---
_id: '52235'
abstract:
- lang: eng
text: "Android applications collecting data from users must protect it according
to the current legal frameworks. Such data protection has become even more important
since the European Union rolled out the General Data Protection Regulation (GDPR).
Since app developers are not legal experts, they find it difficult to write privacy-aware
source code. Moreover, they have limited tool support to reason about data protection
throughout their app development process.\r\nThis paper motivates the need for
a static analysis approach to diagnose and explain data protection in Android
apps. The analysis will recognize personal data sources in the source code, and
aims to further examine the data flow originating from these sources. App developers
can then address key questions about data manipulation, derived data, and the
presence of technical measures. Despite challenges, we explore to what extent
one can realize this analysis through static taint analysis, a common method for
identifying security vulnerabilities. This is a first step towards designing a
tool-based approach that aids app developers and assessors in ensuring data protection
in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
In: Proceedings of the 9th International Conference on Mobile Software Engineering
and Systems. ; 2024.'
apa: Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach
for Data Protection. Proceedings of the 9th International Conference on Mobile
Software Engineering and Systems. 9th International Conference on Mobile Software
Engineering and Systems 2024, Lisbon, Portugal.
bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
Approach for Data Protection}, booktitle={Proceedings of the 9th International
Conference on Mobile Software Engineering and Systems}, author={Khedkar, Mugdha
and Bodden, Eric}, year={2024} }'
chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” In Proceedings of the 9th International Conference on
Mobile Software Engineering and Systems, 2024.
ieee: M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
Data Protection,” presented at the 9th International Conference on Mobile Software
Engineering and Systems 2024, Lisbon, Portugal, 2024.
mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” Proceedings of the 9th International Conference on Mobile
Software Engineering and Systems, 2024.
short: 'M. Khedkar, E. Bodden, in: Proceedings of the 9th International Conference
on Mobile Software Engineering and Systems, 2024.'
conference:
end_date: 2024-04-15
location: Lisbon, Portugal
name: 9th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2024-03-06T13:00:38Z
ddc:
- '006'
department:
- _id: '76'
external_id:
arxiv:
- '2402.07889'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-03-03T14:39:08Z
date_updated: 2024-03-03T14:39:08Z
file_id: '52236'
file_name: 2402.07889v1.pdf
file_size: 530812
relation: main_file
success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the 9th International Conference on Mobile Software Engineering
and Systems
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '52587'
author:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Jens
full_name: Pottebaum, Jens
id: '405'
last_name: Pottebaum
orcid: http://orcid.org/0000-0001-8778-2989
- first_name: Markus
full_name: Fockel, Markus
last_name: Fockel
- first_name: Iris
full_name: Gräßler, Iris
id: '47565'
last_name: Gräßler
orcid: 0000-0001-5765-971X
citation:
ama: Bodden E, Pottebaum J, Fockel M, Gräßler I. Evaluating Security Through Isolation
and Defense in Depth. IEEE Security & Privacy. 2024;22(1):69-72. doi:10.1109/msec.2023.3336028
apa: Bodden, E., Pottebaum, J., Fockel, M., & Gräßler, I. (2024). Evaluating
Security Through Isolation and Defense in Depth. IEEE Security & Privacy,
22(1), 69–72. https://doi.org/10.1109/msec.2023.3336028
bibtex: '@article{Bodden_Pottebaum_Fockel_Gräßler_2024, title={Evaluating Security
Through Isolation and Defense in Depth}, volume={22}, DOI={10.1109/msec.2023.3336028},
number={1}, journal={IEEE Security & Privacy}, publisher={Institute of Electrical
and Electronics Engineers (IEEE)}, author={Bodden, Eric and Pottebaum, Jens and
Fockel, Markus and Gräßler, Iris}, year={2024}, pages={69–72} }'
chicago: 'Bodden, Eric, Jens Pottebaum, Markus Fockel, and Iris Gräßler. “Evaluating
Security Through Isolation and Defense in Depth.” IEEE Security & Privacy
22, no. 1 (2024): 69–72. https://doi.org/10.1109/msec.2023.3336028.'
ieee: 'E. Bodden, J. Pottebaum, M. Fockel, and I. Gräßler, “Evaluating Security
Through Isolation and Defense in Depth,” IEEE Security & Privacy, vol.
22, no. 1, pp. 69–72, 2024, doi: 10.1109/msec.2023.3336028.'
mla: Bodden, Eric, et al. “Evaluating Security Through Isolation and Defense in
Depth.” IEEE Security & Privacy, vol. 22, no. 1, Institute of Electrical
and Electronics Engineers (IEEE), 2024, pp. 69–72, doi:10.1109/msec.2023.3336028.
short: E. Bodden, J. Pottebaum, M. Fockel, I. Gräßler, IEEE Security & Privacy
22 (2024) 69–72.
date_created: 2024-03-15T20:16:18Z
date_updated: 2024-03-15T20:25:13Z
department:
- _id: '152'
- _id: '76'
- _id: '241'
doi: 10.1109/msec.2023.3336028
intvolume: ' 22'
issue: '1'
keyword:
- Law
- Electrical and Electronic Engineering
- Computer Networks and Communications
language:
- iso: eng
page: 69-72
publication: IEEE Security & Privacy
publication_identifier:
issn:
- 1540-7993
- 1558-4046
publication_status: published
publisher: Institute of Electrical and Electronics Engineers (IEEE)
quality_controlled: '1'
status: public
title: Evaluating Security Through Isolation and Defense in Depth
type: journal_article
user_id: '405'
volume: 22
year: '2024'
...
---
_id: '52663'
abstract:
- lang: eng
text: "Context\r\nStatic analyses are well-established to aid in understanding bugs
or vulnerabilities during the development process or in large-scale studies. A
low false-positive rate is essential for the adaption in practice and for precise
results of empirical studies. Unfortunately, static analyses tend to report where
a vulnerability manifests rather than the fix location. This can cause presumed
false positives or imprecise results.\r\nMethod\r\nTo address this problem, we
designed an adaption of an existing static analysis algorithm that can distinguish
between a manifestation and fix location, and reports error chains. An error chain
represents at least two interconnected errors that occur successively, thus building
the connection between the fix and manifestation location. We used our tool CogniCryptSUBS
for a case study on 471 GitHub repositories, a performance benchmark to compare
different analysis configurations, and conducted an expert interview.\r\nResult\r\nWe
found that 50 % of the projects with a report had at least one error chain. Our
runtime benchmark demonstrated that our improvement caused only a minimal runtime
overhead of less than 4 %. The results of our expert interview indicate that with
our adapted version participants require fewer executions of the analysis.\r\nConclusion\r\nOur
results indicate that error chains occur frequently in real-world projects, and
ignoring them can lead to imprecise evaluation results. The runtime benchmark
indicates that our tool is a feasible and efficient solution for detecting error
chains in real-world projects. Further, our results gave a hint that the usability
of static analyses may benefit from supporting error chains."
author:
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Marvin
full_name: Vogel, Marvin
last_name: Vogel
- first_name: Lukas
full_name: Winter, Lukas
last_name: Winter
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Wickert A-K, Schlichtig M, Vogel M, Winter L, Mezini M, Bodden E. Supporting
Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability.;
2024.
apa: Wickert, A.-K., Schlichtig, M., Vogel, M., Winter, L., Mezini, M., & Bodden,
E. (2024). Supporting Error Chains in Static Analysis for Precise Evaluation
Results and Enhanced Usability.
bibtex: '@book{Wickert_Schlichtig_Vogel_Winter_Mezini_Bodden_2024, title={Supporting
Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability},
author={Wickert, Anna-Katharina and Schlichtig, Michael and Vogel, Marvin and
Winter, Lukas and Mezini, Mira and Bodden, Eric}, year={2024} }'
chicago: Wickert, Anna-Katharina, Michael Schlichtig, Marvin Vogel, Lukas Winter,
Mira Mezini, and Eric Bodden. Supporting Error Chains in Static Analysis for
Precise Evaluation Results and Enhanced Usability, 2024.
ieee: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden,
Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability. 2024.
mla: Wickert, Anna-Katharina, et al. Supporting Error Chains in Static Analysis
for Precise Evaluation Results and Enhanced Usability. 2024.
short: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden,
Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability, 2024.
date_created: 2024-03-20T09:28:36Z
date_updated: 2024-03-20T09:32:29Z
department:
- _id: '76'
keyword:
- Static analysis
- error chains
- false positive re- duction
- empirical studies
language:
- iso: eng
main_file_link:
- url: https://arxiv.org/abs/2403.07808
status: public
title: Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability
type: misc
user_id: '32312'
year: '2024'
...
---
_id: '35083'
author:
- first_name: Andreas Peter
full_name: Dann, Andreas Peter
id: '26886'
last_name: Dann
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Dann AP, Hermann B, Bodden E. UpCy: Safely Updating Outdated Dependencies.
Published online 2023.'
apa: 'Dann, A. P., Hermann, B., & Bodden, E. (2023). UpCy: Safely Updating
Outdated Dependencies.'
bibtex: '@article{Dann_Hermann_Bodden_2023, series={International Conference on
Software Engineering (ICSE)}, title={UpCy: Safely Updating Outdated Dependencies},
author={Dann, Andreas Peter and Hermann, Ben and Bodden, Eric}, year={2023}, collection={International
Conference on Software Engineering (ICSE)} }'
chicago: 'Dann, Andreas Peter, Ben Hermann, and Eric Bodden. “UpCy: Safely Updating
Outdated Dependencies.” International Conference on Software Engineering (ICSE),
2023.'
ieee: 'A. P. Dann, B. Hermann, and E. Bodden, “UpCy: Safely Updating Outdated Dependencies.”
2023.'
mla: 'Dann, Andreas Peter, et al. UpCy: Safely Updating Outdated Dependencies.
2023.'
short: A.P. Dann, B. Hermann, E. Bodden, (2023).
date_created: 2023-01-02T09:26:50Z
date_updated: 2023-01-02T09:28:32Z
department:
- _id: '76'
language:
- iso: eng
series_title: International Conference on Software Engineering (ICSE)
status: public
title: 'UpCy: Safely Updating Outdated Dependencies'
type: conference
user_id: '15249'
year: '2023'
...
---
_id: '41812'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Julian
full_name: Dolby, Julian
last_name: Dolby
- first_name: Martin
full_name: Schäf, Martin
last_name: Schäf
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Luo L, Piskachev G, Krishnamurthy R, Dolby J, Schäf M, Bodden E. Model Generation
For Java Frameworks. In: IEEE International Conference on Software Testing,
Verification and Validation (ICST). ; 2023.'
apa: Luo, L., Piskachev, G., Krishnamurthy, R., Dolby, J., Schäf, M., & Bodden,
E. (2023). Model Generation For Java Frameworks. IEEE International Conference
on Software Testing, Verification and Validation (ICST).
bibtex: '@inproceedings{Luo_Piskachev_Krishnamurthy_Dolby_Schäf_Bodden_2023, title={Model
Generation For Java Frameworks}, booktitle={IEEE International Conference on Software
Testing, Verification and Validation (ICST)}, author={Luo, Linghui and Piskachev,
Goran and Krishnamurthy, Ranjith and Dolby, Julian and Schäf, Martin and Bodden,
Eric}, year={2023} }'
chicago: Luo, Linghui, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin
Schäf, and Eric Bodden. “Model Generation For Java Frameworks.” In IEEE International
Conference on Software Testing, Verification and Validation (ICST), 2023.
ieee: L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden,
“Model Generation For Java Frameworks,” 2023.
mla: Luo, Linghui, et al. “Model Generation For Java Frameworks.” IEEE International
Conference on Software Testing, Verification and Validation (ICST), 2023.
short: 'L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, E. Bodden, in:
IEEE International Conference on Software Testing, Verification and Validation
(ICST), 2023.'
date_created: 2023-02-06T10:37:23Z
date_updated: 2023-02-06T10:42:29Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
publication: IEEE International Conference on Software Testing, Verification and Validation
(ICST)
status: public
title: Model Generation For Java Frameworks
type: conference
user_id: '15249'
year: '2023'
...
---
_id: '41813'
author:
- first_name: Ashwin Prasad
full_name: Shivarpatna Venkatesh, Ashwin Prasad
id: '66637'
last_name: Shivarpatna Venkatesh
- first_name: Jiawei
full_name: Wang, Jiawei
last_name: Wang
- first_name: Li
full_name: Li, Li
last_name: Li
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Shivarpatna Venkatesh AP, Wang J, Li L, Bodden E. Enhancing Comprehension
and Navigation in Jupyter Notebooks with Static Analysis. In: IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER). ; 2023.'
apa: Shivarpatna Venkatesh, A. P., Wang, J., Li, L., & Bodden, E. (2023). Enhancing
Comprehension and Navigation in Jupyter Notebooks with Static Analysis. IEEE
International Conference on Software Analysis, Evolution and Reengineering (SANER).
bibtex: '@inproceedings{Shivarpatna Venkatesh_Wang_Li_Bodden_2023, title={Enhancing
Comprehension and Navigation in Jupyter Notebooks with Static Analysis}, booktitle={IEEE
International Conference on Software Analysis, Evolution and Reengineering (SANER)},
author={Shivarpatna Venkatesh, Ashwin Prasad and Wang, Jiawei and Li, Li and Bodden,
Eric}, year={2023} }'
chicago: Shivarpatna Venkatesh, Ashwin Prasad, Jiawei Wang, Li Li, and Eric Bodden.
“Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis.”
In IEEE International Conference on Software Analysis, Evolution and Reengineering
(SANER), 2023.
ieee: A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension
and Navigation in Jupyter Notebooks with Static Analysis,” 2023.
mla: Shivarpatna Venkatesh, Ashwin Prasad, et al. “Enhancing Comprehension and Navigation
in Jupyter Notebooks with Static Analysis.” IEEE International Conference on
Software Analysis, Evolution and Reengineering (SANER), 2023.
short: 'A.P. Shivarpatna Venkatesh, J. Wang, L. Li, E. Bodden, in: IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER), 2023.'
date_created: 2023-02-06T10:44:08Z
date_updated: 2023-02-06T10:46:00Z
department:
- _id: '76'
language:
- iso: eng
publication: IEEE International Conference on Software Analysis, Evolution and Reengineering
(SANER)
status: public
title: Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis
type: conference
user_id: '15249'
year: '2023'
...
---
_id: '45312'
author:
- first_name: Kadiray
full_name: Karakaya, Kadiray
last_name: Karakaya
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Karakaya K, Bodden E. Two Sparsification Strategies for Accelerating Demand-Driven
Pointer Analysis. In: 2023 IEEE Conference on Software Testing, Verification
and Validation (ICST). IEEE; 2023. doi:10.1109/icst57152.2023.00036'
apa: Karakaya, K., & Bodden, E. (2023). Two Sparsification Strategies for Accelerating
Demand-Driven Pointer Analysis. 2023 IEEE Conference on Software Testing, Verification
and Validation (ICST). https://doi.org/10.1109/icst57152.2023.00036
bibtex: '@inproceedings{Karakaya_Bodden_2023, title={Two Sparsification Strategies
for Accelerating Demand-Driven Pointer Analysis}, DOI={10.1109/icst57152.2023.00036},
booktitle={2023 IEEE Conference on Software Testing, Verification and Validation
(ICST)}, publisher={IEEE}, author={Karakaya, Kadiray and Bodden, Eric}, year={2023}
}'
chicago: Karakaya, Kadiray, and Eric Bodden. “Two Sparsification Strategies for
Accelerating Demand-Driven Pointer Analysis.” In 2023 IEEE Conference on Software
Testing, Verification and Validation (ICST). IEEE, 2023. https://doi.org/10.1109/icst57152.2023.00036.
ieee: 'K. Karakaya and E. Bodden, “Two Sparsification Strategies for Accelerating
Demand-Driven Pointer Analysis,” 2023, doi: 10.1109/icst57152.2023.00036.'
mla: Karakaya, Kadiray, and Eric Bodden. “Two Sparsification Strategies for Accelerating
Demand-Driven Pointer Analysis.” 2023 IEEE Conference on Software Testing,
Verification and Validation (ICST), IEEE, 2023, doi:10.1109/icst57152.2023.00036.
short: 'K. Karakaya, E. Bodden, in: 2023 IEEE Conference on Software Testing, Verification
and Validation (ICST), IEEE, 2023.'
date_created: 2023-05-29T12:09:43Z
date_updated: 2023-05-29T12:12:17Z
department:
- _id: '76'
doi: 10.1109/icst57152.2023.00036
publication: 2023 IEEE Conference on Software Testing, Verification and Validation
(ICST)
publication_status: published
publisher: IEEE
status: public
title: Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis
type: conference
user_id: '70410'
year: '2023'
...
---
_id: '46816'
author:
- first_name: Adriano
full_name: Torres, Adriano
last_name: Torres
- first_name: Pedro
full_name: Costa, Pedro
last_name: Costa
- first_name: Luis
full_name: Amaral, Luis
last_name: Amaral
- first_name: Jonata
full_name: Pastro, Jonata
last_name: Pastro
- first_name: Rodrigo
full_name: Bonifácio, Rodrigo
last_name: Bonifácio
- first_name: Marcelo
full_name: d'Amorim, Marcelo
last_name: d'Amorim
- first_name: Owolabi
full_name: Legunsen, Owolabi
last_name: Legunsen
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Edna
full_name: Dias Canedo, Edna
last_name: Dias Canedo
citation:
ama: 'Torres A, Costa P, Amaral L, et al. Runtime Verification of Crypto APIs: An
Empirical Study. IEEE Transactions on Software Engineering. 2023;49(10):4510-4525.
doi:10.1109/tse.2023.3301660'
apa: 'Torres, A., Costa, P., Amaral, L., Pastro, J., Bonifácio, R., d’Amorim, M.,
Legunsen, O., Bodden, E., & Dias Canedo, E. (2023). Runtime Verification of
Crypto APIs: An Empirical Study. IEEE Transactions on Software Engineering,
49(10), 4510–4525. https://doi.org/10.1109/tse.2023.3301660'
bibtex: '@article{Torres_Costa_Amaral_Pastro_Bonifácio_d’Amorim_Legunsen_Bodden_Dias
Canedo_2023, title={Runtime Verification of Crypto APIs: An Empirical Study},
volume={49}, DOI={10.1109/tse.2023.3301660},
number={10}, journal={IEEE Transactions on Software Engineering}, publisher={Institute
of Electrical and Electronics Engineers (IEEE)}, author={Torres, Adriano and Costa,
Pedro and Amaral, Luis and Pastro, Jonata and Bonifácio, Rodrigo and d’Amorim,
Marcelo and Legunsen, Owolabi and Bodden, Eric and Dias Canedo, Edna}, year={2023},
pages={4510–4525} }'
chicago: 'Torres, Adriano, Pedro Costa, Luis Amaral, Jonata Pastro, Rodrigo Bonifácio,
Marcelo d’Amorim, Owolabi Legunsen, Eric Bodden, and Edna Dias Canedo. “Runtime
Verification of Crypto APIs: An Empirical Study.” IEEE Transactions on Software
Engineering 49, no. 10 (2023): 4510–25. https://doi.org/10.1109/tse.2023.3301660.'
ieee: 'A. Torres et al., “Runtime Verification of Crypto APIs: An Empirical
Study,” IEEE Transactions on Software Engineering, vol. 49, no. 10, pp.
4510–4525, 2023, doi: 10.1109/tse.2023.3301660.'
mla: 'Torres, Adriano, et al. “Runtime Verification of Crypto APIs: An Empirical
Study.” IEEE Transactions on Software Engineering, vol. 49, no. 10, Institute
of Electrical and Electronics Engineers (IEEE), 2023, pp. 4510–25, doi:10.1109/tse.2023.3301660.'
short: A. Torres, P. Costa, L. Amaral, J. Pastro, R. Bonifácio, M. d’Amorim, O.
Legunsen, E. Bodden, E. Dias Canedo, IEEE Transactions on Software Engineering
49 (2023) 4510–4525.
date_created: 2023-09-06T07:42:40Z
date_updated: 2023-12-04T11:05:26Z
department:
- _id: '76'
doi: 10.1109/tse.2023.3301660
intvolume: ' 49'
issue: '10'
keyword:
- Software
language:
- iso: eng
page: 4510 - 4525
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 0098-5589
- 1939-3520
- 2326-3881
publication_status: published
publisher: Institute of Electrical and Electronics Engineers (IEEE)
status: public
title: 'Runtime Verification of Crypto APIs: An Empirical Study'
type: journal_article
user_id: '15249'
volume: 49
year: '2023'
...
---
_id: '49439'
abstract:
- lang: eng
text: AbstractThe use of static analysis security
testing (SAST) tools has been increasing in recent years. However, previous studies
have shown that, when shipped to end users such as development or security teams,
the findings of these tools are often unsatisfying. Users report high numbers
of false positives or long analysis times, making the tools unusable in the daily
workflow. To address this, SAST tool creators provide a wide range of configuration
options, such as customization of rules through domain-specific languages or specification
of the application-specific analysis scope. In this paper, we study the configuration
space of selected existing SAST tools when used within the integrated development
environment (IDE). We focus on the configuration options that impact three dimensions,
for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime.
We perform a between-subjects user study with 40 users from multiple development
and security teams - to our knowledge, the largest population for this kind of
user study in the software engineering community. The results show that users
who configure SAST tools are more effective in resolving security vulnerabilities
detected by the tools than those using the default configuration. Based on post-study
interviews, we identify common strategies that users have while configuring the
SAST tools to provide further insights for tool creators. Finally, an evaluation
of the configuration options of two commercial SAST tools, Fortify
and CheckMarx, reveals that a quarter of the users do not understand
the configuration options provided. The configuration options that are found most
useful relate to the analysis scope.
article_number: '118'
author:
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Matthias
full_name: Becker, Matthias
id: '4870'
last_name: Becker
orcid: https://orcid.org/0000-0003-2465-9347
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Piskachev G, Becker M, Bodden E. Can the configuration of static analyses make
resolving security vulnerabilities more effective? - A user study. Empirical
Software Engineering. 2023;28(5). doi:10.1007/s10664-023-10354-3
apa: Piskachev, G., Becker, M., & Bodden, E. (2023). Can the configuration of
static analyses make resolving security vulnerabilities more effective? - A user
study. Empirical Software Engineering, 28(5), Article 118. https://doi.org/10.1007/s10664-023-10354-3
bibtex: '@article{Piskachev_Becker_Bodden_2023, title={Can the configuration of
static analyses make resolving security vulnerabilities more effective? - A user
study}, volume={28}, DOI={10.1007/s10664-023-10354-3},
number={5118}, journal={Empirical Software Engineering}, publisher={Springer Science
and Business Media LLC}, author={Piskachev, Goran and Becker, Matthias and Bodden,
Eric}, year={2023} }'
chicago: Piskachev, Goran, Matthias Becker, and Eric Bodden. “Can the Configuration
of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A
User Study.” Empirical Software Engineering 28, no. 5 (2023). https://doi.org/10.1007/s10664-023-10354-3.
ieee: 'G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static
analyses make resolving security vulnerabilities more effective? - A user study,”
Empirical Software Engineering, vol. 28, no. 5, Art. no. 118, 2023, doi:
10.1007/s10664-023-10354-3.'
mla: Piskachev, Goran, et al. “Can the Configuration of Static Analyses Make Resolving
Security Vulnerabilities More Effective? - A User Study.” Empirical Software
Engineering, vol. 28, no. 5, 118, Springer Science and Business Media LLC,
2023, doi:10.1007/s10664-023-10354-3.
short: G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023).
date_created: 2023-12-04T11:14:34Z
date_updated: 2023-12-04T11:29:49Z
department:
- _id: '76'
- _id: '662'
doi: 10.1007/s10664-023-10354-3
intvolume: ' 28'
issue: '5'
keyword:
- Software
language:
- iso: eng
publication: Empirical Software Engineering
publication_identifier:
issn:
- 1382-3256
- 1573-7616
publication_status: published
publisher: Springer Science and Business Media LLC
status: public
title: Can the configuration of static analyses make resolving security vulnerabilities
more effective? - A user study
type: journal_article
user_id: '15249'
volume: 28
year: '2023'
...
---
_id: '49438'
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Michael
full_name: Reif, Michael
last_name: Reif
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Sarah
full_name: Nadi, Sarah
last_name: Nadi
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
- first_name: Sascha
full_name: Fahl, Sascha
last_name: Fahl
citation:
ama: 'Krüger S, Reif M, Wickert A-K, et al. Securing Your Crypto-API Usage Through
Tool Support - A Usability Study. In: 2023 IEEE Secure Development Conference
(SecDev). IEEE; 2023. doi:10.1109/secdev56634.2023.00015'
apa: Krüger, S., Reif, M., Wickert, A.-K., Nadi, S., Ali, K., Bodden, E., Acar,
Y., Mezini, M., & Fahl, S. (2023). Securing Your Crypto-API Usage Through
Tool Support - A Usability Study. 2023 IEEE Secure Development Conference (SecDev).
https://doi.org/10.1109/secdev56634.2023.00015
bibtex: '@inproceedings{Krüger_Reif_Wickert_Nadi_Ali_Bodden_Acar_Mezini_Fahl_2023,
title={Securing Your Crypto-API Usage Through Tool Support - A Usability Study},
DOI={10.1109/secdev56634.2023.00015},
booktitle={2023 IEEE Secure Development Conference (SecDev)}, publisher={IEEE},
author={Krüger, Stefan and Reif, Michael and Wickert, Anna-Katharina and Nadi,
Sarah and Ali, Karim and Bodden, Eric and Acar, Yasemin and Mezini, Mira and Fahl,
Sascha}, year={2023} }'
chicago: Krüger, Stefan, Michael Reif, Anna-Katharina Wickert, Sarah Nadi, Karim
Ali, Eric Bodden, Yasemin Acar, Mira Mezini, and Sascha Fahl. “Securing Your Crypto-API
Usage Through Tool Support - A Usability Study.” In 2023 IEEE Secure Development
Conference (SecDev). IEEE, 2023. https://doi.org/10.1109/secdev56634.2023.00015.
ieee: 'S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support
- A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.'
mla: Krüger, Stefan, et al. “Securing Your Crypto-API Usage Through Tool Support
- A Usability Study.” 2023 IEEE Secure Development Conference (SecDev),
IEEE, 2023, doi:10.1109/secdev56634.2023.00015.
short: 'S. Krüger, M. Reif, A.-K. Wickert, S. Nadi, K. Ali, E. Bodden, Y. Acar,
M. Mezini, S. Fahl, in: 2023 IEEE Secure Development Conference (SecDev), IEEE,
2023.'
date_created: 2023-12-04T11:07:08Z
date_updated: 2023-12-04T11:14:10Z
department:
- _id: '76'
- _id: '740'
doi: 10.1109/secdev56634.2023.00015
language:
- iso: eng
publication: 2023 IEEE Secure Development Conference (SecDev)
publication_status: published
publisher: IEEE
status: public
title: Securing Your Crypto-API Usage Through Tool Support - A Usability Study
type: conference
user_id: '15249'
year: '2023'
...
---
_id: '48946'
abstract:
- lang: ger
text: inhalt Der verlässliche Betrieb von technischen Produkten wird zunehmend durch
bewusste Angriffe bedroht. Vollständige Sicherheit ist dabei nicht möglich, durchschlagende
Angriffe sind unvermeidbar (Assume Breach). Dies erfordert einen Paradigmenwechsel
in der sicherheitsgerechten Entwicklung mechatronischer und cyber-physischer Systeme
hin zu Defense-in-Depth. Systeme müssen so ausgelegt werden, dass sie auch bei
gezielten Angriffen möglichst hohe Zuverlässigkeit und Sicherheit gewährleisten.
Der hier beschriebene Lösungsansatz erweitert das Systemmodell um Angriffsszenarien
und Verteidigungslinien. Diese werden am Beispiel eines industriellen Schließsystems
zur Anlagensicherheit erläutert. Entwickler werden sensibilisiert, Angriffe systematisch
zu berücksichtigen und interdisziplinär Verteidigungselemente gegenüber Bedrohungen
und Angriffen zu spezifizieren.
- lang: eng
text: The reliable operation of technical products is increasingly threatened by
deliberate attacks. Complete security is not possible, striking attacks are unavoidable
(assume breach). This requires a paradigm shift in security-oriented engineering
of mechatronic and cyber-physical systems towards Defense-in-Depth. Systems need
to be engineered in a way that full reliability and security are ensured even
in case of targeted attacks. The solution approach described here expands the
system model to include attack scenarios and lines of defence. It is applied to
an industrial locking system for plant security as an example. Developers are
sensitised to systematically consider attacks and to specify interdisciplinary
defence elements against threats and attacks.
article_type: original
author:
- first_name: Iris
full_name: Gräßler, Iris
id: '47565'
last_name: Gräßler
orcid: 0000-0001-5765-971X
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Dominik
full_name: Wiechel, Dominik
id: '67161'
last_name: Wiechel
- first_name: Jens
full_name: Pottebaum, Jens
id: '405'
last_name: Pottebaum
orcid: http://orcid.org/0000-0001-8778-2989
citation:
ama: 'Gräßler I, Bodden E, Wiechel D, Pottebaum J. Defense-in-Depth als neues Paradigma
der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste
und lösungsorientierte Security. Konstruktion. 2023;75(11-12):60-65. doi:10.37544/0720-5953-2023-11-12-60'
apa: 'Gräßler, I., Bodden, E., Wiechel, D., & Pottebaum, J. (2023). Defense-in-Depth
als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre,
bedrohungsbewusste und lösungsorientierte Security. Konstruktion, 75(11–12),
60–65. https://doi.org/10.37544/0720-5953-2023-11-12-60'
bibtex: '@article{Gräßler_Bodden_Wiechel_Pottebaum_2023, title={Defense-in-Depth
als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre,
bedrohungsbewusste und lösungsorientierte Security}, volume={75}, DOI={10.37544/0720-5953-2023-11-12-60},
number={11–12}, journal={Konstruktion}, publisher={VDI Fachmedien GmbH and Co.
KG}, author={Gräßler, Iris and Bodden, Eric and Wiechel, Dominik and Pottebaum,
Jens}, year={2023}, pages={60–65} }'
chicago: 'Gräßler, Iris, Eric Bodden, Dominik Wiechel, and Jens Pottebaum. “Defense-in-Depth
als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre,
bedrohungsbewusste und lösungsorientierte Security.” Konstruktion 75, no.
11–12 (2023): 60–65. https://doi.org/10.37544/0720-5953-2023-11-12-60.'
ieee: 'I. Gräßler, E. Bodden, D. Wiechel, and J. Pottebaum, “Defense-in-Depth als
neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre,
bedrohungsbewusste und lösungsorientierte Security,” Konstruktion, vol.
75, no. 11–12, pp. 60–65, 2023, doi: 10.37544/0720-5953-2023-11-12-60.'
mla: 'Gräßler, Iris, et al. “Defense-in-Depth als neues Paradigma der sicherheitsgerechten
Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte
Security.” Konstruktion, vol. 75, no. 11–12, VDI Fachmedien GmbH and Co.
