--- _id: '52235' abstract: - lang: eng text: "Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.\r\nThis paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis. " author: - first_name: Mugdha full_name: Khedkar, Mugdha id: '88024' last_name: Khedkar - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection. In: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems. ; 2024.' apa: Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach for Data Protection. Proceedings of the 9th International Conference on Mobile Software Engineering and Systems. 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal. bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis Approach for Data Protection}, booktitle={Proceedings of the 9th International Conference on Mobile Software Engineering and Systems}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024} }' chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” In Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024. ieee: M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for Data Protection,” presented at the 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal, 2024. mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024. short: 'M. Khedkar, E. Bodden, in: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024.' conference: end_date: 2024-04-15 location: Lisbon, Portugal name: 9th International Conference on Mobile Software Engineering and Systems 2024 start_date: 2024-04-14 date_created: 2024-03-03T14:37:53Z date_updated: 2024-03-06T13:00:38Z ddc: - '006' department: - _id: '76' external_id: arxiv: - '2402.07889' file: - access_level: closed content_type: application/pdf creator: khedkarm date_created: 2024-03-03T14:39:08Z date_updated: 2024-03-03T14:39:08Z file_id: '52236' file_name: 2402.07889v1.pdf file_size: 530812 relation: main_file success: 1 file_date_updated: 2024-03-03T14:39:08Z has_accepted_license: '1' keyword: - static program analysis - data protection and privacy - GDPR compliance language: - iso: eng publication: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems status: public title: Toward an Android Static Analysis Approach for Data Protection type: conference user_id: '88024' year: '2024' ... --- _id: '52587' author: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Jens full_name: Pottebaum, Jens id: '405' last_name: Pottebaum orcid: http://orcid.org/0000-0001-8778-2989 - first_name: Markus full_name: Fockel, Markus last_name: Fockel - first_name: Iris full_name: Gräßler, Iris id: '47565' last_name: Gräßler orcid: 0000-0001-5765-971X citation: ama: Bodden E, Pottebaum J, Fockel M, Gräßler I. Evaluating Security Through Isolation and Defense in Depth. IEEE Security & Privacy. 2024;22(1):69-72. doi:10.1109/msec.2023.3336028 apa: Bodden, E., Pottebaum, J., Fockel, M., & Gräßler, I. (2024). Evaluating Security Through Isolation and Defense in Depth. IEEE Security & Privacy, 22(1), 69–72. https://doi.org/10.1109/msec.2023.3336028 bibtex: '@article{Bodden_Pottebaum_Fockel_Gräßler_2024, title={Evaluating Security Through Isolation and Defense in Depth}, volume={22}, DOI={10.1109/msec.2023.3336028}, number={1}, journal={IEEE Security & Privacy}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Bodden, Eric and Pottebaum, Jens and Fockel, Markus and Gräßler, Iris}, year={2024}, pages={69–72} }' chicago: 'Bodden, Eric, Jens Pottebaum, Markus Fockel, and Iris Gräßler. “Evaluating Security Through Isolation and Defense in Depth.” IEEE Security & Privacy 22, no. 1 (2024): 69–72. https://doi.org/10.1109/msec.2023.3336028.' ieee: 'E. Bodden, J. Pottebaum, M. Fockel, and I. Gräßler, “Evaluating Security Through Isolation and Defense in Depth,” IEEE Security & Privacy, vol. 22, no. 1, pp. 69–72, 2024, doi: 10.1109/msec.2023.3336028.' mla: Bodden, Eric, et al. “Evaluating Security Through Isolation and Defense in Depth.” IEEE Security & Privacy, vol. 22, no. 1, Institute of Electrical and Electronics Engineers (IEEE), 2024, pp. 69–72, doi:10.1109/msec.2023.3336028. short: E. Bodden, J. Pottebaum, M. Fockel, I. Gräßler, IEEE Security & Privacy 22 (2024) 69–72. date_created: 2024-03-15T20:16:18Z date_updated: 2024-03-15T20:25:13Z department: - _id: '152' - _id: '76' - _id: '241' doi: 10.1109/msec.2023.3336028 intvolume: ' 22' issue: '1' keyword: - Law - Electrical and Electronic Engineering - Computer Networks and Communications language: - iso: eng page: 69-72 publication: IEEE Security & Privacy publication_identifier: issn: - 1540-7993 - 1558-4046 publication_status: published publisher: Institute of Electrical and Electronics Engineers (IEEE) quality_controlled: '1' status: public title: Evaluating Security Through Isolation and Defense in Depth type: journal_article user_id: '405' volume: 22 year: '2024' ... --- _id: '52663' abstract: - lang: eng text: "Context\r\nStatic analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results.\r\nMethod\r\nTo address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview.\r\nResult\r\nWe found that 50 % of the projects with a report had at least one error chain. Our runtime benchmark demonstrated that our improvement caused only a minimal runtime overhead of less than 4 %. The results of our expert interview indicate that with our adapted version participants require fewer executions of the analysis.\r\nConclusion\r\nOur results indicate that error chains occur frequently in real-world projects, and ignoring them can lead to imprecise evaluation results. The runtime benchmark indicates that our tool is a feasible and efficient solution for detecting error chains in real-world projects. Further, our results gave a hint that the usability of static analyses may benefit from supporting error chains." author: - first_name: Anna-Katharina full_name: Wickert, Anna-Katharina last_name: Wickert - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Marvin full_name: Vogel, Marvin last_name: Vogel - first_name: Lukas full_name: Winter, Lukas last_name: Winter - first_name: Mira full_name: Mezini, Mira last_name: Mezini - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Wickert A-K, Schlichtig M, Vogel M, Winter L, Mezini M, Bodden E. Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability.; 2024. apa: Wickert, A.-K., Schlichtig, M., Vogel, M., Winter, L., Mezini, M., & Bodden, E. (2024). Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability. bibtex: '@book{Wickert_Schlichtig_Vogel_Winter_Mezini_Bodden_2024, title={Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability}, author={Wickert, Anna-Katharina and Schlichtig, Michael and Vogel, Marvin and Winter, Lukas and Mezini, Mira and Bodden, Eric}, year={2024} }' chicago: Wickert, Anna-Katharina, Michael Schlichtig, Marvin Vogel, Lukas Winter, Mira Mezini, and Eric Bodden. Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability, 2024. ieee: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability. 2024. mla: Wickert, Anna-Katharina, et al. Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability. 2024. short: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability, 2024. date_created: 2024-03-20T09:28:36Z date_updated: 2024-03-20T09:32:29Z department: - _id: '76' keyword: - Static analysis - error chains - false positive re- duction - empirical studies language: - iso: eng main_file_link: - url: https://arxiv.org/abs/2403.07808 status: public title: Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability type: misc user_id: '32312' year: '2024' ... --- _id: '35083' author: - first_name: Andreas Peter full_name: Dann, Andreas Peter id: '26886' last_name: Dann - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Dann AP, Hermann B, Bodden E. UpCy: Safely Updating Outdated Dependencies. Published online 2023.' apa: 'Dann, A. P., Hermann, B., & Bodden, E. (2023). UpCy: Safely Updating Outdated Dependencies.' bibtex: '@article{Dann_Hermann_Bodden_2023, series={International Conference on Software Engineering (ICSE)}, title={UpCy: Safely Updating Outdated Dependencies}, author={Dann, Andreas Peter and Hermann, Ben and Bodden, Eric}, year={2023}, collection={International Conference on Software Engineering (ICSE)} }' chicago: 'Dann, Andreas Peter, Ben Hermann, and Eric Bodden. “UpCy: Safely Updating Outdated Dependencies.” International Conference on Software Engineering (ICSE), 2023.' ieee: 'A. P. Dann, B. Hermann, and E. Bodden, “UpCy: Safely Updating Outdated Dependencies.” 2023.' mla: 'Dann, Andreas Peter, et al. UpCy: Safely Updating Outdated Dependencies. 2023.' short: A.P. Dann, B. Hermann, E. Bodden, (2023). date_created: 2023-01-02T09:26:50Z date_updated: 2023-01-02T09:28:32Z department: - _id: '76' language: - iso: eng series_title: International Conference on Software Engineering (ICSE) status: public title: 'UpCy: Safely Updating Outdated Dependencies' type: conference user_id: '15249' year: '2023' ... --- _id: '41812' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Ranjith full_name: Krishnamurthy, Ranjith id: '78060' last_name: Krishnamurthy orcid: 0000-0002-0906-5463 - first_name: Julian full_name: Dolby, Julian last_name: Dolby - first_name: Martin full_name: Schäf, Martin last_name: Schäf - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Luo L, Piskachev G, Krishnamurthy R, Dolby J, Schäf M, Bodden E. Model Generation For Java Frameworks. In: IEEE International Conference on Software Testing, Verification and Validation (ICST). ; 2023.' apa: Luo, L., Piskachev, G., Krishnamurthy, R., Dolby, J., Schäf, M., & Bodden, E. (2023). Model Generation For Java Frameworks. IEEE International Conference on Software Testing, Verification and Validation (ICST). bibtex: '@inproceedings{Luo_Piskachev_Krishnamurthy_Dolby_Schäf_Bodden_2023, title={Model Generation For Java Frameworks}, booktitle={IEEE International Conference on Software Testing, Verification and Validation (ICST)}, author={Luo, Linghui and Piskachev, Goran and Krishnamurthy, Ranjith and Dolby, Julian and Schäf, Martin and Bodden, Eric}, year={2023} }' chicago: Luo, Linghui, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin Schäf, and Eric Bodden. “Model Generation For Java Frameworks.” In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. ieee: L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden, “Model Generation For Java Frameworks,” 2023. mla: Luo, Linghui, et al. “Model Generation For Java Frameworks.” IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. short: 'L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, E. Bodden, in: IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023.' date_created: 2023-02-06T10:37:23Z date_updated: 2023-02-06T10:42:29Z department: - _id: '76' - _id: '662' language: - iso: eng publication: IEEE International Conference on Software Testing, Verification and Validation (ICST) status: public title: Model Generation For Java Frameworks type: conference user_id: '15249' year: '2023' ... --- _id: '41813' author: - first_name: Ashwin Prasad full_name: Shivarpatna Venkatesh, Ashwin Prasad id: '66637' last_name: Shivarpatna Venkatesh - first_name: Jiawei full_name: Wang, Jiawei last_name: Wang - first_name: Li full_name: Li, Li last_name: Li - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Shivarpatna Venkatesh AP, Wang J, Li L, Bodden E. Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis. In: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). ; 2023.' apa: Shivarpatna Venkatesh, A. P., Wang, J., Li, L., & Bodden, E. (2023). Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis. IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). bibtex: '@inproceedings{Shivarpatna Venkatesh_Wang_Li_Bodden_2023, title={Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis}, booktitle={IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)}, author={Shivarpatna Venkatesh, Ashwin Prasad and Wang, Jiawei and Li, Li and Bodden, Eric}, year={2023} }' chicago: Shivarpatna Venkatesh, Ashwin Prasad, Jiawei Wang, Li Li, and Eric Bodden. “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis.” In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023. ieee: A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis,” 2023. mla: Shivarpatna Venkatesh, Ashwin Prasad, et al. “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis.” IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023. short: 'A.P. Shivarpatna Venkatesh, J. Wang, L. Li, E. Bodden, in: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023.' date_created: 2023-02-06T10:44:08Z date_updated: 2023-02-06T10:46:00Z department: - _id: '76' language: - iso: eng publication: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) status: public title: Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis type: conference user_id: '15249' year: '2023' ... --- _id: '45312' author: - first_name: Kadiray full_name: Karakaya, Kadiray last_name: Karakaya - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Karakaya K, Bodden E. Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis. In: 2023 IEEE Conference on Software Testing, Verification and Validation (ICST). IEEE; 2023. doi:10.1109/icst57152.2023.00036' apa: Karakaya, K., & Bodden, E. (2023). Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis. 2023 IEEE Conference on Software Testing, Verification and Validation (ICST). https://doi.org/10.1109/icst57152.2023.00036 bibtex: '@inproceedings{Karakaya_Bodden_2023, title={Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis}, DOI={10.1109/icst57152.2023.00036}, booktitle={2023 IEEE Conference on Software Testing, Verification and Validation (ICST)}, publisher={IEEE}, author={Karakaya, Kadiray and Bodden, Eric}, year={2023} }' chicago: Karakaya, Kadiray, and Eric Bodden. “Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis.” In 2023 IEEE Conference on Software Testing, Verification and Validation (ICST). IEEE, 2023. https://doi.org/10.1109/icst57152.2023.00036. ieee: 'K. Karakaya and E. Bodden, “Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis,” 2023, doi: 10.1109/icst57152.2023.00036.' mla: Karakaya, Kadiray, and Eric Bodden. “Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis.” 2023 IEEE Conference on Software Testing, Verification and Validation (ICST), IEEE, 2023, doi:10.1109/icst57152.2023.00036. short: 'K. Karakaya, E. Bodden, in: 2023 IEEE Conference on Software Testing, Verification and Validation (ICST), IEEE, 2023.' date_created: 2023-05-29T12:09:43Z date_updated: 2023-05-29T12:12:17Z department: - _id: '76' doi: 10.1109/icst57152.2023.00036 publication: 2023 IEEE Conference on Software Testing, Verification and Validation (ICST) publication_status: published publisher: IEEE status: public title: Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis type: conference user_id: '70410' year: '2023' ... --- _id: '46816' author: - first_name: Adriano full_name: Torres, Adriano last_name: Torres - first_name: Pedro full_name: Costa, Pedro last_name: Costa - first_name: Luis full_name: Amaral, Luis last_name: Amaral - first_name: Jonata full_name: Pastro, Jonata last_name: Pastro - first_name: Rodrigo full_name: Bonifácio, Rodrigo last_name: Bonifácio - first_name: Marcelo full_name: d'Amorim, Marcelo last_name: d'Amorim - first_name: Owolabi full_name: Legunsen, Owolabi last_name: Legunsen - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Edna full_name: Dias Canedo, Edna last_name: Dias Canedo citation: ama: 'Torres A, Costa P, Amaral L, et al. Runtime Verification of Crypto APIs: An Empirical Study. IEEE Transactions on Software Engineering. 2023;49(10):4510-4525. doi:10.1109/tse.2023.3301660' apa: 'Torres, A., Costa, P., Amaral, L., Pastro, J., Bonifácio, R., d’Amorim, M., Legunsen, O., Bodden, E., & Dias Canedo, E. (2023). Runtime Verification of Crypto APIs: An Empirical Study. IEEE Transactions on Software Engineering, 49(10), 4510–4525. https://doi.org/10.1109/tse.2023.3301660' bibtex: '@article{Torres_Costa_Amaral_Pastro_Bonifácio_d’Amorim_Legunsen_Bodden_Dias Canedo_2023, title={Runtime Verification of Crypto APIs: An Empirical Study}, volume={49}, DOI={10.1109/tse.2023.3301660}, number={10}, journal={IEEE Transactions on Software Engineering}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Torres, Adriano and Costa, Pedro and Amaral, Luis and Pastro, Jonata and Bonifácio, Rodrigo and d’Amorim, Marcelo and Legunsen, Owolabi and Bodden, Eric and Dias Canedo, Edna}, year={2023}, pages={4510–4525} }' chicago: 'Torres, Adriano, Pedro Costa, Luis Amaral, Jonata Pastro, Rodrigo Bonifácio, Marcelo d’Amorim, Owolabi Legunsen, Eric Bodden, and Edna Dias Canedo. “Runtime Verification of Crypto APIs: An Empirical Study.” IEEE Transactions on Software Engineering 49, no. 10 (2023): 4510–25. https://doi.org/10.1109/tse.2023.3301660.' ieee: 'A. Torres et al., “Runtime Verification of Crypto APIs: An Empirical Study,” IEEE Transactions on Software Engineering, vol. 49, no. 10, pp. 4510–4525, 2023, doi: 10.1109/tse.2023.3301660.' mla: 'Torres, Adriano, et al. “Runtime Verification of Crypto APIs: An Empirical Study.” IEEE Transactions on Software Engineering, vol. 49, no. 10, Institute of Electrical and Electronics Engineers (IEEE), 2023, pp. 4510–25, doi:10.1109/tse.2023.3301660.' short: A. Torres, P. Costa, L. Amaral, J. Pastro, R. Bonifácio, M. d’Amorim, O. Legunsen, E. Bodden, E. Dias Canedo, IEEE Transactions on Software Engineering 49 (2023) 4510–4525. date_created: 2023-09-06T07:42:40Z date_updated: 2023-12-04T11:05:26Z department: - _id: '76' doi: 10.1109/tse.2023.3301660 intvolume: ' 49' issue: '10' keyword: - Software language: - iso: eng page: 4510 - 4525 publication: IEEE Transactions on Software Engineering publication_identifier: issn: - 0098-5589 - 1939-3520 - 2326-3881 publication_status: published publisher: Institute of Electrical and Electronics Engineers (IEEE) status: public title: 'Runtime Verification of Crypto APIs: An Empirical Study' type: journal_article user_id: '15249' volume: 49 year: '2023' ... --- _id: '49439' abstract: - lang: eng text: AbstractThe use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, Fortify and CheckMarx, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope. article_number: '118' author: - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Matthias full_name: Becker, Matthias id: '4870' last_name: Becker orcid: https://orcid.org/0000-0003-2465-9347 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Piskachev G, Becker M, Bodden E. Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. Empirical Software Engineering. 2023;28(5). doi:10.1007/s10664-023-10354-3 apa: Piskachev, G., Becker, M., & Bodden, E. (2023). Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. Empirical Software Engineering, 28(5), Article 118. https://doi.org/10.1007/s10664-023-10354-3 bibtex: '@article{Piskachev_Becker_Bodden_2023, title={Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study}, volume={28}, DOI={10.1007/s10664-023-10354-3}, number={5118}, journal={Empirical Software Engineering}, publisher={Springer Science and Business Media LLC}, author={Piskachev, Goran and Becker, Matthias and Bodden, Eric}, year={2023} }' chicago: Piskachev, Goran, Matthias Becker, and Eric Bodden. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” Empirical Software Engineering 28, no. 5 (2023). https://doi.org/10.1007/s10664-023-10354-3. ieee: 'G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study,” Empirical Software Engineering, vol. 28, no. 5, Art. no. 118, 2023, doi: 10.1007/s10664-023-10354-3.' mla: Piskachev, Goran, et al. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” Empirical Software Engineering, vol. 28, no. 5, 118, Springer Science and Business Media LLC, 2023, doi:10.1007/s10664-023-10354-3. short: G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023). date_created: 2023-12-04T11:14:34Z date_updated: 2023-12-04T11:29:49Z department: - _id: '76' - _id: '662' doi: 10.1007/s10664-023-10354-3 intvolume: ' 28' issue: '5' keyword: - Software language: - iso: eng publication: Empirical Software Engineering publication_identifier: issn: - 1382-3256 - 1573-7616 publication_status: published publisher: Springer Science and Business Media LLC status: public title: Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study type: journal_article user_id: '15249' volume: 28 year: '2023' ... --- _id: '49438' author: - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Michael full_name: Reif, Michael last_name: Reif - first_name: Anna-Katharina full_name: Wickert, Anna-Katharina last_name: Wickert - first_name: Sarah full_name: Nadi, Sarah last_name: Nadi - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Yasemin full_name: Acar, Yasemin id: '94636' last_name: Acar - first_name: Mira full_name: Mezini, Mira last_name: Mezini - first_name: Sascha full_name: Fahl, Sascha last_name: Fahl citation: ama: 'Krüger S, Reif M, Wickert A-K, et al. Securing Your Crypto-API Usage Through Tool Support - A Usability Study. In: 2023 IEEE Secure Development Conference (SecDev). IEEE; 2023. doi:10.1109/secdev56634.2023.00015' apa: Krüger, S., Reif, M., Wickert, A.-K., Nadi, S., Ali, K., Bodden, E., Acar, Y., Mezini, M., & Fahl, S. (2023). Securing Your Crypto-API Usage Through Tool Support - A Usability Study. 2023 IEEE Secure Development Conference (SecDev). https://doi.org/10.1109/secdev56634.2023.00015 bibtex: '@inproceedings{Krüger_Reif_Wickert_Nadi_Ali_Bodden_Acar_Mezini_Fahl_2023, title={Securing Your Crypto-API Usage Through Tool Support - A Usability Study}, DOI={10.1109/secdev56634.2023.00015}, booktitle={2023 IEEE Secure Development Conference (SecDev)}, publisher={IEEE}, author={Krüger, Stefan and Reif, Michael and Wickert, Anna-Katharina and Nadi, Sarah and Ali, Karim and Bodden, Eric and Acar, Yasemin and Mezini, Mira and Fahl, Sascha}, year={2023} }' chicago: Krüger, Stefan, Michael Reif, Anna-Katharina Wickert, Sarah Nadi, Karim Ali, Eric Bodden, Yasemin Acar, Mira Mezini, and Sascha Fahl. “Securing Your Crypto-API Usage Through Tool Support - A Usability Study.” In 2023 IEEE Secure Development Conference (SecDev). IEEE, 2023. https://doi.org/10.1109/secdev56634.2023.00015. ieee: 'S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support - A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.' mla: Krüger, Stefan, et al. “Securing Your Crypto-API Usage Through Tool Support - A Usability Study.” 2023 IEEE Secure Development Conference (SecDev), IEEE, 2023, doi:10.1109/secdev56634.2023.00015. short: 'S. Krüger, M. Reif, A.-K. Wickert, S. Nadi, K. Ali, E. Bodden, Y. Acar, M. Mezini, S. Fahl, in: 2023 IEEE Secure Development Conference (SecDev), IEEE, 2023.' date_created: 2023-12-04T11:07:08Z date_updated: 2023-12-04T11:14:10Z department: - _id: '76' - _id: '740' doi: 10.1109/secdev56634.2023.00015 language: - iso: eng publication: 2023 IEEE Secure Development Conference (SecDev) publication_status: published publisher: IEEE status: public title: Securing Your Crypto-API Usage Through Tool Support - A Usability Study type: conference user_id: '15249' year: '2023' ... --- _id: '48946' abstract: - lang: ger text: inhalt Der verlässliche Betrieb von technischen Produkten wird zunehmend durch bewusste Angriffe bedroht. Vollständige Sicherheit ist dabei nicht möglich, durchschlagende Angriffe sind unvermeidbar (Assume Breach). Dies erfordert einen Paradigmenwechsel in der sicherheitsgerechten Entwicklung mechatronischer und cyber-physischer Systeme hin zu Defense-in-Depth. Systeme müssen so ausgelegt werden, dass sie auch bei gezielten Angriffen möglichst hohe Zuverlässigkeit und Sicherheit gewährleisten. Der hier beschriebene Lösungsansatz erweitert das Systemmodell um Angriffsszenarien und Verteidigungslinien. Diese werden am Beispiel eines industriellen Schließsystems zur Anlagensicherheit erläutert. Entwickler werden sensibilisiert, Angriffe systematisch zu berücksichtigen und interdisziplinär Verteidigungselemente gegenüber Bedrohungen und Angriffen zu spezifizieren. - lang: eng text: The reliable operation of technical products is increasingly threatened by deliberate attacks. Complete security is not possible, striking attacks are unavoidable (assume breach). This requires a paradigm shift in security-oriented engineering of mechatronic and cyber-physical systems towards Defense-in-Depth. Systems need to be engineered in a way that full reliability and security are ensured even in case of targeted attacks. The solution approach described here expands the system model to include attack scenarios and lines of defence. It is applied to an industrial locking system for plant security as an example. Developers are sensitised to systematically consider attacks and to specify interdisciplinary defence elements against threats and attacks. article_type: original author: - first_name: Iris full_name: Gräßler, Iris id: '47565' last_name: Gräßler orcid: 0000-0001-5765-971X - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Dominik full_name: Wiechel, Dominik id: '67161' last_name: Wiechel - first_name: Jens full_name: Pottebaum, Jens id: '405' last_name: Pottebaum orcid: http://orcid.org/0000-0001-8778-2989 citation: ama: 'Gräßler I, Bodden E, Wiechel D, Pottebaum J. Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security. Konstruktion. 2023;75(11-12):60-65. doi:10.37544/0720-5953-2023-11-12-60' apa: 'Gräßler, I., Bodden, E., Wiechel, D., & Pottebaum, J. (2023). Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security. Konstruktion, 75(11–12), 60–65. https://doi.org/10.37544/0720-5953-2023-11-12-60' bibtex: '@article{Gräßler_Bodden_Wiechel_Pottebaum_2023, title={Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security}, volume={75}, DOI={10.37544/0720-5953-2023-11-12-60}, number={11–12}, journal={Konstruktion}, publisher={VDI Fachmedien GmbH and Co. KG}, author={Gräßler, Iris and Bodden, Eric and Wiechel, Dominik and Pottebaum, Jens}, year={2023}, pages={60–65} }' chicago: 'Gräßler, Iris, Eric Bodden, Dominik Wiechel, and Jens Pottebaum. “Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security.” Konstruktion 75, no. 11–12 (2023): 60–65. https://doi.org/10.37544/0720-5953-2023-11-12-60.' ieee: 'I. Gräßler, E. Bodden, D. Wiechel, and J. Pottebaum, “Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security,” Konstruktion, vol. 75, no. 11–12, pp. 60–65, 2023, doi: 10.37544/0720-5953-2023-11-12-60.' mla: 'Gräßler, Iris, et al. “Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security.” Konstruktion, vol. 75, no. 11–12, VDI Fachmedien GmbH and Co. KG, 2023, pp. 60–65, doi:10.37544/0720-5953-2023-11-12-60.' short: I. Gräßler, E. Bodden, D. Wiechel, J. Pottebaum, Konstruktion 75 (2023) 60–65. date_created: 2023-11-16T08:23:12Z date_updated: 2023-12-20T14:10:51Z department: - _id: '152' - _id: '76' doi: 10.37544/0720-5953-2023-11-12-60 intvolume: ' 75' issue: 11-12 keyword: - Mechanical Engineering - Mechanics of Materials - General Materials Science - Theoretical Computer Science language: - iso: ger page: 60-65 publication: Konstruktion publication_identifier: issn: - 0720-5953 publication_status: published publisher: VDI Fachmedien GmbH and Co. KG quality_controlled: '1' status: public title: 'Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security' type: journal_article user_id: '405' volume: 75 year: '2023' ... --- _id: '46500' abstract: - lang: eng text: The security of Industrial Control Systems is relevant both for reliable production system operations and for high-quality throughput in terms of manufactured products. Security measures are designed, operated and maintained by different roles along product and production system lifecycles. Defense-in-Depth as a paradigm builds upon the assumption that breaches are unavoidable. The paper at hand provides an analysis of roles, corresponding Human Factors and their relevance for data theft and sabotage attacks. The resulting taxonomy is reflected by an example related to Additive Manufacturing. The results assist in both designing and redesigning Industrial Control System as part of an entire production system so that Defense-in-Depth with regard to Human Factors is built in by design. author: - first_name: Jens full_name: Pottebaum, Jens id: '405' last_name: Pottebaum orcid: http://orcid.org/0000-0001-8778-2989 - first_name: Jost full_name: Rossel, Jost id: '58331' last_name: Rossel orcid: 0000-0002-3182-4059 - first_name: Juraj full_name: Somorovsky, Juraj id: '83504' last_name: Somorovsky orcid: 0000-0002-3593-7720 - first_name: Yasemin full_name: Acar, Yasemin id: '94636' last_name: Acar - first_name: René full_name: Fahr, René id: '111' last_name: Fahr - first_name: Patricia full_name: Arias Cabarcos, Patricia id: '92804' last_name: Arias Cabarcos - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Iris full_name: Gräßler, Iris id: '47565' last_name: Gräßler orcid: 0000-0001-5765-971X citation: ama: 'Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048' apa: Pottebaum, J., Rossel, J., Somorovsky, J., Acar, Y., Fahr, R., Arias Cabarcos, P., Bodden, E., & Gräßler, I. (2023). Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 379–385. https://doi.org/10.1109/eurospw59978.2023.00048 bibtex: '@inproceedings{Pottebaum_Rossel_Somorovsky_Acar_Fahr_Arias Cabarcos_Bodden_Gräßler_2023, title={Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}, DOI={10.1109/eurospw59978.2023.00048}, booktitle={2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}, publisher={IEEE}, author={Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}, year={2023}, pages={379–385} }' chicago: Pottebaum, Jens, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr, Patricia Arias Cabarcos, Eric Bodden, and Iris Gräßler. “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.” In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 379–85. IEEE, 2023. https://doi.org/10.1109/eurospw59978.2023.00048. ieee: 'J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.' mla: Pottebaum, Jens, et al. “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.” 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–85, doi:10.1109/eurospw59978.2023.00048. short: 'J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.' conference: end_date: 2023-07-07 location: Delft, Netherlands name: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) start_date: 2023-07-03 date_created: 2023-08-15T12:21:05Z date_updated: 2023-12-20T14:12:25Z department: - _id: '34' - _id: '740' - _id: '152' - _id: '76' doi: 10.1109/eurospw59978.2023.00048 keyword: - Defense-in-Depth - Human Factors - Production Engineering - Product Design - Systems Engineering language: - iso: eng main_file_link: - url: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10190647 page: 379-385 publication: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) publication_status: published publisher: IEEE quality_controlled: '1' status: public title: Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth type: conference user_id: '405' year: '2023' ... --- _id: '44146' abstract: - lang: eng text: "Many Android applications collect data from users. When they do, they must\r\nprotect this collected data according to the current legal frameworks. Such\r\ndata protection has become even more important since the European Union rolled\r\nout the General Data Protection Regulation (GDPR). App developers have limited\r\ntool support to reason about data protection throughout their app development\r\nprocess. Although many Android applications state a privacy policy, privacy\r\npolicy compliance checks are currently manual, expensive, and prone to error.\r\nOne of the major challenges in privacy audits is the significant gap between\r\nlegal privacy statements (in English text) and technical measures that Android\r\napps use to protect their user's privacy. In this thesis, we will explore to\r\nwhat extent we can use static analysis to answer important questions regarding\r\ndata protection. Our main goal is to design a tool based approach that aids app\r\ndevelopers and auditors in ensuring data protection in Android applications,\r\nbased on automated static program analysis." author: - first_name: Mugdha full_name: Khedkar, Mugdha id: '88024' last_name: Khedkar citation: ama: 'Khedkar M. Static Analysis for Android GDPR Compliance Assurance. In: Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23). doi:10.1109/ICSE-Companion58688.2023.00054' apa: 'Khedkar, M. (n.d.). Static Analysis for Android GDPR Compliance Assurance. Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23). https://doi.org/10.1109/ICSE-Companion58688.2023.00054' bibtex: '@inproceedings{Khedkar, title={Static Analysis for Android GDPR Compliance Assurance}, DOI={10.1109/ICSE-Companion58688.2023.00054}, booktitle={Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23)}, author={Khedkar, Mugdha} }' chicago: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.” In Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23), n.d. https://doi.org/10.1109/ICSE-Companion58688.2023.00054.' ieee: 'M. Khedkar, “Static Analysis for Android GDPR Compliance Assurance,” doi: 10.1109/ICSE-Companion58688.2023.00054.' mla: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.” Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23), doi:10.1109/ICSE-Companion58688.2023.00054.' short: 'M. Khedkar, in: Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23), n.d.' date_created: 2023-04-24T12:14:17Z date_updated: 2024-03-03T14:45:09Z ddc: - '004' department: - _id: '76' doi: 10.1109/ICSE-Companion58688.2023.00054 external_id: arxiv: - '2303.09606' file: - access_level: closed content_type: application/pdf creator: khedkarm date_created: 2023-04-24T12:15:27Z date_updated: 2023-04-24T12:15:27Z file_id: '44147' file_name: 2023047614.pdf file_size: 85313 relation: main_file success: 1 file_date_updated: 2023-04-24T12:15:27Z has_accepted_license: '1' keyword: - static analysis - data protection and privacy - GDPR compliance language: - iso: eng publication: 'Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23)' publication_status: accepted status: public title: Static Analysis for Android GDPR Compliance Assurance type: conference user_id: '88024' year: '2023' ... --- _id: '52662' abstract: - lang: eng text: Static analysis tools support developers in detecting potential coding issues, such as bugs or vulnerabilities. Research emphasizes technical challenges of such tools but also mentions severe usability shortcomings. These shortcomings hinder the adoption of static analysis tools, and user dissatisfaction may even lead to tool abandonment. To comprehensively assess the state of the art, we present the first systematic usability evaluation of a wide range of static analysis tools. We derived a set of 36 relevant criteria from the literature and used them to evaluate a total of 46 static analysis tools complying with our inclusion and exclusion criteria - a representative set of mainly non-proprietary tools. The evaluation against the usability criteria in a multiple-raters approach shows that two thirds of the considered tools off er poor warning messages, while about three-quarters provide hardly any fix support. Furthermore, the integration of user knowledge is strongly neglected, which could be used for instance, to improve handling of false positives. Finally, issues regarding workflow integration and specialized user interfaces are revealed. These findings should prove useful in guiding and focusing further research and development in user experience for static code analyses. author: - first_name: Marcus full_name: Nachtigall, Marcus id: '41213' last_name: Nachtigall - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Nachtigall M, Schlichtig M, Bodden E. Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale. In: Software Engineering 2023. Gesellschaft für Informatik e.V.; 2023:95–96.' apa: Nachtigall, M., Schlichtig, M., & Bodden, E. (2023). Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale. In Software Engineering 2023 (pp. 95–96). Gesellschaft für Informatik e.V. bibtex: '@inbook{Nachtigall_Schlichtig_Bodden_2023, place={Bonn}, title={Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale}, booktitle={Software Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Nachtigall, Marcus and Schlichtig, Michael and Bodden, Eric}, year={2023}, pages={95–96} }' chicago: 'Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale.” In Software Engineering 2023, 95–96. Bonn: Gesellschaft für Informatik e.V., 2023.' ieee: 'M. Nachtigall, M. Schlichtig, and E. Bodden, “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 95–96.' mla: Nachtigall, Marcus, et al. “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale.” Software Engineering 2023, Gesellschaft für Informatik e.V., 2023, pp. 95–96. short: 'M. Nachtigall, M. Schlichtig, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 95–96.' date_created: 2024-03-20T09:26:29Z date_updated: 2024-03-20T09:27:41Z department: - _id: '76' keyword: - Automated static analysis - Software usability language: - iso: eng main_file_link: - url: https://dl.gi.de/items/5afe477f-2f6a-4b3d-b391-f024baf0b7a5 page: 95–96 place: Bonn publication: Software Engineering 2023 publication_identifier: isbn: - 978-3-88579-726-5 publisher: Gesellschaft für Informatik e.V. status: public title: Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale type: book_chapter user_id: '32312' year: '2023' ... --- _id: '52660' abstract: - lang: eng text: Application Programming Interfaces (APIs) are the primary mechanism developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and how they are caused, is important to prevent them, eg, with API misuse detectors. However, definitions for API misuses and related terms in literature vary. This paper presents a systematic literature review to clarify these terms and introduces FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To address this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detector’s capabilities, we performed a case study on the state-of the-art misuse detection tool CogniCrypt. The study showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify weaknesses and assist in deriving mitigations and improvements. author: - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Steffen full_name: Sassalla, Steffen last_name: Sassalla - first_name: Krishna full_name: Narasimhan, Krishna last_name: Narasimhan - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In: Software Engineering 2023. Gesellschaft für Informatik e.V.; 2023:105–106.' apa: 'Schlichtig, M., Sassalla, S., Narasimhan, K., & Bodden, E. (2023). Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In Software Engineering 2023 (pp. 105–106). Gesellschaft für Informatik e.V.' bibtex: '@inbook{Schlichtig_Sassalla_Narasimhan_Bodden_2023, place={Bonn}, title={Introducing FUM: A Framework for API Usage Constraint and Misuse Classification}, booktitle={Software Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Schlichtig, Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2023}, pages={105–106} }' chicago: 'Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” In Software Engineering 2023, 105–106. Bonn: Gesellschaft für Informatik e.V., 2023.' ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.' mla: 'Schlichtig, Michael, et al. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” Software Engineering 2023, Gesellschaft für Informatik e.V., 2023, pp. 105–106.' short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.' date_created: 2024-03-20T09:22:27Z date_updated: 2024-03-20T09:25:46Z department: - _id: '76' keyword: - API misuses API usage constraints - classification framework - API misuse detection - static analysis language: - iso: eng main_file_link: - url: https://dl.gi.de/items/c4825557-cf3d-4038-933a-d8f95fd324a2 page: 105–106 place: Bonn publication: Software Engineering 2023 publication_identifier: isbn: - 978-3-88579-726-5 publisher: Gesellschaft für Informatik e.V. status: public title: 'Introducing FUM: A Framework for API Usage Constraint and Misuse Classification' type: book_chapter user_id: '32312' year: '2023' ... --- _id: '31844' abstract: - lang: eng text: "Encrypting data before sending it to the cloud ensures data confidentiality but requires the cloud to compute on encrypted data. Trusted execution environments, such as Intel SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program give attackers ample opportunities to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side channels. Fully homomorphic encryption would be an alternative to compute on encrypted data without data leaks. However, due to its high computational complexity, its applicability to general-purpose computing remains limited. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data.\r\n \r\n \ We introduce the concept of\r\n dataflow authentication\r\n \ (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described previously. We implemented two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave running a small and program-independent trusted code base. We applied DFAuth to a neural network performing machine learning on sensitive medical data and a smart charging scheduler for electric vehicles. Our transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in\r\n \r\n \\( 12.55 \\,\\mathrm{m}\\mathrm{s} \\)\r\n \ \r\n . Our protected scheduler is capable of updating the encrypted charging plan in approximately 1.06 seconds.\r\n \ " author: - first_name: Andreas full_name: Fischer, Andreas last_name: Fischer - first_name: Benny full_name: Fuhry, Benny last_name: Fuhry - first_name: Jörn full_name: Kußmaul, Jörn last_name: Kußmaul - first_name: Jonas full_name: Janneck, Jonas last_name: Janneck - first_name: Florian full_name: Kerschbaum, Florian last_name: Kerschbaum - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Fischer A, Fuhry B, Kußmaul J, Janneck J, Kerschbaum F, Bodden E. Computation on Encrypted Data Using Dataflow Authentication. ACM Transactions on Privacy and Security. 2022;25(3):1-36. doi:10.1145/3513005 apa: Fischer, A., Fuhry, B., Kußmaul, J., Janneck, J., Kerschbaum, F., & Bodden, E. (2022). Computation on Encrypted Data Using Dataflow Authentication. ACM Transactions on Privacy and Security, 25(3), 1–36. https://doi.org/10.1145/3513005 bibtex: '@article{Fischer_Fuhry_Kußmaul_Janneck_Kerschbaum_Bodden_2022, title={Computation on Encrypted Data Using Dataflow Authentication}, volume={25}, DOI={10.1145/3513005}, number={3}, journal={ACM Transactions on Privacy and Security}, publisher={Association for Computing Machinery (ACM)}, author={Fischer, Andreas and Fuhry, Benny and Kußmaul, Jörn and Janneck, Jonas and Kerschbaum, Florian and Bodden, Eric}, year={2022}, pages={1–36} }' chicago: 'Fischer, Andreas, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum, and Eric Bodden. “Computation on Encrypted Data Using Dataflow Authentication.” ACM Transactions on Privacy and Security 25, no. 3 (2022): 1–36. https://doi.org/10.1145/3513005.' ieee: 'A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data Using Dataflow Authentication,” ACM Transactions on Privacy and Security, vol. 25, no. 3, pp. 1–36, 2022, doi: 10.1145/3513005.' mla: Fischer, Andreas, et al. “Computation on Encrypted Data Using Dataflow Authentication.” ACM Transactions on Privacy and Security, vol. 25, no. 3, Association for Computing Machinery (ACM), 2022, pp. 1–36, doi:10.1145/3513005. short: A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, E. Bodden, ACM Transactions on Privacy and Security 25 (2022) 1–36. date_created: 2022-06-09T10:28:03Z date_updated: 2022-06-09T10:29:19Z department: - _id: '76' doi: 10.1145/3513005 intvolume: ' 25' issue: '3' keyword: - Safety - Risk - Reliability and Quality - General Computer Science language: - iso: eng page: 1-36 publication: ACM Transactions on Privacy and Security publication_identifier: issn: - 2471-2566 - 2471-2574 publication_status: published publisher: Association for Computing Machinery (ACM) status: public title: Computation on Encrypted Data Using Dataflow Authentication type: journal_article user_id: '15249' volume: 25 year: '2022' ... --- _id: '32409' abstract: - lang: eng text: 'Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method: We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair "Cryptographic API Misuse Detection Tool Benchmark Suite". We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain.' author: - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Anna-Katharina full_name: Wickert, Anna-Katharina last_name: Wickert - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Mira full_name: Mezini, Mira last_name: Mezini citation: ama: Schlichtig M, Wickert A-K, Krüger S, Bodden E, Mezini M. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite.; 2022. doi:10.48550/ARXIV.2204.06447 apa: Schlichtig, M., Wickert, A.-K., Krüger, S., Bodden, E., & Mezini, M. (2022). CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. https://doi.org/10.48550/ARXIV.2204.06447 bibtex: '@book{Schlichtig_Wickert_Krüger_Bodden_Mezini_2022, title={CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite}, DOI={10.48550/ARXIV.2204.06447}, author={Schlichtig, Michael and Wickert, Anna-Katharina and Krüger, Stefan and Bodden, Eric and Mezini, Mira}, year={2022} }' chicago: Schlichtig, Michael, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden, and Mira Mezini. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022. https://doi.org/10.48550/ARXIV.2204.06447. ieee: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022. mla: Schlichtig, Michael, et al. CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022, doi:10.48550/ARXIV.2204.06447. short: M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022. date_created: 2022-07-25T07:56:59Z date_updated: 2022-07-25T10:23:44Z department: - _id: '76' doi: 10.48550/ARXIV.2204.06447 keyword: - cryptography - benchmark - API misuse - static analysis language: - iso: eng related_material: link: - relation: confirmation url: https://arxiv.org/abs/2204.06447 status: public title: CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite type: misc user_id: '32312' year: '2022' ... --- _id: '32410' abstract: - lang: eng text: "Static analysis tools support developers in detecting potential coding issues, such as bugs or vulnerabilities. Research on static analysis emphasizes its technical challenges but also mentions severe usability shortcomings. These shortcomings hinder the adoption of static analysis tools, and in some cases, user dissatisfaction even leads to tool abandonment.\r\nTo comprehensively assess the current state of the art, this paper presents the first systematic usability evaluation in a wide range of static analysis tools. We derived a set of 36 relevant criteria from the scientific literature and gathered a collection of 46 static analysis tools complying with our inclusion and exclusion criteria - a representative set of mainly non-proprietary tools. Then, we evaluated how well these tools fulfill the aforementioned criteria.\r\nThe evaluation shows that more than half of the considered tools offer poor warning messages, while about three-quarters of the tools provide hardly any fix support. Furthermore, the integration of user knowledge is strongly neglected, which could be used for improved handling of false positives and tuning the results for the corresponding developer. Finally, issues regarding workflow integration and specialized user interfaces are proved further.\r\nThese findings should prove useful in guiding and focusing further research and development in the area of user experience for static code analyses." author: - first_name: Marcus full_name: Nachtigall, Marcus id: '41213' last_name: Nachtigall - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Nachtigall M, Schlichtig M, Bodden E. A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM; 2022:532-543. doi:10.1145/3533767' apa: Nachtigall, M., Schlichtig, M., & Bodden, E. (2022). A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 532–543. https://doi.org/10.1145/3533767 bibtex: '@inproceedings{Nachtigall_Schlichtig_Bodden_2022, title={A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools}, DOI={10.1145/3533767}, booktitle={Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis}, publisher={ACM}, author={Nachtigall, Marcus and Schlichtig, Michael and Bodden, Eric}, year={2022}, pages={532–543} }' chicago: Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools.” In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 532–43. ACM, 2022. https://doi.org/10.1145/3533767. ieee: 'M. Nachtigall, M. Schlichtig, and E. Bodden, “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools,” in Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2022, pp. 532–543, doi: 10.1145/3533767.' mla: Nachtigall, Marcus, et al. “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools.” Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2022, pp. 532–43, doi:10.1145/3533767. short: 'M. Nachtigall, M. Schlichtig, E. Bodden, in: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2022, pp. 532–543.' date_created: 2022-07-25T08:02:36Z date_updated: 2022-07-26T11:42:23Z department: - _id: '76' doi: 10.1145/3533767 keyword: - Automated static analysis - Software usability language: - iso: eng page: 532 - 543 publication: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis publication_identifier: isbn: - '9781450393799' publication_status: published publisher: ACM quality_controlled: '1' related_material: link: - relation: confirmation url: https://dl.acm.org/doi/10.1145/3533767.3534374 status: public title: A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools type: conference user_id: '32312' year: '2022' ... --- _id: '31133' abstract: - lang: eng text: Application Programming Interfaces (APIs) are the primary mechanism that developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and for what reasons they are caused, is important to prevent them, e.g., with API misuse detectors. However, definitions and nominations for API misuses and related terms in literature vary and are diverse. This paper addresses the problem of scattered knowledge and definitions of API misuses by presenting a systematic literature review on the subject and introducing FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To capture this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detectors' capabilities, we performed a case study on CogniCrypt, a state-of-the-art misuse detector for cryptographic APIs. The study showed that FUM can be used to properly assess CogniCrypt's capabilities, identify weaknesses and assist in deriving mitigations and improvements. And it appears that also more generally FUM can aid the development and improvement of misuse detection tools. author: - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Steffen full_name: Sassalla, Steffen last_name: Sassalla - first_name: Krishna full_name: Narasimhan, Krishna last_name: Narasimhan - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schlichtig M, Sassalla S, Narasimhan K, Bodden E. FUM - A Framework for API Usage constraint and Misuse Classification. In: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). ; 2022:673-684. doi:https://doi.org/10.1109/SANER53432.2022.00085' apa: Schlichtig, M., Sassalla, S., Narasimhan, K., & Bodden, E. (2022). FUM - A Framework for API Usage constraint and Misuse Classification. 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 673–684. https://doi.org/10.1109/SANER53432.2022.00085 bibtex: '@inproceedings{Schlichtig_Sassalla_Narasimhan_Bodden_2022, title={FUM - A Framework for API Usage constraint and Misuse Classification}, DOI={https://doi.org/10.1109/SANER53432.2022.00085}, booktitle={2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)}, author={Schlichtig, Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2022}, pages={673–684} }' chicago: Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden. “FUM - A Framework for API Usage Constraint and Misuse Classification.” In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 673–84, 2022. https://doi.org/10.1109/SANER53432.2022.00085. ieee: 'M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework for API Usage constraint and Misuse Classification,” in 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684, doi: https://doi.org/10.1109/SANER53432.2022.00085.' mla: Schlichtig, Michael, et al. “FUM - A Framework for API Usage Constraint and Misuse Classification.” 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–84, doi:https://doi.org/10.1109/SANER53432.2022.00085. short: 'M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684.' date_created: 2022-05-09T13:04:10Z date_updated: 2022-07-26T11:42:30Z department: - _id: '76' doi: https://doi.org/10.1109/SANER53432.2022.00085 keyword: - API misuses - API usage constraints - classification framework - API misuse detection - static analysis language: - iso: eng page: 673 - 684 publication: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) quality_controlled: '1' related_material: link: - relation: confirmation url: https://ieeexplore.ieee.org/document/9825763 status: public title: FUM - A Framework for API Usage constraint and Misuse Classification type: conference user_id: '32312' year: '2022' ... --- _id: '34057' author: - first_name: Faruk full_name: Pasic, Faruk last_name: Pasic - first_name: Matthias full_name: Becker, Matthias last_name: Becker citation: ama: 'Pasic F, Becker M. Domain-specific Language for Condition Monitoring Software Development. In: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE; 2022. doi:10.1109/etfa52439.2022.9921730' apa: Pasic, F., & Becker, M. (2022). Domain-specific Language for Condition Monitoring Software Development. 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). https://doi.org/10.1109/etfa52439.2022.9921730 bibtex: '@inproceedings{Pasic_Becker_2022, title={Domain-specific Language for Condition Monitoring Software Development}, DOI={10.1109/etfa52439.2022.9921730}, booktitle={2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)}, publisher={IEEE}, author={Pasic, Faruk and Becker, Matthias}, year={2022} }' chicago: Pasic, Faruk, and Matthias Becker. “Domain-Specific Language for Condition Monitoring Software Development.” In 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE, 2022. https://doi.org/10.1109/etfa52439.2022.9921730. ieee: 'F. Pasic and M. Becker, “Domain-specific Language for Condition Monitoring Software Development,” 2022, doi: 10.1109/etfa52439.2022.9921730.' mla: Pasic, Faruk, and Matthias Becker. “Domain-Specific Language for Condition Monitoring Software Development.” 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, 2022, doi:10.1109/etfa52439.2022.9921730. short: 'F. Pasic, M. Becker, in: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, 2022.' date_created: 2022-11-10T14:30:16Z date_updated: 2022-11-10T14:30:42Z department: - _id: '241' - _id: '76' doi: 10.1109/etfa52439.2022.9921730 publication: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA) publication_status: published publisher: IEEE status: public title: Domain-specific Language for Condition Monitoring Software Development type: conference user_id: '49576' year: '2022' ... --- _id: '30511' abstract: - lang: eng text: AbstractMany critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any static code analysis. SPLlift, a previously presented approach for analyzing software product lines, is limited to Java programs that use a rather simple feature encoding and to analysis problems with a finite and ideally small domain. Other approaches that allow the analysis of real-world C software product lines use special-purpose analyses, preventing the reuse of existing analysis infrastructures and ignoring the progress made by the static analysis community. This work presents VarAlyzer, a novel static analysis approach for software product lines. VarAlyzer first transforms preprocessor constructs to plain C while preserving their variability and semantics. It then solves any given distributive analysis problem on transformed product lines in a variability-aware manner. VarAlyzer ’s analysis results are annotated with feature constraints that encode in which configurations each result holds. Our experiments with 95 compilation units of OpenSSL show that applying VarAlyzer enables one to conduct inter-procedural, flow-, field- and context-sensitive data-flow analyses on entire product lines for the first time, outperforming the product-based approach for highly-configurable systems. alternative_title: - Revoking the preprocessor’s special role article_number: '35' article_type: original author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Paul full_name: Gazzillo, Paul last_name: Gazzillo - first_name: Zach full_name: Patterson, Zach last_name: Patterson - first_name: Julian full_name: Braha, Julian last_name: Braha - first_name: Fabian full_name: Schiebel, Fabian last_name: Schiebel - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Shiyi full_name: Wei, Shiyi last_name: Wei - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Schubert P, Gazzillo P, Patterson Z, et al. Static data-flow analysis for software product lines in C. Automated Software Engineering. 