TY - THES AU - Gerking, Christopher ID - 20521 TI - Model-Driven Information Flow Security Engineering for Cyber-Physical Systems ER - TY - GEN AU - Schubert, Philipp AU - Bodden, Eric AU - Hermann, Ben ID - 20712 TI - Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries ER - TY - CHAP AB - Today, software systems are rarely developed monolithically, but may be composed of numerous individually developed features. Their modularization facilitates independent development and verification. While feature-based strategies to verify features in isolation have existed for years, they cannot address interactions between features. The problem with feature interactions is that they are typically unknown and may involve any subset of the features. Contrary, a family-based verification strategy captures feature interactions, but does not scale well when features evolve frequently. To the best of our knowledge, there currently exists no approach with focus on evolving features that combines both strategies and aims at eliminating their respective drawbacks. To fill this gap, we introduce Fefalution, a feature-family-based verification approach based on abstract contracts to verify evolving features and their interactions. Fefalution builds partial proofs for each evolving feature and then reuses the resulting partial proofs in verifying feature interactions, yielding a full verification of the complete software system. Moreover, to investigate whether a combination of both strategies is fruitful, we present the first empirical study for the verification of evolving features implemented by means of feature-oriented programming and by comparing Fefalution with another five family-based approaches varying in a set of optimizations. Our results indicate that partial proofs based on abstract contracts exhibit huge reuse potential, but also come with a substantial overhead for smaller evolution scenarios. AU - Knüppel, Alexander AU - Krüger, Stefan AU - Thüm, Thomas AU - Bubel, Richard AU - Krieter, Sebastian AU - Bodden, Eric AU - Schaefer, Ina ID - 20891 SN - 0302-9743 T2 - Lecture Notes in Computer Science TI - Using Abstract Contracts for Verifying Evolving Features and Their Interactions ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Johnson, Oshando AU - Bodden, Eric ID - 23376 T2 - 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) TI - SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods ER - TY - CHAP AU - Piskachev, Goran AU - Petrasch, Tobias AU - Späth, Johannes AU - Bodden, Eric ID - 23377 SN - 0302-9743 T2 - Lecture Notes in Computer Science TI - AuthCheck: Program-State Analysis for Access-Control Vulnerabilities ER - TY - THES AU - Holzinger, Philipp ID - 20522 TI - A Systematic Analysis and Hardening of the Java Security Architecture ER - TY - THES AU - Nguyen Quang Do, Lisa ID - 20524 TI - User-Centered Tool Design for Data-Flow Analysis ER - TY - CONF AU - Stockmann, Lars AU - Laux, Sven AU - Bodden, Eric ID - 20525 T2 - 2019 IEEE International Conference on Software Architecture Companion (ICSA-C) TI - Architectural Runtime Verification ER - TY - CONF AU - Hazhirpasand, Mohammadreza AU - Ghafari, Mohammad AU - Krüger, Stefan AU - Bodden, Eric AU - Nierstrasz, Oskar ID - 20527 SN - 1949-3770 T2 - 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) TI - The Impact of Developer Experience in Using Java Cryptography ER - TY - CONF AU - Piskachev, Goran AU - Petrasch, Tobias AU - Späth, Johannes AU - Bodden, Eric ID - 20528 T2 - 10th Workshop on Tools for Automatic Program Analysis (TAPAS) TI - AuthCheck: Program-state Analysis for Access-control Vulnerabilities ER - TY - CONF AU - Nachtigall, Marcus AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20529 T2 - 1st International Workshop on Explainable Software (EXPLAIN) at ASE TI - Explaining Static Analysis -- A Perspective ER - TY - CONF AU - Luo, Linghui AU - Bodden, Eric AU - Späth, Johannes ID - 20531 T2 - IEEE/ACM International Conference on Automated Software Engineering (ASE 2019) TI - A Qualitative Analysis of Android Taint-Analysis Results ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Johnson, Oshando AU - Bodden, Eric ID - 20532 T2 - IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track TI - SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods ER - TY - JOUR AU - Krüger, Stefan AU - Späth, Johannes AU - Ali, Karim AU - Bodden, Eric AU - Mezini, Mira ID - 20533 JF - IEEE Transactions on Software Engineering KW - Java KW - Encryption KW - Static analysis KW - Tools KW - Ciphers KW - Semantics KW - cryptography KW - domain-specific language KW - static analysis SN - 2326-3881 TI - CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20534 T2 - ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) TI - Codebase-Adaptive Detection of Security-Relevant Methods ER - TY - CONF AU - Luo, Linghui AU - Dolby, Julian AU - Bodden, Eric ID - 20535 T2 - European Conference on Object-Oriented Programming (ECOOP) TI - MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors ER - TY - THES AU - Späth, Johannes ID - 20536 TI - Synchronized Pushdown Systems for Pointer and Data-Flow Analysis ER - TY - GEN AU - Piskachev, Goran AU - Nguyen, Lisa AU - Bodden, Eric ID - 20537 TI - Codebase-Adaptive Detection of Security-Relevant Methods ER - TY - CONF AU - Albert Gorski Iii, Sigmund AU - Andow, Benjamin AU - Nadkarni, Adwait AU - Manandhar, Sunil AU - Enck, William AU - Bodden, Eric AU - Bartel, Alexandre ID - 20538 KW - ITSECWEBSITE KW - CROSSING T2 - ACM Conference on Data and Application Security and Privacy (CODASPY 2019) TI - ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware ER - TY - JOUR AU - Späth, Johannes AU - Ali, Karim AU - Bodden, Eric ID - 20539 IS - POPL JF - Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages KW - ATTRACT KW - ITSECWEBSITE KW - CROSSING SN - 2475-1421 TI - Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems VL - 3 ER - TY - CONF AU - Gerking, Christopher AU - Schubert, David ID - 20759 T2 - International Conference on Software Architecture (ICSA 2019) TI - Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures ER - TY - CONF AU - Piskachev, Goran AU - Do, Lisa Nguyen Quang AU - Bodden, Eric ID - 23378 T2 - Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis TI - Codebase-adaptive detection of security-relevant methods ER - TY - GEN AU - Selbach, Nils ID - 7628 TI - Modeling Crypto API usages in OpenSSL's EVP library ER - TY - JOUR AU - Dann, Andreas AU - Hermann, Ben AU - Bodden, Eric ID - 14896 JF - IEEE Transactions on Software Engineering SN - 0098-5589 TI - ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules ER - TY - CONF AU - Dann, Andreas AU - Hermann, Ben AU - Bodden, Eric ID - 14897 SN - 9781450367202 T2 - Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019 TI - SootDiff: bytecode comparison across different Java compilers ER - TY - CONF AU - Kruger, Stefan AU - Hermann, Ben ID - 14899 SN - 9781728122458 T2 - 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE) TI - Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts ER - TY - CONF AU - Schubert, Philipp AU - Hermann, Ben AU - Bodden, Eric ID - 7626 T2 - Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019) TI - PhASAR: An Inter-Procedural Static Analysis Framework for C/C++ VL - II ER - TY - CONF AU - Schubert, Philipp AU - Leer, Richard AU - Hermann, Ben AU - Bodden, Eric ID - 14898 SN - 9781450367202 T2 - Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019 TI - Know your analysis: how instrumentation aids understanding static analysis ER - TY - GEN AB - In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench. AU - Pauck, Felix AU - Bodden, Eric AU - Wehrheim, Heike ID - 2711 T2 - arXiv:1804.02903 TI - Do Android Taint Analysis Tools Keep their Promises? ER - TY - CONF AU - Bodden, Eric AU - Nguyen Quang Do, Lisa ID - 20530 SN - 978-3-88579-673-2 T2 - Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany. TI - Explainable Static Analysis ER - TY - JOUR AU - Nguyen Quang Do, Lisa AU - Krüger, Stefan AU - Hill, Patrick AU - Ali, Karim AU - Bodden, Eric ID - 20543 JF - IEEE Transactions on Software Engineering KW - Debugging KW - Static analysis KW - Tools KW - Computer bugs KW - Standards KW - Writing KW - Encoding KW - Testing and Debugging KW - Program analysis KW - Development tools KW - Integrated environments KW - Graphical environments KW - Usability testing SN - 2326-3881 TI - Debugging Static Analysis ER - TY - GEN ED - Tichy, Matthias ED - Bodden, Eric ED - Kuhrmann, Marco ED - Wagner, Stefan ED - Steghöfer, Jan-Philipp ID - 20544 SN - 978-3-88579-673-2 TI - Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany VL - {P-279} ER - TY - GEN ED - Tip, Frank ED - Bodden, Eric ID - 20545 TI - Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018 ER - TY - CONF AU - Gerking, Christopher AU - Schubert, David AU - Bodden, Eric ED - Payer, Mathias ED - Rashid, Awais ED - Such, Jose M. ID - 20546 T2 - Engineering Secure Software and Systems TI - Model Checking the Information Flow Security of Real-Time Systems ER - TY - CONF AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20547 KW - Gamification KW - Integrated