KG, 2023, pp. 60–65, doi:10.37544/0720-5953-2023-11-12-60.'
short: I. Gräßler, E. Bodden, D. Wiechel, J. Pottebaum, Konstruktion 75 (2023) 60–65.
date_created: 2023-11-16T08:23:12Z
date_updated: 2023-12-20T14:10:51Z
department:
- _id: '152'
- _id: '76'
doi: 10.37544/0720-5953-2023-11-12-60
intvolume: ' 75'
issue: 11-12
keyword:
- Mechanical Engineering
- Mechanics of Materials
- General Materials Science
- Theoretical Computer Science
language:
- iso: ger
page: 60-65
publication: Konstruktion
publication_identifier:
issn:
- 0720-5953
publication_status: published
publisher: VDI Fachmedien GmbH and Co. KG
quality_controlled: '1'
status: public
title: 'Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung:
interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security'
type: journal_article
user_id: '405'
volume: 75
year: '2023'
...
---
_id: '46500'
abstract:
- lang: eng
text: The security of Industrial Control Systems is relevant both for reliable production
system operations and for high-quality throughput in terms of manufactured products.
Security measures are designed, operated and maintained by different roles along
product and production system lifecycles. Defense-in-Depth as a paradigm builds
upon the assumption that breaches are unavoidable. The paper at hand provides
an analysis of roles, corresponding Human Factors and their relevance for data
theft and sabotage attacks. The resulting taxonomy is reflected by an example
related to Additive Manufacturing. The results assist in both designing and redesigning
Industrial Control System as part of an entire production system so that Defense-in-Depth
with regard to Human Factors is built in by design.
author:
- first_name: Jens
full_name: Pottebaum, Jens
id: '405'
last_name: Pottebaum
orcid: http://orcid.org/0000-0001-8778-2989
- first_name: Jost
full_name: Rossel, Jost
id: '58331'
last_name: Rossel
orcid: 0000-0002-3182-4059
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Yasemin
full_name: Acar, Yasemin
id: '94636'
last_name: Acar
- first_name: René
full_name: Fahr, René
id: '111'
last_name: Fahr
- first_name: Patricia
full_name: Arias Cabarcos, Patricia
id: '92804'
last_name: Arias Cabarcos
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Iris
full_name: Gräßler, Iris
id: '47565'
last_name: Gräßler
orcid: 0000-0001-5765-971X
citation:
ama: 'Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control
Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.
In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).
IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048'
apa: Pottebaum, J., Rossel, J., Somorovsky, J., Acar, Y., Fahr, R., Arias Cabarcos,
P., Bodden, E., & Gräßler, I. (2023). Re-Envisioning Industrial Control Systems
Security by Considering Human Factors as a Core Element of Defense-in-Depth. 2023
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
379–385. https://doi.org/10.1109/eurospw59978.2023.00048
bibtex: '@inproceedings{Pottebaum_Rossel_Somorovsky_Acar_Fahr_Arias Cabarcos_Bodden_Gräßler_2023,
title={Re-Envisioning Industrial Control Systems Security by Considering Human
Factors as a Core Element of Defense-in-Depth}, DOI={10.1109/eurospw59978.2023.00048},
booktitle={2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)},
publisher={IEEE}, author={Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj
and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric
and Gräßler, Iris}, year={2023}, pages={379–385} }'
chicago: Pottebaum, Jens, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr,
Patricia Arias Cabarcos, Eric Bodden, and Iris Gräßler. “Re-Envisioning Industrial
Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.”
In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
379–85. IEEE, 2023. https://doi.org/10.1109/eurospw59978.2023.00048.
ieee: 'J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security
by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023
IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.'
mla: Pottebaum, Jens, et al. “Re-Envisioning Industrial Control Systems Security
by Considering Human Factors as a Core Element of Defense-in-Depth.” 2023 IEEE
European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE,
2023, pp. 379–85, doi:10.1109/eurospw59978.2023.00048.
short: 'J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos,
E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy
Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.'
conference:
end_date: 2023-07-07
location: Delft, Netherlands
name: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
start_date: 2023-07-03
date_created: 2023-08-15T12:21:05Z
date_updated: 2023-12-20T14:12:25Z
department:
- _id: '34'
- _id: '740'
- _id: '152'
- _id: '76'
doi: 10.1109/eurospw59978.2023.00048
keyword:
- Defense-in-Depth
- Human Factors
- Production Engineering
- Product Design
- Systems Engineering
language:
- iso: eng
main_file_link:
- url: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10190647
page: 379-385
publication: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
publication_status: published
publisher: IEEE
quality_controlled: '1'
status: public
title: Re-Envisioning Industrial Control Systems Security by Considering Human Factors
as a Core Element of Defense-in-Depth
type: conference
user_id: '405'
year: '2023'
...
---
_id: '44146'
abstract:
- lang: eng
text: "Many Android applications collect data from users. When they do, they must\r\nprotect
this collected data according to the current legal frameworks. Such\r\ndata protection
has become even more important since the European Union rolled\r\nout the General
Data Protection Regulation (GDPR). App developers have limited\r\ntool support
to reason about data protection throughout their app development\r\nprocess. Although
many Android applications state a privacy policy, privacy\r\npolicy compliance
checks are currently manual, expensive, and prone to error.\r\nOne of the major
challenges in privacy audits is the significant gap between\r\nlegal privacy statements
(in English text) and technical measures that Android\r\napps use to protect their
user's privacy. In this thesis, we will explore to\r\nwhat extent we can use static
analysis to answer important questions regarding\r\ndata protection. Our main
goal is to design a tool based approach that aids app\r\ndevelopers and auditors
in ensuring data protection in Android applications,\r\nbased on automated static
program analysis."
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
citation:
ama: 'Khedkar M. Static Analysis for Android GDPR Compliance Assurance. In: Proceedings
of the 45th International Conference on Software Engineering: Companion Proceedings
(ICSE ‘23). doi:10.1109/ICSE-Companion58688.2023.00054'
apa: 'Khedkar, M. (n.d.). Static Analysis for Android GDPR Compliance Assurance.
Proceedings of the 45th International Conference on Software Engineering: Companion
Proceedings (ICSE ‘23). https://doi.org/10.1109/ICSE-Companion58688.2023.00054'
bibtex: '@inproceedings{Khedkar, title={Static Analysis for Android GDPR Compliance
Assurance}, DOI={10.1109/ICSE-Companion58688.2023.00054},
booktitle={Proceedings of the 45th International Conference on Software Engineering:
Companion Proceedings (ICSE ‘23)}, author={Khedkar, Mugdha} }'
chicago: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
In Proceedings of the 45th International Conference on Software Engineering:
Companion Proceedings (ICSE ‘23), n.d. https://doi.org/10.1109/ICSE-Companion58688.2023.00054.'
ieee: 'M. Khedkar, “Static Analysis for Android GDPR Compliance Assurance,” doi:
10.1109/ICSE-Companion58688.2023.00054.'
mla: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
Proceedings of the 45th International Conference on Software Engineering: Companion
Proceedings (ICSE ‘23), doi:10.1109/ICSE-Companion58688.2023.00054.'
short: 'M. Khedkar, in: Proceedings of the 45th International Conference on Software
Engineering: Companion Proceedings (ICSE ‘23), n.d.'
date_created: 2023-04-24T12:14:17Z
date_updated: 2024-03-03T14:45:09Z
ddc:
- '004'
department:
- _id: '76'
doi: 10.1109/ICSE-Companion58688.2023.00054
external_id:
arxiv:
- '2303.09606'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2023-04-24T12:15:27Z
date_updated: 2023-04-24T12:15:27Z
file_id: '44147'
file_name: 2023047614.pdf
file_size: 85313
relation: main_file
success: 1
file_date_updated: 2023-04-24T12:15:27Z
has_accepted_license: '1'
keyword:
- static analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: 'Proceedings of the 45th International Conference on Software Engineering:
Companion Proceedings (ICSE ‘23)'
publication_status: accepted
status: public
title: Static Analysis for Android GDPR Compliance Assurance
type: conference
user_id: '88024'
year: '2023'
...
---
_id: '52662'
abstract:
- lang: eng
text: Static analysis tools support developers in detecting potential coding issues,
such as bugs or vulnerabilities. Research emphasizes technical challenges of such
tools but also mentions severe usability shortcomings. These shortcomings hinder
the adoption of static analysis tools, and user dissatisfaction may even lead
to tool abandonment. To comprehensively assess the state of the art, we present
the first systematic usability evaluation of a wide range of static analysis tools.
We derived a set of 36 relevant criteria from the literature and used them to
evaluate a total of 46 static analysis tools complying with our inclusion and
exclusion criteria - a representative set of mainly non-proprietary tools. The
evaluation against the usability criteria in a multiple-raters approach shows
that two thirds of the considered tools off er poor warning messages, while about
three-quarters provide hardly any fix support. Furthermore, the integration of
user knowledge is strongly neglected, which could be used for instance, to improve
handling of false positives. Finally, issues regarding workflow integration and
specialized user interfaces are revealed. These findings should prove useful in
guiding and focusing further research and development in user experience for static
code analyses.
author:
- first_name: Marcus
full_name: Nachtigall, Marcus
id: '41213'
last_name: Nachtigall
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nachtigall M, Schlichtig M, Bodden E. Evaluation of Usability Criteria Addressed
by Static Analysis Tools on a Large Scale. In: Software Engineering 2023.
Gesellschaft für Informatik e.V.; 2023:95–96.'
apa: Nachtigall, M., Schlichtig, M., & Bodden, E. (2023). Evaluation of Usability
Criteria Addressed by Static Analysis Tools on a Large Scale. In Software Engineering
2023 (pp. 95–96). Gesellschaft für Informatik e.V.
bibtex: '@inbook{Nachtigall_Schlichtig_Bodden_2023, place={Bonn}, title={Evaluation
of Usability Criteria Addressed by Static Analysis Tools on a Large Scale}, booktitle={Software
Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Nachtigall,
Marcus and Schlichtig, Michael and Bodden, Eric}, year={2023}, pages={95–96} }'
chicago: 'Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “Evaluation of
Usability Criteria Addressed by Static Analysis Tools on a Large Scale.” In Software
Engineering 2023, 95–96. Bonn: Gesellschaft für Informatik e.V., 2023.'
ieee: 'M. Nachtigall, M. Schlichtig, and E. Bodden, “Evaluation of Usability Criteria
Addressed by Static Analysis Tools on a Large Scale,” in Software Engineering
2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 95–96.'
mla: Nachtigall, Marcus, et al. “Evaluation of Usability Criteria Addressed by Static
Analysis Tools on a Large Scale.” Software Engineering 2023, Gesellschaft
für Informatik e.V., 2023, pp. 95–96.
short: 'M. Nachtigall, M. Schlichtig, E. Bodden, in: Software Engineering 2023,
Gesellschaft für Informatik e.V., Bonn, 2023, pp. 95–96.'
date_created: 2024-03-20T09:26:29Z
date_updated: 2024-03-20T09:27:41Z
department:
- _id: '76'
keyword:
- Automated static analysis
- Software usability
language:
- iso: eng
main_file_link:
- url: https://dl.gi.de/items/5afe477f-2f6a-4b3d-b391-f024baf0b7a5
page: 95–96
place: Bonn
publication: Software Engineering 2023
publication_identifier:
isbn:
- 978-3-88579-726-5
publisher: Gesellschaft für Informatik e.V.
status: public
title: Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large
Scale
type: book_chapter
user_id: '32312'
year: '2023'
...
---
_id: '52660'
abstract:
- lang: eng
text: Application Programming Interfaces (APIs) are the primary mechanism developers
use to obtain access to third-party algorithms and services. Unfortunately, APIs
can be misused, which can have catastrophic consequences, especially if the APIs
provide security-critical functionalities like cryptography. Understanding what
API misuses are, and how they are caused, is important to prevent them, eg, with
API misuse detectors. However, definitions for API misuses and related terms in
literature vary. This paper presents a systematic literature review to clarify
these terms and introduces FUM, a novel Framework for API Usage constraint and
Misuse classification. The literature review revealed that API misuses are violations
of API usage constraints. To address this, we provide unified definitions and
use them to derive FUM. To assess the extent to which FUM aids in determining
and guiding the improvement of an API misuses detector’s capabilities, we performed
a case study on the state-of the-art misuse detection tool CogniCrypt. The study
showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify
weaknesses and assist in deriving mitigations and improvements.
author:
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Steffen
full_name: Sassalla, Steffen
last_name: Sassalla
- first_name: Krishna
full_name: Narasimhan, Krishna
last_name: Narasimhan
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. Introducing FUM: A Framework
for API Usage Constraint and Misuse Classification. In: Software Engineering
2023. Gesellschaft für Informatik e.V.; 2023:105–106.'
apa: 'Schlichtig, M., Sassalla, S., Narasimhan, K., & Bodden, E. (2023). Introducing
FUM: A Framework for API Usage Constraint and Misuse Classification. In Software
Engineering 2023 (pp. 105–106). Gesellschaft für Informatik e.V.'
bibtex: '@inbook{Schlichtig_Sassalla_Narasimhan_Bodden_2023, place={Bonn}, title={Introducing
FUM: A Framework for API Usage Constraint and Misuse Classification}, booktitle={Software
Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Schlichtig,
Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2023},
pages={105–106} }'
chicago: 'Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden.
“Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.”
In Software Engineering 2023, 105–106. Bonn: Gesellschaft für Informatik
e.V., 2023.'
ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM:
A Framework for API Usage Constraint and Misuse Classification,” in Software
Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.'
mla: 'Schlichtig, Michael, et al. “Introducing FUM: A Framework for API Usage Constraint
and Misuse Classification.” Software Engineering 2023, Gesellschaft für
Informatik e.V., 2023, pp. 105–106.'
short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering
2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.'
date_created: 2024-03-20T09:22:27Z
date_updated: 2024-03-20T09:25:46Z
department:
- _id: '76'
keyword:
- API misuses API usage constraints
- classification framework
- API misuse detection
- static analysis
language:
- iso: eng
main_file_link:
- url: https://dl.gi.de/items/c4825557-cf3d-4038-933a-d8f95fd324a2
page: 105–106
place: Bonn
publication: Software Engineering 2023
publication_identifier:
isbn:
- 978-3-88579-726-5
publisher: Gesellschaft für Informatik e.V.
status: public
title: 'Introducing FUM: A Framework for API Usage Constraint and Misuse Classification'
type: book_chapter
user_id: '32312'
year: '2023'
...
---
_id: '31844'
abstract:
- lang: eng
text: "Encrypting data before sending it to the cloud ensures data confidentiality
but requires the cloud to compute on encrypted data. Trusted execution environments,
such as Intel SGX enclaves, promise to provide a secure environment in which data
can be decrypted and then processed. However, vulnerabilities in the executed
program give attackers ample opportunities to execute arbitrary code inside the
enclave. This code can modify the dataflow of the program and leak secrets via
SGX side channels. Fully homomorphic encryption would be an alternative to compute
on encrypted data without data leaks. However, due to its high computational complexity,
its applicability to general-purpose computing remains limited. Researchers have
made several proposals for transforming programs to perform encrypted computations
on less powerful encryption schemes. Yet current approaches do not support programs
making control-flow decisions based on encrypted data.\r\n \r\n
\ We introduce the concept of\r\n dataflow authentication\r\n
\ (DFAuth) to enable such programs. DFAuth prevents an adversary from
arbitrarily deviating from the dataflow of a program. Our technique hence offers
protections against the side-channel attacks described previously. We implemented
two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave
running a small and program-independent trusted code base. We applied DFAuth to
a neural network performing machine learning on sensitive medical data and a smart
charging scheduler for electric vehicles. Our transformation yields a neural network
with encrypted weights, which can be evaluated on encrypted inputs in\r\n \r\n \\( 12.55 \\,\\mathrm{m}\\mathrm{s} \\)\r\n
\ \r\n . Our protected scheduler is
capable of updating the encrypted charging plan in approximately 1.06 seconds.\r\n
\ "
author:
- first_name: Andreas
full_name: Fischer, Andreas
last_name: Fischer
- first_name: Benny
full_name: Fuhry, Benny
last_name: Fuhry
- first_name: Jörn
full_name: Kußmaul, Jörn
last_name: Kußmaul
- first_name: Jonas
full_name: Janneck, Jonas
last_name: Janneck
- first_name: Florian
full_name: Kerschbaum, Florian
last_name: Kerschbaum
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Fischer A, Fuhry B, Kußmaul J, Janneck J, Kerschbaum F, Bodden E. Computation
on Encrypted Data Using Dataflow Authentication. ACM Transactions on Privacy
and Security. 2022;25(3):1-36. doi:10.1145/3513005
apa: Fischer, A., Fuhry, B., Kußmaul, J., Janneck, J., Kerschbaum, F., & Bodden,
E. (2022). Computation on Encrypted Data Using Dataflow Authentication. ACM
Transactions on Privacy and Security, 25(3), 1–36. https://doi.org/10.1145/3513005
bibtex: '@article{Fischer_Fuhry_Kußmaul_Janneck_Kerschbaum_Bodden_2022, title={Computation
on Encrypted Data Using Dataflow Authentication}, volume={25}, DOI={10.1145/3513005},
number={3}, journal={ACM Transactions on Privacy and Security}, publisher={Association
for Computing Machinery (ACM)}, author={Fischer, Andreas and Fuhry, Benny and
Kußmaul, Jörn and Janneck, Jonas and Kerschbaum, Florian and Bodden, Eric}, year={2022},
pages={1–36} }'
chicago: 'Fischer, Andreas, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum,
and Eric Bodden. “Computation on Encrypted Data Using Dataflow Authentication.”
ACM Transactions on Privacy and Security 25, no. 3 (2022): 1–36. https://doi.org/10.1145/3513005.'
ieee: 'A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, and E. Bodden,
“Computation on Encrypted Data Using Dataflow Authentication,” ACM Transactions
on Privacy and Security, vol. 25, no. 3, pp. 1–36, 2022, doi: 10.1145/3513005.'
mla: Fischer, Andreas, et al. “Computation on Encrypted Data Using Dataflow Authentication.”
ACM Transactions on Privacy and Security, vol. 25, no. 3, Association for
Computing Machinery (ACM), 2022, pp. 1–36, doi:10.1145/3513005.
short: A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, E. Bodden, ACM
Transactions on Privacy and Security 25 (2022) 1–36.
date_created: 2022-06-09T10:28:03Z
date_updated: 2022-06-09T10:29:19Z
department:
- _id: '76'
doi: 10.1145/3513005
intvolume: ' 25'
issue: '3'
keyword:
- Safety
- Risk
- Reliability and Quality
- General Computer Science
language:
- iso: eng
page: 1-36
publication: ACM Transactions on Privacy and Security
publication_identifier:
issn:
- 2471-2566
- 2471-2574
publication_status: published
publisher: Association for Computing Machinery (ACM)
status: public
title: Computation on Encrypted Data Using Dataflow Authentication
type: journal_article
user_id: '15249'
volume: 25
year: '2022'
...
---
_id: '32409'
abstract:
- lang: eng
text: 'Context: Cryptographic APIs are often misused in real-world applications.
Therefore, many cryptographic API misuse detection tools have been introduced.
However, there exists no established reference benchmark for a fair and comprehensive
comparison and evaluation of these tools. While there are benchmarks, they often
only address a subset of the domain or were only used to evaluate a subset of
existing misuse detection tools. Objective: To fairly compare cryptographic API
misuse detection tools and to drive future development in this domain, we will
devise such a benchmark. Openness and transparency in the generation process are
key factors to fairly generate and establish the needed benchmark. Method: We
propose an approach where we derive the benchmark generation methodology from
the literature which consists of general best practices in benchmarking and domain-specific
benchmark generation. A part of this methodology is transparency and openness
of the generation process, which is achieved by pre-registering this work. Based
on our methodology we design CamBench, a fair "Cryptographic API Misuse Detection
Tool Benchmark Suite". We will implement the first version of CamBench limiting
the domain to Java, the JCA, and static analyses. Finally, we will use CamBench
to compare current misuse detection tools and compare CamBench to related benchmarks
of its domain.'
author:
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: Schlichtig M, Wickert A-K, Krüger S, Bodden E, Mezini M. CamBench -- Cryptographic
API Misuse Detection Tool Benchmark Suite.; 2022. doi:10.48550/ARXIV.2204.06447
apa: Schlichtig, M., Wickert, A.-K., Krüger, S., Bodden, E., & Mezini, M. (2022).
CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. https://doi.org/10.48550/ARXIV.2204.06447
bibtex: '@book{Schlichtig_Wickert_Krüger_Bodden_Mezini_2022, title={CamBench --
Cryptographic API Misuse Detection Tool Benchmark Suite}, DOI={10.48550/ARXIV.2204.06447},
author={Schlichtig, Michael and Wickert, Anna-Katharina and Krüger, Stefan and
Bodden, Eric and Mezini, Mira}, year={2022} }'
chicago: Schlichtig, Michael, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden,
and Mira Mezini. CamBench -- Cryptographic API Misuse Detection Tool Benchmark
Suite, 2022. https://doi.org/10.48550/ARXIV.2204.06447.
ieee: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench
-- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022.
mla: Schlichtig, Michael, et al. CamBench -- Cryptographic API Misuse Detection
Tool Benchmark Suite. 2022, doi:10.48550/ARXIV.2204.06447.
short: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench --
Cryptographic API Misuse Detection Tool Benchmark Suite, 2022.
date_created: 2022-07-25T07:56:59Z
date_updated: 2022-07-25T10:23:44Z
department:
- _id: '76'
doi: 10.48550/ARXIV.2204.06447
keyword:
- cryptography
- benchmark
- API misuse
- static analysis
language:
- iso: eng
related_material:
link:
- relation: confirmation
url: https://arxiv.org/abs/2204.06447
status: public
title: CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite
type: misc
user_id: '32312'
year: '2022'
...
---
_id: '32410'
abstract:
- lang: eng
text: "Static analysis tools support developers in detecting potential coding issues,
such as bugs or vulnerabilities. Research on static analysis emphasizes its technical
challenges but also mentions severe usability shortcomings. These shortcomings
hinder the adoption of static analysis tools, and in some cases, user dissatisfaction
even leads to tool abandonment.\r\nTo comprehensively assess the current state
of the art, this paper presents the first systematic usability evaluation in a
wide range of static analysis tools. We derived a set of 36 relevant criteria
from the scientific literature and gathered a collection of 46 static analysis
tools complying with our inclusion and exclusion criteria - a representative set
of mainly non-proprietary tools. Then, we evaluated how well these tools fulfill
the aforementioned criteria.\r\nThe evaluation shows that more than half of the
considered tools offer poor warning messages, while about three-quarters of the
tools provide hardly any fix support. Furthermore, the integration of user knowledge
is strongly neglected, which could be used for improved handling of false positives
and tuning the results for the corresponding developer. Finally, issues regarding
workflow integration and specialized user interfaces are proved further.\r\nThese
findings should prove useful in guiding and focusing further research and development
in the area of user experience for static code analyses."
author:
- first_name: Marcus
full_name: Nachtigall, Marcus
id: '41213'
last_name: Nachtigall
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nachtigall M, Schlichtig M, Bodden E. A Large-Scale Study of Usability Criteria
Addressed by Static Analysis Tools. In: Proceedings of the 31st ACM SIGSOFT
International Symposium on Software Testing and Analysis. ACM; 2022:532-543.
doi:10.1145/3533767'
apa: Nachtigall, M., Schlichtig, M., & Bodden, E. (2022). A Large-Scale Study
of Usability Criteria Addressed by Static Analysis Tools. Proceedings of the
31st ACM SIGSOFT International Symposium on Software Testing and Analysis,
532–543. https://doi.org/10.1145/3533767
bibtex: '@inproceedings{Nachtigall_Schlichtig_Bodden_2022, title={A Large-Scale
Study of Usability Criteria Addressed by Static Analysis Tools}, DOI={10.1145/3533767},
booktitle={Proceedings of the 31st ACM SIGSOFT International Symposium on Software
Testing and Analysis}, publisher={ACM}, author={Nachtigall, Marcus and Schlichtig,
Michael and Bodden, Eric}, year={2022}, pages={532–543} }'
chicago: Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “A Large-Scale
Study of Usability Criteria Addressed by Static Analysis Tools.” In Proceedings
of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis,
532–43. ACM, 2022. https://doi.org/10.1145/3533767.
ieee: 'M. Nachtigall, M. Schlichtig, and E. Bodden, “A Large-Scale Study of Usability
Criteria Addressed by Static Analysis Tools,” in Proceedings of the 31st ACM
SIGSOFT International Symposium on Software Testing and Analysis, 2022, pp.
532–543, doi: 10.1145/3533767.'
mla: Nachtigall, Marcus, et al. “A Large-Scale Study of Usability Criteria Addressed
by Static Analysis Tools.” Proceedings of the 31st ACM SIGSOFT International
Symposium on Software Testing and Analysis, ACM, 2022, pp. 532–43, doi:10.1145/3533767.
short: 'M. Nachtigall, M. Schlichtig, E. Bodden, in: Proceedings of the 31st ACM
SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2022, pp.
532–543.'
date_created: 2022-07-25T08:02:36Z
date_updated: 2022-07-26T11:42:23Z
department:
- _id: '76'
doi: 10.1145/3533767
keyword:
- Automated static analysis
- Software usability
language:
- iso: eng
page: 532 - 543
publication: Proceedings of the 31st ACM SIGSOFT International Symposium on Software
Testing and Analysis
publication_identifier:
isbn:
- '9781450393799'
publication_status: published
publisher: ACM
quality_controlled: '1'
related_material:
link:
- relation: confirmation
url: https://dl.acm.org/doi/10.1145/3533767.3534374
status: public
title: A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools
type: conference
user_id: '32312'
year: '2022'
...
---
_id: '31133'
abstract:
- lang: eng
text: Application Programming Interfaces (APIs) are the primary mechanism that developers
use to obtain access to third-party algorithms and services. Unfortunately, APIs
can be misused, which can have catastrophic consequences, especially if the APIs
provide security-critical functionalities like cryptography. Understanding what
API misuses are, and for what reasons they are caused, is important to prevent
them, e.g., with API misuse detectors. However, definitions and nominations for
API misuses and related terms in literature vary and are diverse. This paper addresses
the problem of scattered knowledge and definitions of API misuses by presenting
a systematic literature review on the subject and introducing FUM, a novel Framework
for API Usage constraint and Misuse classification. The literature review revealed
that API misuses are violations of API usage constraints. To capture this, we
provide unified definitions and use them to derive FUM. To assess the extent to
which FUM aids in determining and guiding the improvement of an API misuses detectors'
capabilities, we performed a case study on CogniCrypt, a state-of-the-art misuse
detector for cryptographic APIs. The study showed that FUM can be used to properly
assess CogniCrypt's capabilities, identify weaknesses and assist in deriving mitigations
and improvements. And it appears that also more generally FUM can aid the development
and improvement of misuse detection tools.
author:
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Steffen
full_name: Sassalla, Steffen
last_name: Sassalla
- first_name: Krishna
full_name: Narasimhan, Krishna
last_name: Narasimhan
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. FUM - A Framework for API
Usage constraint and Misuse Classification. In: 2022 IEEE International Conference
on Software Analysis, Evolution and Reengineering (SANER). ; 2022:673-684.
doi:https://doi.org/10.1109/SANER53432.2022.00085'
apa: Schlichtig, M., Sassalla, S., Narasimhan, K., & Bodden, E. (2022). FUM
- A Framework for API Usage constraint and Misuse Classification. 2022 IEEE
International Conference on Software Analysis, Evolution and Reengineering (SANER),
673–684. https://doi.org/10.1109/SANER53432.2022.00085
bibtex: '@inproceedings{Schlichtig_Sassalla_Narasimhan_Bodden_2022, title={FUM -
A Framework for API Usage constraint and Misuse Classification}, DOI={https://doi.org/10.1109/SANER53432.2022.00085},
booktitle={2022 IEEE International Conference on Software Analysis, Evolution
and Reengineering (SANER)}, author={Schlichtig, Michael and Sassalla, Steffen
and Narasimhan, Krishna and Bodden, Eric}, year={2022}, pages={673–684} }'
chicago: Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden.
“FUM - A Framework for API Usage Constraint and Misuse Classification.” In 2022
IEEE International Conference on Software Analysis, Evolution and Reengineering
(SANER), 673–84, 2022. https://doi.org/10.1109/SANER53432.2022.00085.
ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework
for API Usage constraint and Misuse Classification,” in 2022 IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER), 2022,
pp. 673–684, doi: https://doi.org/10.1109/SANER53432.2022.00085.'
mla: Schlichtig, Michael, et al. “FUM - A Framework for API Usage Constraint and
Misuse Classification.” 2022 IEEE International Conference on Software Analysis,
Evolution and Reengineering (SANER), 2022, pp. 673–84, doi:https://doi.org/10.1109/SANER53432.2022.00085.
short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: 2022 IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp.
673–684.'
date_created: 2022-05-09T13:04:10Z
date_updated: 2022-07-26T11:42:30Z
department:
- _id: '76'
doi: https://doi.org/10.1109/SANER53432.2022.00085
keyword:
- API misuses
- API usage constraints
- classification framework
- API misuse detection
- static analysis
language:
- iso: eng
page: 673 - 684
publication: 2022 IEEE International Conference on Software Analysis, Evolution and
Reengineering (SANER)
quality_controlled: '1'
related_material:
link:
- relation: confirmation
url: https://ieeexplore.ieee.org/document/9825763
status: public
title: FUM - A Framework for API Usage constraint and Misuse Classification
type: conference
user_id: '32312'
year: '2022'
...
---
_id: '34057'
author:
- first_name: Faruk
full_name: Pasic, Faruk
last_name: Pasic
- first_name: Matthias
full_name: Becker, Matthias
last_name: Becker
citation:
ama: 'Pasic F, Becker M. Domain-specific Language for Condition Monitoring Software
Development. In: 2022 IEEE 27th International Conference on Emerging Technologies
and Factory Automation (ETFA). IEEE; 2022. doi:10.1109/etfa52439.2022.9921730'
apa: Pasic, F., & Becker, M. (2022). Domain-specific Language for Condition
Monitoring Software Development. 2022 IEEE 27th International Conference on
Emerging Technologies and Factory Automation (ETFA). https://doi.org/10.1109/etfa52439.2022.9921730
bibtex: '@inproceedings{Pasic_Becker_2022, title={Domain-specific Language for Condition
Monitoring Software Development}, DOI={10.1109/etfa52439.2022.9921730},
booktitle={2022 IEEE 27th International Conference on Emerging Technologies and
Factory Automation (ETFA)}, publisher={IEEE}, author={Pasic, Faruk and Becker,
Matthias}, year={2022} }'
chicago: Pasic, Faruk, and Matthias Becker. “Domain-Specific Language for Condition
Monitoring Software Development.” In 2022 IEEE 27th International Conference
on Emerging Technologies and Factory Automation (ETFA). IEEE, 2022. https://doi.org/10.1109/etfa52439.2022.9921730.
ieee: 'F. Pasic and M. Becker, “Domain-specific Language for Condition Monitoring
Software Development,” 2022, doi: 10.1109/etfa52439.2022.9921730.'
mla: Pasic, Faruk, and Matthias Becker. “Domain-Specific Language for Condition
Monitoring Software Development.” 2022 IEEE 27th International Conference on
Emerging Technologies and Factory Automation (ETFA), IEEE, 2022, doi:10.1109/etfa52439.2022.9921730.
short: 'F. Pasic, M. Becker, in: 2022 IEEE 27th International Conference on Emerging
Technologies and Factory Automation (ETFA), IEEE, 2022.'
date_created: 2022-11-10T14:30:16Z
date_updated: 2022-11-10T14:30:42Z
department:
- _id: '241'
- _id: '76'
doi: 10.1109/etfa52439.2022.9921730
publication: 2022 IEEE 27th International Conference on Emerging Technologies and
Factory Automation (ETFA)
publication_status: published
publisher: IEEE
status: public
title: Domain-specific Language for Condition Monitoring Software Development
type: conference
user_id: '49576'
year: '2022'
...