2022;29(1). doi:10.1007/s10515-022-00333-1 apa: Schubert, P., Gazzillo, P., Patterson, Z., Braha, J., Schiebel, F., Hermann, B., Wei, S., & Bodden, E. (2022). Static data-flow analysis for software product lines in C. Automated Software Engineering, 29(1), Article 35. https://doi.org/10.1007/s10515-022-00333-1 bibtex: '@article{Schubert_Gazzillo_Patterson_Braha_Schiebel_Hermann_Wei_Bodden_2022, title={Static data-flow analysis for software product lines in C}, volume={29}, DOI={10.1007/s10515-022-00333-1}, number={135}, journal={Automated Software Engineering}, publisher={Springer Science and Business Media LLC}, author={Schubert, Philipp and Gazzillo, Paul and Patterson, Zach and Braha, Julian and Schiebel, Fabian and Hermann, Ben and Wei, Shiyi and Bodden, Eric}, year={2022} }' chicago: Schubert, Philipp, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, and Eric Bodden. “Static Data-Flow Analysis for Software Product Lines in C.” Automated Software Engineering 29, no. 1 (2022). https://doi.org/10.1007/s10515-022-00333-1. ieee: 'P. Schubert et al., “Static data-flow analysis for software product lines in C,” Automated Software Engineering, vol. 29, no. 1, Art. no. 35, 2022, doi: 10.1007/s10515-022-00333-1.' mla: Schubert, Philipp, et al. “Static Data-Flow Analysis for Software Product Lines in C.” Automated Software Engineering, vol. 29, no. 1, 35, Springer Science and Business Media LLC, 2022, doi:10.1007/s10515-022-00333-1. short: P. Schubert, P. Gazzillo, Z. Patterson, J. Braha, F. Schiebel, B. Hermann, S. Wei, E. Bodden, Automated Software Engineering 29 (2022). date_created: 2022-03-25T07:41:26Z date_updated: 2022-11-17T14:22:38Z department: - _id: '76' doi: 10.1007/s10515-022-00333-1 intvolume: ' 29' issue: '1' keyword: - inter-procedural static analysis - software product lines - preprocessor - LLVM - C/C++ language: - iso: eng main_file_link: - open_access: '1' url: https://link.springer.com/article/10.1007/s10515-022-00333-1 oa: '1' project: - _id: '12' name: 'SFB 901 - B4: SFB 901 - Subproject B4' - _id: '3' name: 'SFB 901 - B: SFB 901 - Project Area B' - _id: '1' name: 'SFB 901: SFB 901' publication: Automated Software Engineering publication_identifier: issn: - 0928-8910 - 1573-7535 publication_status: published publisher: Springer Science and Business Media LLC status: public title: Static data-flow analysis for software product lines in C type: journal_article user_id: '477' volume: 29 year: '2022' ... --- _id: '33835' abstract: - lang: eng text: "\r\n Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) if the data to deserialize is originating from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by faults in the development process of applications and by flaws in their dependencies, i.e., flaws in the libraries used by these applications. No previous work has studied deserialization attacks in-depth: How are they performed? How are weaknesses introduced and patched? And for how long are vulnerabilities present in the codebase? To yield a deeper understanding of this important kind of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable pieces of code, present in Java libraries, and one on vulnerabilities present in Java applications. For the first analysis, we conduct an exploratory large-scale study by running 256 515 experiments in which we vary the versions of libraries for each of the 19 publicly available exploits. Such attacks rely on a combination of\r\n gadgets\r\n present in one or multiple Java libraries. A gadget is a method which is using objects or fields that can be attacker-controlled. Our goal is to precisely identify library versions containing gadgets and to understand how gadgets have been introduced and how they have been patched. We observe that the modification of one innocent-looking detail in a class – such as making it\r\n public\r\n \ – can already introduce a gadget. Furthermore, we noticed that among the studied libraries, 37.5% are not patched, leaving gadgets available for future attacks.\r\n \r\n For the second analysis, we manually analyze 104 deserialization vulnerabilities CVEs to understand how vulnerabilities are introduced and patched in real-life Java applications. Results indicate that the vulnerabilities are not always completely patched or that a workaround solution is proposed. With a workaround solution, applications are still vulnerable since the code itself is unchanged." author: - first_name: Imen full_name: Sayar, Imen last_name: Sayar - first_name: Alexandre full_name: Bartel, Alexandre last_name: Bartel - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Yves full_name: Le Traon, Yves last_name: Le Traon citation: ama: Sayar I, Bartel A, Bodden E, Le Traon Y. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. ACM Transactions on Software Engineering and Methodology. Published online 2022. doi:10.1145/3554732 apa: Sayar, I., Bartel, A., Bodden, E., & Le Traon, Y. (2022). An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. ACM Transactions on Software Engineering and Methodology. https://doi.org/10.1145/3554732 bibtex: '@article{Sayar_Bartel_Bodden_Le Traon_2022, title={An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities}, DOI={10.1145/3554732}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Sayar, Imen and Bartel, Alexandre and Bodden, Eric and Le Traon, Yves}, year={2022} }' chicago: Sayar, Imen, Alexandre Bartel, Eric Bodden, and Yves Le Traon. “An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities.” ACM Transactions on Software Engineering and Methodology, 2022. https://doi.org/10.1145/3554732. ieee: 'I. Sayar, A. Bartel, E. Bodden, and Y. Le Traon, “An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities,” ACM Transactions on Software Engineering and Methodology, 2022, doi: 10.1145/3554732.' mla: Sayar, Imen, et al. “An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities.” ACM Transactions on Software Engineering and Methodology, Association for Computing Machinery (ACM), 2022, doi:10.1145/3554732. short: I. Sayar, A. Bartel, E. Bodden, Y. Le Traon, ACM Transactions on Software Engineering and Methodology (2022). date_created: 2022-10-20T12:31:49Z date_updated: 2022-10-20T12:32:31Z department: - _id: '76' doi: 10.1145/3554732 keyword: - Software language: - iso: eng publication: ACM Transactions on Software Engineering and Methodology publication_identifier: issn: - 1049-331X - 1557-7392 publication_status: published publisher: Association for Computing Machinery (ACM) status: public title: An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities type: journal_article user_id: '15249' year: '2022' ... --- _id: '33836' author: - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Ingo full_name: Budde, Ingo id: '13693' last_name: Budde orcid: https://orcid.org/0000-0003-0124-6291 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Piskachev G, Späth J, Budde I, Bodden E. Fluently specifying taint-flow queries with fluentTQL. Empirical Software Engineering. 2022;27(5):1–33. apa: Piskachev, G., Späth, J., Budde, I., & Bodden, E. (2022). Fluently specifying taint-flow queries with fluentTQL. Empirical Software Engineering, 27(5), 1–33. bibtex: '@article{Piskachev_Späth_Budde_Bodden_2022, title={Fluently specifying taint-flow queries with fluentTQL}, volume={27}, number={5}, journal={Empirical Software Engineering}, publisher={Springer}, author={Piskachev, Goran and Späth, Johannes and Budde, Ingo and Bodden, Eric}, year={2022}, pages={1–33} }' chicago: 'Piskachev, Goran, Johannes Späth, Ingo Budde, and Eric Bodden. “Fluently Specifying Taint-Flow Queries with FluentTQL.” Empirical Software Engineering 27, no. 5 (2022): 1–33.' ieee: G. Piskachev, J. Späth, I. Budde, and E. Bodden, “Fluently specifying taint-flow queries with fluentTQL,” Empirical Software Engineering, vol. 27, no. 5, pp. 1–33, 2022. mla: Piskachev, Goran, et al. “Fluently Specifying Taint-Flow Queries with FluentTQL.” Empirical Software Engineering, vol. 27, no. 5, Springer, 2022, pp. 1–33. short: G. Piskachev, J. Späth, I. Budde, E. Bodden, Empirical Software Engineering 27 (2022) 1–33. date_created: 2022-10-20T12:34:04Z date_updated: 2022-10-20T12:36:23Z department: - _id: '76' - _id: '662' intvolume: ' 27' issue: '5' language: - iso: eng page: 1–33 publication: Empirical Software Engineering publisher: Springer status: public title: Fluently specifying taint-flow queries with fluentTQL type: journal_article user_id: '15249' volume: 27 year: '2022' ... --- _id: '33838' author: - first_name: Ranjith full_name: Krishnamurthy, Ranjith id: '78060' last_name: Krishnamurthy orcid: 0000-0002-0906-5463 - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Krishnamurthy R, Piskachev G, Bodden E. To what extent can we analyze Kotlin programs using existing Java taint analysis tools? Published online 2022. apa: Krishnamurthy, R., Piskachev, G., & Bodden, E. (2022). To what extent can we analyze Kotlin programs using existing Java taint analysis tools? bibtex: '@article{Krishnamurthy_Piskachev_Bodden_2022, series={IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)}, title={To what extent can we analyze Kotlin programs using existing Java taint analysis tools?}, author={Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric}, year={2022}, collection={IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)} }' chicago: Krishnamurthy, Ranjith, Goran Piskachev, and Eric Bodden. “To What Extent Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools?” IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2022. ieee: R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze Kotlin programs using existing Java taint analysis tools?” 2022. mla: Krishnamurthy, Ranjith, et al. To What Extent Can We Analyze Kotlin Programs Using Existing Java Taint Analysis Tools? 2022. short: R. Krishnamurthy, G. Piskachev, E. Bodden, (2022). date_created: 2022-10-20T12:38:09Z date_updated: 2022-10-20T12:38:32Z department: - _id: '76' - _id: '662' language: - iso: eng series_title: IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) status: public title: To what extent can we analyze Kotlin programs using existing Java taint analysis tools? type: conference user_id: '15249' year: '2022' ... --- _id: '33837' author: - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Stefan full_name: Dziwok, Stefan id: '3901' last_name: Dziwok orcid: http://orcid.org/0000-0002-8679-6673 - first_name: Thorsten full_name: Koch, Thorsten id: '13616' last_name: Koch - first_name: Sven full_name: Merschjohann, Sven id: '11394' last_name: Merschjohann - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Piskachev G, Dziwok S, Koch T, Merschjohann S, Bodden E. How far are German companies in improving security through static program analysis tools? Published online 2022. apa: Piskachev, G., Dziwok, S., Koch, T., Merschjohann, S., & Bodden, E. (2022). How far are German companies in improving security through static program analysis tools? bibtex: '@article{Piskachev_Dziwok_Koch_Merschjohann_Bodden_2022, series={IEEE Secure Development Conference (SecDev)}, title={How far are German companies in improving security through static program analysis tools?}, author={Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}, year={2022}, collection={IEEE Secure Development Conference (SecDev)} }' chicago: Piskachev, Goran, Stefan Dziwok, Thorsten Koch, Sven Merschjohann, and Eric Bodden. “How Far Are German Companies in Improving Security through Static Program Analysis Tools?” IEEE Secure Development Conference (SecDev), 2022. ieee: G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far are German companies in improving security through static program analysis tools?” 2022. mla: Piskachev, Goran, et al. How Far Are German Companies in Improving Security through Static Program Analysis Tools? 2022. short: G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, E. Bodden, (2022). date_created: 2022-10-20T12:37:14Z date_updated: 2022-10-20T12:37:44Z department: - _id: '76' - _id: '662' language: - iso: eng series_title: IEEE Secure Development Conference (SecDev) status: public title: How far are German companies in improving security through static program analysis tools? type: conference user_id: '15249' year: '2022' ... --- _id: '33959' abstract: - lang: eng text: Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks. author: - first_name: Anna-Katharina full_name: Wickert, Anna-Katharina last_name: Wickert - first_name: Lars full_name: Baumgärtner, Lars last_name: Baumgärtner - first_name: Michael full_name: Schlichtig, Michael id: '32312' last_name: Schlichtig orcid: 0000-0001-6600-6171 - first_name: Mira full_name: Mezini, Mira last_name: Mezini citation: ama: 'Wickert A-K, Baumgärtner L, Schlichtig M, Mezini M. To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild.; 2022. doi:10.48550/ARXIV.2209.11103' apa: 'Wickert, A.-K., Baumgärtner, L., Schlichtig, M., & Mezini, M. (2022). To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild. https://doi.org/10.48550/ARXIV.2209.11103' bibtex: '@book{Wickert_Baumgärtner_Schlichtig_Mezini_2022, title={To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild}, DOI={10.48550/ARXIV.2209.11103}, author={Wickert, Anna-Katharina and Baumgärtner, Lars and Schlichtig, Michael and Mezini, Mira}, year={2022} }' chicago: 'Wickert, Anna-Katharina, Lars Baumgärtner, Michael Schlichtig, and Mira Mezini. To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild, 2022. https://doi.org/10.48550/ARXIV.2209.11103.' ieee: 'A.-K. Wickert, L. Baumgärtner, M. Schlichtig, and M. Mezini, To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild. 2022.' mla: 'Wickert, Anna-Katharina, et al. To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild. 2022, doi:10.48550/ARXIV.2209.11103.' short: 'A.-K. Wickert, L. Baumgärtner, M. Schlichtig, M. Mezini, To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild, 2022.' date_created: 2022-10-28T13:21:05Z date_updated: 2022-10-28T13:26:39Z department: - _id: '76' doi: 10.48550/ARXIV.2209.11103 language: - iso: eng related_material: link: - relation: confirmation url: https://arxiv.org/abs/2209.11103 status: public title: 'To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild' type: misc user_id: '32312' year: '2022' ... --- _id: '27045' abstract: - lang: eng text: 'Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench, the first real-world malware benchmark suite with documented taint flows. TaintBench benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using TaintBench reveal new insights for the taint analysis tools Amandroid and FlowDroid: (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Felix full_name: Pauck, Felix id: '22398' last_name: Pauck - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Manuel full_name: Benz, Manuel last_name: Benz - first_name: Ivan full_name: Pashchenko, Ivan last_name: Pashchenko - first_name: Martin full_name: Mory, Martin id: '65667' last_name: Mory orcid: 0000-0001-5609-0031 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Fabio full_name: Massacci, Fabio last_name: Massacci citation: ama: 'Luo L, Pauck F, Piskachev G, et al. TaintBench: Automatic real-world malware benchmarking of Android taint analyses. Empirical Software Engineering. Published online 2021. doi:10.1007/s10664-021-10013-5' apa: 'Luo, L., Pauck, F., Piskachev, G., Benz, M., Pashchenko, I., Mory, M., Bodden, E., Hermann, B., & Massacci, F. (2021). TaintBench: Automatic real-world malware benchmarking of Android taint analyses. Empirical Software Engineering. https://doi.org/10.1007/s10664-021-10013-5' bibtex: '@article{Luo_Pauck_Piskachev_Benz_Pashchenko_Mory_Bodden_Hermann_Massacci_2021, title={TaintBench: Automatic real-world malware benchmarking of Android taint analyses}, DOI={10.1007/s10664-021-10013-5}, journal={Empirical Software Engineering}, author={Luo, Linghui and Pauck, Felix and Piskachev, Goran and Benz, Manuel and Pashchenko, Ivan and Mory, Martin and Bodden, Eric and Hermann, Ben and Massacci, Fabio}, year={2021} }' chicago: 'Luo, Linghui, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci. “TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses.” Empirical Software Engineering, 2021. https://doi.org/10.1007/s10664-021-10013-5.' ieee: 'L. Luo et al., “TaintBench: Automatic real-world malware benchmarking of Android taint analyses,” Empirical Software Engineering, 2021, doi: 10.1007/s10664-021-10013-5.' mla: 'Luo, Linghui, et al. “TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses.” Empirical Software Engineering, 2021, doi:10.1007/s10664-021-10013-5.' short: L. Luo, F. Pauck, G. Piskachev, M. Benz, I. Pashchenko, M. Mory, E. Bodden, B. Hermann, F. Massacci, Empirical Software Engineering (2021). date_created: 2021-11-02T05:13:49Z date_updated: 2022-01-06T06:57:32Z ddc: - '000' department: - _id: '77' - _id: '76' doi: 10.1007/s10664-021-10013-5 language: - iso: eng main_file_link: - open_access: '1' url: https://link.springer.com/content/pdf/10.1007/s10664-021-10013-5.pdf oa: '1' project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publication: Empirical Software Engineering publication_identifier: issn: - 1382-3256 - 1573-7616 publication_status: published status: public title: 'TaintBench: Automatic real-world malware benchmarking of Android taint analyses' type: journal_article user_id: '15249' year: '2021' ... --- _id: '27158' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo citation: ama: Luo L. Improving Real-World Applicability of Static Taint Analysis. Universität Paderborn; 2021. apa: Luo, L. (2021). Improving Real-World Applicability of Static Taint Analysis. Universität Paderborn. bibtex: '@book{Luo_2021, title={Improving Real-World Applicability of Static Taint Analysis}, publisher={Universität Paderborn}, author={Luo, Linghui}, year={2021} }' chicago: Luo, Linghui. Improving Real-World Applicability of Static Taint Analysis. Universität Paderborn, 2021. ieee: L. Luo, Improving Real-World Applicability of Static Taint Analysis. Universität Paderborn, 2021. mla: Luo, Linghui. Improving Real-World Applicability of Static Taint Analysis. Universität Paderborn, 2021. short: L. Luo, Improving Real-World Applicability of Static Taint Analysis, Universität Paderborn, 2021. date_created: 2021-11-04T13:58:35Z date_updated: 2022-01-06T06:57:35Z department: - _id: '76' language: - iso: eng publisher: Universität Paderborn related_material: link: - relation: confirmation url: https://www.bodden.de/pubs/phdLuo.pdf status: public title: Improving Real-World Applicability of Static Taint Analysis type: dissertation user_id: '15249' year: '2021' ... --- _id: '21595' author: - first_name: Lars full_name: Stockmann, Lars id: '48144' last_name: Stockmann - first_name: Sven full_name: Laux, Sven last_name: Laux - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Stockmann L, Laux S, Bodden E. Using Architectural Runtime Verification for Offline Data Analysis. Journal of Automotive Software Engineering. Published online 2021. doi:10.2991/jase.d.210205.001 apa: Stockmann, L., Laux, S., & Bodden, E. (2021). Using Architectural Runtime Verification for Offline Data Analysis. Journal of Automotive Software Engineering. https://doi.org/10.2991/jase.d.210205.001 bibtex: '@article{Stockmann_Laux_Bodden_2021, title={Using Architectural Runtime Verification for Offline Data Analysis}, DOI={10.2991/jase.d.210205.001}, journal={Journal of Automotive Software Engineering}, author={Stockmann, Lars and Laux, Sven and Bodden, Eric}, year={2021} }' chicago: Stockmann, Lars, Sven Laux, and Eric Bodden. “Using Architectural Runtime Verification for Offline Data Analysis.” Journal of Automotive Software Engineering, 2021. https://doi.org/10.2991/jase.d.210205.001. ieee: 'L. Stockmann, S. Laux, and E. Bodden, “Using Architectural Runtime Verification for Offline Data Analysis,” Journal of Automotive Software Engineering, 2021, doi: 10.2991/jase.d.210205.001.' mla: Stockmann, Lars, et al. “Using Architectural Runtime Verification for Offline Data Analysis.” Journal of Automotive Software Engineering, 2021, doi:10.2991/jase.d.210205.001. short: L. Stockmann, S. Laux, E. Bodden, Journal of Automotive Software Engineering (2021). date_created: 2021-04-08T11:21:32Z date_updated: 2022-01-06T06:55:06Z department: - _id: '76' doi: 10.2991/jase.d.210205.001 language: - iso: eng main_file_link: - url: https://www.bodden.de/pubs/sb21architectural.pdf publication: Journal of Automotive Software Engineering publication_identifier: issn: - 2589-2258 publication_status: published status: public title: Using Architectural Runtime Verification for Offline Data Analysis type: journal_article user_id: '5786' year: '2021' ... --- _id: '21596' author: - first_name: Andreas full_name: Fischer, Andreas last_name: Fischer citation: ama: Fischer A. Computing on Encrypted Data Using Trusted Execution Environments. Universität Paderborn; 2021. apa: Fischer, A. (2021). Computing on Encrypted Data using Trusted Execution Environments. Universität Paderborn. bibtex: '@book{Fischer_2021, title={Computing on Encrypted Data using Trusted Execution Environments}, publisher={Universität Paderborn}, author={Fischer, Andreas}, year={2021} }' chicago: Fischer, Andreas. Computing on Encrypted Data Using Trusted Execution Environments. Universität Paderborn, 2021. ieee: A. Fischer, Computing on Encrypted Data using Trusted Execution Environments. Universität Paderborn, 2021. mla: Fischer, Andreas. Computing on Encrypted Data Using Trusted Execution Environments. Universität Paderborn, 2021. short: A. Fischer, Computing on Encrypted Data Using Trusted Execution Environments, Universität Paderborn, 2021. date_created: 2021-04-08T11:23:13Z date_updated: 2022-01-06T06:55:06Z department: - _id: '76' language: - iso: eng main_file_link: - url: https://www.bodden.de/pubs/phdFischer.pdf publisher: Universität Paderborn status: public title: Computing on Encrypted Data using Trusted Execution Environments type: dissertation user_id: '5786' year: '2021' ... --- _id: '21597' author: - first_name: Philipp full_name: Holzinger, Philipp last_name: Holzinger - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Holzinger P, Bodden E. A Systematic Hardening of Java’s Information Hiding. International Symposium on Advanced Security on Software and Systems (ASSS). Published online 2021. apa: Holzinger, P., & Bodden, E. (2021). A Systematic Hardening of Java’s Information Hiding. International Symposium on Advanced Security on Software and Systems (ASSS). bibtex: '@article{Holzinger_Bodden_2021, title={A Systematic Hardening of Java’s Information Hiding}, journal={International Symposium on Advanced Security on Software and Systems (ASSS)}, author={Holzinger, Philipp and Bodden, Eric}, year={2021} }' chicago: Holzinger, Philipp, and Eric Bodden. “A Systematic Hardening of Java’s Information Hiding.” International Symposium on Advanced Security on Software and Systems (ASSS), 2021. ieee: P. Holzinger and E. Bodden, “A Systematic Hardening of Java’s Information Hiding,” International Symposium on Advanced Security on Software and Systems (ASSS), 2021. mla: Holzinger, Philipp, and Eric Bodden. “A Systematic Hardening of Java’s Information Hiding.” International Symposium on Advanced Security on Software and Systems (ASSS), 2021. short: P. Holzinger, E. Bodden, International Symposium on Advanced Security on Software and Systems (ASSS) (2021). date_created: 2021-04-08T11:24:06Z date_updated: 2022-01-06T06:55:06Z department: - _id: '76' language: - iso: eng main_file_link: - url: https://www.bodden.de/pubs/hb21systematic.pdf publication: International Symposium on Advanced Security on Software and Systems (ASSS) status: public title: A Systematic Hardening of Java's Information Hiding type: journal_article user_id: '5786' year: '2021' ... --- _id: '21599' author: - first_name: Rodrigo full_name: Bonifacio, Rodrigo last_name: Bonifacio - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Krishna full_name: Narasimhan, Krishna last_name: Narasimhan - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Mira full_name: Mezini, Mira last_name: Mezini citation: ama: Bonifacio R, Krüger S, Narasimhan K, Bodden E, Mezini M. Dealing with Variability in API Misuse Specification. European Conference on Object-Oriented Programming (ECOOP). Published online 2021. apa: Bonifacio, R., Krüger, S., Narasimhan, K., Bodden, E., & Mezini, M. (2021). Dealing with Variability in API Misuse Specification. European Conference on Object-Oriented Programming (ECOOP). bibtex: '@article{Bonifacio_Krüger_Narasimhan_Bodden_Mezini_2021, title={Dealing with Variability in API Misuse Specification}, journal={European Conference on Object-Oriented Programming (ECOOP)}, author={Bonifacio, Rodrigo and Krüger, Stefan and Narasimhan, Krishna and Bodden, Eric and Mezini, Mira}, year={2021} }' chicago: Bonifacio, Rodrigo, Stefan Krüger, Krishna Narasimhan, Eric Bodden, and Mira Mezini. “Dealing with Variability in API Misuse Specification.” European Conference on Object-Oriented Programming (ECOOP), 2021. ieee: R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, and M. Mezini, “Dealing with Variability in API Misuse Specification,” European Conference on Object-Oriented Programming (ECOOP), 2021. mla: Bonifacio, Rodrigo, et al. “Dealing with Variability in API Misuse Specification.” European Conference on Object-Oriented Programming (ECOOP), 2021. short: R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, M. Mezini, European Conference on Object-Oriented Programming (ECOOP) (2021). date_created: 2021-04-08T11:25:43Z date_updated: 2022-01-06T06:55:06Z department: - _id: '76' language: - iso: eng publication: European Conference on Object-Oriented Programming (ECOOP) status: public title: Dealing with Variability in API Misuse Specification type: journal_article user_id: '5786' year: '2021' ... --- _id: '22462' author: - first_name: Ashwin Prasad full_name: Shivarpatna Venkatesh, Ashwin Prasad id: '66637' last_name: Shivarpatna Venkatesh - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Shivarpatna Venkatesh AP, Bodden E. Automated Cell Header Generator for Jupyter Notebooks. In: International Workshop on AI and Software Testing/Analysis (AISTA). ; 2021. doi:10.1145/3464968.3468410' apa: Shivarpatna Venkatesh, A. P., & Bodden, E. (2021). Automated Cell Header Generator for Jupyter Notebooks. International Workshop on AI and Software Testing/Analysis (AISTA). https://doi.org/10.1145/3464968.3468410 bibtex: '@inproceedings{Shivarpatna Venkatesh_Bodden_2021, title={Automated Cell Header Generator for Jupyter Notebooks}, DOI={10.1145/3464968.3468410}, booktitle={International Workshop on AI and Software Testing/Analysis (AISTA)}, author={Shivarpatna Venkatesh, Ashwin Prasad and Bodden, Eric}, year={2021} }' chicago: Shivarpatna Venkatesh, Ashwin Prasad, and Eric Bodden. “Automated Cell Header Generator for Jupyter Notebooks.” In International Workshop on AI and Software Testing/Analysis (AISTA), 2021. https://doi.org/10.1145/3464968.3468410. ieee: 'A. P. Shivarpatna Venkatesh and E. Bodden, “Automated Cell Header Generator for Jupyter Notebooks,” 2021, doi: 10.1145/3464968.3468410.' mla: Shivarpatna Venkatesh, Ashwin Prasad, and Eric Bodden. “Automated Cell Header Generator for Jupyter Notebooks.” International Workshop on AI and Software Testing/Analysis (AISTA), 2021, doi:10.1145/3464968.3468410. short: 'A.P. Shivarpatna Venkatesh, E. Bodden, in: International Workshop on AI and Software Testing/Analysis (AISTA), 2021.' date_created: 2021-06-17T10:14:48Z date_updated: 2022-01-06T06:55:33Z department: - _id: '76' doi: 10.1145/3464968.3468410 language: - iso: eng publication: International Workshop on AI and Software Testing/Analysis (AISTA) status: public title: Automated Cell Header Generator for Jupyter Notebooks type: conference user_id: '5786' year: '2021' ... --- _id: '23374' author: - first_name: Sriteja full_name: Kummita, Sriteja last_name: Kummita - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Johannes full_name: Spath, Johannes last_name: Spath - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Kummita S, Piskachev G, Spath J, Bodden E. Qualitative and Quantitative Analysis of Callgraph Algorithms for Python. In: 2021 International Conference on Code Quality (ICCQ). ; 2021. doi:10.1109/iccq51190.2021.9392986' apa: Kummita, S., Piskachev, G., Spath, J., & Bodden, E. (2021). Qualitative and Quantitative Analysis of Callgraph Algorithms for Python. 