@phdthesis{20522, author = {{Holzinger, Philipp}}, publisher = {{Universität Paderborn}}, title = {{{A Systematic Analysis and Hardening of the Java Security Architecture}}}, year = {{2019}}, } @phdthesis{20524, author = {{Nguyen Quang Do, Lisa}}, publisher = {{Universität Paderborn}}, title = {{{User-Centered Tool Design for Data-Flow Analysis}}}, year = {{2019}}, } @inproceedings{20525, author = {{Stockmann, Lars and Laux, Sven and Bodden, Eric}}, booktitle = {{2019 IEEE International Conference on Software Architecture Companion (ICSA-C)}}, pages = {{77--84}}, title = {{{Architectural Runtime Verification}}}, doi = {{10.1109/ICSA-C.2019.00021}}, year = {{2019}}, } @inproceedings{20527, author = {{Hazhirpasand, Mohammadreza and Ghafari, Mohammad and Krüger, Stefan and Bodden, Eric and Nierstrasz, Oskar}}, booktitle = {{2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)}}, issn = {{1949-3770}}, pages = {{1--6}}, title = {{{The Impact of Developer Experience in Using Java Cryptography}}}, doi = {{10.1109/ESEM.2019.8870184}}, year = {{2019}}, } @inproceedings{20528, author = {{Piskachev, Goran and Petrasch, Tobias and Späth, Johannes and Bodden, Eric}}, booktitle = {{10th Workshop on Tools for Automatic Program Analysis (TAPAS)}}, title = {{{AuthCheck: Program-state Analysis for Access-control Vulnerabilities}}}, year = {{2019}}, } @inproceedings{20529, author = {{Nachtigall, Marcus and Nguyen Quang Do, Lisa and Bodden, Eric}}, booktitle = {{1st International Workshop on Explainable Software (EXPLAIN) at ASE}}, title = {{{Explaining Static Analysis -- A Perspective}}}, year = {{2019}}, } @inproceedings{20531, author = {{Luo, Linghui and Bodden, Eric and Späth, Johannes}}, booktitle = {{IEEE/ACM International Conference on Automated Software Engineering (ASE 2019)}}, title = {{{A Qualitative Analysis of Android Taint-Analysis Results}}}, year = {{2019}}, } @inproceedings{20532, author = {{Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando and Bodden, Eric}}, booktitle = {{IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track}}, title = {{{SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods}}}, year = {{2019}}, } @article{20533, author = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}}, issn = {{2326-3881}}, journal = {{IEEE Transactions on Software Engineering}}, keywords = {{Java, Encryption, Static analysis, Tools, Ciphers, Semantics, cryptography, domain-specific language, static analysis}}, pages = {{1--1}}, title = {{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}}}, doi = {{10.1109/TSE.2019.2948910}}, year = {{2019}}, } @inproceedings{20534, author = {{Piskachev, Goran and Nguyen Quang Do, Lisa and Bodden, Eric}}, booktitle = {{ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)}}, title = {{{Codebase-Adaptive Detection of Security-Relevant Methods}}}, year = {{2019}}, } @inproceedings{20535, author = {{Luo, Linghui and Dolby, Julian and Bodden, Eric}}, booktitle = {{European Conference on Object-Oriented Programming (ECOOP)}}, title = {{{MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors}}}, year = {{2019}}, } @phdthesis{20536, author = {{Späth, Johannes}}, publisher = {{Universität Paderborn}}, title = {{{Synchronized Pushdown Systems for Pointer and Data-Flow Analysis}}}, year = {{2019}}, } @techreport{20537, author = {{Piskachev, Goran and Nguyen, Lisa and Bodden, Eric}}, title = {{{Codebase-Adaptive Detection of Security-Relevant Methods}}}, year = {{2019}}, } @inproceedings{20538, author = {{Albert Gorski Iii, Sigmund and Andow, Benjamin and Nadkarni, Adwait and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre}}, booktitle = {{ACM Conference on Data and Application Security and Privacy (CODASPY 2019)}}, keywords = {{ITSECWEBSITE, CROSSING}}, title = {{{ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware}}}, year = {{2019}}, } @article{20539, author = {{Späth, Johannes and Ali, Karim and Bodden, Eric}}, issn = {{2475-1421}}, journal = {{Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages}}, keywords = {{ATTRACT, ITSECWEBSITE, CROSSING}}, number = {{POPL}}, pages = {{48:1--48:29}}, publisher = {{ACM}}, title = {{{Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems}}}, doi = {{10.1145/3290361}}, volume = {{3}}, year = {{2019}}, } @inproceedings{20759, author = {{Gerking, Christopher and Schubert, David}}, booktitle = {{International Conference on Software Architecture (ICSA 2019)}}, title = {{{Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures}}}, year = {{2019}}, } @inproceedings{23378, author = {{Piskachev, Goran and Do, Lisa Nguyen Quang and Bodden, Eric}}, booktitle = {{Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis}}, title = {{{Codebase-adaptive detection of security-relevant methods}}}, doi = {{10.1145/3293882.3330556}}, year = {{2019}}, } @misc{7628, author = {{Selbach, Nils}}, publisher = {{Universität Paderborn}}, title = {{{Modeling Crypto API usages in OpenSSL's EVP library}}}, year = {{2019}}, } @article{14896, author = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}}, issn = {{0098-5589}}, journal = {{IEEE Transactions on Software Engineering}}, pages = {{1--1}}, title = {{{ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules}}}, doi = {{10.1109/tse.2019.2931331}}, year = {{2019}}, } @inproceedings{14897, author = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}}, booktitle = {{Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019}}, isbn = {{9781450367202}}, title = {{{SootDiff: bytecode comparison across different Java compilers}}}, doi = {{10.1145/3315568.3329966}}, year = {{2019}}, }