---
_id: '30511'
abstract:
- lang: eng
text: AbstractMany critical codebases are written
in C, and most of them use preprocessor directives to encode variability, effectively
encoding software product lines. These preprocessor directives, however, challenge
any static code analysis. SPLlift, a previously presented approach for analyzing
software product lines, is limited to Java programs that use a rather simple feature
encoding and to analysis problems with a finite and ideally small domain. Other
approaches that allow the analysis of real-world C software product lines use
special-purpose analyses, preventing the reuse of existing analysis infrastructures
and ignoring the progress made by the static analysis community. This work presents
VarAlyzer, a novel static analysis approach for software product
lines. VarAlyzer first transforms preprocessor constructs to
plain C while preserving their variability and semantics. It then solves any given
distributive analysis problem on transformed product lines in a variability-aware
manner. VarAlyzer ’s analysis results are annotated with feature
constraints that encode in which configurations each result holds. Our experiments
with 95 compilation units of OpenSSL show that applying VarAlyzer
enables one to conduct inter-procedural, flow-, field- and context-sensitive data-flow
analyses on entire product lines for the first time, outperforming the product-based
approach for highly-configurable systems.
alternative_title:
- Revoking the preprocessor’s special role
article_number: '35'
article_type: original
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Paul
full_name: Gazzillo, Paul
last_name: Gazzillo
- first_name: Zach
full_name: Patterson, Zach
last_name: Patterson
- first_name: Julian
full_name: Braha, Julian
last_name: Braha
- first_name: Fabian
full_name: Schiebel, Fabian
last_name: Schiebel
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Shiyi
full_name: Wei, Shiyi
last_name: Wei
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Schubert P, Gazzillo P, Patterson Z, et al. Static data-flow analysis for software
product lines in C. Automated Software Engineering. 2022;29(1). doi:10.1007/s10515-022-00333-1
apa: Schubert, P., Gazzillo, P., Patterson, Z., Braha, J., Schiebel, F., Hermann,
B., Wei, S., & Bodden, E. (2022). Static data-flow analysis for software product
lines in C. Automated Software Engineering, 29(1), Article 35. https://doi.org/10.1007/s10515-022-00333-1
bibtex: '@article{Schubert_Gazzillo_Patterson_Braha_Schiebel_Hermann_Wei_Bodden_2022,
title={Static data-flow analysis for software product lines in C}, volume={29},
DOI={10.1007/s10515-022-00333-1},
number={135}, journal={Automated Software Engineering}, publisher={Springer Science
and Business Media LLC}, author={Schubert, Philipp and Gazzillo, Paul and Patterson,
Zach and Braha, Julian and Schiebel, Fabian and Hermann, Ben and Wei, Shiyi and
Bodden, Eric}, year={2022} }'
chicago: Schubert, Philipp, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian
Schiebel, Ben Hermann, Shiyi Wei, and Eric Bodden. “Static Data-Flow Analysis
for Software Product Lines in C.” Automated Software Engineering 29, no.
1 (2022). https://doi.org/10.1007/s10515-022-00333-1.
ieee: 'P. Schubert et al., “Static data-flow analysis for software product
lines in C,” Automated Software Engineering, vol. 29, no. 1, Art. no. 35,
2022, doi: 10.1007/s10515-022-00333-1.'
mla: Schubert, Philipp, et al. “Static Data-Flow Analysis for Software Product Lines
in C.” Automated Software Engineering, vol. 29, no. 1, 35, Springer Science
and Business Media LLC, 2022, doi:10.1007/s10515-022-00333-1.
short: P. Schubert, P. Gazzillo, Z. Patterson, J. Braha, F. Schiebel, B. Hermann,
S. Wei, E. Bodden, Automated Software Engineering 29 (2022).
date_created: 2022-03-25T07:41:26Z
date_updated: 2022-11-17T14:22:38Z
department:
- _id: '76'
doi: 10.1007/s10515-022-00333-1
intvolume: ' 29'
issue: '1'
keyword:
- inter-procedural static analysis
- software product lines
- preprocessor
- LLVM
- C/C++
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://link.springer.com/article/10.1007/s10515-022-00333-1
oa: '1'
project:
- _id: '12'
name: 'SFB 901 - B4: SFB 901 - Subproject B4'
- _id: '3'
name: 'SFB 901 - B: SFB 901 - Project Area B'
- _id: '1'
name: 'SFB 901: SFB 901'
publication: Automated Software Engineering
publication_identifier:
issn:
- 0928-8910
- 1573-7535
publication_status: published
publisher: Springer Science and Business Media LLC
status: public
title: Static data-flow analysis for software product lines in C
type: journal_article
user_id: '477'
volume: 29
year: '2022'
...
---
_id: '33835'
abstract:
- lang: eng
text: "\r\n Nowadays, an increasing number of applications uses
deserialization. This technique, based on rebuilding the instance of objects from
serialized byte streams, can be dangerous since it can open the application to
attacks such as remote code execution (RCE) if the data to deserialize is originating
from an untrusted source. Deserialization vulnerabilities are so critical that
they are in OWASP’s list of top 10 security risks for web applications. This is
mainly caused by faults in the development process of applications and by flaws
in their dependencies, i.e., flaws in the libraries used by these applications.
No previous work has studied deserialization attacks in-depth: How are they performed?
How are weaknesses introduced and patched? And for how long are vulnerabilities
present in the codebase? To yield a deeper understanding of this important kind
of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable
pieces of code, present in Java libraries, and one on vulnerabilities present
in Java applications. For the first analysis, we conduct an exploratory large-scale
study by running 256 515 experiments in which we vary the versions of libraries
for each of the 19 publicly available exploits. Such attacks rely on a combination
of\r\n gadgets\r\n present in
one or multiple Java libraries. A gadget is a method which is using objects or
fields that can be attacker-controlled. Our goal is to precisely identify library
versions containing gadgets and to understand how gadgets have been introduced
and how they have been patched. We observe that the modification of one innocent-looking
detail in a class – such as making it\r\n public\r\n
\ – can already introduce a gadget. Furthermore, we noticed that among
the studied libraries, 37.5% are not patched, leaving gadgets available for future
attacks.\r\n \r\n For the second analysis,
we manually analyze 104 deserialization vulnerabilities CVEs to understand how
vulnerabilities are introduced and patched in real-life Java applications. Results
indicate that the vulnerabilities are not always completely patched or that a
workaround solution is proposed. With a workaround solution, applications are
still vulnerable since the code itself is unchanged."
author:
- first_name: Imen
full_name: Sayar, Imen
last_name: Sayar
- first_name: Alexandre
full_name: Bartel, Alexandre
last_name: Bartel
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Yves
full_name: Le Traon, Yves
last_name: Le Traon
citation:
ama: Sayar I, Bartel A, Bodden E, Le Traon Y. An In-depth Study of Java Deserialization
Remote-Code Execution Exploits and Vulnerabilities. ACM Transactions on Software
Engineering and Methodology. Published online 2022. doi:10.1145/3554732
apa: Sayar, I., Bartel, A., Bodden, E., & Le Traon, Y. (2022). An In-depth Study
of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. ACM
Transactions on Software Engineering and Methodology. https://doi.org/10.1145/3554732
bibtex: '@article{Sayar_Bartel_Bodden_Le Traon_2022, title={An In-depth Study of
Java Deserialization Remote-Code Execution Exploits and Vulnerabilities}, DOI={10.1145/3554732}, journal={ACM Transactions
on Software Engineering and Methodology}, publisher={Association for Computing
Machinery (ACM)}, author={Sayar, Imen and Bartel, Alexandre and Bodden, Eric and
Le Traon, Yves}, year={2022} }'
chicago: Sayar, Imen, Alexandre Bartel, Eric Bodden, and Yves Le Traon. “An In-Depth
Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities.”
ACM Transactions on Software Engineering and Methodology, 2022. https://doi.org/10.1145/3554732.
ieee: 'I. Sayar, A. Bartel, E. Bodden, and Y. Le Traon, “An In-depth Study of Java
Deserialization Remote-Code Execution Exploits and Vulnerabilities,” ACM Transactions
on Software Engineering and Methodology, 2022, doi: 10.1145/3554732.'
mla: Sayar, Imen, et al. “An In-Depth Study of Java Deserialization Remote-Code
Execution Exploits and Vulnerabilities.” ACM Transactions on Software Engineering
and Methodology, Association for Computing Machinery (ACM), 2022, doi:10.1145/3554732.
short: I. Sayar, A. Bartel, E. Bodden, Y. Le Traon, ACM Transactions on Software
Engineering and Methodology (2022).
date_created: 2022-10-20T12:31:49Z
date_updated: 2022-10-20T12:32:31Z
department:
- _id: '76'
doi: 10.1145/3554732
keyword:
- Software
language:
- iso: eng
publication: ACM Transactions on Software Engineering and Methodology
publication_identifier:
issn:
- 1049-331X
- 1557-7392
publication_status: published
publisher: Association for Computing Machinery (ACM)
status: public
title: An In-depth Study of Java Deserialization Remote-Code Execution Exploits and
Vulnerabilities
type: journal_article
user_id: '15249'
year: '2022'
...
---
_id: '33836'
author:
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Ingo
full_name: Budde, Ingo
id: '13693'
last_name: Budde
orcid: https://orcid.org/0000-0003-0124-6291
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Piskachev G, Späth J, Budde I, Bodden E. Fluently specifying taint-flow queries
with fluentTQL. Empirical Software Engineering. 2022;27(5):1–33.
apa: Piskachev, G., Späth, J., Budde, I., & Bodden, E. (2022). Fluently specifying
taint-flow queries with fluentTQL. Empirical Software Engineering, 27(5),
1–33.
bibtex: '@article{Piskachev_Späth_Budde_Bodden_2022, title={Fluently specifying
taint-flow queries with fluentTQL}, volume={27}, number={5}, journal={Empirical
Software Engineering}, publisher={Springer}, author={Piskachev, Goran and Späth,
Johannes and Budde, Ingo and Bodden, Eric}, year={2022}, pages={1–33} }'
chicago: 'Piskachev, Goran, Johannes Späth, Ingo Budde, and Eric Bodden. “Fluently
Specifying Taint-Flow Queries with FluentTQL.” Empirical Software Engineering
27, no. 5 (2022): 1–33.'
ieee: G. Piskachev, J. Späth, I. Budde, and E. Bodden, “Fluently specifying taint-flow
queries with fluentTQL,” Empirical Software Engineering, vol. 27, no. 5,
pp. 1–33, 2022.
mla: Piskachev, Goran, et al. “Fluently Specifying Taint-Flow Queries with FluentTQL.”
Empirical Software Engineering, vol. 27, no. 5, Springer, 2022, pp. 1–33.
short: G. Piskachev, J. Späth, I. Budde, E. Bodden, Empirical Software Engineering
27 (2022) 1–33.
date_created: 2022-10-20T12:34:04Z
date_updated: 2022-10-20T12:36:23Z
department:
- _id: '76'
- _id: '662'
intvolume: ' 27'
issue: '5'
language:
- iso: eng
page: 1–33
publication: Empirical Software Engineering
publisher: Springer
status: public
title: Fluently specifying taint-flow queries with fluentTQL
type: journal_article
user_id: '15249'
volume: 27
year: '2022'
...
---
_id: '33838'
author:
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
id: '78060'
last_name: Krishnamurthy
orcid: 0000-0002-0906-5463
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Krishnamurthy R, Piskachev G, Bodden E. To what extent can we analyze Kotlin
programs using existing Java taint analysis tools? Published online 2022.
apa: Krishnamurthy, R., Piskachev, G., & Bodden, E. (2022). To what extent
can we analyze Kotlin programs using existing Java taint analysis tools?
bibtex: '@article{Krishnamurthy_Piskachev_Bodden_2022, series={IEEE International
Working Conference on Source Code Analysis and Manipulation (SCAM)}, title={To
what extent can we analyze Kotlin programs using existing Java taint analysis
tools?}, author={Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric},
year={2022}, collection={IEEE International Working Conference on Source Code
Analysis and Manipulation (SCAM)} }'
chicago: Krishnamurthy, Ranjith, Goran Piskachev, and Eric Bodden. “To What Extent
Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools?” IEEE
International Working Conference on Source Code Analysis and Manipulation (SCAM),
2022.
ieee: R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze
Kotlin programs using existing Java taint analysis tools?” 2022.
mla: Krishnamurthy, Ranjith, et al. To What Extent Can We Analyze Kotlin Programs
Using Existing Java Taint Analysis Tools? 2022.
short: R. Krishnamurthy, G. Piskachev, E. Bodden, (2022).
date_created: 2022-10-20T12:38:09Z
date_updated: 2022-10-20T12:38:32Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
series_title: IEEE International Working Conference on Source Code Analysis and Manipulation
(SCAM)
status: public
title: To what extent can we analyze Kotlin programs using existing Java taint analysis
tools?
type: conference
user_id: '15249'
year: '2022'
...
---
_id: '33837'
author:
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Stefan
full_name: Dziwok, Stefan
id: '3901'
last_name: Dziwok
orcid: http://orcid.org/0000-0002-8679-6673
- first_name: Thorsten
full_name: Koch, Thorsten
id: '13616'
last_name: Koch
- first_name: Sven
full_name: Merschjohann, Sven
id: '11394'
last_name: Merschjohann
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Piskachev G, Dziwok S, Koch T, Merschjohann S, Bodden E. How far are German
companies in improving security through static program analysis tools? Published
online 2022.
apa: Piskachev, G., Dziwok, S., Koch, T., Merschjohann, S., & Bodden, E. (2022).
How far are German companies in improving security through static program analysis
tools?
bibtex: '@article{Piskachev_Dziwok_Koch_Merschjohann_Bodden_2022, series={IEEE Secure
Development Conference (SecDev)}, title={How far are German companies in improving
security through static program analysis tools?}, author={Piskachev, Goran and
Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}, year={2022},
collection={IEEE Secure Development Conference (SecDev)} }'
chicago: Piskachev, Goran, Stefan Dziwok, Thorsten Koch, Sven Merschjohann, and
Eric Bodden. “How Far Are German Companies in Improving Security through Static
Program Analysis Tools?” IEEE Secure Development Conference (SecDev), 2022.
ieee: G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far
are German companies in improving security through static program analysis tools?”
2022.
mla: Piskachev, Goran, et al. How Far Are German Companies in Improving Security
through Static Program Analysis Tools? 2022.
short: G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, E. Bodden, (2022).
date_created: 2022-10-20T12:37:14Z
date_updated: 2022-10-20T12:37:44Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
series_title: IEEE Secure Development Conference (SecDev)
status: public
title: How far are German companies in improving security through static program analysis
tools?
type: conference
user_id: '15249'
year: '2022'
...
---
_id: '33959'
abstract:
- lang: eng
text: Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic
APIs have a misuse which may cause security vulnerabilities. As previous studies
did not conduct a qualitative examination of the validity and severity of the
findings, our objective was to understand the findings in more depth. We analyzed
a set of 936 open-source Java applications for cryptographic misuses. Our study
reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs
securely. Through our manual analysis of a random sample, we gained new insights
into effective false positives. For example, every fourth misuse of the frequently
misused JCA class MessageDigest is an effective false positive due to its occurrence
in a non-security context. As we wanted to gain deeper insights into the security
implications of these misuses, we created an extensive vulnerability model for
cryptographic API misuses. Our model includes previously undiscussed attacks in
the context of cryptographic APIs such as DoS attacks. This model reveals that
nearly half of the misuses are of high severity, e.g., hard-coded credentials
and potential Man-in-the-Middle attacks.
author:
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Lars
full_name: Baumgärtner, Lars
last_name: Baumgärtner
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: 'Wickert A-K, Baumgärtner L, Schlichtig M, Mezini M. To Fix or Not to Fix:
A Critical Study of Crypto-Misuses in the Wild.; 2022. doi:10.48550/ARXIV.2209.11103'
apa: 'Wickert, A.-K., Baumgärtner, L., Schlichtig, M., & Mezini, M. (2022).
To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild. https://doi.org/10.48550/ARXIV.2209.11103'
bibtex: '@book{Wickert_Baumgärtner_Schlichtig_Mezini_2022, title={To Fix or Not
to Fix: A Critical Study of Crypto-misuses in the Wild}, DOI={10.48550/ARXIV.2209.11103},
author={Wickert, Anna-Katharina and Baumgärtner, Lars and Schlichtig, Michael
and Mezini, Mira}, year={2022} }'
chicago: 'Wickert, Anna-Katharina, Lars Baumgärtner, Michael Schlichtig, and Mira
Mezini. To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild,
2022. https://doi.org/10.48550/ARXIV.2209.11103.'
ieee: 'A.-K. Wickert, L. Baumgärtner, M. Schlichtig, and M. Mezini, To Fix or
Not to Fix: A Critical Study of Crypto-misuses in the Wild. 2022.'
mla: 'Wickert, Anna-Katharina, et al. To Fix or Not to Fix: A Critical Study
of Crypto-Misuses in the Wild. 2022, doi:10.48550/ARXIV.2209.11103.'
short: 'A.-K. Wickert, L. Baumgärtner, M. Schlichtig, M. Mezini, To Fix or Not to
Fix: A Critical Study of Crypto-Misuses in the Wild, 2022.'
date_created: 2022-10-28T13:21:05Z
date_updated: 2022-10-28T13:26:39Z
department:
- _id: '76'
doi: 10.48550/ARXIV.2209.11103
language:
- iso: eng
related_material:
link:
- relation: confirmation
url: https://arxiv.org/abs/2209.11103
status: public
title: 'To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild'
type: misc
user_id: '32312'
year: '2022'
...
---
_id: '27045'
abstract:
- lang: eng
text: 'Due to the lack of established real-world benchmark suites for static taint
analyses of Android applications, evaluations of these analyses are often restricted
and hard to compare. Even in evaluations that do use real-world apps, details
about the ground truth in those apps are rarely documented, which makes it difficult
to compare and reproduce the results. To push Android taint analysis research
forward, this paper thus recommends criteria for constructing real-world benchmark
suites for this specific domain, and presents TaintBench, the first real-world
malware benchmark suite with documented taint flows. TaintBench benchmark apps
include taint flows with complex structures, and addresses static challenges that
are commonly agreed on by the community. Together with the TaintBench suite, we
introduce the TaintBench framework, whose goal is to simplify real-world benchmarking
of Android taint analyses. First, a usability test shows that the framework improves
experts’ performance and perceived usability when documenting and inspecting taint
flows. Second, experiments using TaintBench reveal new insights for the taint
analysis tools Amandroid and FlowDroid: (i) They are less effective on real-world
malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources
and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions
of both tools are less accurate than their predecessors.'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Felix
full_name: Pauck, Felix
id: '22398'
last_name: Pauck
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Manuel
full_name: Benz, Manuel
last_name: Benz
- first_name: Ivan
full_name: Pashchenko, Ivan
last_name: Pashchenko
- first_name: Martin
full_name: Mory, Martin
id: '65667'
last_name: Mory
orcid: 0000-0001-5609-0031
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Fabio
full_name: Massacci, Fabio
last_name: Massacci
citation:
ama: 'Luo L, Pauck F, Piskachev G, et al. TaintBench: Automatic real-world malware
benchmarking of Android taint analyses. Empirical Software Engineering.
Published online 2021. doi:10.1007/s10664-021-10013-5'
apa: 'Luo, L., Pauck, F., Piskachev, G., Benz, M., Pashchenko, I., Mory, M., Bodden,
E., Hermann, B., & Massacci, F. (2021). TaintBench: Automatic real-world malware
benchmarking of Android taint analyses. Empirical Software Engineering.
https://doi.org/10.1007/s10664-021-10013-5'
bibtex: '@article{Luo_Pauck_Piskachev_Benz_Pashchenko_Mory_Bodden_Hermann_Massacci_2021,
title={TaintBench: Automatic real-world malware benchmarking of Android taint
analyses}, DOI={10.1007/s10664-021-10013-5},
journal={Empirical Software Engineering}, author={Luo, Linghui and Pauck, Felix
and Piskachev, Goran and Benz, Manuel and Pashchenko, Ivan and Mory, Martin and
Bodden, Eric and Hermann, Ben and Massacci, Fabio}, year={2021} }'
chicago: 'Luo, Linghui, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko,
Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci. “TaintBench: Automatic
Real-World Malware Benchmarking of Android Taint Analyses.” Empirical Software
Engineering, 2021. https://doi.org/10.1007/s10664-021-10013-5.'
ieee: 'L. Luo et al., “TaintBench: Automatic real-world malware benchmarking
of Android taint analyses,” Empirical Software Engineering, 2021, doi:
10.1007/s10664-021-10013-5.'
mla: 'Luo, Linghui, et al. “TaintBench: Automatic Real-World Malware Benchmarking
of Android Taint Analyses.” Empirical Software Engineering, 2021, doi:10.1007/s10664-021-10013-5.'
short: L. Luo, F. Pauck, G. Piskachev, M. Benz, I. Pashchenko, M. Mory, E. Bodden,
B. Hermann, F. Massacci, Empirical Software Engineering (2021).
date_created: 2021-11-02T05:13:49Z
date_updated: 2022-01-06T06:57:32Z
ddc:
- '000'
department:
- _id: '77'
- _id: '76'
doi: 10.1007/s10664-021-10013-5
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://link.springer.com/content/pdf/10.1007/s10664-021-10013-5.pdf
oa: '1'
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publication: Empirical Software Engineering
publication_identifier:
issn:
- 1382-3256
- 1573-7616
publication_status: published
status: public
title: 'TaintBench: Automatic real-world malware benchmarking of Android taint analyses'
type: journal_article
user_id: '15249'
year: '2021'
...
---
_id: '27158'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
citation:
ama: Luo L. Improving Real-World Applicability of Static Taint Analysis.
Universität Paderborn; 2021.
apa: Luo, L. (2021). Improving Real-World Applicability of Static Taint Analysis.
Universität Paderborn.
bibtex: '@book{Luo_2021, title={Improving Real-World Applicability of Static Taint
Analysis}, publisher={Universität Paderborn}, author={Luo, Linghui}, year={2021}
}'
chicago: Luo, Linghui. Improving Real-World Applicability of Static Taint Analysis.
Universität Paderborn, 2021.
ieee: L. Luo, Improving Real-World Applicability of Static Taint Analysis.
Universität Paderborn, 2021.
mla: Luo, Linghui. Improving Real-World Applicability of Static Taint Analysis.
Universität Paderborn, 2021.
short: L. Luo, Improving Real-World Applicability of Static Taint Analysis, Universität
Paderborn, 2021.
date_created: 2021-11-04T13:58:35Z
date_updated: 2022-01-06T06:57:35Z
department:
- _id: '76'
language:
- iso: eng
publisher: Universität Paderborn
related_material:
link:
- relation: confirmation
url: https://www.bodden.de/pubs/phdLuo.pdf
status: public
title: Improving Real-World Applicability of Static Taint Analysis
type: dissertation
user_id: '15249'
year: '2021'
...
---
_id: '21595'
author:
- first_name: Lars
full_name: Stockmann, Lars
id: '48144'
last_name: Stockmann
- first_name: Sven
full_name: Laux, Sven
last_name: Laux
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Stockmann L, Laux S, Bodden E. Using Architectural Runtime Verification for
Offline Data Analysis. Journal of Automotive Software Engineering. Published
online 2021. doi:10.2991/jase.d.210205.001
apa: Stockmann, L., Laux, S., & Bodden, E. (2021). Using Architectural Runtime
Verification for Offline Data Analysis. Journal of Automotive Software Engineering.
https://doi.org/10.2991/jase.d.210205.001
bibtex: '@article{Stockmann_Laux_Bodden_2021, title={Using Architectural Runtime
Verification for Offline Data Analysis}, DOI={10.2991/jase.d.210205.001},
journal={Journal of Automotive Software Engineering}, author={Stockmann, Lars
and Laux, Sven and Bodden, Eric}, year={2021} }'
chicago: Stockmann, Lars, Sven Laux, and Eric Bodden. “Using Architectural Runtime
Verification for Offline Data Analysis.” Journal of Automotive Software Engineering,
2021. https://doi.org/10.2991/jase.d.210205.001.
ieee: 'L. Stockmann, S. Laux, and E. Bodden, “Using Architectural Runtime Verification
for Offline Data Analysis,” Journal of Automotive Software Engineering,
2021, doi: 10.2991/jase.d.210205.001.'
mla: Stockmann, Lars, et al. “Using Architectural Runtime Verification for Offline
Data Analysis.” Journal of Automotive Software Engineering, 2021, doi:10.2991/jase.d.210205.001.
short: L. Stockmann, S. Laux, E. Bodden, Journal of Automotive Software Engineering
(2021).
date_created: 2021-04-08T11:21:32Z
date_updated: 2022-01-06T06:55:06Z
department:
- _id: '76'
doi: 10.2991/jase.d.210205.001
language:
- iso: eng
main_file_link:
- url: https://www.bodden.de/pubs/sb21architectural.pdf
publication: Journal of Automotive Software Engineering
publication_identifier:
issn:
- 2589-2258
publication_status: published
status: public
title: Using Architectural Runtime Verification for Offline Data Analysis
type: journal_article
user_id: '5786'
year: '2021'
...
---
_id: '21596'
author:
- first_name: Andreas
full_name: Fischer, Andreas
last_name: Fischer
citation:
ama: Fischer A. Computing on Encrypted Data Using Trusted Execution Environments.
Universität Paderborn; 2021.
apa: Fischer, A. (2021). Computing on Encrypted Data using Trusted Execution
Environments. Universität Paderborn.
bibtex: '@book{Fischer_2021, title={Computing on Encrypted Data using Trusted Execution
Environments}, publisher={Universität Paderborn}, author={Fischer, Andreas}, year={2021}
}'
chicago: Fischer, Andreas. Computing on Encrypted Data Using Trusted Execution
Environments. Universität Paderborn, 2021.
ieee: A. Fischer, Computing on Encrypted Data using Trusted Execution Environments.
Universität Paderborn, 2021.
mla: Fischer, Andreas. Computing on Encrypted Data Using Trusted Execution Environments.
Universität Paderborn, 2021.
short: A. Fischer, Computing on Encrypted Data Using Trusted Execution Environments,
Universität Paderborn, 2021.
date_created: 2021-04-08T11:23:13Z
date_updated: 2022-01-06T06:55:06Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: https://www.bodden.de/pubs/phdFischer.pdf
publisher: Universität Paderborn
status: public
title: Computing on Encrypted Data using Trusted Execution Environments
type: dissertation
user_id: '5786'
year: '2021'
...
---
_id: '21597'
author:
- first_name: Philipp
full_name: Holzinger, Philipp
last_name: Holzinger
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Holzinger P, Bodden E. A Systematic Hardening of Java’s Information Hiding.
International Symposium on Advanced Security on Software and Systems (ASSS).
Published online 2021.
apa: Holzinger, P., & Bodden, E. (2021). A Systematic Hardening of Java’s Information
Hiding. International Symposium on Advanced Security on Software and Systems
(ASSS).
bibtex: '@article{Holzinger_Bodden_2021, title={A Systematic Hardening of Java’s
Information Hiding}, journal={International Symposium on Advanced Security on
Software and Systems (ASSS)}, author={Holzinger, Philipp and Bodden, Eric}, year={2021}
}'
chicago: Holzinger, Philipp, and Eric Bodden. “A Systematic Hardening of Java’s
Information Hiding.” International Symposium on Advanced Security on Software
and Systems (ASSS), 2021.
ieee: P. Holzinger and E. Bodden, “A Systematic Hardening of Java’s Information
Hiding,” International Symposium on Advanced Security on Software and Systems
(ASSS), 2021.
mla: Holzinger, Philipp, and Eric Bodden. “A Systematic Hardening of Java’s Information
Hiding.” International Symposium on Advanced Security on Software and Systems
(ASSS), 2021.
short: P. Holzinger, E. Bodden, International Symposium on Advanced Security on
Software and Systems (ASSS) (2021).
date_created: 2021-04-08T11:24:06Z
date_updated: 2022-01-06T06:55:06Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: https://www.bodden.de/pubs/hb21systematic.pdf
publication: International Symposium on Advanced Security on Software and Systems
(ASSS)
status: public
title: A Systematic Hardening of Java's Information Hiding
type: journal_article
user_id: '5786'
year: '2021'
...
---
_id: '21599'
author:
- first_name: Rodrigo
full_name: Bonifacio, Rodrigo
last_name: Bonifacio
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Krishna
full_name: Narasimhan, Krishna
last_name: Narasimhan
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: Bonifacio R, Krüger S, Narasimhan K, Bodden E, Mezini M. Dealing with Variability
in API Misuse Specification. European Conference on Object-Oriented Programming
(ECOOP). Published online 2021.
apa: Bonifacio, R., Krüger, S., Narasimhan, K., Bodden, E., & Mezini, M. (2021).
Dealing with Variability in API Misuse Specification. European Conference on
Object-Oriented Programming (ECOOP).
bibtex: '@article{Bonifacio_Krüger_Narasimhan_Bodden_Mezini_2021, title={Dealing
with Variability in API Misuse Specification}, journal={European Conference on
Object-Oriented Programming (ECOOP)}, author={Bonifacio, Rodrigo and Krüger, Stefan
and Narasimhan, Krishna and Bodden, Eric and Mezini, Mira}, year={2021} }'
chicago: Bonifacio, Rodrigo, Stefan Krüger, Krishna Narasimhan, Eric Bodden, and
Mira Mezini. “Dealing with Variability in API Misuse Specification.” European
Conference on Object-Oriented Programming (ECOOP), 2021.
ieee: R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, and M. Mezini, “Dealing
with Variability in API Misuse Specification,” European Conference on Object-Oriented
Programming (ECOOP), 2021.
mla: Bonifacio, Rodrigo, et al. “Dealing with Variability in API Misuse Specification.”
European Conference on Object-Oriented Programming (ECOOP), 2021.
short: R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, M. Mezini, European Conference
on Object-Oriented Programming (ECOOP) (2021).
date_created: 2021-04-08T11:25:43Z
date_updated: 2022-01-06T06:55:06Z
department:
- _id: '76'
language:
- iso: eng
publication: European Conference on Object-Oriented Programming (ECOOP)
status: public
title: Dealing with Variability in API Misuse Specification
type: journal_article
user_id: '5786'
year: '2021'
...
---
_id: '22462'
author:
- first_name: Ashwin Prasad
full_name: Shivarpatna Venkatesh, Ashwin Prasad
id: '66637'
last_name: Shivarpatna Venkatesh
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Shivarpatna Venkatesh AP, Bodden E. Automated Cell Header Generator for Jupyter
Notebooks. In: International Workshop on AI and Software Testing/Analysis (AISTA).