2021 International Conference on Code Quality (ICCQ). https://doi.org/10.1109/iccq51190.2021.9392986 bibtex: '@inproceedings{Kummita_Piskachev_Spath_Bodden_2021, title={Qualitative and Quantitative Analysis of Callgraph Algorithms for Python}, DOI={10.1109/iccq51190.2021.9392986}, booktitle={2021 International Conference on Code Quality (ICCQ)}, author={Kummita, Sriteja and Piskachev, Goran and Spath, Johannes and Bodden, Eric}, year={2021} }' chicago: Kummita, Sriteja, Goran Piskachev, Johannes Spath, and Eric Bodden. “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python.” In 2021 International Conference on Code Quality (ICCQ), 2021. https://doi.org/10.1109/iccq51190.2021.9392986. ieee: 'S. Kummita, G. Piskachev, J. Spath, and E. Bodden, “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python,” 2021, doi: 10.1109/iccq51190.2021.9392986.' mla: Kummita, Sriteja, et al. “Qualitative and Quantitative Analysis of Callgraph Algorithms for Python.” 2021 International Conference on Code Quality (ICCQ), 2021, doi:10.1109/iccq51190.2021.9392986. short: 'S. Kummita, G. Piskachev, J. Spath, E. Bodden, in: 2021 International Conference on Code Quality (ICCQ), 2021.' date_created: 2021-08-09T12:01:11Z date_updated: 2022-01-06T06:55:50Z department: - _id: '241' - _id: '662' - _id: '76' doi: 10.1109/iccq51190.2021.9392986 language: - iso: eng publication: 2021 International Conference on Code Quality (ICCQ) publication_status: published status: public title: Qualitative and Quantitative Analysis of Callgraph Algorithms for Python type: conference user_id: '5786' year: '2021' ... --- _id: '30084' author: - first_name: Kadiray full_name: Karakaya, Kadiray last_name: Karakaya - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Karakaya K, Bodden E. SootFX: A Static Code Feature Extraction Tool for Java and Android. In: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE; 2021. doi:10.1109/scam52516.2021.00030' apa: 'Karakaya, K., & Bodden, E. (2021). SootFX: A Static Code Feature Extraction Tool for Java and Android. 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). https://doi.org/10.1109/scam52516.2021.00030' bibtex: '@inproceedings{Karakaya_Bodden_2021, title={SootFX: A Static Code Feature Extraction Tool for Java and Android}, DOI={10.1109/scam52516.2021.00030}, booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}, publisher={IEEE}, author={Karakaya, Kadiray and Bodden, Eric}, year={2021} }' chicago: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction Tool for Java and Android.” In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE, 2021. https://doi.org/10.1109/scam52516.2021.00030.' ieee: 'K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool for Java and Android,” 2021, doi: 10.1109/scam52516.2021.00030.' mla: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction Tool for Java and Android.” 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE, 2021, doi:10.1109/scam52516.2021.00030.' short: 'K. Karakaya, E. Bodden, in: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE, 2021.' date_created: 2022-02-24T15:44:42Z date_updated: 2022-02-24T15:45:43Z department: - _id: '76' doi: 10.1109/scam52516.2021.00030 publication: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) publication_status: published publisher: IEEE status: public title: 'SootFX: A Static Code Feature Extraction Tool for Java and Android' type: conference user_id: '70410' year: '2021' ... --- _id: '21598' abstract: - lang: eng text: Static analysis is used to automatically detect bugs and security breaches, and aids compileroptimization. Whole-program analysis (WPA) can yield high precision, however causes long analysistimes and thus does not match common software-development workflows, making it often impracticalto use for large, real-world applications.This paper thus presents the design and implementation ofModAlyzer, a novel static-analysisapproach that aims at accelerating whole-program analysis by making the analysis modular andcompositional. It shows how to computelossless, persisted summaries for callgraph, points-to anddata-flow information, and it reports under which circumstances this function-level compositionalanalysis outperforms WPA.We implementedModAlyzeras an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time,ModAlyzermodularly and losslessly summarizesthe analysis effect of the library code those applications share, hence avoiding its repeated re-analysis.The experimental results show that the reuse of these summaries can save, on average, 72% ofanalysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retainsprecision and recall. Surprisingly, as our results show, it sometimes even yields precision superior toWPA. The initial summary generation, on average, takes about 3.67 times as long as WPA. author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schubert P, Hermann B, Bodden E. Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis. In: European Conference on Object-Oriented Programming (ECOOP). ; 2021.' apa: Schubert, P., Hermann, B., & Bodden, E. (2021). Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis. European Conference on Object-Oriented Programming (ECOOP). bibtex: '@inproceedings{Schubert_Hermann_Bodden_2021, title={Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis}, booktitle={European Conference on Object-Oriented Programming (ECOOP)}, author={Schubert, Philipp and Hermann, Ben and Bodden, Eric}, year={2021} }' chicago: Schubert, Philipp, Ben Hermann, and Eric Bodden. “Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis.” In European Conference on Object-Oriented Programming (ECOOP), 2021. ieee: P. Schubert, B. Hermann, and E. Bodden, “Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis,” 2021. mla: Schubert, Philipp, et al. “Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis.” European Conference on Object-Oriented Programming (ECOOP), 2021. short: 'P. Schubert, B. Hermann, E. Bodden, in: European Conference on Object-Oriented Programming (ECOOP), 2021.' date_created: 2021-04-08T11:24:59Z date_updated: 2022-03-25T07:49:35Z department: - _id: '76' language: - iso: eng main_file_link: - open_access: '1' url: https://drops.dagstuhl.de/opus/volltexte/2021/14045/ oa: '1' project: - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 - _id: '1' name: SFB 901 publication: European Conference on Object-Oriented Programming (ECOOP) status: public title: Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis type: conference user_id: '60543' year: '2021' ... --- _id: '31132' author: - first_name: Andreas Peter full_name: Dann, Andreas Peter id: '26886' last_name: Dann - first_name: Henrik full_name: Plate, Henrik last_name: Plate - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Serena Elisa full_name: Ponta, Serena Elisa last_name: Ponta - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Dann AP, Plate H, Hermann B, Ponta SE, Bodden E. Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite. IEEE Transactions on Software Engineering. Published online 2021:1-1. doi:10.1109/tse.2021.3101739 apa: Dann, A. P., Plate, H., Hermann, B., Ponta, S. E., & Bodden, E. (2021). Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/tse.2021.3101739 bibtex: '@article{Dann_Plate_Hermann_Ponta_Bodden_2021, title={Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite}, DOI={10.1109/tse.2021.3101739}, journal={IEEE Transactions on Software Engineering}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Dann, Andreas Peter and Plate, Henrik and Hermann, Ben and Ponta, Serena Elisa and Bodden, Eric}, year={2021}, pages={1–1} }' chicago: Dann, Andreas Peter, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden. “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite.” IEEE Transactions on Software Engineering, 2021, 1–1. https://doi.org/10.1109/tse.2021.3101739. ieee: 'A. P. Dann, H. Plate, B. Hermann, S. E. Ponta, and E. Bodden, “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite,” IEEE Transactions on Software Engineering, pp. 1–1, 2021, doi: 10.1109/tse.2021.3101739.' mla: Dann, Andreas Peter, et al. “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite.” IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers (IEEE), 2021, pp. 1–1, doi:10.1109/tse.2021.3101739. short: A.P. Dann, H. Plate, B. Hermann, S.E. Ponta, E. Bodden, IEEE Transactions on Software Engineering (2021) 1–1. date_created: 2022-05-09T13:02:35Z date_updated: 2022-05-09T13:03:18Z department: - _id: '76' doi: 10.1109/tse.2021.3101739 keyword: - Software language: - iso: eng page: 1-1 publication: IEEE Transactions on Software Engineering publication_identifier: issn: - 0098-5589 - 1939-3520 - 2326-3881 publication_status: published publisher: Institute of Electrical and Electronics Engineers (IEEE) status: public title: Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite type: journal_article user_id: '15249' year: '2021' ... --- _id: '26407' author: - first_name: Goran full_name: Piskachev, Goran id: '41936' last_name: Piskachev orcid: 0000-0003-4424-5838 - first_name: Ranjith full_name: Krishnamurthy, Ranjith last_name: Krishnamurthy - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Piskachev G, Krishnamurthy R, Bodden E. SecuCheck: Engineering configurable taint analysis for software developers. In: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). ; 2021.' apa: 'Piskachev, G., Krishnamurthy, R., & Bodden, E. (2021). SecuCheck: Engineering configurable taint analysis for software developers. 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM).' bibtex: '@inproceedings{Piskachev_Krishnamurthy_Bodden_2021, title={SecuCheck: Engineering configurable taint analysis for software developers}, booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}, author={Piskachev, Goran and Krishnamurthy, Ranjith and Bodden, Eric}, year={2021} }' chicago: 'Piskachev, Goran, Ranjith Krishnamurthy, and Eric Bodden. “SecuCheck: Engineering Configurable Taint Analysis for Software Developers.” In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.' ieee: 'G. Piskachev, R. Krishnamurthy, and E. Bodden, “SecuCheck: Engineering configurable taint analysis for software developers,” 2021.' mla: 'Piskachev, Goran, et al. “SecuCheck: Engineering Configurable Taint Analysis for Software Developers.” 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.' short: 'G. Piskachev, R. Krishnamurthy, E. Bodden, in: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.' date_created: 2021-10-18T12:53:15Z date_updated: 2022-10-20T12:44:31Z department: - _id: '76' - _id: '662' language: - iso: eng publication: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) status: public title: 'SecuCheck: Engineering configurable taint analysis for software developers' type: conference user_id: '15249' year: '2021' ... --- _id: '22463' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Martin full_name: Schäf, Martin last_name: Schäf - first_name: Daniel full_name: Sanchez, Daniel last_name: Sanchez - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Luo L, Schäf M, Sanchez D, Bodden E. IDE Support for Cloud-Based Static Analyses. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ; 2021.' apa: Luo, L., Schäf, M., Sanchez, D., & Bodden, E. (2021). IDE Support for Cloud-Based Static Analyses. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. bibtex: '@inproceedings{Luo_Schäf_Sanchez_Bodden_2021, title={IDE Support for Cloud-Based Static Analyses}, booktitle={Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, author={Luo, Linghui and Schäf, Martin and Sanchez, Daniel and Bodden, Eric}, year={2021} }' chicago: Luo, Linghui, Martin Schäf, Daniel Sanchez, and Eric Bodden. “IDE Support for Cloud-Based Static Analyses.” In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021. ieee: L. Luo, M. Schäf, D. Sanchez, and E. Bodden, “IDE Support for Cloud-Based Static Analyses,” 2021. mla: Luo, Linghui, et al. “IDE Support for Cloud-Based Static Analyses.” Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021. short: 'L. Luo, M. Schäf, D. Sanchez, E. Bodden, in: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021.' date_created: 2021-06-17T10:18:05Z date_updated: 2022-10-20T13:11:45Z department: - _id: '76' language: - iso: eng publication: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering status: public title: IDE Support for Cloud-Based Static Analyses type: conference user_id: '15249' year: '2021' ... --- _id: '33840' author: - first_name: Kadiray full_name: Karakaya, Kadiray id: '70410' last_name: Karakaya orcid: https://orcid.org/0000-0001-9266-2084 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Karakaya K, Bodden E. SootFX: A Static Code Feature Extraction Tool for Java and Android. In: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). ; 2021:181–186.' apa: 'Karakaya, K., & Bodden, E. (2021). SootFX: A Static Code Feature Extraction Tool for Java and Android. 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 181–186.' bibtex: '@inproceedings{Karakaya_Bodden_2021, title={SootFX: A Static Code Feature Extraction Tool for Java and Android}, booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}, author={Karakaya, Kadiray and Bodden, Eric}, year={2021}, pages={181–186} }' chicago: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction Tool for Java and Android.” In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 181–186, 2021.' ieee: 'K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool for Java and Android,” in 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.' mla: 'Karakaya, Kadiray, and Eric Bodden. “SootFX: A Static Code Feature Extraction Tool for Java and Android.” 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.' short: 'K. Karakaya, E. Bodden, in: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.' date_created: 2022-10-20T13:09:08Z date_updated: 2022-10-20T13:09:23Z department: - _id: '76' language: - iso: eng page: 181–186 publication: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) status: public title: 'SootFX: A Static Code Feature Extraction Tool for Java and Android' type: conference user_id: '15249' year: '2021' ... --- _id: '26406' author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Richard full_name: Leer, Richard last_name: Leer citation: ama: 'Schubert P, Hermann B, Bodden E, Leer R. Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++. In: SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track). ; 2021.' apa: 'Schubert, P., Hermann, B., Bodden, E., & Leer, R. (2021). Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++. SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track).' bibtex: '@inproceedings{Schubert_Hermann_Bodden_Leer_2021, title={Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++}, booktitle={SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track)}, author={Schubert, Philipp and Hermann, Ben and Bodden, Eric and Leer, Richard}, year={2021} }' chicago: 'Schubert, Philipp, Ben Hermann, Eric Bodden, and Richard Leer. “Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++.” In SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track), 2021.' ieee: 'P. Schubert, B. Hermann, E. Bodden, and R. Leer, “Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++,” 2021.' mla: 'Schubert, Philipp, et al. “Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++.” SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track), 2021.' short: 'P. Schubert, B. Hermann, E. Bodden, R. Leer, in: SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track), 2021.' date_created: 2021-10-18T12:52:12Z date_updated: 2023-06-15T08:39:55Z department: - _id: '76' language: - iso: eng project: - _id: '3' name: 'SFB 901 - B: SFB 901 - Project Area B' - _id: '12' name: 'SFB 901 - B4: SFB 901 - Subproject B4' - _id: '1' grant_number: '160364472' name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen in dynamischen Märkten ' publication: 'SCAM ''21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track)' status: public title: 'Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++' type: conference user_id: '15249' year: '2021' ... --- _id: '26405' author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Florian full_name: Sattler, Florian last_name: Sattler - first_name: Fabian full_name: Schiebel, Fabian last_name: Schiebel - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schubert P, Sattler F, Schiebel F, Hermann B, Bodden E. Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++. In: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). ; 2021.' apa: Schubert, P., Sattler, F., Schiebel, F., Hermann, B., & Bodden, E. (2021). Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++. 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM). bibtex: '@inproceedings{Schubert_Sattler_Schiebel_Hermann_Bodden_2021, title={Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++}, booktitle={2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)}, author={Schubert, Philipp and Sattler, Florian and Schiebel, Fabian and Hermann, Ben and Bodden, Eric}, year={2021} }' chicago: Schubert, Philipp, Florian Sattler, Fabian Schiebel, Ben Hermann, and Eric Bodden. “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++.” In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021. ieee: P. Schubert, F. Sattler, F. Schiebel, B. Hermann, and E. Bodden, “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++,” 2021. mla: Schubert, Philipp, et al. “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++.” 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021. short: 'P. Schubert, F. Sattler, F. Schiebel, B. Hermann, E. Bodden, in: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021.' date_created: 2021-10-18T12:50:35Z date_updated: 2023-06-15T08:57:24Z department: - _id: '76' language: - iso: eng project: - _id: '12' name: 'SFB 901 - B4: SFB 901 - Subproject B4' - _id: '3' name: 'SFB 901 - B: SFB 901 - Project Area B' - _id: '1' grant_number: '160364472' name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen in dynamischen Märkten ' publication: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) status: public title: Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++ type: conference user_id: '15249' year: '2021' ... --- _id: '20507' author: - first_name: Johannes full_name: Geismann, Johannes id: '20063' last_name: Geismann orcid: https://orcid.org/0000-0003-2015-2047 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Geismann J, Bodden E. A systematic literature review of model-driven security engineering for cyber–physical systems. Journal of Systems and Software. 2020;169:110697. doi:https://doi.org/10.1016/j.jss.2020.110697 apa: Geismann, J., & Bodden, E. (2020). A systematic literature review of model-driven security engineering for cyber–physical systems. Journal of Systems and Software, 169, 110697. https://doi.org/10.1016/j.jss.2020.110697 bibtex: '@article{Geismann_Bodden_2020, title={A systematic literature review of model-driven security engineering for cyber–physical systems}, volume={169}, DOI={https://doi.org/10.1016/j.jss.2020.110697}, journal={Journal of Systems and Software}, author={Geismann, Johannes and Bodden, Eric}, year={2020}, pages={110697} }' chicago: 'Geismann, Johannes, and Eric Bodden. “A Systematic Literature Review of Model-Driven Security Engineering for Cyber–Physical Systems.” Journal of Systems and Software 169 (2020): 110697. https://doi.org/10.1016/j.jss.2020.110697.' ieee: 'J. Geismann and E. Bodden, “A systematic literature review of model-driven security engineering for cyber–physical systems,” Journal of Systems and Software, vol. 169, p. 110697, 2020, doi: https://doi.org/10.1016/j.jss.2020.110697.' mla: Geismann, Johannes, and Eric Bodden. “A Systematic Literature Review of Model-Driven Security Engineering for Cyber–Physical Systems.” Journal of Systems and Software, vol. 169, 2020, p. 110697, doi:https://doi.org/10.1016/j.jss.2020.110697. short: J. Geismann, E. Bodden, Journal of Systems and Software 169 (2020) 110697. date_created: 2020-11-26T08:32:56Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: https://doi.org/10.1016/j.jss.2020.110697 intvolume: ' 169' language: - iso: eng page: '110697' publication: Journal of Systems and Software publication_identifier: issn: - 0164-1212 status: public title: A systematic literature review of model-driven security engineering for cyber–physical systems type: journal_article user_id: '5786' volume: 169 year: '2020' ... --- _id: '20508' author: - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Nguyen Quang Do L, Bodden E. Explaining Static Analysis with Rule Graphs. IEEE Transactions on Software Engineering. Published online 2020. apa: Nguyen Quang Do, L., & Bodden, E. (2020). Explaining Static Analysis with Rule Graphs. IEEE Transactions on Software Engineering. bibtex: '@article{Nguyen Quang Do_Bodden_2020, title={Explaining Static Analysis with Rule Graphs}, journal={IEEE Transactions on Software Engineering}, author={Nguyen Quang Do, Lisa and Bodden, Eric}, year={2020} }' chicago: Nguyen Quang Do, Lisa, and Eric Bodden. “Explaining Static Analysis with Rule Graphs.” IEEE Transactions on Software Engineering, 2020. ieee: L. Nguyen Quang Do and E. Bodden, “Explaining Static Analysis with Rule Graphs,” IEEE Transactions on Software Engineering, 2020. mla: Nguyen Quang Do, Lisa, and Eric Bodden. “Explaining Static Analysis with Rule Graphs.” IEEE Transactions on Software Engineering, 2020. short: L. Nguyen Quang Do, E. Bodden, IEEE Transactions on Software Engineering (2020). date_created: 2020-11-26T08:38:33Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/tse20ruleGraphs.pdf publication: IEEE Transactions on Software Engineering status: public title: Explaining Static Analysis with Rule Graphs type: journal_article user_id: '5786' year: '2020' ... --- _id: '20509' author: - first_name: Andreas full_name: Fischer, Andreas last_name: Fischer - first_name: Jonas full_name: Janneck, Jonas last_name: Janneck - first_name: Jörn full_name: Kussmaul, Jörn last_name: Kussmaul - first_name: Nikolas full_name: Krätzschmar, Nikolas last_name: Krätzschmar - first_name: Florian full_name: Kerschbaum, Florian last_name: Kerschbaum - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Fischer A, Janneck J, Kussmaul J, Krätzschmar N, Kerschbaum F, Bodden E. PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage. In: 2020 IEEE Computer Security Foundations Symposium (CSF). ; 2020.' apa: 'Fischer, A., Janneck, J., Kussmaul, J., Krätzschmar, N., Kerschbaum, F., & Bodden, E. (2020). PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage. 2020 IEEE Computer Security Foundations Symposium (CSF).' bibtex: '@inproceedings{Fischer_Janneck_Kussmaul_Krätzschmar_Kerschbaum_Bodden_2020, title={PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage}, booktitle={2020 IEEE Computer Security Foundations Symposium (CSF)}, author={Fischer, Andreas and Janneck, Jonas and Kussmaul, Jörn and Krätzschmar, Nikolas and Kerschbaum, Florian and Bodden, Eric}, year={2020} }' chicago: 'Fischer, Andreas, Jonas Janneck, Jörn Kussmaul, Nikolas Krätzschmar, Florian Kerschbaum, and Eric Bodden. “PASAPTO: Policy-Aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage.” In 2020 IEEE Computer Security Foundations Symposium (CSF), 2020.' ieee: 'A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, and E. Bodden, “PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage,” 2020.' mla: 'Fischer, Andreas, et al. “PASAPTO: Policy-Aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage.” 2020 IEEE Computer Security Foundations Symposium (CSF), 2020.' short: 'A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, E. Bodden, in: 2020 IEEE Computer Security Foundations Symposium (CSF), 2020.' date_created: 2020-11-26T08:40:08Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/fjk+20pasapto.pdf publication: 2020 IEEE Computer Security Foundations Symposium (CSF) status: public title: 'PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage' type: conference user_id: '5786' year: '2020' ... --- _id: '20510' author: - first_name: Manuel full_name: Benz, Manuel last_name: Benz - first_name: Erik full_name: Krogh Kristensen, Erik last_name: Krogh Kristensen - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Nataniel full_name: P. Borges Jr., Nataniel last_name: P. Borges Jr. - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Andreas full_name: Zeller, Andreas last_name: Zeller citation: ama: 'Benz M, Krogh Kristensen E, Luo L, P. Borges Jr. N, Bodden E, Zeller A. Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis. In: International Conference for Software Engineering (ICSE). ; 2020.' apa: 'Benz, M., Krogh Kristensen, E., Luo, L., P. Borges Jr., N., Bodden, E., & Zeller, A. (2020). Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis. International Conference for Software Engineering (ICSE).' bibtex: '@inproceedings{Benz_Krogh Kristensen_Luo_P. Borges Jr._Bodden_Zeller_2020, title={Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis}, booktitle={International Conference for Software Engineering (ICSE)}, author={Benz, Manuel and Krogh Kristensen, Erik and Luo, Linghui and P. Borges Jr., Nataniel and Bodden, Eric and Zeller, Andreas}, year={2020} }' chicago: 'Benz, Manuel, Erik Krogh Kristensen, Linghui Luo, Nataniel P. Borges Jr., Eric Bodden, and Andreas Zeller. “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis.” In International Conference for Software Engineering (ICSE), 2020.' ieee: 'M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, and A. Zeller, “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis,” 2020.' mla: 'Benz, Manuel, et al. “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis.” International Conference for Software Engineering (ICSE), 2020.' short: 'M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, A. Zeller, in: International Conference for Software Engineering (ICSE), 2020.' date_created: 2020-11-26T08:47:56Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng publication: International Conference for Software Engineering (ICSE) status: public title: 'Heaps''n Leaks: How Heap Snapshots Improve Android Taint Analysis' type: conference user_id: '5786' year: '2020' ... --- _id: '20511' author: - first_name: Andreas full_name: Fischer, Andreas last_name: Fischer - first_name: Benny full_name: Fuhry, Benny last_name: Fuhry - first_name: Florian full_name: Kerschbaum, Florian last_name: Kerschbaum - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Fischer A, Fuhry B, Kerschbaum F, Bodden E. Computation on Encrypted Data using Dataflow Authentication. In: Privacy Enhancing Technologies Symposium (PETS/PoPETS). ; 2020.' apa: Fischer, A., Fuhry, B., Kerschbaum, F., & Bodden, E. (2020). Computation on Encrypted Data using Dataflow Authentication. Privacy Enhancing Technologies Symposium (PETS/PoPETS). bibtex: '@inproceedings{Fischer_Fuhry_Kerschbaum_Bodden_2020, title={Computation on Encrypted Data using Dataflow Authentication}, booktitle={Privacy Enhancing Technologies Symposium (PETS/PoPETS)}, author={Fischer, Andreas and Fuhry, Benny and Kerschbaum, Florian and Bodden, Eric}, year={2020} }' chicago: Fischer, Andreas, Benny Fuhry, Florian Kerschbaum, and Eric Bodden. “Computation on Encrypted Data Using Dataflow Authentication.” In Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020. ieee: A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data using Dataflow Authentication,” 2020. mla: Fischer, Andreas, et al. “Computation on Encrypted Data Using Dataflow Authentication.” Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020. short: 'A. Fischer, B. Fuhry, F. Kerschbaum, E. Bodden, in: Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020.' date_created: 2020-11-26T08:50:59Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/ffk+20computation.pdf publication: Privacy Enhancing Technologies Symposium (PETS/PoPETS) status: public title: Computation on Encrypted Data using Dataflow Authentication type: conference user_id: '5786' year: '2020' ... --- _id: '20512' author: - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Krüger S, Ali K, Bodden E. CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs. In: International Symposium on Code Generation and Optimization (CGO). ; 2020:185-198.' apa: Krüger, S., Ali, K., & Bodden, E. (2020). CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs. International Symposium on Code Generation and Optimization (CGO), 185–198. bibtex: '@inproceedings{Krüger_Ali_Bodden_2020, title={CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs}, booktitle={International Symposium on Code Generation and Optimization (CGO)}, author={Krüger, Stefan and Ali, Karim and Bodden, Eric}, year={2020}, pages={185–198} }' chicago: Krüger, Stefan, Karim Ali, and Eric Bodden. “CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs.” In International Symposium on Code Generation and Optimization (CGO), 185–98, 2020. ieee: S. Krüger, K. Ali, and E. Bodden, “CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs,” in International Symposium on Code Generation and Optimization (CGO), 2020, pp. 185–198. mla: Krüger, Stefan, et al. “CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs.” International Symposium on Code Generation and Optimization (CGO), 2020, pp. 185–98. short: 'S. Krüger, K. Ali, E. Bodden, in: International Symposium on Code Generation and Optimization (CGO), 2020, pp. 185–198.' date_created: 2020-11-26T08:51:01Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng page: 185-198 publication: International Symposium on Code Generation and Optimization (CGO) related_material: link: - relation: confirmation url: http://www.bodden.de/pubs/krueger20cognicryptgen.pdf status: public title: CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs type: conference user_id: '5786' year: '2020' ... --- _id: '20513' abstract: - lang: ger text: "Frühere Studien haben empirisch offenbart, dass Fehlbenutzungen von kryptographischen APIs in Softwareanwendungen weitverbreitet sind. Dies geschieht vor allem, weil Software-Entwickler_innen aufgrund schlechten API-Designs und fehlenden Kryptographiewissens Probleme bekommen, wenn sie versuchen kryptographische Features zu implementieren. Die Literatur liefert mehrere Ansätze und Vorschläge diese Probleme zu lösen, aber alle scheitern schlussendlich auf die eine oder andere Weise daran die Anforderungen der Entwickler_innenzu erfüllen. Das Resultat ist eine insgesamt lückenhafte Landschaft verschiedener nur wenigkomplementärer Ansätze.In dieser Arbeit adressieren wir das Problem kryptographischer Fehlbenutzungen systematischer durch CogniCrypt. CogniCrypt integriert verschiedene Arten von Tool Supportin einen gemeinsamen Ansatz, der Entwickler_innen davon befreit wissen zu müssen, wie diese APIs benutzt werden müssen. Zentral für unseren Ansatz ist CrySL, eine Beschreibungssprache,die die kognitive Lücke zwischen Kryptographie-Expert_innen und Software-Entwickler_innenüberbrückt. CrySL ermöglicht es Kryptographie-Expert_innen zu spezifizeren, wie die APIs,die sie bereitstellen, richtig benutzt werden. Wir haben einen Compiler für CrySL implementiert, der es erlaubt auf CrySL-Spezifikationen aufbauenden Tool Support zu entwickeln. Wir haben weiterhin die statische Analyse CogniCrypt_SAST und den Code-Generator CogniCrypt_GEN entwickelt. Schlussendlich haben wir CogniCrypt prototypisch implementiert und diesen Prototyp in einem kontrollierten Experiment evaluiert.\r\n" author: - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger citation: ama: Krüger S. CogniCrypt -- The Secure Integration of Cryptographic Software. Universitaetsbibliothek Paderborn; 2020. apa: Krüger, S. (2020). CogniCrypt -- The Secure Integration of Cryptographic Software. Universitaetsbibliothek Paderborn. bibtex: '@book{Krüger_2020, title={CogniCrypt -- The Secure Integration of Cryptographic Software}, publisher={Universitaetsbibliothek Paderborn}, author={Krüger, Stefan}, year={2020} }' chicago: Krüger, Stefan. CogniCrypt -- The Secure Integration of Cryptographic Software. Universitaetsbibliothek Paderborn, 2020. ieee: S. Krüger, CogniCrypt -- The Secure Integration of Cryptographic Software. Universitaetsbibliothek Paderborn, 2020. mla: Krüger, Stefan. CogniCrypt -- The Secure Integration of Cryptographic Software. Universitaetsbibliothek Paderborn, 2020. short: S. Krüger, CogniCrypt -- The Secure Integration of Cryptographic Software, Universitaetsbibliothek Paderborn, 2020. date_created: 2020-11-26T09:02:19Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: https://digital.ub.uni-paderborn.de/hs/document/preview/3500836 publisher: Universitaetsbibliothek Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: CogniCrypt -- The Secure Integration of Cryptographic Software type: dissertation user_id: '5786' year: '2020' ... --- _id: '20518' author: - first_name: Thorsten full_name: Koch, Thorsten id: '13616' last_name: Koch - first_name: Stefan full_name: Dziwok, Stefan id: '3901' last_name: Dziwok orcid: http://orcid.org/0000-0002-8679-6673 - first_name: Jörg full_name: Holtmann, Jörg id: '3875' last_name: Holtmann orcid: 0000-0001-6141-4571 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Koch T, Dziwok S, Holtmann J, Bodden E. Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers. In: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). ACM; 2020. doi:10.1145/3365438.3410946' apa: Koch, T., Dziwok, S., Holtmann, J., & Bodden, E. (2020). Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers. ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). https://doi.org/10.1145/3365438.3410946 bibtex: '@inproceedings{Koch_Dziwok_Holtmann_Bodden_2020, title={Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers}, DOI={10.1145/3365438.3410946}, booktitle={ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20)}, publisher={ACM}, author={Koch, Thorsten and Dziwok, Stefan and Holtmann, Jörg and Bodden, Eric}, year={2020} }' chicago: Koch, Thorsten, Stefan Dziwok, Jörg Holtmann, and Eric Bodden. “Scenario-Based Specification of Security Protocols and Transformation to Security Model Checkers.” In ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20). ACM, 2020. https://doi.org/10.1145/3365438.3410946. ieee: 'T. Koch, S. Dziwok, J. Holtmann, and E. Bodden, “Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers,” 2020, doi: 10.1145/3365438.3410946.' mla: Koch, Thorsten, et al. “Scenario-Based Specification of Security Protocols and Transformation to Security Model Checkers.” ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20), ACM, 2020, doi:10.1145/3365438.3410946. short: 'T. Koch, S. Dziwok, J. Holtmann, E. Bodden, in: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20), ACM, 2020.' date_created: 2020-11-26T10:19:54Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' - _id: '241' - _id: '662' doi: 10.1145/3365438.3410946 language: - iso: eng publication: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20) publisher: ACM status: public title: Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers type: conference user_id: '5786' year: '2020' ... --- _id: '20521' author: - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking citation: ama: Gerking C. Model-Driven Information Flow Security Engineering for Cyber-Physical Systems. Paderborn University; 2020. doi:10.17619/UNIPB/1-1033 apa: Gerking, C. (2020). Model-Driven Information Flow Security Engineering for Cyber-Physical Systems. Paderborn University. https://doi.org/10.17619/UNIPB/1-1033 bibtex: '@book{Gerking_2020, title={Model-Driven Information Flow Security Engineering for Cyber-Physical Systems}, DOI={10.17619/UNIPB/1-1033}, publisher={Paderborn University}, author={Gerking, Christopher}, year={2020} }' chicago: Gerking, Christopher. Model-Driven Information Flow Security Engineering for Cyber-Physical Systems. Paderborn University, 2020. https://doi.org/10.17619/UNIPB/1-1033. ieee: C. Gerking, Model-Driven Information Flow Security Engineering for Cyber-Physical Systems. Paderborn University, 2020. mla: Gerking, Christopher. Model-Driven Information Flow Security Engineering for Cyber-Physical Systems. Paderborn University, 2020, doi:10.17619/UNIPB/1-1033. short: C. Gerking, Model-Driven Information Flow Security Engineering for Cyber-Physical Systems, Paderborn University, 2020. date_created: 2020-11-26T10:37:17Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.17619/UNIPB/1-1033 language: - iso: eng publisher: Paderborn University status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: Model-Driven Information Flow Security Engineering for Cyber-Physical Systems type: dissertation user_id: '5786' year: '2020' ... --- _id: '20712' author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 citation: ama: Schubert P, Bodden E, Hermann B. Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries.; 2020. apa: Schubert, P., Bodden, E., & Hermann, B. (2020). Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries. bibtex: '@book{Schubert_Bodden_Hermann_2020, title={Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries}, author={Schubert, Philipp and Bodden, Eric and Hermann, Ben}, year={2020} }' chicago: Schubert, Philipp, Eric Bodden, and Ben Hermann. Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries, 2020. ieee: P. Schubert, E. Bodden, and B. Hermann, Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries. 2020. mla: Schubert, Philipp, et al. Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries. 2020. short: P. Schubert, E. Bodden, B. Hermann, Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries, 2020. date_created: 2020-12-14T07:44:11Z date_updated: 2022-01-06T06:54:34Z ddc: - '000' department: - _id: '76' file: - access_level: closed content_type: application/pdf creator: pdschbrt date_created: 2020-12-14T07:39:07Z date_updated: 2020-12-14T07:39:07Z file_id: '20713' file_name: main.pdf file_size: 683576 relation: main_file success: 1 file_date_updated: 2020-12-14T07:39:07Z has_accepted_license: '1' language: - iso: eng project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 status: public title: Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries type: report user_id: '477' year: '2020' ... --- _id: '20891' abstract: - lang: eng text: "Today, software systems are rarely developed monolithically, but may be composed of numerous individually developed features. Their modularization facilitates independent development and verification. While feature-based strategies to verify features in isolation have existed for years, they cannot address interactions between features. The problem with feature interactions is that they are typically unknown and may involve any subset of the features. Contrary, a family-based verification strategy captures feature interactions, but does not scale well when features evolve frequently. To the best of our knowledge, there currently exists no approach with focus on evolving features that combines both strategies and aims at eliminating their respective drawbacks. To fill this gap, we introduce Fefalution, a feature-family-based verification approach based on abstract contracts to verify evolving features and their interactions. Fefalution builds partial proofs for each evolving feature and then reuses the resulting partial proofs in verifying feature interactions, yielding a full verification of the complete software system. Moreover, to investigate whether a combination of both strategies is fruitful, we present the first empirical study for the verification of evolving features implemented by means of feature-oriented programming and by comparing Fefalution with another five family-based approaches varying in a set of optimizations. Our results indicate that partial proofs based on abstract contracts exhibit huge reuse potential, but also come with a substantial overhead for smaller evolution scenarios.\r\n" author: - first_name: Alexander full_name: Knüppel, Alexander last_name: Knüppel - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Thomas full_name: Thüm, Thomas last_name: Thüm - first_name: Richard full_name: Bubel, Richard last_name: Bubel - first_name: Sebastian full_name: Krieter, Sebastian last_name: Krieter - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Ina full_name: Schaefer, Ina last_name: Schaefer citation: ama: 'Knüppel A, Krüger S, Thüm T, et al. Using Abstract Contracts for Verifying Evolving Features and Their Interactions. In: Lecture Notes in Computer Science. ; 2020. doi:10.1007/978-3-030-64354-6_5' apa: Knüppel, A., Krüger, S., Thüm, T., Bubel, R., Krieter, S., Bodden, E., & Schaefer, I. (2020). Using Abstract Contracts for Verifying Evolving Features and Their Interactions. In Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-030-64354-6_5 bibtex: '@inbook{Knüppel_Krüger_Thüm_Bubel_Krieter_Bodden_Schaefer_2020, place={Cham}, title={Using Abstract Contracts for Verifying Evolving Features and Their Interactions}, DOI={10.1007/978-3-030-64354-6_5}, booktitle={Lecture Notes in Computer Science}, author={Knüppel, Alexander and Krüger, Stefan and Thüm, Thomas and Bubel, Richard and Krieter, Sebastian and Bodden, Eric and Schaefer, Ina}, year={2020} }' chicago: Knüppel, Alexander, Stefan Krüger, Thomas Thüm, Richard Bubel, Sebastian Krieter, Eric Bodden, and Ina Schaefer. “Using Abstract Contracts for Verifying Evolving Features and Their Interactions.” In Lecture Notes in Computer Science. Cham, 2020. https://doi.org/10.1007/978-3-030-64354-6_5. ieee: A. Knüppel et al., “Using Abstract Contracts for Verifying Evolving Features and Their Interactions,” in Lecture Notes in Computer Science, Cham, 2020. mla: Knüppel, Alexander, et al. “Using Abstract Contracts for Verifying Evolving Features and Their Interactions.” Lecture Notes in Computer Science, 2020, doi:10.1007/978-3-030-64354-6_5. short: 'A. Knüppel, S. Krüger, T. Thüm, R. Bubel, S. Krieter, E. Bodden, I. Schaefer, in: Lecture Notes in Computer Science, Cham, 2020.' date_created: 2021-01-11T09:15:41Z date_updated: 2022-01-06T06:54:41Z department: - _id: '76' doi: 10.1007/978-3-030-64354-6_5 language: - iso: eng place: Cham publication: Lecture Notes in Computer Science publication_identifier: isbn: - '9783030643539' - '9783030643546' issn: - 0302-9743 - 1611-3349 publication_status: published status: public title: Using Abstract Contracts for Verifying Evolving Features and Their Interactions type: book_chapter user_id: '5786' year: '2020' ... --- _id: '23376' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Oshando full_name: Johnson, Oshando last_name: Johnson - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Piskachev G, Nguyen Quang Do L, Johnson O, Bodden E. SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). ; 2020. doi:10.1109/ase.2019.00110' apa: 'Piskachev, G., Nguyen Quang Do, L., Johnson, O., & Bodden, E. (2020). SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). https://doi.org/10.1109/ase.2019.00110' bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Johnson_Bodden_2020, title={SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods}, DOI={10.1109/ase.2019.00110}, booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)}, author={Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando and Bodden, Eric}, year={2020} }' chicago: 'Piskachev, Goran, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020. https://doi.org/10.1109/ase.2019.00110.' ieee: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2020, doi: 10.1109/ase.2019.00110.' mla: 'Piskachev, Goran, et al. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020, doi:10.1109/ase.2019.00110.' short: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, E. Bodden, in: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020.' date_created: 2021-08-09T12:03:30Z date_updated: 2022-01-06T06:55:50Z department: - _id: '241' - _id: '662' - _id: '76' doi: 10.1109/ase.2019.00110 language: - iso: eng publication: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) publication_status: published status: public title: 'SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods' type: conference user_id: '5786' year: '2020' ... --- _id: '23377' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Tobias full_name: Petrasch, Tobias last_name: Petrasch - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Piskachev G, Petrasch T, Späth J, Bodden E. AuthCheck: Program-State Analysis for Access-Control Vulnerabilities. In: Lecture Notes in Computer Science. ; 2020. doi:10.1007/978-3-030-54997-8_34' apa: 'Piskachev, G., Petrasch, T., Späth, J., & Bodden, E. (2020). AuthCheck: Program-State Analysis for Access-Control Vulnerabilities. In Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-030-54997-8_34' bibtex: '@inbook{Piskachev_Petrasch_Späth_Bodden_2020, place={Cham}, title={AuthCheck: Program-State Analysis for Access-Control Vulnerabilities}, DOI={10.1007/978-3-030-54997-8_34}, booktitle={Lecture Notes in Computer Science}, author={Piskachev, Goran and Petrasch, Tobias and Späth, Johannes and Bodden, Eric}, year={2020} }' chicago: 'Piskachev, Goran, Tobias Petrasch, Johannes Späth, and Eric Bodden. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” In Lecture Notes in Computer Science. Cham, 2020. https://doi.org/10.1007/978-3-030-54997-8_34.' ieee: 'G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities,” in Lecture Notes in Computer Science, Cham, 2020.' mla: 'Piskachev, Goran, et al. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” Lecture Notes in Computer Science, 2020, doi:10.1007/978-3-030-54997-8_34.' short: 'G. Piskachev, T. Petrasch, J. Späth, E. Bodden, in: Lecture Notes in Computer Science, Cham, 2020.' date_created: 2021-08-09T12:05:09Z date_updated: 2022-01-06T06:55:50Z department: - _id: '241' - _id: '662' - _id: '76' doi: 10.1007/978-3-030-54997-8_34 language: - iso: eng place: Cham publication: Lecture Notes in Computer Science publication_identifier: issn: - 0302-9743 - 1611-3349 publication_status: published status: public title: 'AuthCheck: Program-State Analysis for Access-Control Vulnerabilities' type: book_chapter user_id: '5786' year: '2020' ... --- _id: '20522' author: - first_name: Philipp full_name: Holzinger, Philipp last_name: Holzinger citation: ama: Holzinger P. A Systematic Analysis and Hardening of the Java Security Architecture. Universität Paderborn; 2019. apa: Holzinger, P. (2019). A Systematic Analysis and Hardening of the Java Security Architecture. Universität Paderborn. bibtex: '@book{Holzinger_2019, title={A Systematic Analysis and Hardening of the Java Security Architecture}, publisher={Universität Paderborn}, author={Holzinger, Philipp}, year={2019} }' chicago: Holzinger, Philipp. A Systematic Analysis and Hardening of the Java Security Architecture. Universität Paderborn, 2019. ieee: P. Holzinger, A Systematic Analysis and Hardening of the Java Security Architecture. Universität Paderborn, 2019. mla: Holzinger, Philipp. A Systematic Analysis and Hardening of the Java Security Architecture. Universität Paderborn, 2019. short: P. Holzinger, A Systematic Analysis and Hardening of the Java Security Architecture, Universität Paderborn, 2019. date_created: 2020-11-26T10:44:52Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/phdHolzinger.pdf publisher: Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric last_name: Bodden title: A Systematic Analysis and Hardening of the Java Security Architecture type: dissertation user_id: '5786' year: '2019' ... --- _id: '20524' author: - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do citation: ama: Nguyen Quang Do L. User-Centered Tool Design for Data-Flow Analysis. Universität Paderborn; 2019. apa: Nguyen Quang Do, L. (2019). User-Centered Tool Design for Data-Flow Analysis. Universität Paderborn. bibtex: '@book{Nguyen Quang Do_2019, title={User-Centered Tool Design for Data-Flow Analysis}, publisher={Universität Paderborn}, author={Nguyen Quang Do, Lisa}, year={2019} }' chicago: Nguyen Quang Do, Lisa. User-Centered Tool Design for Data-Flow Analysis. Universität Paderborn, 2019. ieee: L. Nguyen Quang Do, User-Centered Tool Design for Data-Flow Analysis. Universität Paderborn, 2019. mla: Nguyen Quang Do, Lisa. User-Centered Tool Design for Data-Flow Analysis. Universität Paderborn, 2019. short: L. Nguyen Quang Do, User-Centered Tool Design for Data-Flow Analysis, Universität Paderborn, 2019. date_created: 2020-11-26T10:47:51Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng publisher: Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: User-Centered Tool Design for Data-Flow Analysis type: dissertation user_id: '5786' year: '2019' ... --- _id: '20525' author: - first_name: Lars full_name: Stockmann, Lars id: '48144' last_name: Stockmann - first_name: Sven full_name: Laux, Sven last_name: Laux - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Stockmann L, Laux S, Bodden E. Architectural Runtime Verification. In: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). ; 2019:77-84. doi:10.1109/ICSA-C.2019.00021' apa: Stockmann, L., Laux, S., & Bodden, E. (2019). Architectural Runtime Verification. 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 77–84. https://doi.org/10.1109/ICSA-C.2019.00021 bibtex: '@inproceedings{Stockmann_Laux_Bodden_2019, title={Architectural Runtime Verification}, DOI={10.1109/ICSA-C.2019.00021}, booktitle={2019 IEEE International Conference on Software Architecture Companion (ICSA-C)}, author={Stockmann, Lars and Laux, Sven and Bodden, Eric}, year={2019}, pages={77–84} }' chicago: Stockmann, Lars, Sven Laux, and Eric Bodden. “Architectural Runtime Verification.” In 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 77–84, 2019. https://doi.org/10.1109/ICSA-C.2019.00021. ieee: 'L. Stockmann, S. Laux, and E. Bodden, “Architectural Runtime Verification,” in 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 2019, pp. 77–84, doi: 10.1109/ICSA-C.2019.00021.' mla: Stockmann, Lars, et al. “Architectural Runtime Verification.” 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 2019, pp. 77–84, doi:10.1109/ICSA-C.2019.00021. short: 'L. Stockmann, S. Laux, E. Bodden, in: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 2019, pp. 77–84.' date_created: 2020-11-27T10:16:59Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1109/ICSA-C.2019.00021 language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/stockmann19architectural.pdf page: 77-84 publication: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C) status: public title: Architectural Runtime Verification type: conference user_id: '5786' year: '2019' ... --- _id: '20527' author: - first_name: Mohammadreza full_name: Hazhirpasand, Mohammadreza last_name: Hazhirpasand - first_name: Mohammad full_name: Ghafari, Mohammad last_name: Ghafari - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Oskar full_name: Nierstrasz, Oskar last_name: Nierstrasz citation: ama: 'Hazhirpasand M, Ghafari M, Krüger S, Bodden E, Nierstrasz O. The Impact of Developer Experience in Using Java Cryptography. In: 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). ; 2019:1-6. doi:10.1109/ESEM.2019.8870184' apa: Hazhirpasand, M., Ghafari, M., Krüger, S., Bodden, E., & Nierstrasz, O. (2019). The Impact of Developer Experience in Using Java Cryptography. 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 1–6. https://doi.org/10.1109/ESEM.2019.8870184 bibtex: '@inproceedings{Hazhirpasand_Ghafari_Krüger_Bodden_Nierstrasz_2019, title={The Impact of Developer Experience in Using Java Cryptography}, DOI={10.1109/ESEM.2019.8870184}, booktitle={2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)}, author={Hazhirpasand, Mohammadreza and Ghafari, Mohammad and Krüger, Stefan and Bodden, Eric and Nierstrasz, Oskar}, year={2019}, pages={1–6} }' chicago: Hazhirpasand, Mohammadreza, Mohammad Ghafari, Stefan Krüger, Eric Bodden, and Oskar Nierstrasz. “The Impact of Developer Experience in Using Java Cryptography.” In 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 1–6, 2019. https://doi.org/10.1109/ESEM.2019.8870184. ieee: 'M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, and O. Nierstrasz, “The Impact of Developer Experience in Using Java Cryptography,” in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019, pp. 1–6, doi: 10.1109/ESEM.2019.8870184.' mla: Hazhirpasand, Mohammadreza, et al. “The Impact of Developer Experience in Using Java Cryptography.” 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019, pp. 1–6, doi:10.1109/ESEM.2019.8870184. short: 'M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, O. Nierstrasz, in: 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019, pp. 1–6.' date_created: 2020-11-27T10:20:37Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1109/ESEM.2019.8870184 language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/hazhirpasand19impact.pdf page: 1-6 publication: 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) publication_identifier: issn: - 1949-3770 status: public title: The Impact of Developer Experience in Using Java Cryptography type: conference user_id: '5786' year: '2019' ... --- _id: '20528' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Tobias full_name: Petrasch, Tobias last_name: Petrasch - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Piskachev G, Petrasch T, Späth J, Bodden E. AuthCheck: Program-state Analysis for Access-control Vulnerabilities. In: 10th Workshop on Tools for Automatic Program Analysis (TAPAS). ; 2019.' apa: 'Piskachev, G., Petrasch, T., Späth, J., & Bodden, E. (2019). AuthCheck: Program-state Analysis for Access-control Vulnerabilities. 10th Workshop on Tools for Automatic Program Analysis (TAPAS).' bibtex: '@inproceedings{Piskachev_Petrasch_Späth_Bodden_2019, title={AuthCheck: Program-state Analysis for Access-control Vulnerabilities}, booktitle={10th Workshop on Tools for Automatic Program Analysis (TAPAS)}, author={Piskachev, Goran and Petrasch, Tobias and Späth, Johannes and Bodden, Eric}, year={2019} }' chicago: 'Piskachev, Goran, Tobias Petrasch, Johannes Späth, and Eric Bodden. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” In 10th Workshop on Tools for Automatic Program Analysis (TAPAS), 2019.' ieee: 'G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-state Analysis for Access-control Vulnerabilities,” 2019.' mla: 'Piskachev, Goran, et al. “AuthCheck: Program-State Analysis for Access-Control Vulnerabilities.” 10th Workshop on Tools for Automatic Program Analysis (TAPAS), 2019.' short: 'G. Piskachev, T. Petrasch, J. Späth, E. Bodden, in: 10th Workshop on Tools for Automatic Program Analysis (TAPAS), 2019.' date_created: 2020-11-27T10:21:19Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' - _id: '241' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/piskachev19authcheck.pdf publication: 10th Workshop on Tools for Automatic Program Analysis (TAPAS) status: public title: 'AuthCheck: Program-state Analysis for Access-control Vulnerabilities' type: conference user_id: '5786' year: '2019' ... --- _id: '20529' author: - first_name: Marcus full_name: Nachtigall, Marcus id: '41213' last_name: Nachtigall - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Nachtigall M, Nguyen Quang Do L, Bodden E. Explaining Static Analysis -- A Perspective. In: 1st International Workshop on Explainable Software (EXPLAIN) at ASE. ; 2019.' apa: Nachtigall, M., Nguyen Quang Do, L., & Bodden, E. (2019). Explaining Static Analysis -- A Perspective. 1st International Workshop on Explainable Software (EXPLAIN) at ASE. bibtex: '@inproceedings{Nachtigall_Nguyen Quang Do_Bodden_2019, title={Explaining Static Analysis -- A Perspective}, booktitle={1st International Workshop on Explainable Software (EXPLAIN) at ASE}, author={Nachtigall, Marcus and Nguyen Quang Do, Lisa and Bodden, Eric}, year={2019} }' chicago: Nachtigall, Marcus, Lisa Nguyen Quang Do, and Eric Bodden. “Explaining Static Analysis -- A Perspective.” In 1st International Workshop on Explainable Software (EXPLAIN) at ASE, 2019. ieee: M. Nachtigall, L. Nguyen Quang Do, and E. Bodden, “Explaining Static Analysis -- A Perspective,” 2019. mla: Nachtigall, Marcus, et al. “Explaining Static Analysis -- A Perspective.” 