@inproceedings{20538,
  author       = {{Albert Gorski Iii, Sigmund and Andow, Benjamin and Nadkarni, Adwait and Manandhar, Sunil and Enck, William and Bodden, Eric and Bartel, Alexandre}},
  booktitle    = {{ACM Conference on Data and Application Security and Privacy (CODASPY 2019)}},
  keywords     = {{ITSECWEBSITE, CROSSING}},
  title        = {{{ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware}}},
  year         = {{2019}},
}

@article{20539,
  author       = {{Späth, Johannes and Ali, Karim and Bodden, Eric}},
  issn         = {{2475-1421}},
  journal      = {{Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages}},
  keywords     = {{ATTRACT, ITSECWEBSITE, CROSSING}},
  number       = {{POPL}},
  pages        = {{48:1--48:29}},
  publisher    = {{ACM}},
  title        = {{{Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems}}},
  doi          = {{10.1145/3290361}},
  volume       = {{3}},
  year         = {{2019}},
}

@inproceedings{20548,
  author       = {{Bodden, Eric}},
  booktitle    = {{ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018)}},
  isbn         = {{978-1-4503-5939-9}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  pages        = {{85--93}},
  publisher    = {{ACM}},
  title        = {{{The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them)}}},
  doi          = {{10.1145/3236454.3236500}},
  year         = {{2018}},
}

@inproceedings{20549,
  author       = {{Geismann, Johannes and Gerking, Christopher and Bodden, Eric}},
  booktitle    = {{International Conference on Software and System Processes (ICSSP)}},
  keywords     = {{ITSECWEBSITE}},
  title        = {{{Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes}}},
  year         = {{2018}},
}

@inproceedings{20550,
  author       = {{Bodden, Eric}},
  booktitle    = {{Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results}},
  isbn         = {{978-1-4503-5662-6}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  pages        = {{45--48}},
  publisher    = {{ACM}},
  title        = {{{Self-adaptive Static Analysis}}},
  doi          = {{10.1145/3183399.3183401}},
  year         = {{2018}},
}

@inproceedings{20551,
  author       = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}},
  booktitle    = {{International Conference for Software Engineering (ICSE), Tool Demonstrations Track}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{VISUFLOW, a Debugging Environment for Static Analyses}}},
  year         = {{2018}},
}

@inproceedings{5203,
  author       = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}},
  booktitle    = {{European Conference on Object-Oriented Programming (ECOOP)}},
  keywords     = {{ITSECWEBSITE, CROSSING}},
  pages        = {{10:1--10:27}},
  title        = {{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}}},
  year         = {{2018}},
}

@inbook{20552,
  abstract     = {{Das Zukunftsszenario der Industrie 4.0 ist gepr{\"a}gt durch einen massiven Anstieg der unternehmens{\"u}bergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten entgegenzuwirken, muss der Informationssicherheit bereits im Entwurf der cyber-physischen Produktionssysteme ein hoher Stellenwert einger{\"a}umt werden. Dieses Paradigma wird als Security by Design bezeichnet. {\"U}ber den gesamten Entstehungsprozess hinweg muss nachverfolgt werden k{\"o}nnen, ob die Systeme spezifische Anforderungen an die Informationssicherheit erf{\"u}llen und damit die Eigenschaft der Industrial Security gew{\"a}hrleisten. Dieser Beitrag stellt einen Entwurfsansatz zur Nachverfolgung der Informationssicherheit vor, der durch Integration softwaretechnischer Methoden in das Systems Engineering eine Entwicklung nach dem Paradigma Security by Design erm{\"o}glicht.}},
  author       = {{Gerking, Christopher and Bodden, Eric and Schäfer, Wilhelm}},
  booktitle    = {{Handbuch Gestaltung digitaler und vernetzter Arbeitswelten}},
  editor       = {{Maier, Günter W. and Engels, Gregor and Steffen, Eckhard}},
  isbn         = {{978-3-662-52903-4}},
  keywords     = {{ITSECWEBSITE}},
  pages        = {{1--24}},
  publisher    = {{Springer Berlin Heidelberg}},
  title        = {{{Industrial Security by Design}}},
  doi          = {{10.1007/978-3-662-52903-4_8-1}},
  year         = {{2017}},
}