; 2021. doi:10.1145/3464968.3468410'
apa: Shivarpatna Venkatesh, A. P., & Bodden, E. (2021). Automated Cell Header
Generator for Jupyter Notebooks. International Workshop on AI and Software
Testing/Analysis (AISTA). https://doi.org/10.1145/3464968.3468410
bibtex: '@inproceedings{Shivarpatna Venkatesh_Bodden_2021, title={Automated Cell
Header Generator for Jupyter Notebooks}, DOI={10.1145/3464968.3468410},
booktitle={International Workshop on AI and Software Testing/Analysis (AISTA)},
author={Shivarpatna Venkatesh, Ashwin Prasad and Bodden, Eric}, year={2021} }'
chicago: Shivarpatna Venkatesh, Ashwin Prasad, and Eric Bodden. “Automated Cell
Header Generator for Jupyter Notebooks.” In International Workshop on AI and
Software Testing/Analysis (AISTA), 2021. https://doi.org/10.1145/3464968.3468410.
ieee: 'A. P. Shivarpatna Venkatesh and E. Bodden, “Automated Cell Header Generator
for Jupyter Notebooks,” 2021, doi: 10.1145/3464968.3468410.'
mla: Shivarpatna Venkatesh, Ashwin Prasad, and Eric Bodden. “Automated Cell Header
Generator for Jupyter Notebooks.” International Workshop on AI and Software
Testing/Analysis (AISTA), 2021, doi:10.1145/3464968.3468410.
short: 'A.P. Shivarpatna Venkatesh, E. Bodden, in: International Workshop on AI
and Software Testing/Analysis (AISTA), 2021.'
date_created: 2021-06-17T10:14:48Z
date_updated: 2022-01-06T06:55:33Z
department:
- _id: '76'
doi: 10.1145/3464968.3468410
language:
- iso: eng
publication: International Workshop on AI and Software Testing/Analysis (AISTA)
status: public
title: Automated Cell Header Generator for Jupyter Notebooks
type: conference
user_id: '5786'
year: '2021'
...
---
_id: '23374'
author:
- first_name: Sriteja
full_name: Kummita, Sriteja
last_name: Kummita
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Johannes
full_name: Spath, Johannes
last_name: Spath
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Kummita S, Piskachev G, Spath J, Bodden E. Qualitative and Quantitative Analysis
of Callgraph Algorithms for Python. In: 2021 International Conference on Code
Quality (ICCQ). ; 2021. doi:10.1109/iccq51190.2021.9392986'
apa: Kummita, S., Piskachev, G., Spath, J., & Bodden, E. (2021). Qualitative
and Quantitative Analysis of Callgraph Algorithms for Python. 2021 International
Conference on Code Quality (ICCQ). https://doi.org/10.1109/iccq51190.2021.9392986
bibtex: '@inproceedings{Kummita_Piskachev_Spath_Bodden_2021, title={Qualitative
and Quantitative Analysis of Callgraph Algorithms for Python}, DOI={10.1109/iccq51190.2021.9392986},
booktitle={2021 International Conference on Code Quality (ICCQ)}, author={Kummita,
Sriteja and Piskachev, Goran and Spath, Johannes and Bodden, Eric}, year={2021}
}'
chicago: Kummita, Sriteja, Goran Piskachev, Johannes Spath, and Eric Bodden. “Qualitative
and Quantitative Analysis of Callgraph Algorithms for Python.” In 2021 International
Conference on Code Quality (ICCQ), 2021. https://doi.org/10.1109/iccq51190.2021.9392986.
ieee: 'S. Kummita, G. Piskachev, J. Spath, and E. Bodden, “Qualitative and Quantitative
Analysis of Callgraph Algorithms for Python,” 2021, doi: 10.1109/iccq51190.2021.9392986.'
mla: Kummita, Sriteja, et al. “Qualitative and Quantitative Analysis of Callgraph
Algorithms for Python.” 2021 International Conference on Code Quality (ICCQ),
2021, doi:10.1109/iccq51190.2021.9392986.
short: 'S. Kummita, G. Piskachev, J. Spath, E. Bodden, in: 2021 International Conference
on Code Quality (ICCQ), 2021.'
date_created: 2021-08-09T12:01:11Z
date_updated: 2022-01-06T06:55:50Z
department:
- _id: '241'
- _id: '662'
- _id: '76'
doi: 10.1109/iccq51190.2021.9392986
language:
- iso: eng
publication: 2021 International Conference on Code Quality (ICCQ)
publication_status: published
status: public
title: Qualitative and Quantitative Analysis of Callgraph Algorithms for Python
type: conference
user_id: '5786'
year: '2021'
...
---
_id: '30084'
author:
- first_name: Kadiray
full_name: Karakaya, Kadiray
last_name: Karakaya
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Karakaya K, Bodden E. SootFX: A Static Code Feature Extraction Tool for Java
and Android. In: 2021 IEEE 21st International Working Conference on Source
Code Analysis and Manipulation (SCAM). IEEE; 2021. doi:10.1109/scam52516.2021.00030'
apa: 'Karakaya, K., & Bodden, E. (2021). SootFX: A Static Code Feature Extraction
Tool for Java and Android. 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM). https://doi.org/10.1109/scam52516.2021.00030'
bibtex: '@inproceedings{Karakaya_Bodden_2021, title={SootFX: A Static Code Feature
Extraction Tool for Java and Android}, DOI={10.1109/scam52516.2021.00030},
booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM)}, publisher={IEEE}, author={Karakaya, Kadiray and Bodden,
Eric}, year={2021} }'
chicago: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction
Tool for Java and Android.” In 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM). IEEE, 2021. https://doi.org/10.1109/scam52516.2021.00030.'
ieee: 'K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool
for Java and Android,” 2021, doi: 10.1109/scam52516.2021.00030.'
mla: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction
Tool for Java and Android.” 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), IEEE, 2021, doi:10.1109/scam52516.2021.00030.'
short: 'K. Karakaya, E. Bodden, in: 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), IEEE, 2021.'
date_created: 2022-02-24T15:44:42Z
date_updated: 2022-02-24T15:45:43Z
department:
- _id: '76'
doi: 10.1109/scam52516.2021.00030
publication: 2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM)
publication_status: published
publisher: IEEE
status: public
title: 'SootFX: A Static Code Feature Extraction Tool for Java and Android'
type: conference
user_id: '70410'
year: '2021'
...
---
_id: '21598'
abstract:
- lang: eng
text: Static analysis is used to automatically detect bugs and security breaches,
and aids compileroptimization. Whole-program analysis (WPA) can yield high precision,
however causes long analysistimes and thus does not match common software-development
workflows, making it often impracticalto use for large, real-world applications.This
paper thus presents the design and implementation ofModAlyzer, a novel static-analysisapproach
that aims at accelerating whole-program analysis by making the analysis modular
andcompositional. It shows how to computelossless, persisted summaries for callgraph,
points-to anddata-flow information, and it reports under which circumstances this
function-level compositionalanalysis outperforms WPA.We implementedModAlyzeras
an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications.
At analysis time,ModAlyzermodularly and losslessly summarizesthe analysis effect
of the library code those applications share, hence avoiding its repeated re-analysis.The
experimental results show that the reuse of these summaries can save, on average,
72% ofanalysis time over WPA. Moreover, because it is lossless, the module-wise
analysis fully retainsprecision and recall. Surprisingly, as our results show,
it sometimes even yields precision superior toWPA. The initial summary generation,
on average, takes about 3.67 times as long as WPA.
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schubert P, Hermann B, Bodden E. Lossless, Persisted Summarization of Static
Callgraph, Points-To and Data-Flow Analysis. In: European Conference on Object-Oriented
Programming (ECOOP). ; 2021.'
apa: Schubert, P., Hermann, B., & Bodden, E. (2021). Lossless, Persisted Summarization
of Static Callgraph, Points-To and Data-Flow Analysis. European Conference
on Object-Oriented Programming (ECOOP).
bibtex: '@inproceedings{Schubert_Hermann_Bodden_2021, title={Lossless, Persisted
Summarization of Static Callgraph, Points-To and Data-Flow Analysis}, booktitle={European
Conference on Object-Oriented Programming (ECOOP)}, author={Schubert, Philipp
and Hermann, Ben and Bodden, Eric}, year={2021} }'
chicago: Schubert, Philipp, Ben Hermann, and Eric Bodden. “Lossless, Persisted Summarization
of Static Callgraph, Points-To and Data-Flow Analysis.” In European Conference
on Object-Oriented Programming (ECOOP), 2021.
ieee: P. Schubert, B. Hermann, and E. Bodden, “Lossless, Persisted Summarization
of Static Callgraph, Points-To and Data-Flow Analysis,” 2021.
mla: Schubert, Philipp, et al. “Lossless, Persisted Summarization of Static Callgraph,
Points-To and Data-Flow Analysis.” European Conference on Object-Oriented Programming
(ECOOP), 2021.
short: 'P. Schubert, B. Hermann, E. Bodden, in: European Conference on Object-Oriented
Programming (ECOOP), 2021.'
date_created: 2021-04-08T11:24:59Z
date_updated: 2022-03-25T07:49:35Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://drops.dagstuhl.de/opus/volltexte/2021/14045/
oa: '1'
project:
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
- _id: '1'
name: SFB 901
publication: European Conference on Object-Oriented Programming (ECOOP)
status: public
title: Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow
Analysis
type: conference
user_id: '60543'
year: '2021'
...
---
_id: '31132'
author:
- first_name: Andreas Peter
full_name: Dann, Andreas Peter
id: '26886'
last_name: Dann
- first_name: Henrik
full_name: Plate, Henrik
last_name: Plate
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Serena Elisa
full_name: Ponta, Serena Elisa
last_name: Ponta
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Dann AP, Plate H, Hermann B, Ponta SE, Bodden E. Identifying Challenges for
OSS Vulnerability Scanners - A Study & Test Suite. IEEE Transactions
on Software Engineering. Published online 2021:1-1. doi:10.1109/tse.2021.3101739
apa: Dann, A. P., Plate, H., Hermann, B., Ponta, S. E., & Bodden, E. (2021).
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test
Suite. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/tse.2021.3101739
bibtex: '@article{Dann_Plate_Hermann_Ponta_Bodden_2021, title={Identifying Challenges
for OSS Vulnerability Scanners - A Study & Test Suite}, DOI={10.1109/tse.2021.3101739},
journal={IEEE Transactions on Software Engineering}, publisher={Institute of Electrical
and Electronics Engineers (IEEE)}, author={Dann, Andreas Peter and Plate, Henrik
and Hermann, Ben and Ponta, Serena Elisa and Bodden, Eric}, year={2021}, pages={1–1}
}'
chicago: Dann, Andreas Peter, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and
Eric Bodden. “Identifying Challenges for OSS Vulnerability Scanners - A Study
& Test Suite.” IEEE Transactions on Software Engineering, 2021,
1–1. https://doi.org/10.1109/tse.2021.3101739.
ieee: 'A. P. Dann, H. Plate, B. Hermann, S. E. Ponta, and E. Bodden, “Identifying
Challenges for OSS Vulnerability Scanners - A Study & Test Suite,” IEEE
Transactions on Software Engineering, pp. 1–1, 2021, doi: 10.1109/tse.2021.3101739.'
mla: Dann, Andreas Peter, et al. “Identifying Challenges for OSS Vulnerability Scanners
- A Study & Test Suite.” IEEE Transactions on Software Engineering,
Institute of Electrical and Electronics Engineers (IEEE), 2021, pp. 1–1, doi:10.1109/tse.2021.3101739.
short: A.P. Dann, H. Plate, B. Hermann, S.E. Ponta, E. Bodden, IEEE Transactions
on Software Engineering (2021) 1–1.
date_created: 2022-05-09T13:02:35Z
date_updated: 2022-05-09T13:03:18Z
department:
- _id: '76'
doi: 10.1109/tse.2021.3101739
keyword:
- Software
language:
- iso: eng
page: 1-1
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 0098-5589
- 1939-3520
- 2326-3881
publication_status: published
publisher: Institute of Electrical and Electronics Engineers (IEEE)
status: public
title: Identifying Challenges for OSS Vulnerability Scanners - A Study & Test
Suite
type: journal_article
user_id: '15249'
year: '2021'
...
---
_id: '26407'
author:
- first_name: Goran
full_name: Piskachev, Goran
id: '41936'
last_name: Piskachev
orcid: 0000-0003-4424-5838
- first_name: Ranjith
full_name: Krishnamurthy, Ranjith
last_name: Krishnamurthy
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Piskachev G, Krishnamurthy R, Bodden E. SecuCheck: Engineering configurable
taint analysis for software developers. In: 2021 IEEE 21st International Working
Conference on Source Code Analysis and Manipulation (SCAM). ; 2021.'
apa: 'Piskachev, G., Krishnamurthy, R., & Bodden, E. (2021). SecuCheck: Engineering
configurable taint analysis for software developers. 2021 IEEE 21st International
Working Conference on Source Code Analysis and Manipulation (SCAM).'
bibtex: '@inproceedings{Piskachev_Krishnamurthy_Bodden_2021, title={SecuCheck: Engineering
configurable taint analysis for software developers}, booktitle={2021 IEEE 21st
International Working Conference on Source Code Analysis and Manipulation (SCAM)},
author={Piskachev, Goran and Krishnamurthy, Ranjith and Bodden, Eric}, year={2021}
}'
chicago: 'Piskachev, Goran, Ranjith Krishnamurthy, and Eric Bodden. “SecuCheck:
Engineering Configurable Taint Analysis for Software Developers.” In 2021 IEEE
21st International Working Conference on Source Code Analysis and Manipulation
(SCAM), 2021.'
ieee: 'G. Piskachev, R. Krishnamurthy, and E. Bodden, “SecuCheck: Engineering configurable
taint analysis for software developers,” 2021.'
mla: 'Piskachev, Goran, et al. “SecuCheck: Engineering Configurable Taint Analysis
for Software Developers.” 2021 IEEE 21st International Working Conference on
Source Code Analysis and Manipulation (SCAM), 2021.'
short: 'G. Piskachev, R. Krishnamurthy, E. Bodden, in: 2021 IEEE 21st International
Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.'
date_created: 2021-10-18T12:53:15Z
date_updated: 2022-10-20T12:44:31Z
department:
- _id: '76'
- _id: '662'
language:
- iso: eng
publication: 2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM)
status: public
title: 'SecuCheck: Engineering configurable taint analysis for software developers'
type: conference
user_id: '15249'
year: '2021'
...
---
_id: '22463'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Martin
full_name: Schäf, Martin
last_name: Schäf
- first_name: Daniel
full_name: Sanchez, Daniel
last_name: Sanchez
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Luo L, Schäf M, Sanchez D, Bodden E. IDE Support for Cloud-Based Static Analyses.
In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering. ; 2021.'
apa: Luo, L., Schäf, M., Sanchez, D., & Bodden, E. (2021). IDE Support for Cloud-Based
Static Analyses. Proceedings of the 29th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software Engineering.
bibtex: '@inproceedings{Luo_Schäf_Sanchez_Bodden_2021, title={IDE Support for Cloud-Based
Static Analyses}, booktitle={Proceedings of the 29th ACM Joint Meeting on European
Software Engineering Conference and Symposium on the Foundations of Software Engineering},
author={Luo, Linghui and Schäf, Martin and Sanchez, Daniel and Bodden, Eric},
year={2021} }'
chicago: Luo, Linghui, Martin Schäf, Daniel Sanchez, and Eric Bodden. “IDE Support
for Cloud-Based Static Analyses.” In Proceedings of the 29th ACM Joint Meeting
on European Software Engineering Conference and Symposium on the Foundations of
Software Engineering, 2021.
ieee: L. Luo, M. Schäf, D. Sanchez, and E. Bodden, “IDE Support for Cloud-Based
Static Analyses,” 2021.
mla: Luo, Linghui, et al. “IDE Support for Cloud-Based Static Analyses.” Proceedings
of the 29th ACM Joint Meeting on European Software Engineering Conference and
Symposium on the Foundations of Software Engineering, 2021.
short: 'L. Luo, M. Schäf, D. Sanchez, E. Bodden, in: Proceedings of the 29th ACM
Joint Meeting on European Software Engineering Conference and Symposium on the
Foundations of Software Engineering, 2021.'
date_created: 2021-06-17T10:18:05Z
date_updated: 2022-10-20T13:11:45Z
department:
- _id: '76'
language:
- iso: eng
publication: Proceedings of the 29th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering
status: public
title: IDE Support for Cloud-Based Static Analyses
type: conference
user_id: '15249'
year: '2021'
...
---
_id: '33840'
author:
- first_name: Kadiray
full_name: Karakaya, Kadiray
id: '70410'
last_name: Karakaya
orcid: https://orcid.org/0000-0001-9266-2084
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Karakaya K, Bodden E. SootFX: A Static Code Feature Extraction Tool for Java
and Android. In: 2021 IEEE 21st International Working Conference on Source
Code Analysis and Manipulation (SCAM). ; 2021:181–186.'
apa: 'Karakaya, K., & Bodden, E. (2021). SootFX: A Static Code Feature Extraction
Tool for Java and Android. 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), 181–186.'
bibtex: '@inproceedings{Karakaya_Bodden_2021, title={SootFX: A Static Code Feature
Extraction Tool for Java and Android}, booktitle={2021 IEEE 21st International
Working Conference on Source Code Analysis and Manipulation (SCAM)}, author={Karakaya,
Kadiray and Bodden, Eric}, year={2021}, pages={181–186} }'
chicago: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction
Tool for Java and Android.” In 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), 181–186, 2021.'
ieee: 'K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool
for Java and Android,” in 2021 IEEE 21st International Working Conference on
Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.'
mla: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction
Tool for Java and Android.” 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.'
short: 'K. Karakaya, E. Bodden, in: 2021 IEEE 21st International Working Conference
on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.'
date_created: 2022-10-20T13:09:08Z
date_updated: 2022-10-20T13:09:23Z
department:
- _id: '76'
language:
- iso: eng
page: 181–186
publication: 2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM)
status: public
title: 'SootFX: A Static Code Feature Extraction Tool for Java and Android'
type: conference
user_id: '15249'
year: '2021'
...
---
_id: '26406'
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Richard
full_name: Leer, Richard
last_name: Leer
citation:
ama: 'Schubert P, Hermann B, Bodden E, Leer R. Into the Woods: Experiences from
Building a Dataflow Analysis Framework for C/C++. In: SCAM ’21: IEEE International
Working Conference on Source Code Analysis and Manipulation (Engineering Track).
; 2021.'
apa: 'Schubert, P., Hermann, B., Bodden, E., & Leer, R. (2021). Into the Woods:
Experiences from Building a Dataflow Analysis Framework for C/C++. SCAM ’21:
IEEE International Working Conference on Source Code Analysis and Manipulation
(Engineering Track).'
bibtex: '@inproceedings{Schubert_Hermann_Bodden_Leer_2021, title={Into the Woods:
Experiences from Building a Dataflow Analysis Framework for C/C++}, booktitle={SCAM
’21: IEEE International Working Conference on Source Code Analysis and Manipulation
(Engineering Track)}, author={Schubert, Philipp and Hermann, Ben and Bodden, Eric
and Leer, Richard}, year={2021} }'
chicago: 'Schubert, Philipp, Ben Hermann, Eric Bodden, and Richard Leer. “Into the
Woods: Experiences from Building a Dataflow Analysis Framework for C/C++.” In
SCAM ’21: IEEE International Working Conference on Source Code Analysis and
Manipulation (Engineering Track), 2021.'
ieee: 'P. Schubert, B. Hermann, E. Bodden, and R. Leer, “Into the Woods: Experiences
from Building a Dataflow Analysis Framework for C/C++,” 2021.'
mla: 'Schubert, Philipp, et al. “Into the Woods: Experiences from Building a Dataflow
Analysis Framework for C/C++.” SCAM ’21: IEEE International Working Conference
on Source Code Analysis and Manipulation (Engineering Track), 2021.'
short: 'P. Schubert, B. Hermann, E. Bodden, R. Leer, in: SCAM ’21: IEEE International
Working Conference on Source Code Analysis and Manipulation (Engineering Track),
2021.'
date_created: 2021-10-18T12:52:12Z
date_updated: 2023-06-15T08:39:55Z
department:
- _id: '76'
language:
- iso: eng
project:
- _id: '3'
name: 'SFB 901 - B: SFB 901 - Project Area B'
- _id: '12'
name: 'SFB 901 - B4: SFB 901 - Subproject B4'
- _id: '1'
grant_number: '160364472'
name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen
in dynamischen Märkten '
publication: 'SCAM ''21: IEEE International Working Conference on Source Code Analysis
and Manipulation (Engineering Track)'
status: public
title: 'Into the Woods: Experiences from Building a Dataflow Analysis Framework for
C/C++'
type: conference
user_id: '15249'
year: '2021'
...
---
_id: '26405'
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Florian
full_name: Sattler, Florian
last_name: Sattler
- first_name: Fabian
full_name: Schiebel, Fabian
last_name: Schiebel
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schubert P, Sattler F, Schiebel F, Hermann B, Bodden E. Modeling the Effects
of Global Variables in Data-Flow Analysis for C/C++. In: 2021 IEEE 21st International
Working Conference on Source Code Analysis and Manipulation (SCAM). ; 2021.'
apa: Schubert, P., Sattler, F., Schiebel, F., Hermann, B., & Bodden, E. (2021).
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++. 2021
IEEE 21st International Working Conference on Source Code Analysis and Manipulation
(SCAM).
bibtex: '@inproceedings{Schubert_Sattler_Schiebel_Hermann_Bodden_2021, title={Modeling
the Effects of Global Variables in Data-Flow Analysis for C/C++}, booktitle={2021
IEEE 21st International Working Conference on Source Code Analysis and Manipulation
(SCAM)}, author={Schubert, Philipp and Sattler, Florian and Schiebel, Fabian and
Hermann, Ben and Bodden, Eric}, year={2021} }'
chicago: Schubert, Philipp, Florian Sattler, Fabian Schiebel, Ben Hermann, and Eric
Bodden. “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++.”
In 2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM), 2021.
ieee: P. Schubert, F. Sattler, F. Schiebel, B. Hermann, and E. Bodden, “Modeling
the Effects of Global Variables in Data-Flow Analysis for C/C++,” 2021.
mla: Schubert, Philipp, et al. “Modeling the Effects of Global Variables in Data-Flow
Analysis for C/C++.” 2021 IEEE 21st International Working Conference on Source
Code Analysis and Manipulation (SCAM), 2021.
short: 'P. Schubert, F. Sattler, F. Schiebel, B. Hermann, E. Bodden, in: 2021 IEEE
21st International Working Conference on Source Code Analysis and Manipulation
(SCAM), 2021.'
date_created: 2021-10-18T12:50:35Z
date_updated: 2023-06-15T08:57:24Z
department:
- _id: '76'
language:
- iso: eng
project:
- _id: '12'
name: 'SFB 901 - B4: SFB 901 - Subproject B4'
- _id: '3'
name: 'SFB 901 - B: SFB 901 - Project Area B'
- _id: '1'
grant_number: '160364472'
name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen
in dynamischen Märkten '
publication: 2021 IEEE 21st International Working Conference on Source Code Analysis
and Manipulation (SCAM)
status: public
title: Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
type: conference
user_id: '15249'
year: '2021'
...
---
_id: '20507'
author:
- first_name: Johannes
full_name: Geismann, Johannes
id: '20063'
last_name: Geismann
orcid: https://orcid.org/0000-0003-2015-2047
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Geismann J, Bodden E. A systematic literature review of model-driven security
engineering for cyber–physical systems. Journal of Systems and Software.
2020;169:110697. doi:https://doi.org/10.1016/j.jss.2020.110697
apa: Geismann, J., & Bodden, E. (2020). A systematic literature review of model-driven
security engineering for cyber–physical systems. Journal of Systems and Software,
169, 110697. https://doi.org/10.1016/j.jss.2020.110697
bibtex: '@article{Geismann_Bodden_2020, title={A systematic literature review of
model-driven security engineering for cyber–physical systems}, volume={169}, DOI={https://doi.org/10.1016/j.jss.2020.110697},
journal={Journal of Systems and Software}, author={Geismann, Johannes and Bodden,
Eric}, year={2020}, pages={110697} }'
chicago: 'Geismann, Johannes, and Eric Bodden. “A Systematic Literature Review of
Model-Driven Security Engineering for Cyber–Physical Systems.” Journal of Systems
and Software 169 (2020): 110697. https://doi.org/10.1016/j.jss.2020.110697.'
ieee: 'J. Geismann and E. Bodden, “A systematic literature review of model-driven
security engineering for cyber–physical systems,” Journal of Systems and Software,
vol. 169, p. 110697, 2020, doi: https://doi.org/10.1016/j.jss.2020.110697.'
mla: Geismann, Johannes, and Eric Bodden. “A Systematic Literature Review of Model-Driven
Security Engineering for Cyber–Physical Systems.” Journal of Systems and Software,
vol. 169, 2020, p. 110697, doi:https://doi.org/10.1016/j.jss.2020.110697.
short: J. Geismann, E. Bodden, Journal of Systems and Software 169 (2020) 110697.
date_created: 2020-11-26T08:32:56Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: https://doi.org/10.1016/j.jss.2020.110697
intvolume: ' 169'
language:
- iso: eng
page: '110697'
publication: Journal of Systems and Software
publication_identifier:
issn:
- 0164-1212
status: public
title: A systematic literature review of model-driven security engineering for cyber–physical
systems
type: journal_article
user_id: '5786'
volume: 169
year: '2020'
...
---
_id: '20508'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Nguyen Quang Do L, Bodden E. Explaining Static Analysis with Rule Graphs. IEEE
Transactions on Software Engineering. Published online 2020.
apa: Nguyen Quang Do, L., & Bodden, E. (2020). Explaining Static Analysis with
Rule Graphs. IEEE Transactions on Software Engineering.
bibtex: '@article{Nguyen Quang Do_Bodden_2020, title={Explaining Static Analysis
with Rule Graphs}, journal={IEEE Transactions on Software Engineering}, author={Nguyen
Quang Do, Lisa and Bodden, Eric}, year={2020} }'
chicago: Nguyen Quang Do, Lisa, and Eric Bodden. “Explaining Static Analysis with
Rule Graphs.” IEEE Transactions on Software Engineering, 2020.
ieee: L. Nguyen Quang Do and E. Bodden, “Explaining Static Analysis with Rule Graphs,”
IEEE Transactions on Software Engineering, 2020.
mla: Nguyen Quang Do, Lisa, and Eric Bodden. “Explaining Static Analysis with Rule
Graphs.” IEEE Transactions on Software Engineering, 2020.
short: L. Nguyen Quang Do, E. Bodden, IEEE Transactions on Software Engineering
(2020).
date_created: 2020-11-26T08:38:33Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/tse20ruleGraphs.pdf
publication: IEEE Transactions on Software Engineering
status: public
title: Explaining Static Analysis with Rule Graphs
type: journal_article
user_id: '5786'
year: '2020'
...
---
_id: '20509'
author:
- first_name: Andreas
full_name: Fischer, Andreas
last_name: Fischer
- first_name: Jonas
full_name: Janneck, Jonas
last_name: Janneck
- first_name: Jörn
full_name: Kussmaul, Jörn
last_name: Kussmaul
- first_name: Nikolas
full_name: Krätzschmar, Nikolas
last_name: Krätzschmar
- first_name: Florian
full_name: Kerschbaum, Florian
last_name: Kerschbaum
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Fischer A, Janneck J, Kussmaul J, Krätzschmar N, Kerschbaum F, Bodden E. PASAPTO:
Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted
Data with Restricted Leakage. In: 2020 IEEE Computer Security Foundations Symposium
(CSF). ; 2020.'
apa: 'Fischer, A., Janneck, J., Kussmaul, J., Krätzschmar, N., Kerschbaum, F., &
Bodden, E. (2020). PASAPTO: Policy-aware Security and Performance Trade-off Analysis
- Computation on Encrypted Data with Restricted Leakage. 2020 IEEE Computer
Security Foundations Symposium (CSF).'
bibtex: '@inproceedings{Fischer_Janneck_Kussmaul_Krätzschmar_Kerschbaum_Bodden_2020,
title={PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation
on Encrypted Data with Restricted Leakage}, booktitle={2020 IEEE Computer Security
Foundations Symposium (CSF)}, author={Fischer, Andreas and Janneck, Jonas and
Kussmaul, Jörn and Krätzschmar, Nikolas and Kerschbaum, Florian and Bodden, Eric},
year={2020} }'
chicago: 'Fischer, Andreas, Jonas Janneck, Jörn Kussmaul, Nikolas Krätzschmar, Florian
Kerschbaum, and Eric Bodden. “PASAPTO: Policy-Aware Security and Performance Trade-off
Analysis - Computation on Encrypted Data with Restricted Leakage.” In 2020
IEEE Computer Security Foundations Symposium (CSF), 2020.'
ieee: 'A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, and E.
Bodden, “PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation
on Encrypted Data with Restricted Leakage,” 2020.'
mla: 'Fischer, Andreas, et al. “PASAPTO: Policy-Aware Security and Performance Trade-off
Analysis - Computation on Encrypted Data with Restricted Leakage.” 2020 IEEE
Computer Security Foundations Symposium (CSF), 2020.'
short: 'A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, E. Bodden,
in: 2020 IEEE Computer Security Foundations Symposium (CSF), 2020.'
date_created: 2020-11-26T08:40:08Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/fjk+20pasapto.pdf
publication: 2020 IEEE Computer Security Foundations Symposium (CSF)
status: public
title: 'PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation
on Encrypted Data with Restricted Leakage'
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '20510'
author:
- first_name: Manuel
full_name: Benz, Manuel
last_name: Benz
- first_name: Erik
full_name: Krogh Kristensen, Erik
last_name: Krogh Kristensen
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Nataniel
full_name: P. Borges Jr., Nataniel
last_name: P. Borges Jr.
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Andreas
full_name: Zeller, Andreas
last_name: Zeller
citation:
ama: 'Benz M, Krogh Kristensen E, Luo L, P. Borges Jr. N, Bodden E, Zeller A. Heaps’n
Leaks: How Heap Snapshots Improve Android Taint Analysis. In: International
Conference for Software Engineering (ICSE). ; 2020.'
apa: 'Benz, M., Krogh Kristensen, E., Luo, L., P. Borges Jr., N., Bodden, E., &
Zeller, A. (2020). Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis.
International Conference for Software Engineering (ICSE).'
bibtex: '@inproceedings{Benz_Krogh Kristensen_Luo_P. Borges Jr._Bodden_Zeller_2020,
title={Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis}, booktitle={International
Conference for Software Engineering (ICSE)}, author={Benz, Manuel and Krogh Kristensen,
Erik and Luo, Linghui and P. Borges Jr., Nataniel and Bodden, Eric and Zeller,
Andreas}, year={2020} }'
chicago: 'Benz, Manuel, Erik Krogh Kristensen, Linghui Luo, Nataniel P. Borges Jr.,
Eric Bodden, and Andreas Zeller. “Heaps’n Leaks: How Heap Snapshots Improve Android
Taint Analysis.” In International Conference for Software Engineering (ICSE),
2020.'
ieee: 'M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, and A.
Zeller, “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis,” 2020.'
mla: 'Benz, Manuel, et al. “Heaps’n Leaks: How Heap Snapshots Improve Android Taint
Analysis.” International Conference for Software Engineering (ICSE), 2020.'
short: 'M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, A. Zeller,
in: International Conference for Software Engineering (ICSE), 2020.'
date_created: 2020-11-26T08:47:56Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
publication: International Conference for Software Engineering (ICSE)
status: public
title: 'Heaps''n Leaks: How Heap Snapshots Improve Android Taint Analysis'
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '20511'
author:
- first_name: Andreas
full_name: Fischer, Andreas
last_name: Fischer
- first_name: Benny
full_name: Fuhry, Benny
last_name: Fuhry
- first_name: Florian
full_name: Kerschbaum, Florian
last_name: Kerschbaum
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Fischer A, Fuhry B, Kerschbaum F, Bodden E. Computation on Encrypted Data
using Dataflow Authentication. In: Privacy Enhancing Technologies Symposium
(PETS/PoPETS). ; 2020.'
apa: Fischer, A., Fuhry, B., Kerschbaum, F., & Bodden, E. (2020). Computation
on Encrypted Data using Dataflow Authentication. Privacy Enhancing Technologies
Symposium (PETS/PoPETS).
bibtex: '@inproceedings{Fischer_Fuhry_Kerschbaum_Bodden_2020, title={Computation
on Encrypted Data using Dataflow Authentication}, booktitle={Privacy Enhancing
Technologies Symposium (PETS/PoPETS)}, author={Fischer, Andreas and Fuhry, Benny
and Kerschbaum, Florian and Bodden, Eric}, year={2020} }'
chicago: Fischer, Andreas, Benny Fuhry, Florian Kerschbaum, and Eric Bodden. “Computation
on Encrypted Data Using Dataflow Authentication.” In Privacy Enhancing Technologies
Symposium (PETS/PoPETS), 2020.
ieee: A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted
Data using Dataflow Authentication,” 2020.
mla: Fischer, Andreas, et al. “Computation on Encrypted Data Using Dataflow Authentication.”
Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020.
short: 'A. Fischer, B. Fuhry, F. Kerschbaum, E. Bodden, in: Privacy Enhancing Technologies
Symposium (PETS/PoPETS), 2020.'
date_created: 2020-11-26T08:50:59Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/ffk+20computation.pdf
publication: Privacy Enhancing Technologies Symposium (PETS/PoPETS)
status: public
title: Computation on Encrypted Data using Dataflow Authentication
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '20512'
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Krüger S, Ali K, Bodden E. CogniCrypt_GEN - Generating Code for the Secure
Usage of Crypto APIs. In: International Symposium on Code Generation and Optimization
(CGO). ; 2020:185-198.'
apa: Krüger, S., Ali, K., & Bodden, E. (2020). CogniCrypt_GEN - Generating Code
for the Secure Usage of Crypto APIs. International Symposium on Code Generation
and Optimization (CGO), 185–198.
bibtex: '@inproceedings{Krüger_Ali_Bodden_2020, title={CogniCrypt_GEN - Generating
Code for the Secure Usage of Crypto APIs}, booktitle={International Symposium
on Code Generation and Optimization (CGO)}, author={Krüger, Stefan and Ali, Karim
and Bodden, Eric}, year={2020}, pages={185–198} }'
chicago: Krüger, Stefan, Karim Ali, and Eric Bodden. “CogniCrypt_GEN - Generating
Code for the Secure Usage of Crypto APIs.” In International Symposium on Code
Generation and Optimization (CGO), 185–98, 2020.
ieee: S. Krüger, K. Ali, and E. Bodden, “CogniCrypt_GEN - Generating Code for the
Secure Usage of Crypto APIs,” in International Symposium on Code Generation
and Optimization (CGO), 2020, pp. 185–198.
mla: Krüger, Stefan, et al. “CogniCrypt_GEN - Generating Code for the Secure Usage
of Crypto APIs.” International Symposium on Code Generation and Optimization
(CGO), 2020, pp. 185–98.
short: 'S. Krüger, K. Ali, E. Bodden, in: International Symposium on Code Generation
and Optimization (CGO), 2020, pp. 185–198.'
date_created: 2020-11-26T08:51:01Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
page: 185-198
publication: International Symposium on Code Generation and Optimization (CGO)
related_material:
link:
- relation: confirmation
url: http://www.bodden.de/pubs/krueger20cognicryptgen.pdf
status: public
title: CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '20513'
abstract:
- lang: ger
text: "Frühere Studien haben empirisch offenbart, dass Fehlbenutzungen von kryptographischen
APIs in Softwareanwendungen weitverbreitet sind. Dies geschieht vor allem, weil
Software-Entwickler_innen aufgrund schlechten API-Designs und fehlenden Kryptographiewissens
Probleme bekommen, wenn sie versuchen kryptographische Features zu implementieren.
Die Literatur liefert mehrere Ansätze und Vorschläge diese Probleme zu lösen,
aber alle scheitern schlussendlich auf die eine oder andere Weise daran die Anforderungen
der Entwickler_innenzu erfüllen. Das Resultat ist eine insgesamt lückenhafte Landschaft
verschiedener nur wenigkomplementärer Ansätze.In dieser Arbeit adressieren wir
das Problem kryptographischer Fehlbenutzungen systematischer durch CogniCrypt.
CogniCrypt integriert verschiedene Arten von Tool Supportin einen gemeinsamen
Ansatz, der Entwickler_innen davon befreit wissen zu müssen, wie diese APIs benutzt
werden müssen. Zentral für unseren Ansatz ist CrySL, eine Beschreibungssprache,die
die kognitive Lücke zwischen Kryptographie-Expert_innen und Software-Entwickler_innenüberbrückt.
CrySL ermöglicht es Kryptographie-Expert_innen zu spezifizeren, wie die APIs,die
sie bereitstellen, richtig benutzt werden. Wir haben einen Compiler für CrySL
implementiert, der es erlaubt auf CrySL-Spezifikationen aufbauenden Tool Support
zu entwickeln. Wir haben weiterhin die statische Analyse CogniCrypt_SAST und den
Code-Generator CogniCrypt_GEN entwickelt. Schlussendlich haben wir CogniCrypt
prototypisch implementiert und diesen Prototyp in einem kontrollierten Experiment
evaluiert.\r\n"
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
citation:
ama: Krüger S. CogniCrypt -- The Secure Integration of Cryptographic Software.
Universitaetsbibliothek Paderborn; 2020.
apa: Krüger, S. (2020). CogniCrypt -- The Secure Integration of Cryptographic
Software. Universitaetsbibliothek Paderborn.
bibtex: '@book{Krüger_2020, title={CogniCrypt -- The Secure Integration of Cryptographic
Software}, publisher={Universitaetsbibliothek Paderborn}, author={Krüger, Stefan},
year={2020} }'
chicago: Krüger, Stefan. CogniCrypt -- The Secure Integration of Cryptographic
Software. Universitaetsbibliothek Paderborn, 2020.
ieee: S. Krüger, CogniCrypt -- The Secure Integration of Cryptographic Software.
Universitaetsbibliothek Paderborn, 2020.
mla: Krüger, Stefan. CogniCrypt -- The Secure Integration of Cryptographic Software.
Universitaetsbibliothek Paderborn, 2020.
short: S. Krüger, CogniCrypt -- The Secure Integration of Cryptographic Software,
Universitaetsbibliothek Paderborn, 2020.
date_created: 2020-11-26T09:02:19Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: https://digital.ub.uni-paderborn.de/hs/document/preview/3500836
publisher: Universitaetsbibliothek Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: CogniCrypt -- The Secure Integration of Cryptographic Software
type: dissertation
user_id: '5786'
year: '2020'
...
---
_id: '20518'
author:
- first_name: Thorsten
full_name: Koch, Thorsten
id: '13616'
last_name: Koch
- first_name: Stefan
full_name: Dziwok, Stefan
id: '3901'
last_name: Dziwok
orcid: http://orcid.org/0000-0002-8679-6673
- first_name: Jörg
full_name: Holtmann, Jörg
id: '3875'
last_name: Holtmann
orcid: 0000-0001-6141-4571
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Koch T, Dziwok S, Holtmann J, Bodden E. Scenario-based Specification of Security
Protocols and Transformation to Security Model Checkers. In: ACM/IEEE 23rd
International Conference on Model Driven Engineering Languages and Systems (MODELS
’20). ACM; 2020. doi:10.1145/3365438.3410946'
apa: Koch, T., Dziwok, S., Holtmann, J., & Bodden, E. (2020). Scenario-based
Specification of Security Protocols and Transformation to Security Model Checkers.
ACM/IEEE 23rd International Conference on Model Driven Engineering Languages
and Systems (MODELS ’20). https://doi.org/10.1145/3365438.3410946
bibtex: '@inproceedings{Koch_Dziwok_Holtmann_Bodden_2020, title={Scenario-based
Specification of Security Protocols and Transformation to Security Model Checkers},
DOI={10.1145/3365438.3410946},
booktitle={ACM/IEEE 23rd International Conference on Model Driven Engineering
Languages and Systems (MODELS ’20)}, publisher={ACM}, author={Koch, Thorsten and
Dziwok, Stefan and Holtmann, Jörg and Bodden, Eric}, year={2020} }'
chicago: Koch, Thorsten, Stefan Dziwok, Jörg Holtmann, and Eric Bodden. “Scenario-Based
Specification of Security Protocols and Transformation to Security Model Checkers.”
In ACM/IEEE 23rd International Conference on Model Driven Engineering Languages
and Systems (MODELS ’20). ACM, 2020. https://doi.org/10.1145/3365438.3410946.
ieee: 'T. Koch, S. Dziwok, J. Holtmann, and E. Bodden, “Scenario-based Specification
of Security Protocols and Transformation to Security Model Checkers,” 2020, doi:
10.1145/3365438.3410946.'
mla: Koch, Thorsten, et al. “Scenario-Based Specification of Security Protocols
and Transformation to Security Model Checkers.” ACM/IEEE 23rd International
Conference on Model Driven Engineering Languages and Systems (MODELS ’20),
ACM, 2020, doi:10.1145/3365438.3410946.
short: 'T. Koch, S. Dziwok, J. Holtmann, E. Bodden, in: ACM/IEEE 23rd International
Conference on Model Driven Engineering Languages and Systems (MODELS ’20), ACM,
2020.'
date_created: 2020-11-26T10:19:54Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
- _id: '241'
- _id: '662'
doi: 10.1145/3365438.3410946
language:
- iso: eng
publication: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages
and Systems (MODELS ’20)
publisher: ACM
status: public
title: Scenario-based Specification of Security Protocols and Transformation to Security
Model Checkers
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '20521'
author:
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
citation:
ama: Gerking C. Model-Driven Information Flow Security Engineering for Cyber-Physical
Systems. Paderborn University; 2020. doi:10.17619/UNIPB/1-1033
apa: Gerking, C. (2020). Model-Driven Information Flow Security Engineering for
Cyber-Physical Systems. Paderborn University. https://doi.org/10.17619/UNIPB/1-1033
bibtex: '@book{Gerking_2020, title={Model-Driven Information Flow Security Engineering
for Cyber-Physical Systems}, DOI={10.17619/UNIPB/1-1033},
publisher={Paderborn University}, author={Gerking, Christopher}, year={2020} }'
chicago: Gerking, Christopher. Model-Driven Information Flow Security Engineering
for Cyber-Physical Systems. Paderborn University, 2020. https://doi.org/10.17619/UNIPB/1-1033.
ieee: C. Gerking, Model-Driven Information Flow Security Engineering for Cyber-Physical
Systems. Paderborn University, 2020.
mla: Gerking, Christopher. Model-Driven Information Flow Security Engineering
for Cyber-Physical Systems. Paderborn University, 2020, doi:10.17619/UNIPB/1-1033.
short: C. Gerking, Model-Driven Information Flow Security Engineering for Cyber-Physical
Systems, Paderborn University, 2020.
date_created: 2020-11-26T10:37:17Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.17619/UNIPB/1-1033
language:
- iso: eng
publisher: Paderborn University
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: Model-Driven Information Flow Security Engineering for Cyber-Physical Systems
type: dissertation
user_id: '5786'
year: '2020'
...
---
_id: '20712'
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
citation:
ama: Schubert P, Bodden E, Hermann B. Accelerating Static Call-Graph, Points-to
and Data-Flow Analysis Through Persisted Summaries.; 2020.
apa: Schubert, P., Bodden, E., & Hermann, B. (2020). Accelerating Static
Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries.
bibtex: '@book{Schubert_Bodden_Hermann_2020, title={Accelerating Static Call-Graph,
Points-to and Data-Flow Analysis Through Persisted Summaries}, author={Schubert,
Philipp and Bodden, Eric and Hermann, Ben}, year={2020} }'
chicago: Schubert, Philipp, Eric Bodden, and Ben Hermann. Accelerating Static
Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries,
2020.
ieee: P. Schubert, E. Bodden, and B. Hermann, Accelerating Static Call-Graph,
Points-to and Data-Flow Analysis Through Persisted Summaries. 2020.
mla: Schubert, Philipp, et al. Accelerating Static Call-Graph, Points-to and
Data-Flow Analysis Through Persisted Summaries. 2020.
short: P. Schubert, E. Bodden, B. Hermann, Accelerating Static Call-Graph, Points-to
and Data-Flow Analysis Through Persisted Summaries, 2020.
date_created: 2020-12-14T07:44:11Z
date_updated: 2022-01-06T06:54:34Z
ddc:
- '000'
department:
- _id: '76'
file:
- access_level: closed
content_type: application/pdf
creator: pdschbrt
date_created: 2020-12-14T07:39:07Z
date_updated: 2020-12-14T07:39:07Z
file_id: '20713'
file_name: main.pdf
file_size: 683576
relation: main_file
success: 1
file_date_updated: 2020-12-14T07:39:07Z
has_accepted_license: '1'
language:
- iso: eng
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
status: public
title: Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted
Summaries
type: report
user_id: '477'
year: '2020'
...
---
_id: '20891'
abstract:
- lang: eng
text: "Today, software systems are rarely developed monolithically, but may be composed
of numerous individually developed features. Their modularization facilitates
independent development and verification. While feature-based strategies to verify
features in isolation have existed for years, they cannot address interactions
between features. The problem with feature interactions is that they are typically
unknown and may involve any subset of the features. Contrary, a family-based verification
strategy captures feature interactions, but does not scale well when features
evolve frequently. To the best of our knowledge, there currently exists no approach
with focus on evolving features that combines both strategies and aims at eliminating
their respective drawbacks. To fill this gap, we introduce Fefalution, a feature-family-based
verification approach based on abstract contracts to verify evolving features
and their interactions. Fefalution builds partial proofs for each evolving feature
and then reuses the resulting partial proofs in verifying feature interactions,
yielding a full verification of the complete software system. Moreover, to investigate
whether a combination of both strategies is fruitful, we present the first empirical
study for the verification of evolving features implemented by means of feature-oriented
programming and by comparing Fefalution with another five family-based approaches
varying in a set of optimizations. Our results indicate that partial proofs based
on abstract contracts exhibit huge reuse potential, but also come with a substantial
overhead for smaller evolution scenarios.\r\n"
author:
- first_name: Alexander
full_name: Knüppel, Alexander
last_name: Knüppel
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Thomas
full_name: Thüm, Thomas
last_name: Thüm
- first_name: Richard
full_name: Bubel, Richard
last_name: Bubel
- first_name: Sebastian
full_name: Krieter, Sebastian
last_name: Krieter
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Ina
full_name: Schaefer, Ina
last_name: Schaefer
citation:
ama: 'Knüppel A, Krüger S, Thüm T, et al. Using Abstract Contracts for Verifying
Evolving Features and Their Interactions. In: Lecture Notes in Computer Science.
; 2020. doi:10.1007/978-3-030-64354-6_5'
apa: Knüppel, A., Krüger, S., Thüm, T., Bubel, R., Krieter, S., Bodden, E., &
Schaefer, I. (2020). Using Abstract Contracts for Verifying Evolving Features
and Their Interactions. In Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-030-64354-6_5
bibtex: '@inbook{Knüppel_Krüger_Thüm_Bubel_Krieter_Bodden_Schaefer_2020, place={Cham},
title={Using Abstract Contracts for Verifying Evolving Features and Their Interactions},
DOI={10.1007/978-3-030-64354-6_5},
booktitle={Lecture Notes in Computer Science}, author={Knüppel, Alexander and
Krüger, Stefan and Thüm, Thomas and Bubel, Richard and Krieter, Sebastian and
Bodden, Eric and Schaefer, Ina}, year={2020} }'
chicago: Knüppel, Alexander, Stefan Krüger, Thomas Thüm, Richard Bubel, Sebastian
Krieter, Eric Bodden, and Ina Schaefer. “Using Abstract Contracts for Verifying
Evolving Features and Their Interactions.” In Lecture Notes in Computer Science.
Cham, 2020. https://doi.org/10.1007/978-3-030-64354-6_5.
ieee: A. Knüppel et al., “Using Abstract Contracts for Verifying Evolving
Features and Their Interactions,” in Lecture Notes in Computer Science,
Cham, 2020.
mla: Knüppel, Alexander, et al. “Using Abstract Contracts for Verifying Evolving
Features and Their Interactions.” Lecture Notes in Computer Science, 2020,
doi:10.1007/978-3-030-64354-6_5.
short: 'A. Knüppel, S. Krüger, T. Thüm, R. Bubel, S. Krieter, E. Bodden, I. Schaefer,
in: Lecture Notes in Computer Science, Cham, 2020.'
date_created: 2021-01-11T09:15:41Z
date_updated: 2022-01-06T06:54:41Z
department:
- _id: '76'
doi: 10.1007/978-3-030-64354-6_5
language:
- iso: eng
place: Cham
publication: Lecture Notes in Computer Science
publication_identifier:
isbn:
- '9783030643539'
- '9783030643546'
issn:
- 0302-9743
- 1611-3349
publication_status: published
status: public
title: Using Abstract Contracts for Verifying Evolving Features and Their Interactions
type: book_chapter
user_id: '5786'
year: '2020'
...
---
_id: '23376'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Oshando
full_name: Johnson, Oshando
last_name: Johnson
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Piskachev G, Nguyen Quang Do L, Johnson O, Bodden E. SWAN_ASSIST: Semi-Automated
Detection of Code-Specific, Security-Relevant Methods. In: 2019 34th IEEE/ACM
International Conference on Automated Software Engineering (ASE). ; 2020.
doi:10.1109/ase.2019.00110'
apa: 'Piskachev, G., Nguyen Quang Do, L., Johnson, O., & Bodden, E. (2020).
SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.
2019 34th IEEE/ACM International Conference on Automated Software Engineering
(ASE). https://doi.org/10.1109/ase.2019.00110'
bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Johnson_Bodden_2020, title={SWAN_ASSIST:
Semi-Automated Detection of Code-Specific, Security-Relevant Methods}, DOI={10.1109/ase.2019.00110}, booktitle={2019
34th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
author={Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando and Bodden,
Eric}, year={2020} }'
chicago: 'Piskachev, Goran, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden.
“SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.”
In 2019 34th IEEE/ACM International Conference on Automated Software Engineering
(ASE), 2020. https://doi.org/10.1109/ase.2019.00110.'
ieee: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST:
Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2020, doi:
10.1109/ase.2019.00110.'
mla: 'Piskachev, Goran, et al. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific,
Security-Relevant Methods.” 2019 34th IEEE/ACM International Conference on
Automated Software Engineering (ASE), 2020, doi:10.1109/ase.2019.00110.'
short: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, E. Bodden, in: 2019 34th IEEE/ACM
International Conference on Automated Software Engineering (ASE), 2020.'
date_created: 2021-08-09T12:03:30Z
date_updated: 2022-01-06T06:55:50Z
department:
- _id: '241'
- _id: '662'
- _id: '76'
doi: 10.1109/ase.2019.00110
language:
- iso: eng
publication: 2019 34th IEEE/ACM International Conference on Automated Software Engineering
(ASE)
publication_status: published
status: public
title: 'SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant
Methods'
type: conference
user_id: '5786'
year: '2020'
...
---
_id: '23377'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Tobias
full_name: Petrasch, Tobias
last_name: Petrasch
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Piskachev G, Petrasch T, Späth J, Bodden E. AuthCheck: Program-State Analysis
for Access-Control Vulnerabilities. In: Lecture Notes in Computer Science.
; 2020. doi:10.1007/978-3-030-54997-8_34'
apa: 'Piskachev, G., Petrasch, T., Späth, J., & Bodden, E. (2020). AuthCheck:
Program-State Analysis for Access-Control Vulnerabilities. In Lecture Notes
in Computer Science. https://doi.org/10.1007/978-3-030-54997-8_34'
bibtex: '@inbook{Piskachev_Petrasch_Späth_Bodden_2020, place={Cham}, title={AuthCheck:
Program-State Analysis for Access-Control Vulnerabilities}, DOI={10.1007/978-3-030-54997-8_34},
booktitle={Lecture Notes in Computer Science}, author={Piskachev, Goran and Petrasch,
Tobias and Späth, Johannes and Bodden, Eric}, year={2020} }'
chicago: 'Piskachev, Goran, Tobias Petrasch, Johannes Späth, and Eric Bodden. “AuthCheck:
Program-State Analysis for Access-Control Vulnerabilities.” In Lecture Notes
in Computer Science. Cham, 2020. https://doi.org/10.1007/978-3-030-54997-8_34.'
ieee: 'G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-State
Analysis for Access-Control Vulnerabilities,” in Lecture Notes in Computer
Science, Cham, 2020.'
mla: 'Piskachev, Goran, et al. “AuthCheck: Program-State Analysis for Access-Control
Vulnerabilities.” Lecture Notes in Computer Science, 2020, doi:10.1007/978-3-030-54997-8_34.'
short: 'G. Piskachev, T. Petrasch, J. Späth, E. Bodden, in: Lecture Notes in Computer
Science, Cham, 2020.'
date_created: 2021-08-09T12:05:09Z
date_updated: 2022-01-06T06:55:50Z
department:
- _id: '241'
- _id: '662'
- _id: '76'
doi: 10.1007/978-3-030-54997-8_34
language:
- iso: eng
place: Cham
publication: Lecture Notes in Computer Science
publication_identifier:
issn:
- 0302-9743
- 1611-3349
publication_status: published
status: public
title: 'AuthCheck: Program-State Analysis for Access-Control Vulnerabilities'
type: book_chapter
user_id: '5786'
year: '2020'
...
---
_id: '20522'
author:
- first_name: Philipp
full_name: Holzinger, Philipp
last_name: Holzinger
citation:
ama: Holzinger P. A Systematic Analysis and Hardening of the Java Security Architecture.
Universität Paderborn; 2019.
apa: Holzinger, P. (2019). A Systematic Analysis and Hardening of the Java Security
Architecture. Universität Paderborn.
bibtex: '@book{Holzinger_2019, title={A Systematic Analysis and Hardening of the
Java Security Architecture}, publisher={Universität Paderborn}, author={Holzinger,
Philipp}, year={2019} }'
chicago: Holzinger, Philipp. A Systematic Analysis and Hardening of the Java
Security Architecture. Universität Paderborn, 2019.
ieee: P. Holzinger, A Systematic Analysis and Hardening of the Java Security
Architecture. Universität Paderborn, 2019.
mla: Holzinger, Philipp. A Systematic Analysis and Hardening of the Java Security
Architecture. Universität Paderborn, 2019.
short: P. Holzinger, A Systematic Analysis and Hardening of the Java Security Architecture,
Universität Paderborn, 2019.
date_created: 2020-11-26T10:44:52Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/phdHolzinger.pdf
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
title: A Systematic Analysis and Hardening of the Java Security Architecture
type: dissertation
user_id: '5786'
year: '2019'
...
---
_id: '20524'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
citation:
ama: Nguyen Quang Do L. User-Centered Tool Design for Data-Flow Analysis.
Universität Paderborn; 2019.
apa: Nguyen Quang Do, L. (2019). User-Centered Tool Design for Data-Flow Analysis.
Universität Paderborn.
bibtex: '@book{Nguyen Quang Do_2019, title={User-Centered Tool Design for Data-Flow
Analysis}, publisher={Universität Paderborn}, author={Nguyen Quang Do, Lisa},
year={2019} }'
chicago: Nguyen Quang Do, Lisa. User-Centered Tool Design for Data-Flow Analysis.
Universität Paderborn, 2019.
ieee: L. Nguyen Quang Do, User-Centered Tool Design for Data-Flow Analysis.
Universität Paderborn, 2019.
mla: Nguyen Quang Do, Lisa. User-Centered Tool Design for Data-Flow Analysis.
Universität Paderborn, 2019.
short: L. Nguyen Quang Do, User-Centered Tool Design for Data-Flow Analysis, Universität
Paderborn, 2019.
date_created: 2020-11-26T10:47:51Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: User-Centered Tool Design for Data-Flow Analysis
type: dissertation
user_id: '5786'
year: '2019'
...
---
_id: '20525'
author:
- first_name: Lars
full_name: Stockmann, Lars
id: '48144'
last_name: Stockmann
- first_name: Sven
full_name: Laux, Sven
last_name: Laux
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Stockmann L, Laux S, Bodden E. Architectural Runtime Verification. In: 2019
IEEE International Conference on Software Architecture Companion (ICSA-C).
; 2019:77-84. doi:10.1109/ICSA-C.2019.00021'
apa: Stockmann, L., Laux, S., & Bodden, E. (2019). Architectural Runtime Verification.
2019 IEEE International Conference on Software Architecture Companion (ICSA-C),
77–84. https://doi.org/10.1109/ICSA-C.2019.00021
bibtex: '@inproceedings{Stockmann_Laux_Bodden_2019, title={Architectural Runtime
Verification}, DOI={10.1109/ICSA-C.2019.00021},
booktitle={2019 IEEE International Conference on Software Architecture Companion
(ICSA-C)}, author={Stockmann, Lars and Laux, Sven and Bodden, Eric}, year={2019},
pages={77–84} }'
chicago: Stockmann, Lars, Sven Laux, and Eric Bodden. “Architectural Runtime Verification.”
In 2019 IEEE International Conference on Software Architecture Companion (ICSA-C),
77–84, 2019. https://doi.org/10.1109/ICSA-C.2019.00021.
ieee: 'L. Stockmann, S. Laux, and E. Bodden, “Architectural Runtime Verification,”
in 2019 IEEE International Conference on Software Architecture Companion (ICSA-C),
2019, pp. 77–84, doi: 10.1109/ICSA-C.2019.00021.'
mla: Stockmann, Lars, et al. “Architectural Runtime Verification.” 2019 IEEE
International Conference on Software Architecture Companion (ICSA-C), 2019,
pp. 77–84, doi:10.1109/ICSA-C.2019.00021.
short: 'L. Stockmann, S. Laux, E. Bodden, in: 2019 IEEE International Conference
on Software Architecture Companion (ICSA-C), 2019, pp. 77–84.'
date_created: 2020-11-27T10:16:59Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/ICSA-C.2019.00021
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/stockmann19architectural.pdf
page: 77-84
publication: 2019 IEEE International Conference on Software Architecture Companion
(ICSA-C)
status: public
title: Architectural Runtime Verification
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20527'
author:
- first_name: Mohammadreza
full_name: Hazhirpasand, Mohammadreza
last_name: Hazhirpasand
- first_name: Mohammad
full_name: Ghafari, Mohammad
last_name: Ghafari
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Oskar
full_name: Nierstrasz, Oskar
last_name: Nierstrasz
citation:
ama: 'Hazhirpasand M, Ghafari M, Krüger S, Bodden E, Nierstrasz O. The Impact of
Developer Experience in Using Java Cryptography. In: 2019 ACM/IEEE International
Symposium on Empirical Software Engineering and Measurement (ESEM). ; 2019:1-6.
doi:10.1109/ESEM.2019.8870184'
apa: Hazhirpasand, M., Ghafari, M., Krüger, S., Bodden, E., & Nierstrasz, O.
(2019). The Impact of Developer Experience in Using Java Cryptography. 2019
ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
(ESEM), 1–6. https://doi.org/10.1109/ESEM.2019.8870184
bibtex: '@inproceedings{Hazhirpasand_Ghafari_Krüger_Bodden_Nierstrasz_2019, title={The
Impact of Developer Experience in Using Java Cryptography}, DOI={10.1109/ESEM.2019.8870184},
booktitle={2019 ACM/IEEE International Symposium on Empirical Software Engineering
and Measurement (ESEM)}, author={Hazhirpasand, Mohammadreza and Ghafari, Mohammad
and Krüger, Stefan and Bodden, Eric and Nierstrasz, Oskar}, year={2019}, pages={1–6}
}'
chicago: Hazhirpasand, Mohammadreza, Mohammad Ghafari, Stefan Krüger, Eric Bodden,
and Oskar Nierstrasz. “The Impact of Developer Experience in Using Java Cryptography.”
In 2019 ACM/IEEE International Symposium on Empirical Software Engineering
and Measurement (ESEM), 1–6, 2019. https://doi.org/10.1109/ESEM.2019.8870184.
ieee: 'M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, and O. Nierstrasz, “The
Impact of Developer Experience in Using Java Cryptography,” in 2019 ACM/IEEE
International Symposium on Empirical Software Engineering and Measurement (ESEM),
2019, pp. 1–6, doi: 10.1109/ESEM.2019.8870184.'
mla: Hazhirpasand, Mohammadreza, et al. “The Impact of Developer Experience in Using
Java Cryptography.” 2019 ACM/IEEE International Symposium on Empirical Software
Engineering and Measurement (ESEM), 2019, pp. 1–6, doi:10.1109/ESEM.2019.8870184.
short: 'M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, O. Nierstrasz, in: 2019
ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
(ESEM), 2019, pp. 1–6.'
date_created: 2020-11-27T10:20:37Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/ESEM.2019.8870184
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/hazhirpasand19impact.pdf
page: 1-6
publication: 2019 ACM/IEEE International Symposium on Empirical Software Engineering
and Measurement (ESEM)
publication_identifier:
issn:
- 1949-3770
status: public
title: The Impact of Developer Experience in Using Java Cryptography
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20528'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Tobias
full_name: Petrasch, Tobias
last_name: Petrasch
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Piskachev G, Petrasch T, Späth J, Bodden E. AuthCheck: Program-state Analysis
for Access-control Vulnerabilities. In: 10th Workshop on Tools for Automatic
Program Analysis (TAPAS). ; 2019.'
apa: 'Piskachev, G., Petrasch, T., Späth, J., & Bodden, E. (2019). AuthCheck:
Program-state Analysis for Access-control Vulnerabilities. 10th Workshop on
Tools for Automatic Program Analysis (TAPAS).'
bibtex: '@inproceedings{Piskachev_Petrasch_Späth_Bodden_2019, title={AuthCheck:
Program-state Analysis for Access-control Vulnerabilities}, booktitle={10th Workshop
on Tools for Automatic Program Analysis (TAPAS)}, author={Piskachev, Goran and
Petrasch, Tobias and Späth, Johannes and Bodden, Eric}, year={2019} }'
chicago: 'Piskachev, Goran, Tobias Petrasch, Johannes Späth, and Eric Bodden. “AuthCheck:
Program-State Analysis for Access-Control Vulnerabilities.” In 10th Workshop
on Tools for Automatic Program Analysis (TAPAS), 2019.'
ieee: 'G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-state
Analysis for Access-control Vulnerabilities,” 2019.'
mla: 'Piskachev, Goran, et al. “AuthCheck: Program-State Analysis for Access-Control
Vulnerabilities.” 10th Workshop on Tools for Automatic Program Analysis (TAPAS),
2019.'
short: 'G. Piskachev, T. Petrasch, J. Späth, E. Bodden, in: 10th Workshop on Tools
for Automatic Program Analysis (TAPAS), 2019.'
date_created: 2020-11-27T10:21:19Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
- _id: '241'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/piskachev19authcheck.pdf
publication: 10th Workshop on Tools for Automatic Program Analysis (TAPAS)
status: public
title: 'AuthCheck: Program-state Analysis for Access-control Vulnerabilities'
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20529'
author:
- first_name: Marcus
full_name: Nachtigall, Marcus
id: '41213'
last_name: Nachtigall
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nachtigall M, Nguyen Quang Do L, Bodden E. Explaining Static Analysis -- A
Perspective. In: 1st International Workshop on Explainable Software (EXPLAIN)
at ASE. ; 2019.'
apa: Nachtigall, M., Nguyen Quang Do, L., & Bodden, E. (2019). Explaining Static
Analysis -- A Perspective. 1st International Workshop on Explainable Software
(EXPLAIN) at ASE.
bibtex: '@inproceedings{Nachtigall_Nguyen Quang Do_Bodden_2019, title={Explaining
Static Analysis -- A Perspective}, booktitle={1st International Workshop on Explainable
Software (EXPLAIN) at ASE}, author={Nachtigall, Marcus and Nguyen Quang Do, Lisa
and Bodden, Eric}, year={2019} }'
chicago: Nachtigall, Marcus, Lisa Nguyen Quang Do, and Eric Bodden. “Explaining
Static Analysis -- A Perspective.” In 1st International Workshop on Explainable
Software (EXPLAIN) at ASE, 2019.
ieee: M. Nachtigall, L. Nguyen Quang Do, and E. Bodden, “Explaining Static Analysis
-- A Perspective,” 2019.
mla: Nachtigall, Marcus, et al. “Explaining Static Analysis -- A Perspective.” 1st
International Workshop on Explainable Software (EXPLAIN) at ASE, 2019.
short: 'M. Nachtigall, L. Nguyen Quang Do, E. Bodden, in: 1st International Workshop
on Explainable Software (EXPLAIN) at ASE, 2019.'
date_created: 2020-11-27T10:22:38Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/nachtigall19explaining.pdf
publication: 1st International Workshop on Explainable Software (EXPLAIN) at ASE
status: public
title: Explaining Static Analysis -- A Perspective
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20531'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
citation:
ama: 'Luo L, Bodden E, Späth J. A Qualitative Analysis of Android Taint-Analysis
Results. In: IEEE/ACM International Conference on Automated Software Engineering
(ASE 2019). ; 2019.'
apa: Luo, L., Bodden, E., & Späth, J. (2019). A Qualitative Analysis of Android
Taint-Analysis Results. IEEE/ACM International Conference on Automated Software
Engineering (ASE 2019).
bibtex: '@inproceedings{Luo_Bodden_Späth_2019, title={A Qualitative Analysis of
Android Taint-Analysis Results}, booktitle={IEEE/ACM International Conference
on Automated Software Engineering (ASE 2019)}, author={Luo, Linghui and Bodden,
Eric and Späth, Johannes}, year={2019} }'
chicago: Luo, Linghui, Eric Bodden, and Johannes Späth. “A Qualitative Analysis
of Android Taint-Analysis Results.” In IEEE/ACM International Conference on
Automated Software Engineering (ASE 2019), 2019.
ieee: L. Luo, E. Bodden, and J. Späth, “A Qualitative Analysis of Android Taint-Analysis
Results,” 2019.
mla: Luo, Linghui, et al. “A Qualitative Analysis of Android Taint-Analysis Results.”
