Bodden, E. (2020). AuthCheck: Program-State Analysis for Access-Control Vulnerabilities. In Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-030-54997-8_34","ama":"Piskachev G, Petrasch T, Späth J, Bodden E. AuthCheck: Program-State Analysis for Access-Control Vulnerabilities. In: Lecture Notes in Computer Science. ; 2020. doi:10.1007/978-3-030-54997-8_34","mla":"Piskachev, Goran, et al. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” Lecture Notes in Computer Science, 2020, doi:10.1007/978-3-030-54997-8_34.","bibtex":"@inbook{Piskachev_Petrasch_Späth_Bodden_2020, place={Cham}, title={AuthCheck: Program-State Analysis for Access-Control Vulnerabilities}, DOI={10.1007/978-3-030-54997-8_34}, booktitle={Lecture Notes in Computer Science}, author={Piskachev, Goran and Petrasch, Tobias and Späth, Johannes and Bodden, Eric}, year={2020} }","short":"G. Piskachev, T. Petrasch, J. Späth, E. Bodden, in: Lecture Notes in Computer Science, Cham, 2020.","ieee":"G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities,” in Lecture Notes in Computer Science, Cham, 2020."},"user_id":"5786","title":"AuthCheck: Program-State Analysis for Access-Control Vulnerabilities","place":"Cham","date_created":"2021-08-09T12:05:09Z","status":"public","publication_status":"published","publication_identifier":{"issn":["0302-9743","1611-3349"]},"department":[{"_id":"241"},{"_id":"662"},{"_id":"76"}],"publication":"Lecture Notes in Computer Science","author":[{"last_name":"Piskachev","first_name":"Goran","full_name":"Piskachev, Goran"},{"first_name":"Tobias","full_name":"Petrasch, Tobias","last_name":"Petrasch"},{"last_name":"Späth","first_name":"Johannes","full_name":"Späth, Johannes"},{"last_name":"Bodden","first_name":"Eric","full_name":"Bodden, Eric"}]}]