Environments KW - Program analysis SN - 978-1-4503-5573-5 T2 - Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering TI - Gamifying Static Analysis ER - TY - CONF AU - Bodden, Eric ID - 20548 KW - ATTRACT KW - ITSECWEBSITE SN - 978-1-4503-5939-9 T2 - ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018) TI - The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them) ER - TY - CONF AU - Geismann, Johannes AU - Gerking, Christopher AU - Bodden, Eric ID - 20549 KW - ITSECWEBSITE T2 - International Conference on Software and System Processes (ICSSP) TI - Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes ER - TY - CONF AU - Bodden, Eric ID - 20550 KW - ATTRACT KW - ITSECWEBSITE SN - 978-1-4503-5662-6 T2 - Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results TI - Self-adaptive Static Analysis ER - TY - CONF AU - Nguyen Quang Do, Lisa AU - Krüger, Stefan AU - Hill, Patrick AU - Ali, Karim AU - Bodden, Eric ID - 20551 KW - ATTRACT KW - ITSECWEBSITE T2 - International Conference for Software Engineering (ICSE), Tool Demonstrations Track TI - VISUFLOW, a Debugging Environment for Static Analyses ER - TY - THES AB - Der hohe Grad an Innovation in mechatronischen Systemen führt zu sogenannten Cyber-Physical Systems (CPS). Diese haben eine komplexe Funktionalität und Kommunikation. Wie sicherheitskritisch solche Systeme sind, wird durch sogenannte Sicherheits-Integritätslevel (SIL) kategorisiert, die durch Normen wie der ISO 26262 definiert werden. Ein bestimmter SIL beschreibt nicht nur die Höhe des Gefährdungsrisikos, sondern diktiert auch den erforderlichen Grad an Sorgfalt bei der Entwicklung des Systems. Ein hoher SIL erfordert die Anwendung von Safety-Maßnahmen mit einem hohen Sorgfaltsgrad in allen Phasen der Entwicklung und impliziert daher einen hohen Safety-Aufwand. SIL-Tailoring ist ein Mittel um den Safety-Aufwand zu reduzieren, indem man Subsystemen geringere SILs zuordnet, falls sie von kritischeren Subsystemen getrennt sind oder redundante Safety-Anforderungen erfüllen. Um den nötigen Safety-Aufwand zu planen, sollten Möglichkeiten für SIL-Tailoring so früh wie möglich identifiziert werden - d.h. bereits in der Anforderungsanalyse. Durch die Komplexität von CPS, ist es schwierig valide SIL-Tailorings zu finden. Die Validität von SIL-Tailorings muss durch Analyse von Fehlerpropagierungspfaden geprüft und durch Argumente im Safety Case begründet werden. Der Beitrag dieser Dissertation ist ein systematischer, tool-unterstützter SIL-Tailoring-Prozess, der im Safety Requirements Engineering angewendet wird. Der Prozess nutzt eine modell-basierte, formale Anforderungsspezifikation und stellt einen Katalog von Anforderungsmustern bereit. Basierend auf diesen Anforderungen werden Fehlerpropagierungsmodelle generiert und Subsystemen automatisch SILs zugeordnet. Das minimiert den Sicherheitsanalyseaufwand. Aus den generierten Ergebnissen wird automatisch ein Safety Case mit Argumenten für die SIL-Tailoring-Validität abgeleitet. AU - Fockel, Markus ID - 20779 TI - Safety Requirements Engineering for Early SIL Tailoring ER - TY - CONF AU - Gerking, Christopher AU - Schubert, David ID - 20781 IS - 11048 T2 - European Conference on Software Architecture (ECSA 2018) TI - Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems ER - TY - CONF AU - Geismann, Johannes ID - 20784 T2 - IEEE International Conference on Software Architecture Companion (ICSA-C 2018) TI - Traceable Threat Modeling for Safety-critical Systems ER - TY - CONF AB - Cyber-physical Systems are distributed, embedded systems that interact with their physical environment. Typically, these systems consist of several Electronic Control Units using multiple processing cores for the execution. Many systems are applied in safety-critical contexts and have to fulfill hard real-time requirements. The model-driven engineering paradigm enables system developers to consider all requirements in a systematical manner. In the software design phase, they prove the fulfillment of the requirements using model checking. When deploying the software to the executing platform, one important task is to ensure that the runtime scheduling does not violate the verified requirements by neglecting the model checking assumptions. Current model-driven approaches do not consider the problem of deriving feasible execution schedules for embedded multi-core platforms respecting hard real-time requirements. This paper extends the previous work on providing an approach for a semi-automatic synthesis of behavioral models into a deterministic real-time scheduling. We add an