IEEE/ACM International Conference on Automated Software Engineering (ASE 2019),
2019.
short: 'L. Luo, E. Bodden, J. Späth, in: IEEE/ACM International Conference on Automated
Software Engineering (ASE 2019), 2019.'
date_created: 2020-11-27T10:25:40Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/ase19qualitative.pdf
publication: IEEE/ACM International Conference on Automated Software Engineering (ASE
2019)
status: public
title: A Qualitative Analysis of Android Taint-Analysis Results
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20532'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Oshando
full_name: Johnson, Oshando
last_name: Johnson
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Piskachev G, Nguyen Quang Do L, Johnson O, Bodden E. SWAN_ASSIST: Semi-Automated
Detection of Code-Specific, Security-Relevant Methods. In: IEEE/ACM International
Conference on Automated Software Engineering (ASE 2019), Tool Demo Track.
; 2019.'
apa: 'Piskachev, G., Nguyen Quang Do, L., Johnson, O., & Bodden, E. (2019).
SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.
IEEE/ACM International Conference on Automated Software Engineering (ASE 2019),
Tool Demo Track.'
bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Johnson_Bodden_2019, title={SWAN_ASSIST:
Semi-Automated Detection of Code-Specific, Security-Relevant Methods}, booktitle={IEEE/ACM
International Conference on Automated Software Engineering (ASE 2019), Tool Demo
Track}, author={Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando
and Bodden, Eric}, year={2019} }'
chicago: 'Piskachev, Goran, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden.
“SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.”
In IEEE/ACM International Conference on Automated Software Engineering (ASE
2019), Tool Demo Track, 2019.'
ieee: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST:
Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2019.'
mla: 'Piskachev, Goran, et al. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific,
Security-Relevant Methods.” IEEE/ACM International Conference on Automated
Software Engineering (ASE 2019), Tool Demo Track, 2019.'
short: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, E. Bodden, in: IEEE/ACM International
Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019.'
date_created: 2020-11-27T10:37:17Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/ase19swanAssist.pdf
publication: IEEE/ACM International Conference on Automated Software Engineering (ASE
2019), Tool Demo Track
status: public
title: 'SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant
Methods'
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20533'
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: 'Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach
to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on
Software Engineering. Published online 2019:1-1. doi:10.1109/TSE.2019.2948910'
apa: 'Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2019). CrySL:
An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/TSE.2019.2948910'
bibtex: '@article{Krüger_Späth_Ali_Bodden_Mezini_2019, title={CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs}, DOI={10.1109/TSE.2019.2948910},
journal={IEEE Transactions on Software Engineering}, author={Krüger, Stefan and
Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2019},
pages={1–1} }'
chicago: 'Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini.
“CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs.” IEEE Transactions on Software Engineering, 2019, 1–1. https://doi.org/10.1109/TSE.2019.2948910.'
ieee: 'S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions
on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.'
mla: 'Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct
Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering,
2019, pp. 1–1, doi:10.1109/TSE.2019.2948910.'
short: S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, IEEE Transactions on Software
Engineering (2019) 1–1.
date_created: 2020-11-27T10:48:38Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/TSE.2019.2948910
keyword:
- Java
- Encryption
- Static analysis
- Tools
- Ciphers
- Semantics
- cryptography
- domain-specific language
- static analysis
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/tse19CrySL.pdf
page: 1-1
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 2326-3881
status: public
title: 'CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs'
type: journal_article
user_id: '5786'
year: '2019'
...
---
_id: '20534'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Piskachev G, Nguyen Quang Do L, Bodden E. Codebase-Adaptive Detection of Security-Relevant
Methods. In: ACM SIGSOFT International Symposium on Software Testing and Analysis
(ISSTA). ; 2019.'
apa: Piskachev, G., Nguyen Quang Do, L., & Bodden, E. (2019). Codebase-Adaptive
Detection of Security-Relevant Methods. ACM SIGSOFT International Symposium
on Software Testing and Analysis (ISSTA).
bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Bodden_2019, title={Codebase-Adaptive
Detection of Security-Relevant Methods}, booktitle={ACM SIGSOFT International
Symposium on Software Testing and Analysis (ISSTA)}, author={Piskachev, Goran
and Nguyen Quang Do, Lisa and Bodden, Eric}, year={2019} }'
chicago: Piskachev, Goran, Lisa Nguyen Quang Do, and Eric Bodden. “Codebase-Adaptive
Detection of Security-Relevant Methods.” In ACM SIGSOFT International Symposium
on Software Testing and Analysis (ISSTA), 2019.
ieee: G. Piskachev, L. Nguyen Quang Do, and E. Bodden, “Codebase-Adaptive Detection
of Security-Relevant Methods,” 2019.
mla: Piskachev, Goran, et al. “Codebase-Adaptive Detection of Security-Relevant
Methods.” ACM SIGSOFT International Symposium on Software Testing and Analysis
(ISSTA), 2019.
short: 'G. Piskachev, L. Nguyen Quang Do, E. Bodden, in: ACM SIGSOFT International
Symposium on Software Testing and Analysis (ISSTA), 2019.'
date_created: 2020-11-27T10:49:33Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/issta19swan.pdf
publication: ACM SIGSOFT International Symposium on Software Testing and Analysis
(ISSTA)
status: public
title: Codebase-Adaptive Detection of Security-Relevant Methods
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20535'
author:
- first_name: Linghui
full_name: Luo, Linghui
last_name: Luo
- first_name: Julian
full_name: Dolby, Julian
last_name: Dolby
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Luo L, Dolby J, Bodden E. MagpieBridge: A General Approach to Integrating
Static Analyses into IDEs and Editors. In: European Conference on Object-Oriented
Programming (ECOOP). ; 2019.'
apa: 'Luo, L., Dolby, J., & Bodden, E. (2019). MagpieBridge: A General Approach
to Integrating Static Analyses into IDEs and Editors. European Conference on
Object-Oriented Programming (ECOOP).'
bibtex: '@inproceedings{Luo_Dolby_Bodden_2019, title={MagpieBridge: A General Approach
to Integrating Static Analyses into IDEs and Editors}, booktitle={European Conference
on Object-Oriented Programming (ECOOP)}, author={Luo, Linghui and Dolby, Julian
and Bodden, Eric}, year={2019} }'
chicago: 'Luo, Linghui, Julian Dolby, and Eric Bodden. “MagpieBridge: A General
Approach to Integrating Static Analyses into IDEs and Editors.” In European
Conference on Object-Oriented Programming (ECOOP), 2019.'
ieee: 'L. Luo, J. Dolby, and E. Bodden, “MagpieBridge: A General Approach to Integrating
Static Analyses into IDEs and Editors,” 2019.'
mla: 'Luo, Linghui, et al. “MagpieBridge: A General Approach to Integrating Static
Analyses into IDEs and Editors.” European Conference on Object-Oriented Programming
(ECOOP), 2019.'
short: 'L. Luo, J. Dolby, E. Bodden, in: European Conference on Object-Oriented
Programming (ECOOP), 2019.'
date_created: 2020-11-27T10:50:07Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/ldb19magpiebridge.pdf
publication: European Conference on Object-Oriented Programming (ECOOP)
status: public
title: 'MagpieBridge: A General Approach to Integrating Static Analyses into IDEs
and Editors'
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20536'
author:
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
citation:
ama: Späth J. Synchronized Pushdown Systems for Pointer and Data-Flow Analysis.
Universität Paderborn; 2019.
apa: Späth, J. (2019). Synchronized Pushdown Systems for Pointer and Data-Flow
Analysis. Universität Paderborn.
bibtex: '@book{Späth_2019, title={Synchronized Pushdown Systems for Pointer and
Data-Flow Analysis}, publisher={Universität Paderborn}, author={Späth, Johannes},
year={2019} }'
chicago: Späth, Johannes. Synchronized Pushdown Systems for Pointer and Data-Flow
Analysis. Universität Paderborn, 2019.
ieee: J. Späth, Synchronized Pushdown Systems for Pointer and Data-Flow Analysis.
Universität Paderborn, 2019.
mla: Späth, Johannes. Synchronized Pushdown Systems for Pointer and Data-Flow
Analysis. Universität Paderborn, 2019.
short: J. Späth, Synchronized Pushdown Systems for Pointer and Data-Flow Analysis,
Universität Paderborn, 2019.
date_created: 2020-11-27T10:50:55Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/phdSpaeth.pdf
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: Synchronized Pushdown Systems for Pointer and Data-Flow Analysis
type: dissertation
user_id: '5786'
year: '2019'
...
---
_id: '20537'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Lisa
full_name: Nguyen, Lisa
last_name: Nguyen
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Piskachev G, Nguyen L, Bodden E. Codebase-Adaptive Detection of Security-Relevant
Methods.; 2019.
apa: Piskachev, G., Nguyen, L., & Bodden, E. (2019). Codebase-Adaptive Detection
of Security-Relevant Methods.
bibtex: '@book{Piskachev_Nguyen_Bodden_2019, title={Codebase-Adaptive Detection
of Security-Relevant Methods}, author={Piskachev, Goran and Nguyen, Lisa and Bodden,
Eric}, year={2019} }'
chicago: Piskachev, Goran, Lisa Nguyen, and Eric Bodden. Codebase-Adaptive Detection
of Security-Relevant Methods, 2019.
ieee: G. Piskachev, L. Nguyen, and E. Bodden, Codebase-Adaptive Detection of
Security-Relevant Methods. 2019.
mla: Piskachev, Goran, et al. Codebase-Adaptive Detection of Security-Relevant
Methods. 2019.
short: G. Piskachev, L. Nguyen, E. Bodden, Codebase-Adaptive Detection of Security-Relevant
Methods, 2019.
date_created: 2020-11-27T10:51:53Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
status: public
title: Codebase-Adaptive Detection of Security-Relevant Methods
type: report
user_id: '5786'
year: '2019'
...
---
_id: '20538'
author:
- first_name: Sigmund
full_name: Albert Gorski Iii, Sigmund
last_name: Albert Gorski Iii
- first_name: Benjamin
full_name: Andow, Benjamin
last_name: Andow
- first_name: Adwait
full_name: Nadkarni, Adwait
last_name: Nadkarni
- first_name: Sunil
full_name: Manandhar, Sunil
last_name: Manandhar
- first_name: William
full_name: Enck, William
last_name: Enck
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Alexandre
full_name: Bartel, Alexandre
last_name: Bartel
citation:
ama: 'Albert Gorski Iii S, Andow B, Nadkarni A, et al. ACMiner: Extraction and Analysis
of Authorization Checks in Android’s Middleware. In: ACM Conference on Data
and Application Security and Privacy (CODASPY 2019). ; 2019.'
apa: 'Albert Gorski Iii, S., Andow, B., Nadkarni, A., Manandhar, S., Enck, W., Bodden,
E., & Bartel, A. (2019). ACMiner: Extraction and Analysis of Authorization
Checks in Android’s Middleware. ACM Conference on Data and Application Security
and Privacy (CODASPY 2019).'
bibtex: '@inproceedings{Albert Gorski Iii_Andow_Nadkarni_Manandhar_Enck_Bodden_Bartel_2019,
title={ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware},
booktitle={ACM Conference on Data and Application Security and Privacy (CODASPY
2019)}, author={Albert Gorski Iii, Sigmund and Andow, Benjamin and Nadkarni, Adwait
and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre},
year={2019} }'
chicago: 'Albert Gorski Iii, Sigmund, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar,
William Enck, Eric Bodden, and Alexandre Bartel. “ACMiner: Extraction and Analysis
of Authorization Checks in Android’s Middleware.” In ACM Conference on Data
and Application Security and Privacy (CODASPY 2019), 2019.'
ieee: 'S. Albert Gorski Iii et al., “ACMiner: Extraction and Analysis of
Authorization Checks in Android’s Middleware,” 2019.'
mla: 'Albert Gorski Iii, Sigmund, et al. “ACMiner: Extraction and Analysis of Authorization
Checks in Android’s Middleware.” ACM Conference on Data and Application Security
and Privacy (CODASPY 2019), 2019.'
short: 'S. Albert Gorski Iii, B. Andow, A. Nadkarni, S. Manandhar, W. Enck, E. Bodden,
A. Bartel, in: ACM Conference on Data and Application Security and Privacy (CODASPY
2019), 2019.'
date_created: 2020-11-27T10:52:59Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
keyword:
- ITSECWEBSITE
- CROSSING
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/gan19acminer.pdf
publication: ACM Conference on Data and Application Security and Privacy (CODASPY
2019)
status: public
title: 'ACMiner: Extraction and Analysis of Authorization Checks in Android''s Middleware'
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '20539'
author:
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Späth J, Ali K, Bodden E. Context-, Flow-, and Field-sensitive Data-flow Analysis
Using Synchronized Pushdown Systems. Proceedings of the ACM SIGPLAN Symposium
on Principles of Programming Languages. 2019;3(POPL):48:1-48:29. doi:10.1145/3290361
apa: Späth, J., Ali, K., & Bodden, E. (2019). Context-, Flow-, and Field-sensitive
Data-flow Analysis Using Synchronized Pushdown Systems. Proceedings of the
ACM SIGPLAN Symposium on Principles of Programming Languages, 3(POPL),
48:1-48:29. https://doi.org/10.1145/3290361
bibtex: '@article{Späth_Ali_Bodden_2019, title={Context-, Flow-, and Field-sensitive
Data-flow Analysis Using Synchronized Pushdown Systems}, volume={3}, DOI={10.1145/3290361},
number={POPL}, journal={Proceedings of the ACM SIGPLAN Symposium on Principles
of Programming Languages}, publisher={ACM}, author={Späth, Johannes and Ali, Karim
and Bodden, Eric}, year={2019}, pages={48:1-48:29} }'
chicago: 'Späth, Johannes, Karim Ali, and Eric Bodden. “Context-, Flow-, and Field-Sensitive
Data-Flow Analysis Using Synchronized Pushdown Systems.” Proceedings of the
ACM SIGPLAN Symposium on Principles of Programming Languages 3, no. POPL (2019):
48:1-48:29. https://doi.org/10.1145/3290361.'
ieee: 'J. Späth, K. Ali, and E. Bodden, “Context-, Flow-, and Field-sensitive Data-flow
Analysis Using Synchronized Pushdown Systems,” Proceedings of the ACM SIGPLAN
Symposium on Principles of Programming Languages, vol. 3, no. POPL, p. 48:1-48:29,
2019, doi: 10.1145/3290361.'
mla: Späth, Johannes, et al. “Context-, Flow-, and Field-Sensitive Data-Flow Analysis
Using Synchronized Pushdown Systems.” Proceedings of the ACM SIGPLAN Symposium
on Principles of Programming Languages, vol. 3, no. POPL, ACM, 2019, p. 48:1-48:29,
doi:10.1145/3290361.
short: J. Späth, K. Ali, E. Bodden, Proceedings of the ACM SIGPLAN Symposium on
Principles of Programming Languages 3 (2019) 48:1-48:29.
date_created: 2020-11-27T10:53:57Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1145/3290361
intvolume: ' 3'
issue: POPL
keyword:
- ATTRACT
- ITSECWEBSITE
- CROSSING
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/sab19context.pdf
page: 48:1-48:29
publication: Proceedings of the ACM SIGPLAN Symposium on Principles of Programming
Languages
publication_identifier:
issn:
- 2475-1421
publisher: ACM
status: public
title: Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized
Pushdown Systems
type: journal_article
user_id: '5786'
volume: 3
year: '2019'
...
---
_id: '20759'
author:
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
- first_name: David
full_name: Schubert, David
id: '9106'
last_name: Schubert
citation:
ama: 'Gerking C, Schubert D. Component-Based Refinement and Verification of Information-Flow
Security Policies for Cyber-Physical Microservice Architectures. In: International
Conference on Software Architecture (ICSA 2019). ; 2019.'
apa: Gerking, C., & Schubert, D. (2019). Component-Based Refinement and Verification
of Information-Flow Security Policies for Cyber-Physical Microservice Architectures.
International Conference on Software Architecture (ICSA 2019).
bibtex: '@inproceedings{Gerking_Schubert_2019, title={Component-Based Refinement
and Verification of Information-Flow Security Policies for Cyber-Physical Microservice
Architectures}, booktitle={International Conference on Software Architecture (ICSA
2019)}, author={Gerking, Christopher and Schubert, David}, year={2019} }'
chicago: Gerking, Christopher, and David Schubert. “Component-Based Refinement and
Verification of Information-Flow Security Policies for Cyber-Physical Microservice
Architectures.” In International Conference on Software Architecture (ICSA
2019), 2019.
ieee: C. Gerking and D. Schubert, “Component-Based Refinement and Verification of
Information-Flow Security Policies for Cyber-Physical Microservice Architectures,”
2019.
mla: Gerking, Christopher, and David Schubert. “Component-Based Refinement and Verification
of Information-Flow Security Policies for Cyber-Physical Microservice Architectures.”
International Conference on Software Architecture (ICSA 2019), 2019.
short: 'C. Gerking, D. Schubert, in: International Conference on Software Architecture
(ICSA 2019), 2019.'
date_created: 2020-12-16T14:03:44Z
date_updated: 2022-01-06T06:54:36Z
department:
- _id: '76'
- _id: '241'
language:
- iso: eng
publication: International Conference on Software Architecture (ICSA 2019)
status: public
title: Component-Based Refinement and Verification of Information-Flow Security Policies
for Cyber-Physical Microservice Architectures
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '23378'
author:
- first_name: Goran
full_name: Piskachev, Goran
last_name: Piskachev
- first_name: Lisa Nguyen Quang
full_name: Do, Lisa Nguyen Quang
last_name: Do
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
citation:
ama: 'Piskachev G, Do LNQ, Bodden E. Codebase-adaptive detection of security-relevant
methods. In: Proceedings of the 28th ACM SIGSOFT International Symposium on
Software Testing and Analysis. ; 2019. doi:10.1145/3293882.3330556'
apa: Piskachev, G., Do, L. N. Q., & Bodden, E. (2019). Codebase-adaptive detection
of security-relevant methods. Proceedings of the 28th ACM SIGSOFT International
Symposium on Software Testing and Analysis. https://doi.org/10.1145/3293882.3330556
bibtex: '@inproceedings{Piskachev_Do_Bodden_2019, title={Codebase-adaptive detection
of security-relevant methods}, DOI={10.1145/3293882.3330556},
booktitle={Proceedings of the 28th ACM SIGSOFT International Symposium on Software
Testing and Analysis}, author={Piskachev, Goran and Do, Lisa Nguyen Quang and
Bodden, Eric}, year={2019} }'
chicago: Piskachev, Goran, Lisa Nguyen Quang Do, and Eric Bodden. “Codebase-Adaptive
Detection of Security-Relevant Methods.” In Proceedings of the 28th ACM SIGSOFT
International Symposium on Software Testing and Analysis, 2019. https://doi.org/10.1145/3293882.3330556.
ieee: 'G. Piskachev, L. N. Q. Do, and E. Bodden, “Codebase-adaptive detection of
security-relevant methods,” 2019, doi: 10.1145/3293882.3330556.'
mla: Piskachev, Goran, et al. “Codebase-Adaptive Detection of Security-Relevant
Methods.” Proceedings of the 28th ACM SIGSOFT International Symposium on Software
Testing and Analysis, 2019, doi:10.1145/3293882.3330556.
short: 'G. Piskachev, L.N.Q. Do, E. Bodden, in: Proceedings of the 28th ACM SIGSOFT
International Symposium on Software Testing and Analysis, 2019.'
date_created: 2021-08-09T12:06:52Z
date_updated: 2022-01-06T06:55:50Z
department:
- _id: '241'
- _id: '662'
- _id: '76'
doi: 10.1145/3293882.3330556
language:
- iso: eng
publication: Proceedings of the 28th ACM SIGSOFT International Symposium on Software
Testing and Analysis
publication_status: published
status: public
title: Codebase-adaptive detection of security-relevant methods
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '7628'
author:
- first_name: Nils
full_name: Selbach, Nils
last_name: Selbach
citation:
ama: Selbach N. Modeling Crypto API Usages in OpenSSL’s EVP Library. Universität
Paderborn; 2019.
apa: Selbach, N. (2019). Modeling Crypto API usages in OpenSSL’s EVP library.
Universität Paderborn.
bibtex: '@book{Selbach_2019, title={Modeling Crypto API usages in OpenSSL’s EVP
library}, publisher={Universität Paderborn}, author={Selbach, Nils}, year={2019}
}'
chicago: Selbach, Nils. Modeling Crypto API Usages in OpenSSL’s EVP Library.
Universität Paderborn, 2019.
ieee: N. Selbach, Modeling Crypto API usages in OpenSSL’s EVP library. Universität
Paderborn, 2019.
mla: Selbach, Nils. Modeling Crypto API Usages in OpenSSL’s EVP Library.
Universität Paderborn, 2019.
short: N. Selbach, Modeling Crypto API Usages in OpenSSL’s EVP Library, Universität
Paderborn, 2019.
date_created: 2019-02-12T07:28:12Z
date_updated: 2022-01-06T07:03:41Z
department:
- _id: '76'
language:
- iso: eng
project:
- _id: '12'
name: SFB 901 - Subproject B4
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
title: Modeling Crypto API usages in OpenSSL's EVP library
type: bachelorsthesis
user_id: '477'
year: '2019'
...
---
_id: '14896'
author:
- first_name: Andreas
full_name: Dann, Andreas
last_name: Dann
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Dann A, Hermann B, Bodden E. ModGuard: Identifying Integrity &Confidentiality
Violations in Java Modules. IEEE Transactions on Software Engineering.
Published online 2019:1-1. doi:10.1109/tse.2019.2931331'
apa: 'Dann, A., Hermann, B., & Bodden, E. (2019). ModGuard: Identifying Integrity
&Confidentiality Violations in Java Modules. IEEE Transactions on Software
Engineering, 1–1. https://doi.org/10.1109/tse.2019.2931331'
bibtex: '@article{Dann_Hermann_Bodden_2019, title={ModGuard: Identifying Integrity
&Confidentiality Violations in Java Modules}, DOI={10.1109/tse.2019.2931331},
journal={IEEE Transactions on Software Engineering}, author={Dann, Andreas and
Hermann, Ben and Bodden, Eric}, year={2019}, pages={1–1} }'
chicago: 'Dann, Andreas, Ben Hermann, and Eric Bodden. “ModGuard: Identifying Integrity
&Confidentiality Violations in Java Modules.” IEEE Transactions on Software
Engineering, 2019, 1–1. https://doi.org/10.1109/tse.2019.2931331.'
ieee: 'A. Dann, B. Hermann, and E. Bodden, “ModGuard: Identifying Integrity &Confidentiality
Violations in Java Modules,” IEEE Transactions on Software Engineering,
pp. 1–1, 2019, doi: 10.1109/tse.2019.2931331.'
mla: 'Dann, Andreas, et al. “ModGuard: Identifying Integrity &Confidentiality
Violations in Java Modules.” IEEE Transactions on Software Engineering,
2019, pp. 1–1, doi:10.1109/tse.2019.2931331.'
short: A. Dann, B. Hermann, E. Bodden, IEEE Transactions on Software Engineering
(2019) 1–1.
date_created: 2019-11-12T12:20:56Z
date_updated: 2022-01-06T06:52:10Z
department:
- _id: '76'
- _id: '34'
- _id: '26'
doi: 10.1109/tse.2019.2931331
language:
- iso: eng
page: 1-1
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 0098-5589
- 1939-3520
- 2326-3881
publication_status: published
status: public
title: 'ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules'
type: journal_article
user_id: '5786'
year: '2019'
...
---
_id: '14897'
author:
- first_name: Andreas
full_name: Dann, Andreas
last_name: Dann
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Dann A, Hermann B, Bodden E. SootDiff: bytecode comparison across different
Java compilers. In: Proceedings of the 8th ACM SIGPLAN International Workshop
on State Of the Art in Program Analysis - SOAP 2019. ; 2019. doi:10.1145/3315568.3329966'
apa: 'Dann, A., Hermann, B., & Bodden, E. (2019). SootDiff: bytecode comparison
across different Java compilers. Proceedings of the 8th ACM SIGPLAN International
Workshop on State Of the Art in Program Analysis - SOAP 2019. https://doi.org/10.1145/3315568.3329966'
bibtex: '@inproceedings{Dann_Hermann_Bodden_2019, title={SootDiff: bytecode comparison
across different Java compilers}, DOI={10.1145/3315568.3329966},
booktitle={Proceedings of the 8th ACM SIGPLAN International Workshop on State
Of the Art in Program Analysis - SOAP 2019}, author={Dann, Andreas and Hermann,
Ben and Bodden, Eric}, year={2019} }'
chicago: 'Dann, Andreas, Ben Hermann, and Eric Bodden. “SootDiff: Bytecode Comparison
across Different Java Compilers.” In Proceedings of the 8th ACM SIGPLAN International
Workshop on State Of the Art in Program Analysis - SOAP 2019, 2019. https://doi.org/10.1145/3315568.3329966.'
ieee: 'A. Dann, B. Hermann, and E. Bodden, “SootDiff: bytecode comparison across
different Java compilers,” 2019, doi: 10.1145/3315568.3329966.'
mla: 'Dann, Andreas, et al. “SootDiff: Bytecode Comparison across Different Java
Compilers.” Proceedings of the 8th ACM SIGPLAN International Workshop on State
Of the Art in Program Analysis - SOAP 2019, 2019, doi:10.1145/3315568.3329966.'
short: 'A. Dann, B. Hermann, E. Bodden, in: Proceedings of the 8th ACM SIGPLAN International
Workshop on State Of the Art in Program Analysis - SOAP 2019, 2019.'
date_created: 2019-11-12T12:21:11Z
date_updated: 2022-01-06T06:52:10Z
department:
- _id: '76'
- _id: '34'
- _id: '26'
doi: 10.1145/3315568.3329966
language:
- iso: eng
main_file_link:
- url: https://thewhitespace.de/publications/dhb19-sootdiff.pdf
publication: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of
the Art in Program Analysis - SOAP 2019
publication_identifier:
isbn:
- '9781450367202'
publication_status: published
status: public
title: 'SootDiff: bytecode comparison across different Java compilers'
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '14899'
author:
- first_name: Stefan
full_name: Kruger, Stefan
last_name: Kruger
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
citation:
ama: 'Kruger S, Hermann B. Can an Online Service Predict Gender? On the State-of-the-Art
in Gender Identification from Texts. In: 2019 IEEE/ACM 2nd International Workshop
on Gender Equality in Software Engineering (GE). ; 2019. doi:10.1109/ge.2019.00012'
apa: Kruger, S., & Hermann, B. (2019). Can an Online Service Predict Gender?
On the State-of-the-Art in Gender Identification from Texts. 2019 IEEE/ACM
2nd International Workshop on Gender Equality in Software Engineering (GE).
https://doi.org/10.1109/ge.2019.00012
bibtex: '@inproceedings{Kruger_Hermann_2019, title={Can an Online Service Predict
Gender? On the State-of-the-Art in Gender Identification from Texts}, DOI={10.1109/ge.2019.00012}, booktitle={2019
IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering
(GE)}, author={Kruger, Stefan and Hermann, Ben}, year={2019} }'
chicago: Kruger, Stefan, and Ben Hermann. “Can an Online Service Predict Gender?
On the State-of-the-Art in Gender Identification from Texts.” In 2019 IEEE/ACM
2nd International Workshop on Gender Equality in Software Engineering (GE),
2019. https://doi.org/10.1109/ge.2019.00012.
ieee: 'S. Kruger and B. Hermann, “Can an Online Service Predict Gender? On the State-of-the-Art
in Gender Identification from Texts,” 2019, doi: 10.1109/ge.2019.00012.'
mla: Kruger, Stefan, and Ben Hermann. “Can an Online Service Predict Gender? On
the State-of-the-Art in Gender Identification from Texts.” 2019 IEEE/ACM 2nd
International Workshop on Gender Equality in Software Engineering (GE), 2019,
doi:10.1109/ge.2019.00012.
short: 'S. Kruger, B. Hermann, in: 2019 IEEE/ACM 2nd International Workshop on Gender
Equality in Software Engineering (GE), 2019.'
date_created: 2019-11-12T12:22:48Z
date_updated: 2022-01-06T06:52:10Z
department:
- _id: '76'
- _id: '34'
- _id: '26'
doi: 10.1109/ge.2019.00012
language:
- iso: eng
publication: 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software
Engineering (GE)
publication_identifier:
isbn:
- '9781728122458'
publication_status: published
status: public
title: Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification
from Texts
type: conference
user_id: '5786'
year: '2019'
...