1st International Workshop on Explainable Software (EXPLAIN) at ASE, 2019. short: 'M. Nachtigall, L. Nguyen Quang Do, E. Bodden, in: 1st International Workshop on Explainable Software (EXPLAIN) at ASE, 2019.' date_created: 2020-11-27T10:22:38Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/nachtigall19explaining.pdf publication: 1st International Workshop on Explainable Software (EXPLAIN) at ASE status: public title: Explaining Static Analysis -- A Perspective type: conference user_id: '5786' year: '2019' ... --- _id: '20531' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Johannes full_name: Späth, Johannes last_name: Späth citation: ama: 'Luo L, Bodden E, Späth J. A Qualitative Analysis of Android Taint-Analysis Results. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019). ; 2019.' apa: Luo, L., Bodden, E., & Späth, J. (2019). A Qualitative Analysis of Android Taint-Analysis Results. IEEE/ACM International Conference on Automated Software Engineering (ASE 2019). bibtex: '@inproceedings{Luo_Bodden_Späth_2019, title={A Qualitative Analysis of Android Taint-Analysis Results}, booktitle={IEEE/ACM International Conference on Automated Software Engineering (ASE 2019)}, author={Luo, Linghui and Bodden, Eric and Späth, Johannes}, year={2019} }' chicago: Luo, Linghui, Eric Bodden, and Johannes Späth. “A Qualitative Analysis of Android Taint-Analysis Results.” In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), 2019. ieee: L. Luo, E. Bodden, and J. Späth, “A Qualitative Analysis of Android Taint-Analysis Results,” 2019. mla: Luo, Linghui, et al. “A Qualitative Analysis of Android Taint-Analysis Results.” IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), 2019. short: 'L. Luo, E. Bodden, J. Späth, in: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), 2019.' date_created: 2020-11-27T10:25:40Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/ase19qualitative.pdf publication: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019) status: public title: A Qualitative Analysis of Android Taint-Analysis Results type: conference user_id: '5786' year: '2019' ... --- _id: '20532' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Oshando full_name: Johnson, Oshando last_name: Johnson - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Piskachev G, Nguyen Quang Do L, Johnson O, Bodden E. SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track. ; 2019.' apa: 'Piskachev, G., Nguyen Quang Do, L., Johnson, O., & Bodden, E. (2019). SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track.' bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Johnson_Bodden_2019, title={SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods}, booktitle={IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track}, author={Piskachev, Goran and Nguyen Quang Do, Lisa and Johnson, Oshando and Bodden, Eric}, year={2019} }' chicago: 'Piskachev, Goran, Lisa Nguyen Quang Do, Oshando Johnson, and Eric Bodden. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019.' ieee: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2019.' mla: 'Piskachev, Goran, et al. “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods.” IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019.' short: 'G. Piskachev, L. Nguyen Quang Do, O. Johnson, E. Bodden, in: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019.' date_created: 2020-11-27T10:37:17Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/ase19swanAssist.pdf publication: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track status: public title: 'SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods' type: conference user_id: '5786' year: '2019' ... --- _id: '20533' author: - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Mira full_name: Mezini, Mira last_name: Mezini citation: ama: 'Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering. Published online 2019:1-1. doi:10.1109/TSE.2019.2948910' apa: 'Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2019). CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/TSE.2019.2948910' bibtex: '@article{Krüger_Späth_Ali_Bodden_Mezini_2019, title={CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}, DOI={10.1109/TSE.2019.2948910}, journal={IEEE Transactions on Software Engineering}, author={Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2019}, pages={1–1} }' chicago: 'Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering, 2019, 1–1. https://doi.org/10.1109/TSE.2019.2948910.' ieee: 'S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.' mla: 'Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” IEEE Transactions on Software Engineering, 2019, pp. 1–1, doi:10.1109/TSE.2019.2948910.' short: S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, IEEE Transactions on Software Engineering (2019) 1–1. date_created: 2020-11-27T10:48:38Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1109/TSE.2019.2948910 keyword: - Java - Encryption - Static analysis - Tools - Ciphers - Semantics - cryptography - domain-specific language - static analysis language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/tse19CrySL.pdf page: 1-1 publication: IEEE Transactions on Software Engineering publication_identifier: issn: - 2326-3881 status: public title: 'CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs' type: journal_article user_id: '5786' year: '2019' ... --- _id: '20534' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Piskachev G, Nguyen Quang Do L, Bodden E. Codebase-Adaptive Detection of Security-Relevant Methods. In: ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). ; 2019.' apa: Piskachev, G., Nguyen Quang Do, L., & Bodden, E. (2019). Codebase-Adaptive Detection of Security-Relevant Methods. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). bibtex: '@inproceedings{Piskachev_Nguyen Quang Do_Bodden_2019, title={Codebase-Adaptive Detection of Security-Relevant Methods}, booktitle={ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)}, author={Piskachev, Goran and Nguyen Quang Do, Lisa and Bodden, Eric}, year={2019} }' chicago: Piskachev, Goran, Lisa Nguyen Quang Do, and Eric Bodden. “Codebase-Adaptive Detection of Security-Relevant Methods.” In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2019. ieee: G. Piskachev, L. Nguyen Quang Do, and E. Bodden, “Codebase-Adaptive Detection of Security-Relevant Methods,” 2019. mla: Piskachev, Goran, et al. “Codebase-Adaptive Detection of Security-Relevant Methods.” ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2019. short: 'G. Piskachev, L. Nguyen Quang Do, E. Bodden, in: ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2019.' date_created: 2020-11-27T10:49:33Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/issta19swan.pdf publication: ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) status: public title: Codebase-Adaptive Detection of Security-Relevant Methods type: conference user_id: '5786' year: '2019' ... --- _id: '20535' author: - first_name: Linghui full_name: Luo, Linghui last_name: Luo - first_name: Julian full_name: Dolby, Julian last_name: Dolby - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Luo L, Dolby J, Bodden E. MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors. In: European Conference on Object-Oriented Programming (ECOOP). ; 2019.' apa: 'Luo, L., Dolby, J., & Bodden, E. (2019). MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors. European Conference on Object-Oriented Programming (ECOOP).' bibtex: '@inproceedings{Luo_Dolby_Bodden_2019, title={MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors}, booktitle={European Conference on Object-Oriented Programming (ECOOP)}, author={Luo, Linghui and Dolby, Julian and Bodden, Eric}, year={2019} }' chicago: 'Luo, Linghui, Julian Dolby, and Eric Bodden. “MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors.” In European Conference on Object-Oriented Programming (ECOOP), 2019.' ieee: 'L. Luo, J. Dolby, and E. Bodden, “MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors,” 2019.' mla: 'Luo, Linghui, et al. “MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors.” European Conference on Object-Oriented Programming (ECOOP), 2019.' short: 'L. Luo, J. Dolby, E. Bodden, in: European Conference on Object-Oriented Programming (ECOOP), 2019.' date_created: 2020-11-27T10:50:07Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/ldb19magpiebridge.pdf publication: European Conference on Object-Oriented Programming (ECOOP) status: public title: 'MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors' type: conference user_id: '5786' year: '2019' ... --- _id: '20536' author: - first_name: Johannes full_name: Späth, Johannes last_name: Späth citation: ama: Späth J. Synchronized Pushdown Systems for Pointer and Data-Flow Analysis. Universität Paderborn; 2019. apa: Späth, J. (2019). Synchronized Pushdown Systems for Pointer and Data-Flow Analysis. Universität Paderborn. bibtex: '@book{Späth_2019, title={Synchronized Pushdown Systems for Pointer and Data-Flow Analysis}, publisher={Universität Paderborn}, author={Späth, Johannes}, year={2019} }' chicago: Späth, Johannes. Synchronized Pushdown Systems for Pointer and Data-Flow Analysis. Universität Paderborn, 2019. ieee: J. Späth, Synchronized Pushdown Systems for Pointer and Data-Flow Analysis. Universität Paderborn, 2019. mla: Späth, Johannes. Synchronized Pushdown Systems for Pointer and Data-Flow Analysis. Universität Paderborn, 2019. short: J. Späth, Synchronized Pushdown Systems for Pointer and Data-Flow Analysis, Universität Paderborn, 2019. date_created: 2020-11-27T10:50:55Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/phdSpaeth.pdf publisher: Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: Synchronized Pushdown Systems for Pointer and Data-Flow Analysis type: dissertation user_id: '5786' year: '2019' ... --- _id: '20537' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Lisa full_name: Nguyen, Lisa last_name: Nguyen - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Piskachev G, Nguyen L, Bodden E. Codebase-Adaptive Detection of Security-Relevant Methods.; 2019. apa: Piskachev, G., Nguyen, L., & Bodden, E. (2019). Codebase-Adaptive Detection of Security-Relevant Methods. bibtex: '@book{Piskachev_Nguyen_Bodden_2019, title={Codebase-Adaptive Detection of Security-Relevant Methods}, author={Piskachev, Goran and Nguyen, Lisa and Bodden, Eric}, year={2019} }' chicago: Piskachev, Goran, Lisa Nguyen, and Eric Bodden. Codebase-Adaptive Detection of Security-Relevant Methods, 2019. ieee: G. Piskachev, L. Nguyen, and E. Bodden, Codebase-Adaptive Detection of Security-Relevant Methods. 2019. mla: Piskachev, Goran, et al. Codebase-Adaptive Detection of Security-Relevant Methods. 2019. short: G. Piskachev, L. Nguyen, E. Bodden, Codebase-Adaptive Detection of Security-Relevant Methods, 2019. date_created: 2020-11-27T10:51:53Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng status: public title: Codebase-Adaptive Detection of Security-Relevant Methods type: report user_id: '5786' year: '2019' ... --- _id: '20538' author: - first_name: Sigmund full_name: Albert Gorski Iii, Sigmund last_name: Albert Gorski Iii - first_name: Benjamin full_name: Andow, Benjamin last_name: Andow - first_name: Adwait full_name: Nadkarni, Adwait last_name: Nadkarni - first_name: Sunil full_name: Manandhar, Sunil last_name: Manandhar - first_name: William full_name: Enck, William last_name: Enck - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Alexandre full_name: Bartel, Alexandre last_name: Bartel citation: ama: 'Albert Gorski Iii S, Andow B, Nadkarni A, et al. ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware. In: ACM Conference on Data and Application Security and Privacy (CODASPY 2019). ; 2019.' apa: 'Albert Gorski Iii, S., Andow, B., Nadkarni, A., Manandhar, S., Enck, W., Bodden, E., & Bartel, A. (2019). ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware. ACM Conference on Data and Application Security and Privacy (CODASPY 2019).' bibtex: '@inproceedings{Albert Gorski Iii_Andow_Nadkarni_Manandhar_Enck_Bodden_Bartel_2019, title={ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware}, booktitle={ACM Conference on Data and Application Security and Privacy (CODASPY 2019)}, author={Albert Gorski Iii, Sigmund and Andow, Benjamin and Nadkarni, Adwait and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre}, year={2019} }' chicago: 'Albert Gorski Iii, Sigmund, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, and Alexandre Bartel. “ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware.” In ACM Conference on Data and Application Security and Privacy (CODASPY 2019), 2019.' ieee: 'S. Albert Gorski Iii et al., “ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware,” 2019.' mla: 'Albert Gorski Iii, Sigmund, et al. “ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware.” ACM Conference on Data and Application Security and Privacy (CODASPY 2019), 2019.' short: 'S. Albert Gorski Iii, B. Andow, A. Nadkarni, S. Manandhar, W. Enck, E. Bodden, A. Bartel, in: ACM Conference on Data and Application Security and Privacy (CODASPY 2019), 2019.' date_created: 2020-11-27T10:52:59Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' keyword: - ITSECWEBSITE - CROSSING language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/gan19acminer.pdf publication: ACM Conference on Data and Application Security and Privacy (CODASPY 2019) status: public title: 'ACMiner: Extraction and Analysis of Authorization Checks in Android''s Middleware' type: conference user_id: '5786' year: '2019' ... --- _id: '20539' author: - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Späth J, Ali K, Bodden E. Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems. Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages. 2019;3(POPL):48:1-48:29. doi:10.1145/3290361 apa: Späth, J., Ali, K., & Bodden, E. (2019). Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems. Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, 3(POPL), 48:1-48:29. https://doi.org/10.1145/3290361 bibtex: '@article{Späth_Ali_Bodden_2019, title={Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems}, volume={3}, DOI={10.1145/3290361}, number={POPL}, journal={Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages}, publisher={ACM}, author={Späth, Johannes and Ali, Karim and Bodden, Eric}, year={2019}, pages={48:1-48:29} }' chicago: 'Späth, Johannes, Karim Ali, and Eric Bodden. “Context-, Flow-, and Field-Sensitive Data-Flow Analysis Using Synchronized Pushdown Systems.” Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages 3, no. POPL (2019): 48:1-48:29. https://doi.org/10.1145/3290361.' ieee: 'J. Späth, K. Ali, and E. Bodden, “Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems,” Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, vol. 3, no. POPL, p. 48:1-48:29, 2019, doi: 10.1145/3290361.' mla: Späth, Johannes, et al. “Context-, Flow-, and Field-Sensitive Data-Flow Analysis Using Synchronized Pushdown Systems.” Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, vol. 3, no. POPL, ACM, 2019, p. 48:1-48:29, doi:10.1145/3290361. short: J. Späth, K. Ali, E. Bodden, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages 3 (2019) 48:1-48:29. date_created: 2020-11-27T10:53:57Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1145/3290361 intvolume: ' 3' issue: POPL keyword: - ATTRACT - ITSECWEBSITE - CROSSING language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/sab19context.pdf page: 48:1-48:29 publication: Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages publication_identifier: issn: - 2475-1421 publisher: ACM status: public title: Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems type: journal_article user_id: '5786' volume: 3 year: '2019' ... --- _id: '20759' author: - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking - first_name: David full_name: Schubert, David id: '9106' last_name: Schubert citation: ama: 'Gerking C, Schubert D. Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures. In: International Conference on Software Architecture (ICSA 2019). ; 2019.' apa: Gerking, C., & Schubert, D. (2019). Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures. International Conference on Software Architecture (ICSA 2019). bibtex: '@inproceedings{Gerking_Schubert_2019, title={Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures}, booktitle={International Conference on Software Architecture (ICSA 2019)}, author={Gerking, Christopher and Schubert, David}, year={2019} }' chicago: Gerking, Christopher, and David Schubert. “Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures.” In International Conference on Software Architecture (ICSA 2019), 2019. ieee: C. Gerking and D. Schubert, “Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures,” 2019. mla: Gerking, Christopher, and David Schubert. “Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures.” International Conference on Software Architecture (ICSA 2019), 2019. short: 'C. Gerking, D. Schubert, in: International Conference on Software Architecture (ICSA 2019), 2019.' date_created: 2020-12-16T14:03:44Z date_updated: 2022-01-06T06:54:36Z department: - _id: '76' - _id: '241' language: - iso: eng publication: International Conference on Software Architecture (ICSA 2019) status: public title: Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures type: conference user_id: '5786' year: '2019' ... --- _id: '23378' author: - first_name: Goran full_name: Piskachev, Goran last_name: Piskachev - first_name: Lisa Nguyen Quang full_name: Do, Lisa Nguyen Quang last_name: Do - first_name: Eric full_name: Bodden, Eric last_name: Bodden citation: ama: 'Piskachev G, Do LNQ, Bodden E. Codebase-adaptive detection of security-relevant methods. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. ; 2019. doi:10.1145/3293882.3330556' apa: Piskachev, G., Do, L. N. Q., & Bodden, E. (2019). Codebase-adaptive detection of security-relevant methods. Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. https://doi.org/10.1145/3293882.3330556 bibtex: '@inproceedings{Piskachev_Do_Bodden_2019, title={Codebase-adaptive detection of security-relevant methods}, DOI={10.1145/3293882.3330556}, booktitle={Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis}, author={Piskachev, Goran and Do, Lisa Nguyen Quang and Bodden, Eric}, year={2019} }' chicago: Piskachev, Goran, Lisa Nguyen Quang Do, and Eric Bodden. “Codebase-Adaptive Detection of Security-Relevant Methods.” In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019. https://doi.org/10.1145/3293882.3330556. ieee: 'G. Piskachev, L. N. Q. Do, and E. Bodden, “Codebase-adaptive detection of security-relevant methods,” 2019, doi: 10.1145/3293882.3330556.' mla: Piskachev, Goran, et al. “Codebase-Adaptive Detection of Security-Relevant Methods.” Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019, doi:10.1145/3293882.3330556. short: 'G. Piskachev, L.N.Q. Do, E. Bodden, in: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019.' date_created: 2021-08-09T12:06:52Z date_updated: 2022-01-06T06:55:50Z department: - _id: '241' - _id: '662' - _id: '76' doi: 10.1145/3293882.3330556 language: - iso: eng publication: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis publication_status: published status: public title: Codebase-adaptive detection of security-relevant methods type: conference user_id: '5786' year: '2019' ... --- _id: '7628' author: - first_name: Nils full_name: Selbach, Nils last_name: Selbach citation: ama: Selbach N. Modeling Crypto API Usages in OpenSSL’s EVP Library. Universität Paderborn; 2019. apa: Selbach, N. (2019). Modeling Crypto API usages in OpenSSL’s EVP library. Universität Paderborn. bibtex: '@book{Selbach_2019, title={Modeling Crypto API usages in OpenSSL’s EVP library}, publisher={Universität Paderborn}, author={Selbach, Nils}, year={2019} }' chicago: Selbach, Nils. Modeling Crypto API Usages in OpenSSL’s EVP Library. Universität Paderborn, 2019. ieee: N. Selbach, Modeling Crypto API usages in OpenSSL’s EVP library. Universität Paderborn, 2019. mla: Selbach, Nils. Modeling Crypto API Usages in OpenSSL’s EVP Library. Universität Paderborn, 2019. short: N. Selbach, Modeling Crypto API Usages in OpenSSL’s EVP Library, Universität Paderborn, 2019. date_created: 2019-02-12T07:28:12Z date_updated: 2022-01-06T07:03:41Z department: - _id: '76' language: - iso: eng project: - _id: '12' name: SFB 901 - Subproject B4 - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B publisher: Universität Paderborn status: public supervisor: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 title: Modeling Crypto API usages in OpenSSL's EVP library type: bachelorsthesis user_id: '477' year: '2019' ... --- _id: '14896' author: - first_name: Andreas full_name: Dann, Andreas last_name: Dann - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Dann A, Hermann B, Bodden E. ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering. Published online 2019:1-1. doi:10.1109/tse.2019.2931331' apa: 'Dann, A., Hermann, B., & Bodden, E. (2019). ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/tse.2019.2931331' bibtex: '@article{Dann_Hermann_Bodden_2019, title={ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules}, DOI={10.1109/tse.2019.2931331}, journal={IEEE Transactions on Software Engineering}, author={Dann, Andreas and Hermann, Ben and Bodden, Eric}, year={2019}, pages={1–1} }' chicago: 'Dann, Andreas, Ben Hermann, and Eric Bodden. “ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules.” IEEE Transactions on Software Engineering, 2019, 1–1. https://doi.org/10.1109/tse.2019.2931331.' ieee: 'A. Dann, B. Hermann, and E. Bodden, “ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/tse.2019.2931331.' mla: 'Dann, Andreas, et al. “ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules.” IEEE Transactions on Software Engineering, 2019, pp. 1–1, doi:10.1109/tse.2019.2931331.' short: A. Dann, B. Hermann, E. Bodden, IEEE Transactions on Software Engineering (2019) 1–1. date_created: 2019-11-12T12:20:56Z date_updated: 2022-01-06T06:52:10Z department: - _id: '76' - _id: '34' - _id: '26' doi: 10.1109/tse.2019.2931331 language: - iso: eng page: 1-1 project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publication: IEEE Transactions on Software Engineering publication_identifier: issn: - 0098-5589 - 1939-3520 - 2326-3881 publication_status: published status: public title: 'ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules' type: journal_article user_id: '5786' year: '2019' ... --- _id: '14897' author: - first_name: Andreas full_name: Dann, Andreas last_name: Dann - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Dann A, Hermann B, Bodden E. SootDiff: bytecode comparison across different Java compilers. In: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019. ; 2019. doi:10.1145/3315568.3329966' apa: 'Dann, A., Hermann, B., & Bodden, E. (2019). SootDiff: bytecode comparison across different Java compilers. Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019. https://doi.org/10.1145/3315568.3329966' bibtex: '@inproceedings{Dann_Hermann_Bodden_2019, title={SootDiff: bytecode comparison across different Java compilers}, DOI={10.1145/3315568.3329966}, booktitle={Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019}, author={Dann, Andreas and Hermann, Ben and Bodden, Eric}, year={2019} }' chicago: 'Dann, Andreas, Ben Hermann, and Eric Bodden. “SootDiff: Bytecode Comparison across Different Java Compilers.” In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019. https://doi.org/10.1145/3315568.3329966.' ieee: 'A. Dann, B. Hermann, and E. Bodden, “SootDiff: bytecode comparison across different Java compilers,” 2019, doi: 10.1145/3315568.3329966.' mla: 'Dann, Andreas, et al. “SootDiff: Bytecode Comparison across Different Java Compilers.” Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019, doi:10.1145/3315568.3329966.' short: 'A. Dann, B. Hermann, E. Bodden, in: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019.' date_created: 2019-11-12T12:21:11Z date_updated: 2022-01-06T06:52:10Z department: - _id: '76' - _id: '34' - _id: '26' doi: 10.1145/3315568.3329966 language: - iso: eng main_file_link: - url: https://thewhitespace.de/publications/dhb19-sootdiff.pdf publication: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019 publication_identifier: isbn: - '9781450367202' publication_status: published status: public title: 'SootDiff: bytecode comparison across different Java compilers' type: conference user_id: '5786' year: '2019' ... --- _id: '14899' author: - first_name: Stefan full_name: Kruger, Stefan last_name: Kruger - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 citation: ama: 'Kruger S, Hermann B. Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts. In: 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE). ; 2019. doi:10.1109/ge.2019.00012' apa: Kruger, S., & Hermann, B. (2019). Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts. 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE). https://doi.org/10.1109/ge.2019.00012 bibtex: '@inproceedings{Kruger_Hermann_2019, title={Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts}, DOI={10.1109/ge.2019.00012}, booktitle={2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE)}, author={Kruger, Stefan and Hermann, Ben}, year={2019} }' chicago: Kruger, Stefan, and Ben Hermann. “Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts.” In 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE), 2019. https://doi.org/10.1109/ge.2019.00012. ieee: 'S. Kruger and B. Hermann, “Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts,” 2019, doi: 10.1109/ge.2019.00012.' mla: Kruger, Stefan, and Ben Hermann. “Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts.” 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE), 2019, doi:10.1109/ge.2019.00012. short: 'S. Kruger, B. Hermann, in: 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE), 2019.' date_created: 2019-11-12T12:22:48Z date_updated: 2022-01-06T06:52:10Z department: - _id: '76' - _id: '34' - _id: '26' doi: 10.1109/ge.2019.00012 language: - iso: eng publication: 2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE) publication_identifier: isbn: - '9781728122458' publication_status: published status: public title: Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts type: conference user_id: '5786' year: '2019' ... --- _id: '7626' author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schubert P, Hermann B, Bodden E. PhASAR: An Inter-Procedural Static Analysis Framework for C/C++. In: Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019). Vol II. ; 2019:393-410. doi:10.1007/978-3-030-17465-1_22' apa: 'Schubert, P., Hermann, B., & Bodden, E. (2019). PhASAR: An Inter-Procedural Static Analysis Framework for C/C++. Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), II, 393–410. https://doi.org/10.1007/978-3-030-17465-1_22' bibtex: '@inproceedings{Schubert_Hermann_Bodden_2019, title={PhASAR: An Inter-Procedural Static Analysis Framework for C/C++}, volume={II}, DOI={10.1007/978-3-030-17465-1_22}, booktitle={Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019)}, author={Schubert, Philipp and Hermann, Ben and Bodden, Eric}, year={2019}, pages={393–410} }' chicago: 'Schubert, Philipp, Ben Hermann, and Eric Bodden. “PhASAR: An Inter-Procedural Static Analysis Framework for C/C++.” In Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), II:393–410, 2019. https://doi.org/10.1007/978-3-030-17465-1_22.' ieee: 'P. Schubert, B. Hermann, and E. Bodden, “PhASAR: An Inter-Procedural Static Analysis Framework for C/C++,” in Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), Prague, Czech Republic, 2019, vol. II, pp. 393–410, doi: 10.1007/978-3-030-17465-1_22.' mla: 'Schubert, Philipp, et al. “PhASAR: An Inter-Procedural Static Analysis Framework for C/C++.” Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), vol. II, 2019, pp. 393–410, doi:10.1007/978-3-030-17465-1_22.' short: 'P. Schubert, B. Hermann, E. Bodden, in: Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), 2019, pp. 393–410.' conference: end_date: 2019-04-11 location: Prague, Czech Republic name: 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) start_date: 2019-04-08 date_created: 2019-02-12T07:20:07Z date_updated: 2022-03-25T07:48:36Z ddc: - '000' department: - _id: '76' doi: 10.1007/978-3-030-17465-1_22 file: - access_level: closed content_type: application/pdf creator: pdschbrt date_created: 2019-02-12T07:18:17Z date_updated: 2019-02-12T07:18:17Z file_id: '7627' file_name: main.pdf file_size: 504897 relation: main_file success: 1 file_date_updated: 2019-02-12T07:18:17Z has_accepted_license: '1' language: - iso: eng main_file_link: - open_access: '1' url: https://link.springer.com/chapter/10.1007/978-3-030-17465-1_22 oa: '1' page: 393-410 project: - _id: '1' name: SFB 901 - _id: '12' name: SFB 901 - Subproject B4 - _id: '3' name: SFB 901 - Project Area B publication: Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019) publication_status: published status: public title: 'PhASAR: An Inter-Procedural Static Analysis Framework for C/C++' type: conference user_id: '60543' volume: II year: '2019' ... --- _id: '14898' author: - first_name: Philipp full_name: Schubert, Philipp id: '60543' last_name: Schubert orcid: 0000-0002-8674-1859 - first_name: Richard full_name: Leer, Richard last_name: Leer - first_name: Ben full_name: Hermann, Ben id: '66173' last_name: Hermann orcid: 0000-0001-9848-2017 - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Schubert P, Leer R, Hermann B, Bodden E. Know your analysis: how instrumentation aids understanding static analysis. In: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019. ; 2019. doi:10.1145/3315568.3329965' apa: 'Schubert, P., Leer, R., Hermann, B., & Bodden, E. (2019). Know your analysis: how instrumentation aids understanding static analysis. Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019. https://doi.org/10.1145/3315568.3329965' bibtex: '@inproceedings{Schubert_Leer_Hermann_Bodden_2019, title={Know your analysis: how instrumentation aids understanding static analysis}, DOI={10.1145/3315568.3329965}, booktitle={Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019}, author={Schubert, Philipp and Leer, Richard and Hermann, Ben and Bodden, Eric}, year={2019} }' chicago: 'Schubert, Philipp, Richard Leer, Ben Hermann, and Eric Bodden. “Know Your Analysis: How Instrumentation Aids Understanding Static Analysis.” In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019. https://doi.org/10.1145/3315568.3329965.' ieee: 'P. Schubert, R. Leer, B. Hermann, and E. Bodden, “Know your analysis: how instrumentation aids understanding static analysis,” 2019, doi: 10.1145/3315568.3329965.' mla: 'Schubert, Philipp, et al. “Know Your Analysis: How Instrumentation Aids Understanding Static Analysis.” Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019, doi:10.1145/3315568.3329965.' short: 'P. Schubert, R. Leer, B. Hermann, E. Bodden, in: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis  - SOAP 2019, 2019.' date_created: 2019-11-12T12:22:16Z date_updated: 2023-06-15T08:52:37Z department: - _id: '76' - _id: '34' - _id: '26' doi: 10.1145/3315568.3329965 language: - iso: eng project: - _id: '12' name: 'SFB 901 - B4: SFB 901 - Subproject B4' - _id: '3' name: 'SFB 901 - B: SFB 901 - Project Area B' - _id: '1' grant_number: '160364472' name: 'SFB 901: SFB 901: On-The-Fly Computing - Individualisierte IT-Dienstleistungen in dynamischen Märkten ' publication: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019 publication_identifier: isbn: - '9781450367202' publication_status: published status: public title: 'Know your analysis: how instrumentation aids understanding static analysis' type: conference user_id: '15249' year: '2019' ... --- _id: '2711' abstract: - lang: eng text: "In recent years, researchers have developed a number of tools to conduct\r\ntaint analysis of Android applications. While all the respective papers aim at\r\nproviding a thorough empirical evaluation, comparability is hindered by varying\r\nor unclear evaluation targets. Sometimes, the apps used for evaluation are not\r\nprecisely described. In other cases, authors use an established benchmark but\r\ncover it only partially. In yet other cases, the evaluations differ in terms of\r\nthe data leaks searched for, or lack a ground truth to compare against. All\r\nthose limitations make it impossible to truly compare the tools based on those\r\npublished evaluations.\r\n We thus present ReproDroid, a framework allowing the accurate comparison of\r\nAndroid taint analysis tools. ReproDroid supports researchers in inferring the\r\nground truth for data leaks in apps, in automatically applying tools to\r\nbenchmarks, and in evaluating the obtained results. We use ReproDroid to\r\ncomparatively evaluate on equal grounds the six prominent taint analysis tools\r\nAmandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are\r\nlargely positive although four tools violate some promises concerning features\r\nand accuracy. Finally, we contribute to the area of unbiased benchmarking with\r\na new and improved version of the open test suite DroidBench." author: - first_name: Felix full_name: Pauck, Felix id: '22398' last_name: Pauck - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Heike full_name: Wehrheim, Heike id: '573' last_name: Wehrheim citation: ama: Pauck F, Bodden E, Wehrheim H. Do Android Taint Analysis Tools Keep their Promises? arXiv:180402903. 2018. apa: Pauck, F., Bodden, E., & Wehrheim, H. (2018). Do Android Taint Analysis Tools Keep their Promises? ArXiv:1804.02903. bibtex: '@article{Pauck_Bodden_Wehrheim_2018, title={Do Android Taint Analysis Tools Keep their Promises?}, journal={arXiv:1804.02903}, author={Pauck, Felix and Bodden, Eric and Wehrheim, Heike}, year={2018} }' chicago: Pauck, Felix, Eric Bodden, and Heike Wehrheim. “Do Android Taint Analysis Tools Keep Their Promises?” ArXiv:1804.02903, 2018. ieee: F. Pauck, E. Bodden, and H. Wehrheim, “Do Android Taint Analysis Tools Keep their Promises?,” arXiv:1804.02903. 2018. mla: Pauck, Felix, et al. “Do Android Taint Analysis Tools Keep Their Promises?” ArXiv:1804.02903, 2018. short: F. Pauck, E. Bodden, H. Wehrheim, ArXiv:1804.02903 (2018). date_created: 2018-05-09T08:27:11Z date_updated: 2022-01-06T06:57:35Z ddc: - '000' department: - _id: '77' - _id: '76' file: - access_level: closed content_type: application/pdf creator: florida date_created: 2018-11-21T10:49:23Z date_updated: 2018-11-21T10:49:23Z file_id: '5781' file_name: Do Android Taint Analysis Tools Keep their Promises.pdf file_size: 1045861 relation: main_file success: 1 file_date_updated: 2018-11-21T10:49:23Z has_accepted_license: '1' language: - iso: eng project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publication: arXiv:1804.02903 status: public title: Do Android Taint Analysis Tools Keep their Promises? type: preprint user_id: '477' year: '2018' ... --- _id: '20530' author: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do citation: ama: 'Bodden E, Nguyen Quang Do L. Explainable Static Analysis. In: Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany. {LNI}. ; 2018:205-208.' apa: Bodden, E., & Nguyen Quang Do, L. (2018). Explainable Static Analysis. Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 205–208. bibtex: '@inproceedings{Bodden_Nguyen Quang Do_2018, series={{LNI}}, title={Explainable Static Analysis}, booktitle={Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany.}, author={Bodden, Eric and Nguyen Quang Do, Lisa}, year={2018}, pages={205–208}, collection={{LNI}} }' chicago: Bodden, Eric, and Lisa Nguyen Quang Do. “Explainable Static Analysis.” In Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 205–8. {LNI}, 2018. ieee: E. Bodden and L. Nguyen Quang Do, “Explainable Static Analysis,” in Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–208. mla: Bodden, Eric, and Lisa Nguyen Quang Do. “Explainable Static Analysis.” Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–08. short: 'E. Bodden, L. Nguyen Quang Do, in: Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–208.' date_created: 2020-11-27T10:24:21Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' language: - iso: eng main_file_link: - url: https://dl.gi.de/20.500.12116/16348 page: 205-208 publication: Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany. publication_identifier: isbn: - 978-3-88579-673-2 series_title: '{LNI}' status: public title: Explainable Static Analysis type: conference user_id: '5786' year: '2018' ... --- _id: '20543' author: - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Patrick full_name: Hill, Patrick last_name: Hill - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. Debugging Static Analysis. IEEE Transactions on Software Engineering. Published online 2018:1-1. doi:10.1109/TSE.2018.2868349 apa: Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., & Bodden, E. (2018). Debugging Static Analysis. IEEE Transactions on Software Engineering, 1–1. https://doi.org/10.1109/TSE.2018.2868349 bibtex: '@article{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={Debugging Static Analysis}, DOI={10.1109/TSE.2018.2868349}, journal={IEEE Transactions on Software Engineering}, author={Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}, year={2018}, pages={1–1} }' chicago: Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. “Debugging Static Analysis.” IEEE Transactions on Software Engineering, 2018, 1–1. https://doi.org/10.1109/TSE.2018.2868349. ieee: 'L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging Static Analysis,” IEEE Transactions on Software Engineering, pp. 1–1, 2018, doi: 10.1109/TSE.2018.2868349.' mla: Nguyen Quang Do, Lisa, et al. “Debugging Static Analysis.” IEEE Transactions on Software Engineering, 2018, pp. 1–1, doi:10.1109/TSE.2018.2868349. short: L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, IEEE Transactions on Software Engineering (2018) 1–1. date_created: 2020-11-30T09:32:12Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1109/TSE.2018.2868349 keyword: - Debugging - Static analysis - Tools - Computer bugs - Standards - Writing - Encoding - Testing and Debugging - Program analysis - Development tools - Integrated environments - Graphical environments - Usability testing language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/tse18debugging.pdf page: 1-1 publication: IEEE Transactions on Software Engineering publication_identifier: issn: - 2326-3881 status: public title: Debugging Static Analysis type: journal_article user_id: '5786' year: '2018' ... --- _id: '20544' citation: ama: Tichy M, Bodden E, Kuhrmann M, Wagner S, Steghöfer J-P, eds. Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany. Vol {P-279}. Gesellschaft für Informatik; 2018. apa: 'Tichy, M., Bodden, E., Kuhrmann, M., Wagner, S., & Steghöfer, J.-P. (Eds.). (2018). Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany: Vol. {P-279}. Gesellschaft für Informatik.' bibtex: '@book{Tichy_Bodden_Kuhrmann_Wagner_Steghöfer_2018, series={{LNI}}, title={Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany}, volume={{P-279}}, publisher={Gesellschaft für Informatik}, year={2018}, collection={{LNI}} }' chicago: Tichy, Matthias, Eric Bodden, Marco Kuhrmann, Stefan Wagner, and Jan-Philipp Steghöfer, eds. Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany. Vol. {P-279}. {LNI}. Gesellschaft für Informatik, 2018. ieee: M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, and J.-P. Steghöfer, Eds., Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany, vol. {P-279}. Gesellschaft für Informatik, 2018. mla: Tichy, Matthias, et al., editors. Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany. Gesellschaft für Informatik, 2018. short: M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, J.-P. Steghöfer, eds., Software Engineering Und Software Management 2018, Fachtagung Des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany, Gesellschaft für Informatik, 2018. date_created: 2020-11-30T09:32:58Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' editor: - first_name: Matthias full_name: Tichy, Matthias last_name: Tichy - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Marco full_name: Kuhrmann, Marco last_name: Kuhrmann - first_name: Stefan full_name: Wagner, Stefan last_name: Wagner - first_name: Jan-Philipp full_name: Steghöfer, Jan-Philipp last_name: Steghöfer language: - iso: eng publication_identifier: isbn: - 978-3-88579-673-2 publisher: Gesellschaft für Informatik series_title: '{LNI}' status: public title: Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany type: conference_editor user_id: '5786' volume: '{P-279}' year: '2018' ... --- _id: '20545' citation: ama: Tip F, Bodden E, eds. Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM; 2018. apa: Tip, F., & Bodden, E. (Eds.). (2018). Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM. bibtex: '@book{Tip_Bodden_2018, title={Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018}, publisher={ACM}, year={2018} }' chicago: Tip, Frank, and Eric Bodden, eds. Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM, 2018. ieee: F. Tip and E. Bodden, Eds., Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM, 2018. mla: Tip, Frank, and Eric Bodden, editors. Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM, 2018. short: F. Tip, E. Bodden, eds., Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018, ACM, 2018. date_created: 2020-11-30T09:35:03Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' editor: - first_name: Frank full_name: Tip, Frank last_name: Tip - first_name: Eric full_name: Bodden, Eric last_name: Bodden language: - iso: eng publisher: ACM status: public title: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018 type: conference_editor user_id: '5786' year: '2018' ... --- _id: '20546' author: - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking - first_name: David full_name: Schubert, David id: '9106' last_name: Schubert - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Gerking C, Schubert D, Bodden E. Model Checking the Information Flow Security of Real-Time Systems. In: Payer M, Rashid A, Such JM, eds. Engineering Secure Software and Systems. Springer International Publishing; 2018:27-43.' apa: Gerking, C., Schubert, D., & Bodden, E. (2018). Model Checking the Information Flow Security of Real-Time Systems. In M. Payer, A. Rashid, & J. M. Such (Eds.), Engineering Secure Software and Systems (pp. 27–43). Springer International Publishing. bibtex: '@inproceedings{Gerking_Schubert_Bodden_2018, place={Cham}, title={Model Checking the Information Flow Security of Real-Time Systems}, booktitle={Engineering Secure Software and Systems}, publisher={Springer International Publishing}, author={Gerking, Christopher and Schubert, David and Bodden, Eric}, editor={Payer, Mathias and Rashid, Awais and Such, Jose M.}, year={2018}, pages={27–43} }' chicago: 'Gerking, Christopher, David Schubert, and Eric Bodden. “Model Checking the Information Flow Security of Real-Time Systems.” In Engineering Secure Software and Systems, edited by Mathias Payer, Awais Rashid, and Jose M. Such, 27–43. Cham: Springer International Publishing, 2018.' ieee: C. Gerking, D. Schubert, and E. Bodden, “Model Checking the Information Flow Security of Real-Time Systems,” in Engineering Secure Software and Systems, 2018, pp. 27–43. mla: Gerking, Christopher, et al. “Model Checking the Information Flow Security of Real-Time Systems.” Engineering Secure Software and Systems, edited by Mathias Payer et al., Springer International Publishing, 2018, pp. 27–43. short: 'C. Gerking, D. Schubert, E. Bodden, in: M. Payer, A. Rashid, J.M. Such (Eds.), Engineering Secure Software and Systems, Springer International Publishing, Cham, 2018, pp. 27–43.' date_created: 2020-11-30T09:35:55Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' editor: - first_name: Mathias full_name: Payer, Mathias last_name: Payer - first_name: Awais full_name: Rashid, Awais last_name: Rashid - first_name: Jose M. full_name: Such, Jose M. last_name: Such language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/gsb18model.pdf page: 27-43 place: Cham publication: Engineering Secure Software and Systems publisher: Springer International Publishing status: public title: Model Checking the Information Flow Security of Real-Time Systems type: conference user_id: '5786' year: '2018' ... --- _id: '20547' author: - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Nguyen Quang Do L, Bodden E. Gamifying Static Analysis. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC/FSE 2018. ACM; 2018:714-718. doi:10.1145/3236024.3264830' apa: Nguyen Quang Do, L., & Bodden, E. (2018). Gamifying Static Analysis. Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 714–718. https://doi.org/10.1145/3236024.3264830 bibtex: '@inproceedings{Nguyen Quang Do_Bodden_2018, place={New York, NY, USA}, series={ESEC/FSE 2018}, title={Gamifying Static Analysis}, DOI={10.1145/3236024.3264830}, booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, publisher={ACM}, author={Nguyen Quang Do, Lisa and Bodden, Eric}, year={2018}, pages={714–718}, collection={ESEC/FSE 2018} }' chicago: 'Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 714–18. ESEC/FSE 2018. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3236024.3264830.' ieee: 'L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2018, pp. 714–718, doi: 10.1145/3236024.3264830.' mla: Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ACM, 2018, pp. 714–18, doi:10.1145/3236024.3264830. short: 'L. Nguyen Quang Do, E. Bodden, in: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ACM, New York, NY, USA, 2018, pp. 714–718.' date_created: 2020-11-30T09:37:35Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1145/3236024.3264830 keyword: - Gamification - Integrated Environments - Program analysis language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/db18gamifying.pdf page: 714-718 place: New York, NY, USA publication: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering publication_identifier: isbn: - 978-1-4503-5573-5 publisher: ACM series_title: ESEC/FSE 2018 status: public title: Gamifying Static Analysis type: conference user_id: '5786' year: '2018' ... --- _id: '20548' author: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Bodden E. The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them). In: ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018). ISSTA ’18. ACM; 2018:85-93. doi:10.1145/3236454.3236500' apa: 'Bodden, E. (2018). The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them). ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), 85–93. https://doi.org/10.1145/3236454.3236500' bibtex: '@inproceedings{Bodden_2018, place={New York, NY, USA}, series={ISSTA ’18}, title={The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them)}, DOI={10.1145/3236454.3236500}, booktitle={ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018)}, publisher={ACM}, author={Bodden, Eric}, year={2018}, pages={85–93}, collection={ISSTA ’18} }' chicago: 'Bodden, Eric. “The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-Based Static Analyses (and How to Master Them).” In ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), 85–93. ISSTA ’18. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3236454.3236500.' ieee: 'E. Bodden, “The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them),” in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), 2018, pp. 85–93, doi: 10.1145/3236454.3236500.' mla: 'Bodden, Eric. “The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-Based Static Analyses (and How to Master Them).” ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), ACM, 2018, pp. 85–93, doi:10.1145/3236454.3236500.' short: 'E. Bodden, in: ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), ACM, New York, NY, USA, 2018, pp. 85–93.' date_created: 2020-11-30T09:51:05Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1145/3236454.3236500 keyword: - ATTRACT - ITSECWEBSITE language: - iso: eng main_file_link: - url: http://bodden.de/pubs/bodden18secret.pdf page: 85-93 place: New York, NY, USA publication: ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018) publication_identifier: isbn: - 978-1-4503-5939-9 publisher: ACM series_title: ISSTA '18 status: public title: 'The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them)' type: conference user_id: '5786' year: '2018' ... --- _id: '20549' author: - first_name: Johannes full_name: Geismann, Johannes id: '20063' last_name: Geismann orcid: https://orcid.org/0000-0003-2015-2047 - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Geismann J, Gerking C, Bodden E. Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes. In: International Conference on Software and System Processes (ICSSP). ; 2018.' apa: Geismann, J., Gerking, C., & Bodden, E. (2018). Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes. International Conference on Software and System Processes (ICSSP). bibtex: '@inproceedings{Geismann_Gerking_Bodden_2018, title={Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes}, booktitle={International Conference on Software and System Processes (ICSSP)}, author={Geismann, Johannes and Gerking, Christopher and Bodden, Eric}, year={2018} }' chicago: Geismann, Johannes, Christopher Gerking, and Eric Bodden. “Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes.” In International Conference on Software and System Processes (ICSSP), 2018. ieee: J. Geismann, C. Gerking, and E. Bodden, “Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes,” 2018. mla: Geismann, Johannes, et al. “Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes.” International Conference on Software and System Processes (ICSSP), 2018. short: 'J. Geismann, C. Gerking, E. Bodden, in: International Conference on Software and System Processes (ICSSP), 2018.' date_created: 2020-11-30T09:52:21Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' keyword: - ITSECWEBSITE language: - iso: eng publication: International Conference on Software and System Processes (ICSSP) related_material: link: - relation: confirmation url: http://bodden.de/pubs/ggb18towards.pdf status: public title: Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes type: conference user_id: '5786' year: '2018' ... --- _id: '20550' author: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Bodden E. Self-adaptive Static Analysis. In: Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results. ICSE-NIER ’18. ACM; 2018:45-48. doi:10.1145/3183399.3183401' apa: 'Bodden, E. (2018). Self-adaptive Static Analysis. Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 45–48. https://doi.org/10.1145/3183399.3183401' bibtex: '@inproceedings{Bodden_2018, place={New York, NY, USA}, series={ICSE-NIER ’18}, title={Self-adaptive Static Analysis}, DOI={10.1145/3183399.3183401}, booktitle={Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results}, publisher={ACM}, author={Bodden, Eric}, year={2018}, pages={45–48}, collection={ICSE-NIER ’18} }' chicago: 'Bodden, Eric. “Self-Adaptive Static Analysis.” In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 45–48. ICSE-NIER ’18. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3183399.3183401.' ieee: 'E. Bodden, “Self-adaptive Static Analysis,” in Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 2018, pp. 45–48, doi: 10.1145/3183399.3183401.' mla: 'Bodden, Eric. “Self-Adaptive Static Analysis.” Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, ACM, 2018, pp. 45–48, doi:10.1145/3183399.3183401.' short: 'E. Bodden, in: Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, ACM, New York, NY, USA, 2018, pp. 45–48.' date_created: 2020-11-30T09:54:33Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1145/3183399.3183401 keyword: - ATTRACT - ITSECWEBSITE language: - iso: eng page: 45-48 place: New York, NY, USA publication: 'Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results' publication_identifier: isbn: - 978-1-4503-5662-6 publisher: ACM related_material: link: - relation: confirmation url: http://bodden.de/pubs/bodden18selfadaptive.pdf series_title: ICSE-NIER '18 status: public title: Self-adaptive Static Analysis type: conference user_id: '5786' year: '2018' ... --- _id: '20551' author: - first_name: Lisa full_name: Nguyen Quang Do, Lisa last_name: Nguyen Quang Do - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Patrick full_name: Hill, Patrick last_name: Hill - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. VISUFLOW, a Debugging Environment for Static Analyses. In: International Conference for Software Engineering (ICSE), Tool Demonstrations Track. ; 2018.' apa: Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., & Bodden, E. (2018). VISUFLOW, a Debugging Environment for Static Analyses. International Conference for Software Engineering (ICSE), Tool Demonstrations Track. bibtex: '@inproceedings{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={VISUFLOW, a Debugging Environment for Static Analyses}, booktitle={International Conference for Software Engineering (ICSE), Tool Demonstrations Track}, author={Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}, year={2018} }' chicago: Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. “VISUFLOW, a Debugging Environment for Static Analyses.” In International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018. ieee: L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “VISUFLOW, a Debugging Environment for Static Analyses,” 2018. mla: Nguyen Quang Do, Lisa, et al. “VISUFLOW, a Debugging Environment for Static Analyses.” International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018. short: 'L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, in: International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018.' date_created: 2020-11-30T09:55:20Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' keyword: - ATTRACT - ITSECWEBSITE language: - iso: eng main_file_link: - url: http://www.bodden.de/pubs/dkh+18visuflow.pdf publication: International Conference for Software Engineering (ICSE), Tool Demonstrations Track status: public title: VISUFLOW, a Debugging Environment for Static Analyses type: conference user_id: '5786' year: '2018' ... --- _id: '20779' abstract: - lang: eng text: Der hohe Grad an Innovation in mechatronischen Systemen führt zu sogenannten Cyber-Physical Systems (CPS). Diese haben eine komplexe Funktionalität und Kommunikation. Wie sicherheitskritisch solche Systeme sind, wird durch sogenannte Sicherheits-Integritätslevel (SIL) kategorisiert, die durch Normen wie der ISO 26262 definiert werden. Ein bestimmter SIL beschreibt nicht nur die Höhe des Gefährdungsrisikos, sondern diktiert auch den erforderlichen Grad an Sorgfalt bei der Entwicklung des Systems. Ein hoher SIL erfordert die Anwendung von Safety-Maßnahmen mit einem hohen Sorgfaltsgrad in allen Phasen der Entwicklung und impliziert daher einen hohen Safety-Aufwand. SIL-Tailoring ist ein Mittel um den Safety-Aufwand zu reduzieren, indem man Subsystemen geringere SILs zuordnet, falls sie von kritischeren Subsystemen getrennt sind oder redundante Safety-Anforderungen erfüllen. Um den nötigen Safety-Aufwand zu planen, sollten Möglichkeiten für SIL-Tailoring so früh wie möglich identifiziert werden - d.h. bereits in der Anforderungsanalyse. Durch die Komplexität von CPS, ist es schwierig valide SIL-Tailorings zu finden. Die Validität von SIL-Tailorings muss durch Analyse von Fehlerpropagierungspfaden geprüft und durch Argumente im Safety Case begründet werden. Der Beitrag dieser Dissertation ist ein systematischer, tool-unterstützter SIL-Tailoring-Prozess, der im Safety Requirements Engineering angewendet wird. Der Prozess nutzt eine modell-basierte, formale Anforderungsspezifikation und stellt einen Katalog von Anforderungsmustern bereit. Basierend auf diesen Anforderungen werden Fehlerpropagierungsmodelle generiert und Subsystemen automatisch SILs zugeordnet. Das minimiert den Sicherheitsanalyseaufwand. Aus den generierten Ergebnissen wird automatisch ein Safety Case mit Argumenten für die SIL-Tailoring-Validität abgeleitet. author: - first_name: Markus full_name: Fockel, Markus id: '8472' last_name: Fockel orcid: 0000-0002-1269-0702 citation: ama: Fockel M. Safety Requirements Engineering for Early SIL Tailoring. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn; 2018. doi:10.17619/UNIPB/1-490 apa: Fockel, M. (2018). Safety Requirements Engineering for Early SIL Tailoring. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn. https://doi.org/10.17619/UNIPB/1-490 bibtex: '@book{Fockel_2018, title={Safety Requirements Engineering for Early SIL Tailoring}, DOI={10.17619/UNIPB/1-490}, publisher={Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn}, author={Fockel, Markus}, year={2018} }' chicago: Fockel, Markus. Safety Requirements Engineering for Early SIL Tailoring. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018. https://doi.org/10.17619/UNIPB/1-490. ieee: M. Fockel, Safety Requirements Engineering for Early SIL Tailoring. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018. mla: Fockel, Markus. Safety Requirements Engineering for Early SIL Tailoring. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018, doi:10.17619/UNIPB/1-490. short: M. Fockel, Safety Requirements Engineering for Early SIL Tailoring, Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018. date_created: 2020-12-17T11:59:05Z date_updated: 2022-01-06T06:54:38Z department: - _id: '76' - _id: '241' - _id: '662' doi: 10.17619/UNIPB/1-490 language: - iso: eng publisher: Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: Safety Requirements Engineering for Early SIL Tailoring type: dissertation user_id: '5786' year: '2018' ... --- _id: '20781' author: - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking - first_name: David full_name: Schubert, David id: '9106' last_name: Schubert citation: ama: 'Gerking C, Schubert D. Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems. In: European Conference on Software Architecture (ECSA 2018). Lecture Notes in Computer Science. Springer; 2018:147-155. doi:10.1007/978-3-030-00761-4_10' apa: Gerking, C., & Schubert, D. (2018). Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems. European Conference on Software Architecture (ECSA 2018), 11048, 147–155. https://doi.org/10.1007/978-3-030-00761-4_10 bibtex: '@inproceedings{Gerking_Schubert_2018, series={Lecture Notes in Computer Science}, title={Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems}, DOI={10.1007/978-3-030-00761-4_10}, number={11048}, booktitle={European Conference on Software Architecture (ECSA 2018)}, publisher={Springer}, author={Gerking, Christopher and Schubert, David}, year={2018}, pages={147–155}, collection={Lecture Notes in Computer Science} }' chicago: Gerking, Christopher, and David Schubert. “Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems.” In European Conference on Software Architecture (ECSA 2018), 147–55. Lecture Notes in Computer Science. Springer, 2018. https://doi.org/10.1007/978-3-030-00761-4_10. ieee: 'C. Gerking and D. Schubert, “Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems,” in European Conference on Software Architecture (ECSA 2018), 2018, no. 11048, pp. 147–155, doi: 10.1007/978-3-030-00761-4_10.' mla: Gerking, Christopher, and David Schubert. “Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems.” European Conference on Software Architecture (ECSA 2018), no. 11048, Springer, 2018, pp. 147–55, doi:10.1007/978-3-030-00761-4_10. short: 'C. Gerking, D. Schubert, in: European Conference on Software Architecture (ECSA 2018), Springer, 2018, pp. 147–155.' date_created: 2020-12-17T12:02:20Z date_updated: 2022-01-06T06:54:38Z department: - _id: '76' - _id: '241' doi: 10.1007/978-3-030-00761-4_10 issue: '11048' language: - iso: eng page: 147-155 publication: European Conference on Software Architecture (ECSA 2018) publisher: Springer series_title: Lecture Notes in Computer Science status: public title: Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems type: conference user_id: '5786' year: '2018' ... --- _id: '20784' author: - first_name: Johannes full_name: Geismann, Johannes id: '20063' last_name: Geismann orcid: https://orcid.org/0000-0003-2015-2047 citation: ama: 'Geismann J. Traceable Threat Modeling for Safety-critical Systems. In: IEEE International Conference on Software Architecture Companion (ICSA-C 2018) . IEEE; 2018:41-42. doi:10.1109/ICSA-C.2018.00017' apa: Geismann, J. (2018). Traceable Threat Modeling for Safety-critical Systems. IEEE International Conference on Software Architecture Companion (ICSA-C 2018) , 41–42. https://doi.org/10.1109/ICSA-C.2018.00017 bibtex: '@inproceedings{Geismann_2018, title={Traceable Threat Modeling for Safety-critical Systems}, DOI={10.1109/ICSA-C.2018.00017}, booktitle={IEEE International Conference on Software Architecture Companion (ICSA-C 2018) }, publisher={IEEE}, author={Geismann, Johannes}, year={2018}, pages={41–42} }' chicago: Geismann, Johannes. “Traceable Threat Modeling for Safety-Critical Systems.” In IEEE International Conference on Software Architecture Companion (ICSA-C 2018) , 41–42. IEEE, 2018. https://doi.org/10.1109/ICSA-C.2018.00017. ieee: 'J. Geismann, “Traceable Threat Modeling for Safety-critical Systems,” in IEEE International Conference on Software Architecture Companion (ICSA-C 2018) , 2018, pp. 41–42, doi: 10.1109/ICSA-C.2018.00017.' mla: Geismann, Johannes. “Traceable Threat Modeling for Safety-Critical Systems.” IEEE International Conference on Software Architecture Companion (ICSA-C 2018) , IEEE, 2018, pp. 41–42, doi:10.1109/ICSA-C.2018.00017. short: 'J. Geismann, in: IEEE International Conference on Software Architecture Companion (ICSA-C 2018) , IEEE, 2018, pp. 41–42.' date_created: 2020-12-17T12:06:35Z date_updated: 2022-01-06T06:54:38Z department: - _id: '76' doi: 10.1109/ICSA-C.2018.00017 language: - iso: eng page: 41-42 publication: 'IEEE International Conference on Software Architecture Companion (ICSA-C 2018) ' publisher: IEEE status: public title: Traceable Threat Modeling for Safety-critical Systems type: conference user_id: '5786' year: '2018' ... --- _id: '20785' abstract: - lang: eng text: "Cyber-physical Systems are distributed, embedded systems that interact with their physical environment. Typically, these systems consist of several Electronic Control Units using multiple processing cores for the execution. Many systems are applied in safety-critical contexts and have to fulfill hard real-time requirements. The model-driven engineering paradigm enables system developers to consider all requirements in a systematical manner. In the software design phase, they prove the fulfillment of the requirements using model checking. When deploying the software to the executing platform, one important task is to ensure that the runtime scheduling does not violate the verified requirements by neglecting the model checking assumptions. Current model-driven approaches do not consider the problem of deriving feasible execution schedules for embedded multi-core platforms respecting hard real-time requirements. This paper extends the previous work on providing an approach for a semi-automatic synthesis of behavioral models into a deterministic real-time scheduling. We add an approach for the partitioning and mapping development tasks. This extended approach enables the utilization of parallel resources within a single ECU considering the verification assumptions by extending the open tool platform App4mc. We evaluate our approach using an example of a distributed automotive system with hard real-time requirements specified with the MechatronicUML method.\r\n" author: - first_name: Johannes full_name: Geismann, Johannes id: '20063' last_name: Geismann orcid: https://orcid.org/0000-0003-2015-2047 - first_name: Robert full_name: Höttger, Robert last_name: Höttger - first_name: Lukas full_name: Krawczyk, Lukas last_name: Krawczyk - first_name: Uwe full_name: Pohlmann, Uwe last_name: Pohlmann - first_name: David full_name: Schmelter, David id: '40982' last_name: Schmelter orcid: 0000-0001-7787-5380 citation: ama: 'Geismann J, Höttger R, Krawczyk L, Pohlmann U, Schmelter D. Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems. In: Pires LF, Hammoudi S, Selic B, eds. Model-Driven Engineering and Software Development. Vol 1. Springer International Publishing; 2018:72-93. doi:10.1007/978-3-319-94764-8_4' apa: Geismann, J., Höttger, R., Krawczyk, L., Pohlmann, U., & Schmelter, D. (2018). Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems. In L. F. Pires, S. Hammoudi, & B. Selic (Eds.), Model-Driven Engineering and Software Development (Vol. 1, pp. 72–93). Springer International Publishing. https://doi.org/10.1007/978-3-319-94764-8_4 bibtex: '@inproceedings{Geismann_Höttger_Krawczyk_Pohlmann_Schmelter_2018, place={Cham}, title={Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems}, volume={1}, DOI={10.1007/978-3-319-94764-8_4}, booktitle={Model-Driven Engineering and Software Development}, publisher={Springer International Publishing}, author={Geismann, Johannes and Höttger, Robert and Krawczyk, Lukas and Pohlmann, Uwe and Schmelter, David}, editor={Pires, Luís Ferreira and Hammoudi, Slimane and Selic, Bran}, year={2018}, pages={72–93} }' chicago: 'Geismann, Johannes, Robert Höttger, Lukas Krawczyk, Uwe Pohlmann, and David Schmelter. “Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-Core Systems.” In Model-Driven Engineering and Software Development, edited by Luís Ferreira Pires, Slimane Hammoudi, and Bran Selic, 1:72–93. Cham: Springer International Publishing, 2018. https://doi.org/10.1007/978-3-319-94764-8_4.' ieee: 'J. Geismann, R. Höttger, L. Krawczyk, U. Pohlmann, and D. Schmelter, “Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems,” in Model-Driven Engineering and Software Development, 2018, vol. 1, pp. 72–93, doi: 10.1007/978-3-319-94764-8_4.' mla: Geismann, Johannes, et al. “Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-Core Systems.” Model-Driven Engineering and Software Development, edited by Luís Ferreira Pires et al., vol. 1, Springer International Publishing, 2018, pp. 72–93, doi:10.1007/978-3-319-94764-8_4. short: 'J. Geismann, R. Höttger, L. Krawczyk, U. Pohlmann, D. Schmelter, in: L.F. Pires, S. Hammoudi, B. Selic (Eds.), Model-Driven Engineering and Software Development, Springer International Publishing, Cham, 2018, pp. 72–93.' date_created: 2020-12-17T12:07:52Z date_updated: 2022-01-06T06:54:38Z department: - _id: '76' - _id: '241' - _id: '662' doi: 10.1007/978-3-319-94764-8_4 editor: - first_name: Luís Ferreira full_name: Pires, Luís Ferreira last_name: Pires - first_name: Slimane full_name: Hammoudi, Slimane last_name: Hammoudi - first_name: Bran full_name: Selic, Bran last_name: Selic intvolume: ' 1' language: - iso: eng page: 72-93 place: Cham publication: Model-Driven Engineering and Software Development publisher: Springer International Publishing status: public title: Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems type: conference user_id: '5786' volume: 1 year: '2018' ... --- _id: '20789' author: - first_name: Uwe full_name: Pohlmann, Uwe last_name: Pohlmann citation: ama: Pohlmann U. A Model-Driven Software Construction Approach for Cyber-Physical Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik; 2018. apa: Pohlmann, U. (2018). A Model-driven Software Construction Approach for Cyber-physical Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik. bibtex: '@book{Pohlmann_2018, title={A Model-driven Software Construction Approach for Cyber-physical Systems}, publisher={Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik}, author={Pohlmann, Uwe}, year={2018} }' chicago: Pohlmann, Uwe. A Model-Driven Software Construction Approach for Cyber-Physical Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018. ieee: U. Pohlmann, A Model-driven Software Construction Approach for Cyber-physical Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018. mla: Pohlmann, Uwe. A Model-Driven Software Construction Approach for Cyber-Physical Systems. Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018. short: U. Pohlmann, A Model-Driven Software Construction Approach for Cyber-Physical Systems, Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik, 2018. date_created: 2020-12-17T12:18:36Z date_updated: 2022-01-06T06:54:38Z department: - _id: '76' language: - iso: eng publisher: Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik status: public title: A Model-driven Software Construction Approach for Cyber-physical Systems type: dissertation user_id: '5786' year: '2018' ... --- _id: '4999' author: - first_name: Felix full_name: Pauck, Felix id: '22398' last_name: Pauck - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Heike full_name: Wehrheim, Heike id: '573' last_name: Wehrheim citation: ama: 'Pauck F, Bodden E, Wehrheim H. Do Android taint analysis tools keep their promises? In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018. ACM Press; 2018. doi:10.1145/3236024.3236029' apa: Pauck, F., Bodden, E., & Wehrheim, H. (2018). Do Android taint analysis tools keep their promises? In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018. ACM Press. https://doi.org/10.1145/3236024.3236029 bibtex: '@inproceedings{Pauck_Bodden_Wehrheim_2018, title={Do Android taint analysis tools keep their promises?}, DOI={10.1145/3236024.3236029}, booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018}, publisher={ACM Press}, author={Pauck, Felix and Bodden, Eric and Wehrheim, Heike}, year={2018} }' chicago: Pauck, Felix, Eric Bodden, and Heike Wehrheim. “Do Android Taint Analysis Tools Keep Their Promises?” In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018. ACM Press, 2018. https://doi.org/10.1145/3236024.3236029. ieee: F. Pauck, E. Bodden, and H. Wehrheim, “Do Android taint analysis tools keep their promises?,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018, 2018. mla: Pauck, Felix, et al. “Do Android Taint Analysis Tools Keep Their Promises?” Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018, ACM Press, 2018, doi:10.1145/3236024.3236029. short: 'F. Pauck, E. Bodden, H. Wehrheim, in: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  - ESEC/FSE 2018, ACM Press, 2018.' date_created: 2018-10-30T08:03:17Z date_updated: 2022-01-06T07:01:34Z ddc: - '004' department: - _id: '77' - _id: '76' doi: 10.1145/3236024.3236029 file: - access_level: closed content_type: application/pdf creator: ups date_created: 2018-11-02T13:37:38Z date_updated: 2018-11-02T13:37:38Z file_id: '5251' file_name: fse18main-id76-p.pdf file_size: 524169 relation: main_file success: 1 file_date_updated: 2018-11-02T13:37:38Z has_accepted_license: '1' language: - iso: eng project: - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 - _id: '1' name: SFB 901 publication: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018 publication_identifier: isbn: - '9781450355735' publication_status: published publisher: ACM Press status: public title: Do Android taint analysis tools keep their promises? type: conference user_id: '477' year: '2018' ... --- _id: '5203' author: - first_name: Stefan full_name: Krüger, Stefan last_name: Krüger - first_name: Johannes full_name: Späth, Johannes last_name: Späth - first_name: Karim full_name: Ali, Karim last_name: Ali - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Mira full_name: Mezini, Mira last_name: Mezini citation: ama: 'Krüger S, Späth J, Ali K, Bodden E, Mezini M. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In: European Conference on Object-Oriented Programming (ECOOP). ; 2018:10:1-10:27.' apa: 'Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2018). CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In European Conference on Object-Oriented Programming (ECOOP) (pp. 10:1-10:27).' bibtex: '@inproceedings{Krüger_Späth_Ali_Bodden_Mezini_2018, title={CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}, booktitle={European Conference on Object-Oriented Programming (ECOOP)}, author={Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}, year={2018}, pages={10:1-10:27} }' chicago: 'Krüger, Stefan, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” In European Conference on Object-Oriented Programming (ECOOP), 10:1-10:27, 2018.' ieee: 'S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” in European Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.' mla: 'Krüger, Stefan, et al. “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs.” European Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.' short: 'S. Krüger, J. Späth, K. Ali, E. Bodden, M. Mezini, in: European Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.' date_created: 2018-10-31T12:37:29Z date_updated: 2022-01-06T07:01:44Z ddc: - '000' department: - _id: '76' file: - access_level: closed content_type: application/pdf creator: ups date_created: 2018-11-02T13:51:05Z date_updated: 2018-11-02T13:51:05Z file_id: '5255' file_name: ksa+18crysl.pdf file_size: 747259 relation: main_file success: 1 file_date_updated: 2018-11-02T13:51:05Z has_accepted_license: '1' keyword: - ITSECWEBSITE - CROSSING language: - iso: eng main_file_link: - url: http://bodden.de/pubs/ksa+18crysl.pdf page: 10:1-10:27 project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publication: European Conference on Object-Oriented Programming (ECOOP) status: public title: 'CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs' type: conference user_id: '477' year: '2018' ... --- _id: '1044' author: - first_name: Richard full_name: Leer, Richard last_name: Leer citation: ama: Leer R. Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis. Universität Paderborn; 2018. apa: Leer, R. (2018). Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis. Universität Paderborn. bibtex: '@book{Leer_2018, title={Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis}, publisher={Universität Paderborn}, author={Leer, Richard}, year={2018} }' chicago: Leer, Richard. Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis. Universität Paderborn, 2018. ieee: R. Leer, Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis. Universität Paderborn, 2018. mla: Leer, Richard. Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis. Universität Paderborn, 2018. short: R. Leer, Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis, Universität Paderborn, 2018. date_created: 2017-12-13T07:52:01Z date_updated: 2022-01-06T06:50:39Z ddc: - '000' department: - _id: '76' file: - access_level: closed content_type: application/pdf creator: florida date_created: 2018-11-21T06:15:51Z date_updated: 2018-11-21T06:15:51Z file_id: '5768' file_name: ba_leer.pdf file_size: 1383049 relation: main_file success: 1 file_date_updated: 2018-11-21T06:15:51Z has_accepted_license: '1' language: - iso: eng project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publisher: Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis type: bachelorsthesis user_id: '15504' year: '2018' ... --- _id: '1045' author: - first_name: Jan Niclas full_name: Strüwer, Jan Niclas last_name: Strüwer citation: ama: Strüwer JN. Interactive Data Visualization for Exploded Supergraphs. Universität Paderborn; 2018. apa: Strüwer, J. N. (2018). Interactive Data Visualization for Exploded Supergraphs. Universität Paderborn. bibtex: '@book{Strüwer_2018, title={Interactive Data Visualization for Exploded Supergraphs}, publisher={Universität Paderborn}, author={Strüwer, Jan Niclas}, year={2018} }' chicago: Strüwer, Jan Niclas. Interactive Data Visualization for Exploded Supergraphs. Universität Paderborn, 2018. ieee: J. N. Strüwer, Interactive Data Visualization for Exploded Supergraphs. Universität Paderborn, 2018. mla: Strüwer, Jan Niclas. Interactive Data Visualization for Exploded Supergraphs. Universität Paderborn, 2018. short: J.N. Strüwer, Interactive Data Visualization for Exploded Supergraphs, Universität Paderborn, 2018. date_created: 2017-12-13T07:53:49Z date_updated: 2022-01-06T06:50:40Z ddc: - '000' department: - _id: '76' file: - access_level: closed content_type: application/pdf creator: florida date_created: 2018-11-21T06:14:15Z date_updated: 2018-11-21T06:14:15Z file_id: '5767' file_name: ba_struewer.pdf file_size: 15839765 relation: main_file success: 1 file_date_updated: 2018-11-21T06:14:15Z has_accepted_license: '1' language: - iso: eng project: - _id: '1' name: SFB 901 - _id: '3' name: SFB 901 - Project Area B - _id: '12' name: SFB 901 - Subproject B4 publisher: Universität Paderborn status: public supervisor: - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 title: Interactive Data Visualization for Exploded Supergraphs type: bachelorsthesis user_id: '15504' year: '2018' ... --- _id: '20552' abstract: - lang: eng text: Das Zukunftsszenario der Industrie 4.0 ist gepr{\"a}gt durch einen massiven Anstieg der unternehmens{\"u}bergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten entgegenzuwirken, muss der Informationssicherheit bereits im Entwurf der cyber-physischen Produktionssysteme ein hoher Stellenwert einger{\"a}umt werden. Dieses Paradigma wird als Security by Design bezeichnet. {\"U}ber den gesamten Entstehungsprozess hinweg muss nachverfolgt werden k{\"o}nnen, ob die Systeme spezifische Anforderungen an die Informationssicherheit erf{\"u}llen und damit die Eigenschaft der Industrial Security gew{\"a}hrleisten. Dieser Beitrag stellt einen Entwurfsansatz zur Nachverfolgung der Informationssicherheit vor, der durch Integration softwaretechnischer Methoden in das Systems Engineering eine Entwicklung nach dem Paradigma Security by Design erm{\"o}glicht. author: - first_name: Christopher full_name: Gerking, Christopher last_name: Gerking - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Wilhelm full_name: Schäfer, Wilhelm last_name: Schäfer citation: ama: 'Gerking C, Bodden E, Schäfer W. Industrial Security by Design. In: Maier GW, Engels G, Steffen E, eds. Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten. Springer Berlin Heidelberg; 2017:1-24. doi:10.1007/978-3-662-52903-4_8-1' apa: Gerking, C., Bodden, E., & Schäfer, W. (2017). Industrial Security by Design. In G. W. Maier, G. Engels, & E. Steffen (Eds.), Handbuch Gestaltung digitaler und vernetzter Arbeitswelten (pp. 1–24). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-662-52903-4_8-1 bibtex: '@inbook{Gerking_Bodden_Schäfer_2017, place={Berlin, Heidelberg}, title={Industrial Security by Design}, DOI={10.1007/978-3-662-52903-4_8-1}, booktitle={Handbuch Gestaltung digitaler und vernetzter Arbeitswelten}, publisher={Springer Berlin Heidelberg}, author={Gerking, Christopher and Bodden, Eric and Schäfer, Wilhelm}, editor={Maier, Günter W. and Engels, Gregor and Steffen, Eckhard}, year={2017}, pages={1–24} }' chicago: 'Gerking, Christopher, Eric Bodden, and Wilhelm Schäfer. “Industrial Security by Design.” In Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten, edited by Günter W. Maier, Gregor Engels, and Eckhard Steffen, 1–24. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017. https://doi.org/10.1007/978-3-662-52903-4_8-1.' ieee: 'C. Gerking, E. Bodden, and W. Schäfer, “Industrial Security by Design,” in Handbuch Gestaltung digitaler und vernetzter Arbeitswelten, G. W. Maier, G. Engels, and E. Steffen, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017, pp. 1–24.' mla: Gerking, Christopher, et al. “Industrial Security by Design.” Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten, edited by Günter W. Maier et al., Springer Berlin Heidelberg, 2017, pp. 1–24, doi:10.1007/978-3-662-52903-4_8-1. short: 'C. Gerking, E. Bodden, W. Schäfer, in: G.W. Maier, G. Engels, E. Steffen (Eds.), Handbuch Gestaltung Digitaler Und Vernetzter Arbeitswelten, Springer Berlin Heidelberg, Berlin, Heidelberg, 2017, pp. 1–24.' date_created: 2020-11-30T09:56:23Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: 10.1007/978-3-662-52903-4_8-1 editor: - first_name: Günter W. full_name: Maier, Günter W. last_name: Maier - first_name: Gregor full_name: Engels, Gregor last_name: Engels - first_name: Eckhard full_name: Steffen, Eckhard last_name: Steffen keyword: - ITSECWEBSITE language: - iso: eng page: 1-24 place: Berlin, Heidelberg publication: Handbuch Gestaltung digitaler und vernetzter Arbeitswelten publication_identifier: isbn: - 978-3-662-52903-4 publisher: Springer Berlin Heidelberg status: public title: Industrial Security by Design type: book_chapter user_id: '5786' year: '2017' ... --- _id: '20553' abstract: - lang: eng text: Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why companies have a vital interest in focusing their secure software development activities such that they obtain an optimal return on this investment. We investigate, in this paper, quantitatively the major factors that impact the time it takes to fix a given security issue based on data collected automatically within SAP's secure development process, and we show how the issue fix time could be used to monitor the fixing process. We use three machine learning methods and evaluate their predictive power in predicting the time to fix issues. Interestingly, the models indicate that vulnerability type has less dominant impact on issue fix time than previously believed. The time it takes to fix an issue instead seems much more related to the component in which the potential vulnerability resides, the project related to the issue, the development groups that address the issue, and the closeness of the software release date. This indicates that the software structure, the fixing processes, and the development groups are the dominant factors that impact the time spent to address security issues. SAP can use the models to implement a continuous improvement of its secure software development process and to measure the impact of individual improvements. The development teams at SAP develop different types of software, adopt different internal development processes, use different programming languages and platforms, and are located in different cities and countries. Other organizations, may use the results---with precaution---and be learning organizations. author: - first_name: Lotfi full_name: Ben Othmane, Lotfi last_name: Ben Othmane - first_name: Golriz full_name: Chehrazi, Golriz last_name: Chehrazi - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 - first_name: Petar full_name: Tsalovski, Petar last_name: Tsalovski - first_name: Achim D. full_name: Brucker, Achim D. last_name: Brucker citation: ama: 'Ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker AD. Time for Addressing Software Security Issues: Prediction Models and Impacting Factors. Data Science and Engineering. 2017;2(2):107-124. doi:https://doi.org/10.1007/s41019-016-0019-8' apa: 'Ben Othmane, L., Chehrazi, G., Bodden, E., Tsalovski, P., & Brucker, A. D. (2017). Time for Addressing Software Security Issues: Prediction Models and Impacting Factors. Data Science and Engineering, 2(2), 107–124. https://doi.org/10.1007/s41019-016-0019-8' bibtex: '@article{Ben Othmane_Chehrazi_Bodden_Tsalovski_Brucker_2017, title={Time for Addressing Software Security Issues: Prediction Models and Impacting Factors}, volume={2}, DOI={https://doi.org/10.1007/s41019-016-0019-8}, number={2}, journal={Data Science and Engineering}, author={Ben Othmane, Lotfi and Chehrazi, Golriz and Bodden, Eric and Tsalovski, Petar and Brucker, Achim D.}, year={2017}, pages={107–124} }' chicago: 'Ben Othmane, Lotfi, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker. “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors.” Data Science and Engineering 2, no. 2 (2017): 107–24. https://doi.org/10.1007/s41019-016-0019-8.' ieee: 'L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, and A. D. Brucker, “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors,” Data Science and Engineering, vol. 2, no. 2, pp. 107–124, 2017, doi: https://doi.org/10.1007/s41019-016-0019-8.' mla: 'Ben Othmane, Lotfi, et al. “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors.” Data Science and Engineering, vol. 2, no. 2, 2017, pp. 107–24, doi:https://doi.org/10.1007/s41019-016-0019-8.' short: L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, A.D. Brucker, Data Science and Engineering 2 (2017) 107–124. date_created: 2020-11-30T10:24:50Z date_updated: 2022-01-06T06:54:29Z department: - _id: '76' doi: https://doi.org/10.1007/s41019-016-0019-8 intvolume: ' 2' issue: '2' language: - iso: eng page: 107-124 publication: Data Science and Engineering publication_identifier: issn: - 2364-1541 related_material: link: - relation: confirmation url: http://bodden.de/pubs/bcb17time.pdf status: public title: 'Time for Addressing Software Security Issues: Prediction Models and Impacting Factors' type: journal_article user_id: '5786' volume: 2 year: '2017' ...