approach for the partitioning and mapping development tasks. This extended approach enables the utilization of parallel resources within a single ECU considering the verification assumptions by extending the open tool platform App4mc. We evaluate our approach using an example of a distributed automotive system with hard real-time requirements specified with the MechatronicUML method. AU - Geismann, Johannes AU - Höttger, Robert AU - Krawczyk, Lukas AU - Pohlmann, Uwe AU - Schmelter, David ED - Pires, Luís Ferreira ED - Hammoudi, Slimane ED - Selic, Bran ID - 20785 T2 - Model-Driven Engineering and Software Development TI - Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems VL - 1 ER - TY - THES AU - Pohlmann, Uwe ID - 20789 TI - A Model-driven Software Construction Approach for Cyber-physical Systems ER - TY - CONF AU - Pauck, Felix AU - Bodden, Eric AU - Wehrheim, Heike ID - 4999 SN - 9781450355735 T2 - Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018 TI - Do Android taint analysis tools keep their promises? ER - TY - CONF AU - Krüger, Stefan AU - Späth, Johannes AU - Ali, Karim AU - Bodden, Eric AU - Mezini, Mira ID - 5203 KW - ITSECWEBSITE KW - CROSSING T2 - European Conference on Object-Oriented Programming (ECOOP) TI - CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs ER - TY - GEN AU - Leer, Richard ID - 1044 TI - Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis ER - TY - GEN AU - Strüwer, Jan Niclas ID - 1045 TI - Interactive Data Visualization for Exploded Supergraphs ER - TY - CHAP AB - Das Zukunftsszenario der Industrie 4.0 ist gepr{\"a}gt durch einen massiven Anstieg der unternehmens{\"u}bergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten entgegenzuwirken, muss der Informationssicherheit bereits im Entwurf der cyber-physischen Produktionssysteme ein hoher Stellenwert einger{\"a}umt werden. Dieses Paradigma wird als Security by Design bezeichnet. {\"U}ber den gesamten Entstehungsprozess hinweg muss nachverfolgt werden k{\"o}nnen, ob die Systeme spezifische Anforderungen an die Informationssicherheit erf{\"u}llen und damit die Eigenschaft der Industrial Security gew{\"a}hrleisten. Dieser Beitrag stellt einen Entwurfsansatz zur Nachverfolgung der Informationssicherheit vor, der durch Integration softwaretechnischer Methoden in das Systems Engineering eine Entwicklung nach dem Paradigma Security by Design erm{\"o}glicht. AU - Gerking, Christopher AU - Bodden, Eric AU - Schäfer, Wilhelm ED - Maier, Günter W. ED - Engels, Gregor ED - Steffen, Eckhard ID - 20552 KW - ITSECWEBSITE SN - 978-3-662-52903-4 T2 - Handbuch Gestaltung digitaler und vernetzter Arbeitswelten TI - Industrial Security by Design ER - TY - JOUR AB - Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why companies have a vital interest in focusing their secure software development activities such that they obtain an optimal return on this investment. We investigate, in this paper, quantitatively the major factors that impact the time it takes to fix a given security issue based on data collected automatically within SAP's secure development process, and we show how the issue fix time could be used to monitor the fixing process. We use three machine learning methods and evaluate their predictive power in predicting the time to fix issues. Interestingly, the models indicate that vulnerability type has less dominant impact on issue fix time than previously believed. The time it takes to fix an issue instead seems much more related to the component in which the potential vulnerability resides, the project related to the issue, the development groups that address the issue, and the closeness of the software release date. This indicates that the software structure, the fixing processes, and the development groups are the dominant factors that impact the time spent to address security issues. SAP can use the models to implement a continuous improvement of its secure software development process and to measure the impact of individual improvements. The development teams at SAP develop different types of software, adopt different internal development processes, use different programming languages and platforms, and are located in different cities and countries. Other organizations, may use the results---with precaution---and be learning organizations. AU - Ben Othmane, Lotfi AU - Chehrazi, Golriz AU - Bodden, Eric AU - Tsalovski, Petar AU - Brucker, Achim D. ID - 20553 IS - 2 JF - Data Science and Engineering SN - 2364-1541 TI - Time for Addressing Software Security Issues: Prediction Models and Impacting Factors VL - 2 ER -