---
_id: '7626'
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schubert P, Hermann B, Bodden E. PhASAR: An Inter-Procedural Static Analysis
Framework for C/C++. In: Proceedings of the 25th International Conference on
Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019),
Held as Part of the European Joint Conferences on Theory and Practice of Software
(ETAPS 2019). Vol II. ; 2019:393-410. doi:10.1007/978-3-030-17465-1_22'
apa: 'Schubert, P., Hermann, B., & Bodden, E. (2019). PhASAR: An Inter-Procedural
Static Analysis Framework for C/C++. Proceedings of the 25th International
Conference on Tools and Algorithms for the Construction and Analysis of Systems
(TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice
of Software (ETAPS 2019), II, 393–410. https://doi.org/10.1007/978-3-030-17465-1_22'
bibtex: '@inproceedings{Schubert_Hermann_Bodden_2019, title={PhASAR: An Inter-Procedural
Static Analysis Framework for C/C++}, volume={II}, DOI={10.1007/978-3-030-17465-1_22},
booktitle={Proceedings of the 25th International Conference on Tools and Algorithms
for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the
European Joint Conferences on Theory and Practice of Software (ETAPS 2019)}, author={Schubert,
Philipp and Hermann, Ben and Bodden, Eric}, year={2019}, pages={393–410} }'
chicago: 'Schubert, Philipp, Ben Hermann, and Eric Bodden. “PhASAR: An Inter-Procedural
Static Analysis Framework for C/C++.” In Proceedings of the 25th International
Conference on Tools and Algorithms for the Construction and Analysis of Systems
(TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice
of Software (ETAPS 2019), II:393–410, 2019. https://doi.org/10.1007/978-3-030-17465-1_22.'
ieee: 'P. Schubert, B. Hermann, and E. Bodden, “PhASAR: An Inter-Procedural Static
Analysis Framework for C/C++,” in Proceedings of the 25th International Conference
on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019),
Held as Part of the European Joint Conferences on Theory and Practice of Software
(ETAPS 2019), Prague, Czech Republic, 2019, vol. II, pp. 393–410, doi: 10.1007/978-3-030-17465-1_22.'
mla: 'Schubert, Philipp, et al. “PhASAR: An Inter-Procedural Static Analysis Framework
for C/C++.” Proceedings of the 25th International Conference on Tools and Algorithms
for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the
European Joint Conferences on Theory and Practice of Software (ETAPS 2019),
vol. II, 2019, pp. 393–410, doi:10.1007/978-3-030-17465-1_22.'
short: 'P. Schubert, B. Hermann, E. Bodden, in: Proceedings of the 25th International
Conference on Tools and Algorithms for the Construction and Analysis of Systems
(TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice
of Software (ETAPS 2019), 2019, pp. 393–410.'
conference:
end_date: 2019-04-11
location: Prague, Czech Republic
name: 25th International Conference on Tools and Algorithms for the Construction
and Analysis of Systems (TACAS)
start_date: 2019-04-08
date_created: 2019-02-12T07:20:07Z
date_updated: 2022-03-25T07:48:36Z
ddc:
- '000'
department:
- _id: '76'
doi: 10.1007/978-3-030-17465-1_22
file:
- access_level: closed
content_type: application/pdf
creator: pdschbrt
date_created: 2019-02-12T07:18:17Z
date_updated: 2019-02-12T07:18:17Z
file_id: '7627'
file_name: main.pdf
file_size: 504897
relation: main_file
success: 1
file_date_updated: 2019-02-12T07:18:17Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://link.springer.com/chapter/10.1007/978-3-030-17465-1_22
oa: '1'
page: 393-410
project:
- _id: '1'
name: SFB 901
- _id: '12'
name: SFB 901 - Subproject B4
- _id: '3'
name: SFB 901 - Project Area B
publication: Proceedings of the 25th International Conference on Tools and Algorithms
for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European
Joint Conferences on Theory and Practice of Software (ETAPS 2019)
publication_status: published
status: public
title: 'PhASAR: An Inter-Procedural Static Analysis Framework for C/C++'
type: conference
user_id: '60543'
volume: II
year: '2019'
...
---
_id: '14898'
author:
- first_name: Philipp
full_name: Schubert, Philipp
id: '60543'
last_name: Schubert
orcid: 0000-0002-8674-1859
- first_name: Richard
full_name: Leer, Richard
last_name: Leer
- first_name: Ben
full_name: Hermann, Ben
id: '66173'
last_name: Hermann
orcid: 0000-0001-9848-2017
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Schubert P, Leer R, Hermann B, Bodden E. Know your analysis: how instrumentation
aids understanding static analysis. In: Proceedings of the 8th ACM SIGPLAN
International Workshop on State Of the Art in Program Analysis - SOAP 2019.
; 2019. doi:10.1145/3315568.3329965'
apa: 'Schubert, P., Leer, R., Hermann, B., & Bodden, E. (2019). Know your analysis:
how instrumentation aids understanding static analysis. Proceedings of the
8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis
- SOAP 2019. https://doi.org/10.1145/3315568.3329965'
bibtex: '@inproceedings{Schubert_Leer_Hermann_Bodden_2019, title={Know your analysis:
how instrumentation aids understanding static analysis}, DOI={10.1145/3315568.3329965},
booktitle={Proceedings of the 8th ACM SIGPLAN International Workshop on State
Of the Art in Program Analysis - SOAP 2019}, author={Schubert, Philipp and Leer,
Richard and Hermann, Ben and Bodden, Eric}, year={2019} }'
chicago: 'Schubert, Philipp, Richard Leer, Ben Hermann, and Eric Bodden. “Know Your
Analysis: How Instrumentation Aids Understanding Static Analysis.” In Proceedings
of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis
- SOAP 2019, 2019. https://doi.org/10.1145/3315568.3329965.'
ieee: 'P. Schubert, R. Leer, B. Hermann, and E. Bodden, “Know your analysis: how
instrumentation aids understanding static analysis,” 2019, doi: 10.1145/3315568.3329965.'
mla: 'Schubert, Philipp, et al. “Know Your Analysis: How Instrumentation Aids Understanding
Static Analysis.” Proceedings of the 8th ACM SIGPLAN International Workshop
on State Of the Art in Program Analysis - SOAP 2019, 2019, doi:10.1145/3315568.3329965.'
short: 'P. Schubert, R. Leer, B. Hermann, E. Bodden, in: Proceedings of the 8th
ACM SIGPLAN International Workshop on State Of the Art in Program Analysis -
SOAP 2019, 2019.'
date_created: 2019-11-12T12:22:16Z
date_updated: 2023-06-15T08:52:37Z
department:
- _id: '76'
- _id: '34'
- _id: '26'
doi: 10.1145/3315568.3329965
language:
- iso: eng
project:
- _id: '12'
name: 'SFB 901 - B4: SFB 901 - Subproject B4'
- _id: '3'
name: 'SFB 901 - B: SFB 901 - Project Area B'
- _id: '1'
grant_number: '160364472'
name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen
in dynamischen Märkten '
publication: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of
the Art in Program Analysis - SOAP 2019
publication_identifier:
isbn:
- '9781450367202'
publication_status: published
status: public
title: 'Know your analysis: how instrumentation aids understanding static analysis'
type: conference
user_id: '15249'
year: '2019'
...
---
_id: '2711'
abstract:
- lang: eng
text: "In recent years, researchers have developed a number of tools to conduct\r\ntaint
analysis of Android applications. While all the respective papers aim at\r\nproviding
a thorough empirical evaluation, comparability is hindered by varying\r\nor unclear
evaluation targets. Sometimes, the apps used for evaluation are not\r\nprecisely
described. In other cases, authors use an established benchmark but\r\ncover it
only partially. In yet other cases, the evaluations differ in terms of\r\nthe
data leaks searched for, or lack a ground truth to compare against. All\r\nthose
limitations make it impossible to truly compare the tools based on those\r\npublished
evaluations.\r\n We thus present ReproDroid, a framework allowing the accurate
comparison of\r\nAndroid taint analysis tools. ReproDroid supports researchers
in inferring the\r\nground truth for data leaks in apps, in automatically applying
tools to\r\nbenchmarks, and in evaluating the obtained results. We use ReproDroid
to\r\ncomparatively evaluate on equal grounds the six prominent taint analysis
tools\r\nAmandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results
are\r\nlargely positive although four tools violate some promises concerning features\r\nand
accuracy. Finally, we contribute to the area of unbiased benchmarking with\r\na
new and improved version of the open test suite DroidBench."
author:
- first_name: Felix
full_name: Pauck, Felix
id: '22398'
last_name: Pauck
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Heike
full_name: Wehrheim, Heike
id: '573'
last_name: Wehrheim
citation:
ama: Pauck F, Bodden E, Wehrheim H. Do Android Taint Analysis Tools Keep their Promises?
arXiv:180402903. 2018.
apa: Pauck, F., Bodden, E., & Wehrheim, H. (2018). Do Android Taint Analysis
Tools Keep their Promises? ArXiv:1804.02903.
bibtex: '@article{Pauck_Bodden_Wehrheim_2018, title={Do Android Taint Analysis Tools
Keep their Promises?}, journal={arXiv:1804.02903}, author={Pauck, Felix and Bodden,
Eric and Wehrheim, Heike}, year={2018} }'
chicago: Pauck, Felix, Eric Bodden, and Heike Wehrheim. “Do Android Taint Analysis
Tools Keep Their Promises?” ArXiv:1804.02903, 2018.
ieee: F. Pauck, E. Bodden, and H. Wehrheim, “Do Android Taint Analysis Tools Keep
their Promises?,” arXiv:1804.02903. 2018.
mla: Pauck, Felix, et al. “Do Android Taint Analysis Tools Keep Their Promises?”
ArXiv:1804.02903, 2018.
short: F. Pauck, E. Bodden, H. Wehrheim, ArXiv:1804.02903 (2018).
date_created: 2018-05-09T08:27:11Z
date_updated: 2022-01-06T06:57:35Z
ddc:
- '000'
department:
- _id: '77'
- _id: '76'
file:
- access_level: closed
content_type: application/pdf
creator: florida
date_created: 2018-11-21T10:49:23Z
date_updated: 2018-11-21T10:49:23Z
file_id: '5781'
file_name: Do Android Taint Analysis Tools Keep their Promises.pdf
file_size: 1045861
relation: main_file
success: 1
file_date_updated: 2018-11-21T10:49:23Z
has_accepted_license: '1'
language:
- iso: eng
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publication: arXiv:1804.02903
status: public
title: Do Android Taint Analysis Tools Keep their Promises?
type: preprint
user_id: '477'
year: '2018'
...
---
_id: '20530'
author:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
citation:
ama: 'Bodden E, Nguyen Quang Do L. Explainable Static Analysis. In: Software
Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik,
{SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany. {LNI}. ; 2018:205-208.'
apa: Bodden, E., & Nguyen Quang Do, L. (2018). Explainable Static Analysis.
Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs
Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 205–208.
bibtex: '@inproceedings{Bodden_Nguyen Quang Do_2018, series={{LNI}}, title={Explainable
Static Analysis}, booktitle={Software Engineering und Software Management 2018,
Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018,
Ulm, Germany.}, author={Bodden, Eric and Nguyen Quang Do, Lisa}, year={2018},
pages={205–208}, collection={{LNI}} }'
chicago: Bodden, Eric, and Lisa Nguyen Quang Do. “Explainable Static Analysis.”
In Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs
Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 205–8. {LNI},
2018.
ieee: E. Bodden and L. Nguyen Quang Do, “Explainable Static Analysis,” in Software
Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik,
{SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–208.
mla: Bodden, Eric, and Lisa Nguyen Quang Do. “Explainable Static Analysis.” Software
Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik,
{SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–08.
short: 'E. Bodden, L. Nguyen Quang Do, in: Software Engineering Und Software Management
2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz
2018, Ulm, Germany., 2018, pp. 205–208.'
date_created: 2020-11-27T10:24:21Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: https://dl.gi.de/20.500.12116/16348
page: 205-208
publication: Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs
Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany.
publication_identifier:
isbn:
- 978-3-88579-673-2
series_title: '{LNI}'
status: public
title: Explainable Static Analysis
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20543'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Patrick
full_name: Hill, Patrick
last_name: Hill
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. Debugging Static Analysis.
IEEE Transactions on Software Engineering. Published online 2018:1-1. doi:10.1109/TSE.2018.2868349
apa: Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., & Bodden, E. (2018).
Debugging Static Analysis. IEEE Transactions on Software Engineering, 1–1.
https://doi.org/10.1109/TSE.2018.2868349
bibtex: '@article{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={Debugging
Static Analysis}, DOI={10.1109/TSE.2018.2868349},
journal={IEEE Transactions on Software Engineering}, author={Nguyen Quang Do,
Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}, year={2018},
pages={1–1} }'
chicago: Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric
Bodden. “Debugging Static Analysis.” IEEE Transactions on Software Engineering,
2018, 1–1. https://doi.org/10.1109/TSE.2018.2868349.
ieee: 'L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging
Static Analysis,” IEEE Transactions on Software Engineering, pp. 1–1, 2018,
doi: 10.1109/TSE.2018.2868349.'
mla: Nguyen Quang Do, Lisa, et al. “Debugging Static Analysis.” IEEE Transactions
on Software Engineering, 2018, pp. 1–1, doi:10.1109/TSE.2018.2868349.
short: L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, IEEE Transactions
on Software Engineering (2018) 1–1.
date_created: 2020-11-30T09:32:12Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/TSE.2018.2868349
keyword:
- Debugging
- Static analysis
- Tools
- Computer bugs
- Standards
- Writing
- Encoding
- Testing and Debugging
- Program analysis
- Development tools
- Integrated environments
- Graphical environments
- Usability testing
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/tse18debugging.pdf
page: 1-1
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 2326-3881
status: public
title: Debugging Static Analysis
type: journal_article
user_id: '5786'
year: '2018'
...
---
_id: '20544'
citation:
ama: Tichy M, Bodden E, Kuhrmann M, Wagner S, Steghöfer J-P, eds. Software Engineering
Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik,
SE 2018, 5.-9. März 2018, Ulm, Germany. Vol {P-279}. Gesellschaft für Informatik;
2018.
apa: 'Tichy, M., Bodden, E., Kuhrmann, M., Wagner, S., & Steghöfer, J.-P. (Eds.).
(2018). Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs
Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany: Vol. {P-279}. Gesellschaft
für Informatik.'
bibtex: '@book{Tichy_Bodden_Kuhrmann_Wagner_Steghöfer_2018, series={{LNI}}, title={Software
Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik,
SE 2018, 5.-9. März 2018, Ulm, Germany}, volume={{P-279}}, publisher={Gesellschaft
für Informatik}, year={2018}, collection={{LNI}} }'
chicago: Tichy, Matthias, Eric Bodden, Marco Kuhrmann, Stefan Wagner, and Jan-Philipp
Steghöfer, eds. Software Engineering Und Software Management 2018, Fachtagung
Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany.
Vol. {P-279}. {LNI}. Gesellschaft für Informatik, 2018.
ieee: M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, and J.-P. Steghöfer, Eds., Software
Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik,
SE 2018, 5.-9. März 2018, Ulm, Germany, vol. {P-279}. Gesellschaft für Informatik,
2018.
mla: Tichy, Matthias, et al., editors. Software Engineering Und Software Management
2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018,
Ulm, Germany. Gesellschaft für Informatik, 2018.
short: M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, J.-P. Steghöfer, eds., Software
Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik,
SE 2018, 5.-9. März 2018, Ulm, Germany, Gesellschaft für Informatik, 2018.
date_created: 2020-11-30T09:32:58Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
editor:
- first_name: Matthias
full_name: Tichy, Matthias
last_name: Tichy
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Marco
full_name: Kuhrmann, Marco
last_name: Kuhrmann
- first_name: Stefan
full_name: Wagner, Stefan
last_name: Wagner
- first_name: Jan-Philipp
full_name: Steghöfer, Jan-Philipp
last_name: Steghöfer
language:
- iso: eng
publication_identifier:
isbn:
- 978-3-88579-673-2
publisher: Gesellschaft für Informatik
series_title: '{LNI}'
status: public
title: Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs
Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany
type: conference_editor
user_id: '5786'
volume: '{P-279}'
year: '2018'
...
---
_id: '20545'
citation:
ama: Tip F, Bodden E, eds. Proceedings of the 27th ACM SIGSOFT International
Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands,
July 16-21, 2018. ACM; 2018.
apa: Tip, F., & Bodden, E. (Eds.). (2018). Proceedings of the 27th ACM SIGSOFT
International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam,
The Netherlands, July 16-21, 2018. ACM.
bibtex: '@book{Tip_Bodden_2018, title={Proceedings of the 27th ACM SIGSOFT International
Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands,
July 16-21, 2018}, publisher={ACM}, year={2018} }'
chicago: Tip, Frank, and Eric Bodden, eds. Proceedings of the 27th ACM SIGSOFT
International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam,
The Netherlands, July 16-21, 2018. ACM, 2018.
ieee: F. Tip and E. Bodden, Eds., Proceedings of the 27th ACM SIGSOFT International
Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands,
July 16-21, 2018. ACM, 2018.
mla: Tip, Frank, and Eric Bodden, editors. Proceedings of the 27th ACM SIGSOFT
International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam,
The Netherlands, July 16-21, 2018. ACM, 2018.
short: F. Tip, E. Bodden, eds., Proceedings of the 27th ACM SIGSOFT International
Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands,
July 16-21, 2018, ACM, 2018.
date_created: 2020-11-30T09:35:03Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
editor:
- first_name: Frank
full_name: Tip, Frank
last_name: Tip
- first_name: Eric
full_name: Bodden, Eric
last_name: Bodden
language:
- iso: eng
publisher: ACM
status: public
title: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing
and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018
type: conference_editor
user_id: '5786'
year: '2018'
...
---
_id: '20546'
author:
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
- first_name: David
full_name: Schubert, David
id: '9106'
last_name: Schubert
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Gerking C, Schubert D, Bodden E. Model Checking the Information Flow Security
of Real-Time Systems. In: Payer M, Rashid A, Such JM, eds. Engineering Secure
Software and Systems. Springer International Publishing; 2018:27-43.'
apa: Gerking, C., Schubert, D., & Bodden, E. (2018). Model Checking the Information
Flow Security of Real-Time Systems. In M. Payer, A. Rashid, & J. M. Such (Eds.),
Engineering Secure Software and Systems (pp. 27–43). Springer International
Publishing.
bibtex: '@inproceedings{Gerking_Schubert_Bodden_2018, place={Cham}, title={Model
Checking the Information Flow Security of Real-Time Systems}, booktitle={Engineering
Secure Software and Systems}, publisher={Springer International Publishing}, author={Gerking,
Christopher and Schubert, David and Bodden, Eric}, editor={Payer, Mathias and
Rashid, Awais and Such, Jose M.}, year={2018}, pages={27–43} }'
chicago: 'Gerking, Christopher, David Schubert, and Eric Bodden. “Model Checking
the Information Flow Security of Real-Time Systems.” In Engineering Secure
Software and Systems, edited by Mathias Payer, Awais Rashid, and Jose M. Such,
27–43. Cham: Springer International Publishing, 2018.'
ieee: C. Gerking, D. Schubert, and E. Bodden, “Model Checking the Information Flow
Security of Real-Time Systems,” in Engineering Secure Software and Systems,
2018, pp. 27–43.
mla: Gerking, Christopher, et al. “Model Checking the Information Flow Security
of Real-Time Systems.” Engineering Secure Software and Systems, edited
by Mathias Payer et al., Springer International Publishing, 2018, pp. 27–43.
short: 'C. Gerking, D. Schubert, E. Bodden, in: M. Payer, A. Rashid, J.M. Such (Eds.),
Engineering Secure Software and Systems, Springer International Publishing, Cham,
2018, pp. 27–43.'
date_created: 2020-11-30T09:35:55Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
editor:
- first_name: Mathias
full_name: Payer, Mathias
last_name: Payer
- first_name: Awais
full_name: Rashid, Awais
last_name: Rashid
- first_name: Jose M.
full_name: Such, Jose M.
last_name: Such
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/gsb18model.pdf
page: 27-43
place: Cham
publication: Engineering Secure Software and Systems
publisher: Springer International Publishing
status: public
title: Model Checking the Information Flow Security of Real-Time Systems
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20547'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nguyen Quang Do L, Bodden E. Gamifying Static Analysis. In: Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering. ESEC/FSE 2018. ACM;
2018:714-718. doi:10.1145/3236024.3264830'
apa: Nguyen Quang Do, L., & Bodden, E. (2018). Gamifying Static Analysis. Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, 714–718. https://doi.org/10.1145/3236024.3264830
bibtex: '@inproceedings{Nguyen Quang Do_Bodden_2018, place={New York, NY, USA},
series={ESEC/FSE 2018}, title={Gamifying Static Analysis}, DOI={10.1145/3236024.3264830},
booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software Engineering},
publisher={ACM}, author={Nguyen Quang Do, Lisa and Bodden, Eric}, year={2018},
pages={714–718}, collection={ESEC/FSE 2018} }'
chicago: 'Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” In
Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering, 714–18.
ESEC/FSE 2018. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3236024.3264830.'
ieee: 'L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, 2018, pp. 714–718,
doi: 10.1145/3236024.3264830.'
mla: Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, ACM, 2018, pp. 714–18,
doi:10.1145/3236024.3264830.
short: 'L. Nguyen Quang Do, E. Bodden, in: Proceedings of the 2018 26th ACM Joint
Meeting on European Software Engineering Conference and Symposium on the Foundations
of Software Engineering, ACM, New York, NY, USA, 2018, pp. 714–718.'
date_created: 2020-11-30T09:37:35Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1145/3236024.3264830
keyword:
- Gamification
- Integrated Environments
- Program analysis
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/db18gamifying.pdf
page: 714-718
place: New York, NY, USA
publication: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering
publication_identifier:
isbn:
- 978-1-4503-5573-5
publisher: ACM
series_title: ESEC/FSE 2018
status: public
title: Gamifying Static Analysis
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20548'
author:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Bodden E. The Secret Sauce in Efficient and Precise Static Analysis: The Beauty
of Distributive, Summary-based Static Analyses (and How to Master Them). In: ACM
SIGPLAN International Workshop on the State Of the Art in Java Program Analysis
(SOAP 2018). ISSTA ’18. ACM; 2018:85-93. doi:10.1145/3236454.3236500'
apa: 'Bodden, E. (2018). The Secret Sauce in Efficient and Precise Static Analysis:
The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them).
ACM SIGPLAN International Workshop on the State Of the Art in Java Program
Analysis (SOAP 2018), 85–93. https://doi.org/10.1145/3236454.3236500'
bibtex: '@inproceedings{Bodden_2018, place={New York, NY, USA}, series={ISSTA ’18},
title={The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of
Distributive, Summary-based Static Analyses (and How to Master Them)}, DOI={10.1145/3236454.3236500}, booktitle={ACM
SIGPLAN International Workshop on the State Of the Art in Java Program Analysis
(SOAP 2018)}, publisher={ACM}, author={Bodden, Eric}, year={2018}, pages={85–93},
collection={ISSTA ’18} }'
chicago: 'Bodden, Eric. “The Secret Sauce in Efficient and Precise Static Analysis:
The Beauty of Distributive, Summary-Based Static Analyses (and How to Master Them).”
In ACM SIGPLAN International Workshop on the State Of the Art in Java Program
Analysis (SOAP 2018), 85–93. ISSTA ’18. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3236454.3236500.'
ieee: 'E. Bodden, “The Secret Sauce in Efficient and Precise Static Analysis: The
Beauty of Distributive, Summary-based Static Analyses (and How to Master Them),”
in ACM SIGPLAN International Workshop on the State Of the Art in Java Program
Analysis (SOAP 2018), 2018, pp. 85–93, doi: 10.1145/3236454.3236500.'
mla: 'Bodden, Eric. “The Secret Sauce in Efficient and Precise Static Analysis:
The Beauty of Distributive, Summary-Based Static Analyses (and How to Master Them).”
ACM SIGPLAN International Workshop on the State Of the Art in Java Program
Analysis (SOAP 2018), ACM, 2018, pp. 85–93, doi:10.1145/3236454.3236500.'
short: 'E. Bodden, in: ACM SIGPLAN International Workshop on the State Of the Art
in Java Program Analysis (SOAP 2018), ACM, New York, NY, USA, 2018, pp. 85–93.'
date_created: 2020-11-30T09:51:05Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1145/3236454.3236500
keyword:
- ATTRACT
- ITSECWEBSITE
language:
- iso: eng
main_file_link:
- url: http://bodden.de/pubs/bodden18secret.pdf
page: 85-93
place: New York, NY, USA
publication: ACM SIGPLAN International Workshop on the State Of the Art in Java Program
Analysis (SOAP 2018)
publication_identifier:
isbn:
- 978-1-4503-5939-9
publisher: ACM
series_title: ISSTA '18
status: public
title: 'The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive,
Summary-based Static Analyses (and How to Master Them)'
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20549'
author:
- first_name: Johannes
full_name: Geismann, Johannes
id: '20063'
last_name: Geismann
orcid: https://orcid.org/0000-0003-2015-2047
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Geismann J, Gerking C, Bodden E. Towards Ensuring Security by Design in Cyber-Physical
Systems Engineering Processes. In: International Conference on Software and
System Processes (ICSSP). ; 2018.'
apa: Geismann, J., Gerking, C., & Bodden, E. (2018). Towards Ensuring Security
by Design in Cyber-Physical Systems Engineering Processes. International Conference
on Software and System Processes (ICSSP).
bibtex: '@inproceedings{Geismann_Gerking_Bodden_2018, title={Towards Ensuring Security
by Design in Cyber-Physical Systems Engineering Processes}, booktitle={International
Conference on Software and System Processes (ICSSP)}, author={Geismann, Johannes
and Gerking, Christopher and Bodden, Eric}, year={2018} }'
chicago: Geismann, Johannes, Christopher Gerking, and Eric Bodden. “Towards Ensuring
Security by Design in Cyber-Physical Systems Engineering Processes.” In International
Conference on Software and System Processes (ICSSP), 2018.
ieee: J. Geismann, C. Gerking, and E. Bodden, “Towards Ensuring Security by Design
in Cyber-Physical Systems Engineering Processes,” 2018.
mla: Geismann, Johannes, et al. “Towards Ensuring Security by Design in Cyber-Physical
Systems Engineering Processes.” International Conference on Software and System
Processes (ICSSP), 2018.
short: 'J. Geismann, C. Gerking, E. Bodden, in: International Conference on Software
and System Processes (ICSSP), 2018.'
date_created: 2020-11-30T09:52:21Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
keyword:
- ITSECWEBSITE
language:
- iso: eng
publication: International Conference on Software and System Processes (ICSSP)
related_material:
link:
- relation: confirmation
url: http://bodden.de/pubs/ggb18towards.pdf
status: public
title: Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20550'
author:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Bodden E. Self-adaptive Static Analysis. In: Proceedings of the 40th International
Conference on Software Engineering: New Ideas and Emerging Results. ICSE-NIER
’18. ACM; 2018:45-48. doi:10.1145/3183399.3183401'
apa: 'Bodden, E. (2018). Self-adaptive Static Analysis. Proceedings of the 40th
International Conference on Software Engineering: New Ideas and Emerging Results,
45–48. https://doi.org/10.1145/3183399.3183401'
bibtex: '@inproceedings{Bodden_2018, place={New York, NY, USA}, series={ICSE-NIER
’18}, title={Self-adaptive Static Analysis}, DOI={10.1145/3183399.3183401},
booktitle={Proceedings of the 40th International Conference on Software Engineering:
New Ideas and Emerging Results}, publisher={ACM}, author={Bodden, Eric}, year={2018},
pages={45–48}, collection={ICSE-NIER ’18} }'
chicago: 'Bodden, Eric. “Self-Adaptive Static Analysis.” In Proceedings of the
40th International Conference on Software Engineering: New Ideas and Emerging
Results, 45–48. ICSE-NIER ’18. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3183399.3183401.'
ieee: 'E. Bodden, “Self-adaptive Static Analysis,” in Proceedings of the 40th
International Conference on Software Engineering: New Ideas and Emerging Results,
2018, pp. 45–48, doi: 10.1145/3183399.3183401.'
mla: 'Bodden, Eric. “Self-Adaptive Static Analysis.” Proceedings of the 40th
International Conference on Software Engineering: New Ideas and Emerging Results,
ACM, 2018, pp. 45–48, doi:10.1145/3183399.3183401.'
short: 'E. Bodden, in: Proceedings of the 40th International Conference on Software
Engineering: New Ideas and Emerging Results, ACM, New York, NY, USA, 2018, pp.
45–48.'
date_created: 2020-11-30T09:54:33Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1145/3183399.3183401
keyword:
- ATTRACT
- ITSECWEBSITE
language:
- iso: eng
page: 45-48
place: New York, NY, USA
publication: 'Proceedings of the 40th International Conference on Software Engineering:
New Ideas and Emerging Results'
publication_identifier:
isbn:
- 978-1-4503-5662-6
publisher: ACM
related_material:
link:
- relation: confirmation
url: http://bodden.de/pubs/bodden18selfadaptive.pdf
series_title: ICSE-NIER '18
status: public
title: Self-adaptive Static Analysis
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20551'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Patrick
full_name: Hill, Patrick
last_name: Hill
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. VISUFLOW, a Debugging
Environment for Static Analyses. In: International Conference for Software
Engineering (ICSE), Tool Demonstrations Track. ; 2018.'
apa: Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., & Bodden, E. (2018).
VISUFLOW, a Debugging Environment for Static Analyses. International Conference
for Software Engineering (ICSE), Tool Demonstrations Track.
bibtex: '@inproceedings{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={VISUFLOW,
a Debugging Environment for Static Analyses}, booktitle={International Conference
for Software Engineering (ICSE), Tool Demonstrations Track}, author={Nguyen Quang
Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric},
year={2018} }'
chicago: Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric
Bodden. “VISUFLOW, a Debugging Environment for Static Analyses.” In International
Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018.
ieee: L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “VISUFLOW,
a Debugging Environment for Static Analyses,” 2018.
mla: Nguyen Quang Do, Lisa, et al. “VISUFLOW, a Debugging Environment for Static
Analyses.” International Conference for Software Engineering (ICSE), Tool Demonstrations
Track, 2018.
short: 'L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, in: International
Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018.'
date_created: 2020-11-30T09:55:20Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
keyword:
- ATTRACT
- ITSECWEBSITE
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/dkh+18visuflow.pdf
publication: International Conference for Software Engineering (ICSE), Tool Demonstrations
Track
status: public
title: VISUFLOW, a Debugging Environment for Static Analyses
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20779'
abstract:
- lang: eng
text: Der hohe Grad an Innovation in mechatronischen Systemen führt zu sogenannten
Cyber-Physical Systems (CPS). Diese haben eine komplexe Funktionalität und Kommunikation.
Wie sicherheitskritisch solche Systeme sind, wird durch sogenannte Sicherheits-Integritätslevel
(SIL) kategorisiert, die durch Normen wie der ISO 26262 definiert werden. Ein
bestimmter SIL beschreibt nicht nur die Höhe des Gefährdungsrisikos, sondern diktiert
auch den erforderlichen Grad an Sorgfalt bei der Entwicklung des Systems. Ein
hoher SIL erfordert die Anwendung von Safety-Maßnahmen mit einem hohen Sorgfaltsgrad
in allen Phasen der Entwicklung und impliziert daher einen hohen Safety-Aufwand.