@inproceedings{20558,
  author       = {{Krüger, Stefan and Nadi, Sarah and Reif, Michael and Ali, Karim and Mezini, Mira and Bodden, Eric and Göpfert, Florian and Günther, Felix and Weinert, Christian and Demmler, Daniel and Kamath, Ram}},
  booktitle    = {{International Conference on Automated Software Engineering (ASE 2017), Tool Demo Track}},
  keywords     = {{ITSECWEBSITE, CROSSING}},
  title        = {{{CogniCrypt: Supporting Developers in using Cryptography}}},
  year         = {{2017}},
}

@inproceedings{20715,
  author       = {{Nguyen Quang Do, Lisa and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}},
  booktitle    = {{International Conference for Software Engineering (ICSE), Tool Demonstrations Track}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{Cheetah: Just-in-Time Taint Analysis for Android Apps}}},
  year         = {{2017}},
}

@inproceedings{5204,
  author       = {{Späth, Johannes and Ali, Karim and Bodden, Eric}},
  booktitle    = {{2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH)}},
  keywords     = {{ATTRACT, ITSECWEBSITE, CROSSING}},
  publisher    = {{ACM Press}},
  title        = {{{IDEal: Efficient and Precise Alias-aware Dataflow Analysis}}},
  year         = {{2017}},
}

@techreport{20555,
  author       = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}},
  keywords     = {{ITSECWEBSITE}},
  title        = {{{CrySL: Validating Correct Usage of Cryptographic APIs}}},
  year         = {{2017}},
}

@techreport{20717,
  author       = {{Nguyen Quang Do, Lisa and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{Just-in-Time Static Analysis}}},
  doi          = {{http://dx.doi.org/10.7939/DVN/10859}},
  year         = {{2016}},
}

@article{20718,
  author       = {{Rasthofer, Siegfried and Arzt, Steven and Bodden, Eric and Miltenberger, Marc}},
  journal      = {{Datenschutz und Datensicherheit}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  pages        = {{718--722}},
  title        = {{{Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen}}},
  doi          = {{https://www.springerprofessional.de/en/datenschutz-und-datensicherheit-dud-11-2016/10866536}},
  year         = {{2016}},
}

@inproceedings{20719,
  author       = {{Holzinger, Philipp and Triller, Stefan and Bartel, Alexandre and Bodden, Eric}},
  booktitle    = {{Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}},
  isbn         = {{978-1-4503-4139-4}},
  keywords     = {{ATTRACT, access control, exploits, java security, security analysis, ITSECWEBSITE}},
  pages        = {{779--790}},
  title        = {{{An In-Depth Study of More Than Ten Years of Java Exploitation}}},
  doi          = {{http://doi.acm.org/10.1145/2976749.2978361}},
  year         = {{2016}},
}

@inproceedings{20727,
  author       = {{Rasthofer, Siegfried and Arzt, Steven and Miltenberger, Marc and Bodden, Eric}},
  booktitle    = {{Network and Distributed System Security Symposium (NDSS)}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques}}},
  year         = {{2016}},
}

@inproceedings{20728,
  author       = {{Nadi, Sarah and Krüger, Stefan and Mezini, Mira and Bodden, Eric}},
  booktitle    = {{International Conference for Software Engineering (ICSE)}},
  keywords     = {{CROSSING, ITSECWEBSITE}},
  pages        = {{935--946}},
  title        = {{{Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?}}},
  year         = {{2016}},
}

@inproceedings{20729,
  author       = {{Arzt, Steven and Bodden, Eric}},
  booktitle    = {{International Conference for Software Engineering (ICSE)}},
  keywords     = {{ITSECWEBSITE}},
  title        = {{{StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework}}},
  year         = {{2016}},
}

@inproceedings{5205,
  author       = {{Späth, Johannes and Nguyen Quang Do, Lisa and Ali, Karim and Bodden, Eric}},
  booktitle    = {{European Conference on Object-Oriented Programming (ECOOP)}},
  keywords     = {{ATTRACT, ITSECWEBSITE}},
  title        = {{{Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java}}},
  year         = {{2016}},
}

@inproceedings{5207,
  author       = {{Li, Li and Bartel, Alexandre and Bissyande, Tegawende F. and Klein, Jacques and Le Traon, Yves and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Octeau, Damien and McDaniel, Patrick}},
  booktitle    = {{2015 International Conference on Software Engineering (ICSE)}},
  isbn         = {{978-1-4799-1934-5}},
  keywords     = {{CROSSING, ATTRACT, ITSECWEBSITE}},
  pages        = {{280--291}},
  title        = {{{IccTA: Detecting Inter-Component Privacy Leaks in Android Apps}}},
  year         = {{2015}},
}