SIL-Tailoring ist ein Mittel um den Safety-Aufwand zu reduzieren, indem man Subsystemen
geringere SILs zuordnet, falls sie von kritischeren Subsystemen getrennt sind
oder redundante Safety-Anforderungen erfüllen. Um den nötigen Safety-Aufwand zu
planen, sollten Möglichkeiten für SIL-Tailoring so früh wie möglich identifiziert
werden - d.h. bereits in der Anforderungsanalyse. Durch die Komplexität von CPS,
ist es schwierig valide SIL-Tailorings zu finden. Die Validität von SIL-Tailorings
muss durch Analyse von Fehlerpropagierungspfaden geprüft und durch Argumente im
Safety Case begründet werden. Der Beitrag dieser Dissertation ist ein systematischer,
tool-unterstützter SIL-Tailoring-Prozess, der im Safety Requirements Engineering
angewendet wird. Der Prozess nutzt eine modell-basierte, formale Anforderungsspezifikation
und stellt einen Katalog von Anforderungsmustern bereit. Basierend auf diesen
Anforderungen werden Fehlerpropagierungsmodelle generiert und Subsystemen automatisch
SILs zugeordnet. Das minimiert den Sicherheitsanalyseaufwand. Aus den generierten
Ergebnissen wird automatisch ein Safety Case mit Argumenten für die SIL-Tailoring-Validität
abgeleitet.
author:
- first_name: Markus
full_name: Fockel, Markus
id: '8472'
last_name: Fockel
orcid: 0000-0002-1269-0702
citation:
ama: Fockel M. Safety Requirements Engineering for Early SIL Tailoring. Fakultät
für Elektrotechnik, Informatik und Mathematik, Universität Paderborn; 2018. doi:10.17619/UNIPB/1-490
apa: Fockel, M. (2018). Safety Requirements Engineering for Early SIL Tailoring.
Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn.
https://doi.org/10.17619/UNIPB/1-490
bibtex: '@book{Fockel_2018, title={Safety Requirements Engineering for Early SIL
Tailoring}, DOI={10.17619/UNIPB/1-490},
publisher={Fakultät für Elektrotechnik, Informatik und Mathematik, Universität
Paderborn}, author={Fockel, Markus}, year={2018} }'
chicago: Fockel, Markus. Safety Requirements Engineering for Early SIL Tailoring.
Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn,
2018. https://doi.org/10.17619/UNIPB/1-490.
ieee: M. Fockel, Safety Requirements Engineering for Early SIL Tailoring.
Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn,
2018.
mla: Fockel, Markus. Safety Requirements Engineering for Early SIL Tailoring.
Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn,
2018, doi:10.17619/UNIPB/1-490.
short: M. Fockel, Safety Requirements Engineering for Early SIL Tailoring, Fakultät
für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018.
date_created: 2020-12-17T11:59:05Z
date_updated: 2022-01-06T06:54:38Z
department:
- _id: '76'
- _id: '241'
- _id: '662'
doi: 10.17619/UNIPB/1-490
language:
- iso: eng
publisher: Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: Safety Requirements Engineering for Early SIL Tailoring
type: dissertation
user_id: '5786'
year: '2018'
...
---
_id: '20781'
author:
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
- first_name: David
full_name: Schubert, David
id: '9106'
last_name: Schubert
citation:
ama: 'Gerking C, Schubert D. Towards Preserving Information Flow Security on Architectural
Composition of Cyber-Physical Systems. In: European Conference on Software
Architecture (ECSA 2018). Lecture Notes in Computer Science. Springer; 2018:147-155.
doi:10.1007/978-3-030-00761-4_10'
apa: Gerking, C., & Schubert, D. (2018). Towards Preserving Information Flow
Security on Architectural Composition of Cyber-Physical Systems. European Conference
on Software Architecture (ECSA 2018), 11048, 147–155. https://doi.org/10.1007/978-3-030-00761-4_10
bibtex: '@inproceedings{Gerking_Schubert_2018, series={Lecture Notes in Computer
Science}, title={Towards Preserving Information Flow Security on Architectural
Composition of Cyber-Physical Systems}, DOI={10.1007/978-3-030-00761-4_10},
number={11048}, booktitle={European Conference on Software Architecture (ECSA
2018)}, publisher={Springer}, author={Gerking, Christopher and Schubert, David},
year={2018}, pages={147–155}, collection={Lecture Notes in Computer Science} }'
chicago: Gerking, Christopher, and David Schubert. “Towards Preserving Information
Flow Security on Architectural Composition of Cyber-Physical Systems.” In European
Conference on Software Architecture (ECSA 2018), 147–55. Lecture Notes in
Computer Science. Springer, 2018. https://doi.org/10.1007/978-3-030-00761-4_10.
ieee: 'C. Gerking and D. Schubert, “Towards Preserving Information Flow Security
on Architectural Composition of Cyber-Physical Systems,” in European Conference
on Software Architecture (ECSA 2018), 2018, no. 11048, pp. 147–155, doi: 10.1007/978-3-030-00761-4_10.'
mla: Gerking, Christopher, and David Schubert. “Towards Preserving Information Flow
Security on Architectural Composition of Cyber-Physical Systems.” European
Conference on Software Architecture (ECSA 2018), no. 11048, Springer, 2018,
pp. 147–55, doi:10.1007/978-3-030-00761-4_10.
short: 'C. Gerking, D. Schubert, in: European Conference on Software Architecture
(ECSA 2018), Springer, 2018, pp. 147–155.'
date_created: 2020-12-17T12:02:20Z
date_updated: 2022-01-06T06:54:38Z
department:
- _id: '76'
- _id: '241'
doi: 10.1007/978-3-030-00761-4_10
issue: '11048'
language:
- iso: eng
page: 147-155
publication: European Conference on Software Architecture (ECSA 2018)
publisher: Springer
series_title: Lecture Notes in Computer Science
status: public
title: Towards Preserving Information Flow Security on Architectural Composition of
Cyber-Physical Systems
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20784'
author:
- first_name: Johannes
full_name: Geismann, Johannes
id: '20063'
last_name: Geismann
orcid: https://orcid.org/0000-0003-2015-2047
citation:
ama: 'Geismann J. Traceable Threat Modeling for Safety-critical Systems. In: IEEE
International Conference on Software Architecture Companion (ICSA-C 2018) .
IEEE; 2018:41-42. doi:10.1109/ICSA-C.2018.00017'
apa: Geismann, J. (2018). Traceable Threat Modeling for Safety-critical Systems.
IEEE International Conference on Software Architecture Companion (ICSA-C 2018)
, 41–42. https://doi.org/10.1109/ICSA-C.2018.00017
bibtex: '@inproceedings{Geismann_2018, title={Traceable Threat Modeling for Safety-critical
Systems}, DOI={10.1109/ICSA-C.2018.00017},
booktitle={IEEE International Conference on Software Architecture Companion (ICSA-C
2018) }, publisher={IEEE}, author={Geismann, Johannes}, year={2018}, pages={41–42}
}'
chicago: Geismann, Johannes. “Traceable Threat Modeling for Safety-Critical Systems.”
In IEEE International Conference on Software Architecture Companion (ICSA-C
2018) , 41–42. IEEE, 2018. https://doi.org/10.1109/ICSA-C.2018.00017.
ieee: 'J. Geismann, “Traceable Threat Modeling for Safety-critical Systems,” in
IEEE International Conference on Software Architecture Companion (ICSA-C 2018)
, 2018, pp. 41–42, doi: 10.1109/ICSA-C.2018.00017.'
mla: Geismann, Johannes. “Traceable Threat Modeling for Safety-Critical Systems.”
IEEE International Conference on Software Architecture Companion (ICSA-C 2018)
, IEEE, 2018, pp. 41–42, doi:10.1109/ICSA-C.2018.00017.
short: 'J. Geismann, in: IEEE International Conference on Software Architecture
Companion (ICSA-C 2018) , IEEE, 2018, pp. 41–42.'
date_created: 2020-12-17T12:06:35Z
date_updated: 2022-01-06T06:54:38Z
department:
- _id: '76'
doi: 10.1109/ICSA-C.2018.00017
language:
- iso: eng
page: 41-42
publication: 'IEEE International Conference on Software Architecture Companion (ICSA-C
2018) '
publisher: IEEE
status: public
title: Traceable Threat Modeling for Safety-critical Systems
type: conference
user_id: '5786'
year: '2018'
...
---
_id: '20785'
abstract:
- lang: eng
text: "Cyber-physical Systems are distributed, embedded systems that interact with
their physical environment. Typically, these systems consist of several Electronic
Control Units using multiple processing cores for the execution. Many systems
are applied in safety-critical contexts and have to fulfill hard real-time requirements.
The model-driven engineering paradigm enables system developers to consider all
requirements in a systematical manner. In the software design phase, they prove
the fulfillment of the requirements using model checking. When deploying the software
to the executing platform, one important task is to ensure that the runtime scheduling
does not violate the verified requirements by neglecting the model checking assumptions.
Current model-driven approaches do not consider the problem of deriving feasible
execution schedules for embedded multi-core platforms respecting hard real-time
requirements. This paper extends the previous work on providing an approach for
a semi-automatic synthesis of behavioral models into a deterministic real-time
scheduling. We add an approach for the partitioning and mapping development tasks.
This extended approach enables the utilization of parallel resources within a
single ECU considering the verification assumptions by extending the open tool
platform App4mc. We evaluate our approach using an example of a distributed automotive
system with hard real-time requirements specified with the MechatronicUML method.\r\n"
author:
- first_name: Johannes
full_name: Geismann, Johannes
id: '20063'
last_name: Geismann
orcid: https://orcid.org/0000-0003-2015-2047
- first_name: Robert
full_name: Höttger, Robert
last_name: Höttger
- first_name: Lukas
full_name: Krawczyk, Lukas
last_name: Krawczyk
- first_name: Uwe
full_name: Pohlmann, Uwe
last_name: Pohlmann
- first_name: David
full_name: Schmelter, David
id: '40982'
last_name: Schmelter
orcid: 0000-0001-7787-5380
citation:
ama: 'Geismann J, Höttger R, Krawczyk L, Pohlmann U, Schmelter D. Automated Synthesis
of a Real-Time Scheduling for Cyber-Physical Multi-core Systems. In: Pires LF,
Hammoudi S, Selic B, eds. Model-Driven Engineering and Software Development.
Vol 1. Springer International Publishing; 2018:72-93. doi:10.1007/978-3-319-94764-8_4'
apa: Geismann, J., Höttger, R., Krawczyk, L., Pohlmann, U., & Schmelter, D.
(2018). Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core
Systems. In L. F. Pires, S. Hammoudi, & B. Selic (Eds.), Model-Driven Engineering
and Software Development (Vol. 1, pp. 72–93). Springer International Publishing.
https://doi.org/10.1007/978-3-319-94764-8_4
bibtex: '@inproceedings{Geismann_Höttger_Krawczyk_Pohlmann_Schmelter_2018, place={Cham},
title={Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core
Systems}, volume={1}, DOI={10.1007/978-3-319-94764-8_4},
booktitle={Model-Driven Engineering and Software Development}, publisher={Springer
International Publishing}, author={Geismann, Johannes and Höttger, Robert and
Krawczyk, Lukas and Pohlmann, Uwe and Schmelter, David}, editor={Pires, Luís Ferreira
and Hammoudi, Slimane and Selic, Bran}, year={2018}, pages={72–93} }'
chicago: 'Geismann, Johannes, Robert Höttger, Lukas Krawczyk, Uwe Pohlmann, and
David Schmelter. “Automated Synthesis of a Real-Time Scheduling for Cyber-Physical
Multi-Core Systems.” In Model-Driven Engineering and Software Development,
edited by Luís Ferreira Pires, Slimane Hammoudi, and Bran Selic, 1:72–93. Cham:
Springer International Publishing, 2018. https://doi.org/10.1007/978-3-319-94764-8_4.'
ieee: 'J. Geismann, R. Höttger, L. Krawczyk, U. Pohlmann, and D. Schmelter, “Automated
Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems,” in
Model-Driven Engineering and Software Development, 2018, vol. 1, pp. 72–93,
doi: 10.1007/978-3-319-94764-8_4.'
mla: Geismann, Johannes, et al. “Automated Synthesis of a Real-Time Scheduling for
Cyber-Physical Multi-Core Systems.” Model-Driven Engineering and Software Development,
edited by Luís Ferreira Pires et al., vol. 1, Springer International Publishing,
2018, pp. 72–93, doi:10.1007/978-3-319-94764-8_4.
short: 'J. Geismann, R. Höttger, L. Krawczyk, U. Pohlmann, D. Schmelter, in: L.F.
Pires, S. Hammoudi, B. Selic (Eds.), Model-Driven Engineering and Software Development,
Springer International Publishing, Cham, 2018, pp. 72–93.'
date_created: 2020-12-17T12:07:52Z
date_updated: 2022-01-06T06:54:38Z
department:
- _id: '76'
- _id: '241'
- _id: '662'
doi: 10.1007/978-3-319-94764-8_4
editor:
- first_name: Luís Ferreira
full_name: Pires, Luís Ferreira
last_name: Pires
- first_name: Slimane
full_name: Hammoudi, Slimane
last_name: Hammoudi
- first_name: Bran
full_name: Selic, Bran
last_name: Selic
intvolume: ' 1'
language:
- iso: eng
page: 72-93
place: Cham
publication: Model-Driven Engineering and Software Development
publisher: Springer International Publishing
status: public
title: Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core
Systems
type: conference
user_id: '5786'
volume: 1
year: '2018'
...
---
_id: '20789'
author:
- first_name: Uwe
full_name: Pohlmann, Uwe
last_name: Pohlmann
citation:
ama: Pohlmann U. A Model-Driven Software Construction Approach for Cyber-Physical
Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik; 2018.
apa: Pohlmann, U. (2018). A Model-driven Software Construction Approach for Cyber-physical
Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik.
bibtex: '@book{Pohlmann_2018, title={A Model-driven Software Construction Approach
for Cyber-physical Systems}, publisher={Universität Paderborn, Heinz Nixdorf Institut,
Softwaretechnik}, author={Pohlmann, Uwe}, year={2018} }'
chicago: Pohlmann, Uwe. A Model-Driven Software Construction Approach for Cyber-Physical
Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018.
ieee: U. Pohlmann, A Model-driven Software Construction Approach for Cyber-physical
Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018.
mla: Pohlmann, Uwe. A Model-Driven Software Construction Approach for Cyber-Physical
Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018.
short: U. Pohlmann, A Model-Driven Software Construction Approach for Cyber-Physical
Systems, Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018.
date_created: 2020-12-17T12:18:36Z
date_updated: 2022-01-06T06:54:38Z
department:
- _id: '76'
language:
- iso: eng
publisher: Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik
status: public
title: A Model-driven Software Construction Approach for Cyber-physical Systems
type: dissertation
user_id: '5786'
year: '2018'
...
---
_id: '4999'
author:
- first_name: Felix
full_name: Pauck, Felix
id: '22398'
last_name: Pauck
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Heike
full_name: Wehrheim, Heike
id: '573'
last_name: Wehrheim
citation:
ama: 'Pauck F, Bodden E, Wehrheim H. Do Android taint analysis tools keep their
promises? In: Proceedings of the 2018 26th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software Engineering
- ESEC/FSE 2018. ACM Press; 2018. doi:10.1145/3236024.3236029'
apa: Pauck, F., Bodden, E., & Wehrheim, H. (2018). Do Android taint analysis
tools keep their promises? In Proceedings of the 2018 26th ACM Joint Meeting
on European Software Engineering Conference and Symposium on the Foundations of
Software Engineering - ESEC/FSE 2018. ACM Press. https://doi.org/10.1145/3236024.3236029
bibtex: '@inproceedings{Pauck_Bodden_Wehrheim_2018, title={Do Android taint analysis
tools keep their promises?}, DOI={10.1145/3236024.3236029},
booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software Engineering
- ESEC/FSE 2018}, publisher={ACM Press}, author={Pauck, Felix and Bodden, Eric
and Wehrheim, Heike}, year={2018} }'
chicago: Pauck, Felix, Eric Bodden, and Heike Wehrheim. “Do Android Taint Analysis
Tools Keep Their Promises?” In Proceedings of the 2018 26th ACM Joint Meeting
on European Software Engineering Conference and Symposium on the Foundations of
Software Engineering - ESEC/FSE 2018. ACM Press, 2018. https://doi.org/10.1145/3236024.3236029.
ieee: F. Pauck, E. Bodden, and H. Wehrheim, “Do Android taint analysis tools keep
their promises?,” in Proceedings of the 2018 26th ACM Joint Meeting on European
Software Engineering Conference and Symposium on the Foundations of Software Engineering
- ESEC/FSE 2018, 2018.
mla: Pauck, Felix, et al. “Do Android Taint Analysis Tools Keep Their Promises?”
Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE
2018, ACM Press, 2018, doi:10.1145/3236024.3236029.
short: 'F. Pauck, E. Bodden, H. Wehrheim, in: Proceedings of the 2018 26th ACM Joint
Meeting on European Software Engineering Conference and Symposium on the Foundations
of Software Engineering - ESEC/FSE 2018, ACM Press, 2018.'
date_created: 2018-10-30T08:03:17Z
date_updated: 2022-01-06T07:01:34Z
ddc:
- '004'
department:
- _id: '77'
- _id: '76'
doi: 10.1145/3236024.3236029
file:
- access_level: closed
content_type: application/pdf
creator: ups
date_created: 2018-11-02T13:37:38Z
date_updated: 2018-11-02T13:37:38Z
file_id: '5251'
file_name: fse18main-id76-p.pdf
file_size: 524169
relation: main_file
success: 1
file_date_updated: 2018-11-02T13:37:38Z
has_accepted_license: '1'
language:
- iso: eng
project:
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
- _id: '1'
name: SFB 901
publication: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE
2018
publication_identifier:
isbn:
- '9781450355735'
publication_status: published
publisher: ACM Press
status: public
title: Do Android taint analysis tools keep their promises?
type: conference
user_id: '477'
year: '2018'
...
---
_id: '5203'
author:
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Johannes
full_name: Späth, Johannes
last_name: Späth
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
citation:
ama: 'Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach
to Validating the Correct Usage of Cryptographic APIs. In: European Conference
on Object-Oriented Programming (ECOOP). ; 2018:10:1-10:27.'
apa: 'Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2018). CrySL:
An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.
In European Conference on Object-Oriented Programming (ECOOP) (pp. 10:1-10:27).'
bibtex: '@inproceedings{Krüger_Späth_Ali_Bodden_Mezini_2018, title={CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs}, booktitle={European
Conference on Object-Oriented Programming (ECOOP)}, author={Krüger, Stefan and
Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2018},
pages={10:1-10:27} }'
chicago: 'Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini.
“CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs.” In European Conference on Object-Oriented Programming (ECOOP), 10:1-10:27,
2018.'
ieee: 'S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible
Approach to Validating the Correct Usage of Cryptographic APIs,” in European
Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.'
mla: 'Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct
Usage of Cryptographic APIs.” European Conference on Object-Oriented Programming
(ECOOP), 2018, pp. 10:1-10:27.'
short: 'S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, in: European Conference
on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.'
date_created: 2018-10-31T12:37:29Z
date_updated: 2022-01-06T07:01:44Z
ddc:
- '000'
department:
- _id: '76'
file:
- access_level: closed
content_type: application/pdf
creator: ups
date_created: 2018-11-02T13:51:05Z
date_updated: 2018-11-02T13:51:05Z
file_id: '5255'
file_name: ksa+18crysl.pdf
file_size: 747259
relation: main_file
success: 1
file_date_updated: 2018-11-02T13:51:05Z
has_accepted_license: '1'
keyword:
- ITSECWEBSITE
- CROSSING
language:
- iso: eng
main_file_link:
- url: http://bodden.de/pubs/ksa+18crysl.pdf
page: 10:1-10:27
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publication: European Conference on Object-Oriented Programming (ECOOP)
status: public
title: 'CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic
APIs'
type: conference
user_id: '477'
year: '2018'
...
---
_id: '1044'
author:
- first_name: Richard
full_name: Leer, Richard
last_name: Leer
citation:
ama: Leer R. Measuring Performance of a Static Analysis Framework with an Application
to Immutability Analysis. Universität Paderborn; 2018.
apa: Leer, R. (2018). Measuring Performance of a Static Analysis Framework with
an application to Immutability Analysis. Universität Paderborn.
bibtex: '@book{Leer_2018, title={Measuring Performance of a Static Analysis Framework
with an application to Immutability Analysis}, publisher={Universität Paderborn},
author={Leer, Richard}, year={2018} }'
chicago: Leer, Richard. Measuring Performance of a Static Analysis Framework
with an Application to Immutability Analysis. Universität Paderborn, 2018.
ieee: R. Leer, Measuring Performance of a Static Analysis Framework with an application
to Immutability Analysis. Universität Paderborn, 2018.
mla: Leer, Richard. Measuring Performance of a Static Analysis Framework with
an Application to Immutability Analysis. Universität Paderborn, 2018.
short: R. Leer, Measuring Performance of a Static Analysis Framework with an Application
to Immutability Analysis, Universität Paderborn, 2018.
date_created: 2017-12-13T07:52:01Z
date_updated: 2022-01-06T06:50:39Z
ddc:
- '000'
department:
- _id: '76'
file:
- access_level: closed
content_type: application/pdf
creator: florida
date_created: 2018-11-21T06:15:51Z
date_updated: 2018-11-21T06:15:51Z
file_id: '5768'
file_name: ba_leer.pdf
file_size: 1383049
relation: main_file
success: 1
file_date_updated: 2018-11-21T06:15:51Z
has_accepted_license: '1'
language:
- iso: eng
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: Measuring Performance of a Static Analysis Framework with an application to
Immutability Analysis
type: bachelorsthesis
user_id: '15504'
year: '2018'
...
---
_id: '1045'
author:
- first_name: Jan Niclas
full_name: Strüwer, Jan Niclas
last_name: Strüwer
citation:
ama: Strüwer JN. Interactive Data Visualization for Exploded Supergraphs.
Universität Paderborn; 2018.
apa: Strüwer, J. N. (2018). Interactive Data Visualization for Exploded Supergraphs.
Universität Paderborn.
bibtex: '@book{Strüwer_2018, title={Interactive Data Visualization for Exploded
Supergraphs}, publisher={Universität Paderborn}, author={Strüwer, Jan Niclas},
year={2018} }'
chicago: Strüwer, Jan Niclas. Interactive Data Visualization for Exploded Supergraphs.
Universität Paderborn, 2018.
ieee: J. N. Strüwer, Interactive Data Visualization for Exploded Supergraphs.
Universität Paderborn, 2018.
mla: Strüwer, Jan Niclas. Interactive Data Visualization for Exploded Supergraphs.
Universität Paderborn, 2018.
short: J.N. Strüwer, Interactive Data Visualization for Exploded Supergraphs, Universität
Paderborn, 2018.
date_created: 2017-12-13T07:53:49Z
date_updated: 2022-01-06T06:50:40Z
ddc:
- '000'
department:
- _id: '76'
file:
- access_level: closed
content_type: application/pdf
creator: florida
date_created: 2018-11-21T06:14:15Z
date_updated: 2018-11-21T06:14:15Z
file_id: '5767'
file_name: ba_struewer.pdf
file_size: 15839765
relation: main_file
success: 1
file_date_updated: 2018-11-21T06:14:15Z
has_accepted_license: '1'
language:
- iso: eng
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publisher: Universität Paderborn
status: public
supervisor:
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
title: Interactive Data Visualization for Exploded Supergraphs
type: bachelorsthesis
user_id: '15504'
year: '2018'
...
---
_id: '20552'
abstract:
- lang: eng
text: Das Zukunftsszenario der Industrie 4.0 ist gepr{\"a}gt durch einen massiven
Anstieg der unternehmens{\"u}bergreifenden Vernetzung. Um einer Bedrohung durch
unautorisierte Weitergabe oder Sabotage vertraulicher Daten entgegenzuwirken,
muss der Informationssicherheit bereits im Entwurf der cyber-physischen Produktionssysteme
ein hoher Stellenwert einger{\"a}umt werden. Dieses Paradigma wird als Security
by Design bezeichnet. {\"U}ber den gesamten Entstehungsprozess hinweg muss nachverfolgt
werden k{\"o}nnen, ob die Systeme spezifische Anforderungen an die Informationssicherheit
erf{\"u}llen und damit die Eigenschaft der Industrial Security gew{\"a}hrleisten.
Dieser Beitrag stellt einen Entwurfsansatz zur Nachverfolgung der Informationssicherheit
vor, der durch Integration softwaretechnischer Methoden in das Systems Engineering
eine Entwicklung nach dem Paradigma Security by Design erm{\"o}glicht.
author:
- first_name: Christopher
full_name: Gerking, Christopher
last_name: Gerking
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Wilhelm
full_name: Schäfer, Wilhelm
last_name: Schäfer
citation:
ama: 'Gerking C, Bodden E, Schäfer W. Industrial Security by Design. In: Maier GW,
Engels G, Steffen E, eds. Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten.
Springer Berlin Heidelberg; 2017:1-24. doi:10.1007/978-3-662-52903-4_8-1'
apa: Gerking, C., Bodden, E., & Schäfer, W. (2017). Industrial Security by Design.
In G. W. Maier, G. Engels, & E. Steffen (Eds.), Handbuch Gestaltung digitaler
und vernetzter Arbeitswelten (pp. 1–24). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-662-52903-4_8-1
bibtex: '@inbook{Gerking_Bodden_Schäfer_2017, place={Berlin, Heidelberg}, title={Industrial
Security by Design}, DOI={10.1007/978-3-662-52903-4_8-1},
booktitle={Handbuch Gestaltung digitaler und vernetzter Arbeitswelten}, publisher={Springer
Berlin Heidelberg}, author={Gerking, Christopher and Bodden, Eric and Schäfer,
Wilhelm}, editor={Maier, Günter W. and Engels, Gregor and Steffen, Eckhard}, year={2017},
pages={1–24} }'
chicago: 'Gerking, Christopher, Eric Bodden, and Wilhelm Schäfer. “Industrial Security
by Design.” In Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten,
edited by Günter W. Maier, Gregor Engels, and Eckhard Steffen, 1–24. Berlin, Heidelberg:
Springer Berlin Heidelberg, 2017. https://doi.org/10.1007/978-3-662-52903-4_8-1.'
ieee: 'C. Gerking, E. Bodden, and W. Schäfer, “Industrial Security by Design,” in
Handbuch Gestaltung digitaler und vernetzter Arbeitswelten, G. W. Maier,
G. Engels, and E. Steffen, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg,
2017, pp. 1–24.'
mla: Gerking, Christopher, et al. “Industrial Security by Design.” Handbuch Gestaltung
Digitaler Und Vernetzter Arbeitswelten, edited by Günter W. Maier et al.,
Springer Berlin Heidelberg, 2017, pp. 1–24, doi:10.1007/978-3-662-52903-4_8-1.
short: 'C. Gerking, E. Bodden, W. Schäfer, in: G.W. Maier, G. Engels, E. Steffen
(Eds.), Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten, Springer Berlin
Heidelberg, Berlin, Heidelberg, 2017, pp. 1–24.'
date_created: 2020-11-30T09:56:23Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1007/978-3-662-52903-4_8-1
editor:
- first_name: Günter W.
full_name: Maier, Günter W.
last_name: Maier
- first_name: Gregor
full_name: Engels, Gregor
last_name: Engels
- first_name: Eckhard
full_name: Steffen, Eckhard
last_name: Steffen
keyword:
- ITSECWEBSITE
language:
- iso: eng
page: 1-24
place: Berlin, Heidelberg
publication: Handbuch Gestaltung digitaler und vernetzter Arbeitswelten
publication_identifier:
isbn:
- 978-3-662-52903-4
publisher: Springer Berlin Heidelberg
status: public
title: Industrial Security by Design
type: book_chapter
user_id: '5786'
year: '2017'
...
---
_id: '20553'
abstract:
- lang: eng
text: Finding and fixing software vulnerabilities have become a major struggle for
most software development companies. While generally without alternative, such
fixing efforts are a major cost factor, which is why companies have a vital interest
in focusing their secure software development activities such that they obtain
an optimal return on this investment. We investigate, in this paper, quantitatively
the major factors that impact the time it takes to fix a given security issue
based on data collected automatically within SAP's secure development process,
and we show how the issue fix time could be used to monitor the fixing process.
We use three machine learning methods and evaluate their predictive power in predicting
the time to fix issues. Interestingly, the models indicate that vulnerability
type has less dominant impact on issue fix time than previously believed. The
time it takes to fix an issue instead seems much more related to the component
in which the potential vulnerability resides, the project related to the issue,
the development groups that address the issue, and the closeness of the software
release date. This indicates that the software structure, the fixing processes,
and the development groups are the dominant factors that impact the time spent
to address security issues. SAP can use the models to implement a continuous improvement
of its secure software development process and to measure the impact of individual
improvements. The development teams at SAP develop different types of software,
adopt different internal development processes, use different programming languages
and platforms, and are located in different cities and countries. Other organizations,
may use the results---with precaution---and be learning organizations.
author:
- first_name: Lotfi
full_name: Ben Othmane, Lotfi
last_name: Ben Othmane
- first_name: Golriz
full_name: Chehrazi, Golriz
last_name: Chehrazi
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Petar
full_name: Tsalovski, Petar
last_name: Tsalovski
- first_name: Achim D.
full_name: Brucker, Achim D.
last_name: Brucker
citation:
ama: 'Ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD. Time for Addressing
Software Security Issues: Prediction Models and Impacting Factors. Data Science
and Engineering. 2017;2(2):107-124. doi:https://doi.org/10.1007/s41019-016-0019-8'
apa: 'Ben Othmane, L., Chehrazi, G., Bodden, E., Tsalovski, P., & Brucker, A.
D. (2017). Time for Addressing Software Security Issues: Prediction Models and
Impacting Factors. Data Science and Engineering, 2(2), 107–124.
https://doi.org/10.1007/s41019-016-0019-8'
bibtex: '@article{Ben Othmane_Chehrazi_Bodden_Tsalovski_Brucker_2017, title={Time
for Addressing Software Security Issues: Prediction Models and Impacting Factors},
volume={2}, DOI={https://doi.org/10.1007/s41019-016-0019-8},
number={2}, journal={Data Science and Engineering}, author={Ben Othmane, Lotfi
and Chehrazi, Golriz and Bodden, Eric and Tsalovski, Petar and Brucker, Achim
D.}, year={2017}, pages={107–124} }'
chicago: 'Ben Othmane, Lotfi, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and
Achim D. Brucker. “Time for Addressing Software Security Issues: Prediction Models
and Impacting Factors.” Data Science and Engineering 2, no. 2 (2017): 107–24.
https://doi.org/10.1007/s41019-016-0019-8.'
ieee: 'L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, and A. D. Brucker,
“Time for Addressing Software Security Issues: Prediction Models and Impacting
Factors,” Data Science and Engineering, vol. 2, no. 2, pp. 107–124, 2017,
doi: https://doi.org/10.1007/s41019-016-0019-8.'
mla: 'Ben Othmane, Lotfi, et al. “Time for Addressing Software Security Issues:
Prediction Models and Impacting Factors.” Data Science and Engineering,
vol. 2, no. 2, 2017, pp. 107–24, doi:https://doi.org/10.1007/s41019-016-0019-8.'
short: L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, A.D. Brucker, Data
Science and Engineering 2 (2017) 107–124.
date_created: 2020-11-30T10:24:50Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: https://doi.org/10.1007/s41019-016-0019-8
intvolume: ' 2'
issue: '2'
language:
- iso: eng
page: 107-124
publication: Data Science and Engineering
publication_identifier:
issn:
- 2364-1541
related_material:
link:
- relation: confirmation
url: http://bodden.de/pubs/bcb17time.pdf
status: public
title: 'Time for Addressing Software Security Issues: Prediction Models and Impacting
Factors'
type: journal_article
user_id: '5786'
volume: 2
year: '2017'
...