[{"date_updated":"2026-03-13T12:10:10Z","author":[{"first_name":"Mugdha","full_name":"Khedkar, Mugdha","id":"88024","last_name":"Khedkar"},{"full_name":"Schlichtig, Michael","id":"32312","orcid":"0000-0001-6600-6171","last_name":"Schlichtig","first_name":"Michael"},{"first_name":"Mohamed Aboubakr Mohamed","last_name":"Soliman","full_name":"Soliman, Mohamed Aboubakr Mohamed","id":"102489"},{"full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"}],"date_created":"2026-03-04T08:10:43Z","title":"Challenges in Android Data Disclosure: An Empirical Study.","conference":{"location":"Rio de Janeiro, Brazil","end_date":"2026-04-18","start_date":"2026-04-12","name":"13th International Conference on Mobile Software Engineering and Systems 2024"},"year":"2026","citation":{"short":"M. Khedkar, M. Schlichtig, M.A.M. Soliman, E. Bodden, in: Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68., 2026.","mla":"Khedkar, Mugdha, et al. “Challenges in Android Data Disclosure: An Empirical Study.” <i>Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.</i>, 2026.","bibtex":"@inproceedings{Khedkar_Schlichtig_Soliman_Bodden_2026, title={Challenges in Android Data Disclosure: An Empirical Study.}, booktitle={Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Schlichtig, Michael and Soliman, Mohamed Aboubakr Mohamed and Bodden, Eric}, year={2026} }","apa":"Khedkar, M., Schlichtig, M., Soliman, M. A. M., &#38; Bodden, E. (2026). Challenges in Android Data Disclosure: An Empirical Study. <i>Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.</i> 13th International Conference on Mobile Software Engineering and Systems 2024, Rio de Janeiro, Brazil.","ama":"Khedkar M, Schlichtig M, Soliman MAM, Bodden E. Challenges in Android Data Disclosure: An Empirical Study. In: <i>Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.</i> ; 2026.","ieee":"M. Khedkar, M. Schlichtig, M. A. M. Soliman, and E. Bodden, “Challenges in Android Data Disclosure: An Empirical Study.,” presented at the 13th International Conference on Mobile Software Engineering and Systems 2024, Rio de Janeiro, Brazil, 2026.","chicago":"Khedkar, Mugdha, Michael Schlichtig, Mohamed Aboubakr Mohamed Soliman, and Eric Bodden. “Challenges in Android Data Disclosure: An Empirical Study.” In <i>Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.</i>, 2026."},"external_id":{"arxiv":["2601.20459"]},"_id":"64823","department":[{"_id":"76"}],"user_id":"88024","keyword":["static analysis","data collection","data protection","privacy-aware reporting"],"language":[{"iso":"eng"}],"publication":"Proceedings of the IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft '26). Association for Computing Machinery, New York, NY, USA, 65–68.","type":"conference","abstract":[{"lang":"eng","text":"Current legal frameworks enforce that Android developers accurately report the data their apps collect. However, large codebases can make this reporting challenging. This paper employs an empirical approach to understand developers' experience with Google Play Store's Data Safety Section (DSS) form.\r\n\r\nWe first survey 41 Android developers to understand how they categorize privacy-related data into DSS categories and how confident they feel when completing the DSS form. To gain a broader and more detailed view of the challenges developers encounter during the process, we complement the survey with an analysis of 172 online developer discussions, capturing the perspectives of 642 additional developers. Together, these two data sources represent insights from 683 developers.\r\n\r\nOur findings reveal that developers often manually classify the privacy-related data their apps collect into the data categories defined by Google-or, in some cases, omit classification entirely-and rely heavily on existing online resources when completing the form. Moreover, developers are generally confident in recognizing the data their apps collect, yet they lack confidence in translating this knowledge into DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant data to complete the form, limited understanding of the form, and concerns about app rejection due to discrepancies with Google's privacy requirements.\r\nThese results underscore the need for clearer guidance and more accessible tooling to support developers in meeting privacy-aware reporting obligations. "}],"status":"public"},{"issue":"2","publication_identifier":{"unknown":["1573-7535"]},"citation":{"apa":"Khedkar, M., Schlichtig, M., Atakishiyev, N., &#38; Bodden, E. (2026). Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments. <i>Automated Software Engineering </i>, <i>33</i>(2), Article 56. <a href=\"https://doi.org/10.1007/s10515-026-00601-4\">https://doi.org/10.1007/s10515-026-00601-4</a>","bibtex":"@article{Khedkar_Schlichtig_Atakishiyev_Bodden_2026, title={Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments}, volume={33}, DOI={<a href=\"https://doi.org/10.1007/s10515-026-00601-4\">10.1007/s10515-026-00601-4</a>}, number={256}, journal={Automated Software Engineering }, publisher={Springer US}, author={Khedkar, Mugdha and Schlichtig, Michael and Atakishiyev, Nihad and Bodden, Eric}, year={2026} }","short":"M. Khedkar, M. Schlichtig, N. Atakishiyev, E. Bodden, Automated Software Engineering  33 (2026).","mla":"Khedkar, Mugdha, et al. “Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments.” <i>Automated Software Engineering </i>, vol. 33, no. 2, 56, Springer US, 2026, doi:<a href=\"https://doi.org/10.1007/s10515-026-00601-4\">10.1007/s10515-026-00601-4</a>.","ama":"Khedkar M, Schlichtig M, Atakishiyev N, Bodden E. Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments. <i>Automated Software Engineering </i>. 2026;33(2). doi:<a href=\"https://doi.org/10.1007/s10515-026-00601-4\">10.1007/s10515-026-00601-4</a>","chicago":"Khedkar, Mugdha, Michael Schlichtig, Nihad Atakishiyev, and Eric Bodden. “Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments.” <i>Automated Software Engineering </i> 33, no. 2 (2026). <a href=\"https://doi.org/10.1007/s10515-026-00601-4\">https://doi.org/10.1007/s10515-026-00601-4</a>.","ieee":"M. Khedkar, M. Schlichtig, N. Atakishiyev, and E. Bodden, “Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments,” <i>Automated Software Engineering </i>, vol. 33, no. 2, Art. no. 56, 2026, doi: <a href=\"https://doi.org/10.1007/s10515-026-00601-4\">10.1007/s10515-026-00601-4</a>."},"intvolume":"        33","year":"2026","author":[{"full_name":"Khedkar, Mugdha","id":"88024","last_name":"Khedkar","first_name":"Mugdha"},{"id":"32312","full_name":"Schlichtig, Michael","last_name":"Schlichtig","orcid":"0000-0001-6600-6171","first_name":"Michael"},{"last_name":"Atakishiyev","full_name":"Atakishiyev, Nihad","first_name":"Nihad"},{"last_name":"Bodden","orcid":"0000-0003-3470-3647","id":"59256","full_name":"Bodden, Eric","first_name":"Eric"}],"date_created":"2026-03-04T08:03:14Z","volume":33,"date_updated":"2026-03-13T12:10:38Z","publisher":"Springer US","doi":"10.1007/s10515-026-00601-4","title":"Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments","type":"journal_article","publication":"Automated Software Engineering ","status":"public","user_id":"88024","department":[{"_id":"76"}],"_id":"64821","language":[{"iso":"eng"}],"article_number":"56"},{"publication":"IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)","type":"conference","status":"public","citation":{"apa":"Khedkar, M., Schlichtig, M., &#38; Bodden, E. (2026). Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View. <i>IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)</i>.","mla":"Khedkar, Mugdha, et al. “Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View.” <i>IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)</i>, 2026.","short":"M. Khedkar, M. Schlichtig, E. Bodden, in: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026), 2026.","bibtex":"@inproceedings{Khedkar_Schlichtig_Bodden_2026, title={Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View}, booktitle={IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)}, author={Khedkar, Mugdha and Schlichtig, Michael and Bodden, Eric}, year={2026} }","ama":"Khedkar M, Schlichtig M, Bodden E. Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View. In: <i>IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)</i>. ; 2026.","chicago":"Khedkar, Mugdha, Michael Schlichtig, and Eric Bodden. “Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View.” In <i>IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2026)</i>, 2026.","ieee":"M. Khedkar, M. Schlichtig, and E. Bodden, “Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View,” 2026."},"year":"2026","department":[{"_id":"76"}],"user_id":"88024","date_created":"2026-03-13T12:16:09Z","author":[{"last_name":"Khedkar","id":"88024","full_name":"Khedkar, Mugdha","first_name":"Mugdha"},{"first_name":"Michael","last_name":"Schlichtig","orcid":"0000-0001-6600-6171","id":"32312","full_name":"Schlichtig, Michael"},{"first_name":"Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","full_name":"Bodden, Eric","id":"59256"}],"_id":"64909","date_updated":"2026-03-13T12:17:01Z","language":[{"iso":"eng"}],"main_file_link":[{"url":"https://mugdhak30.github.io/assets/Preprints/RoPA_SANER2026.pdf"}],"title":"Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View"},{"title":"FP-Predictor - False Positive Prediction for Static Analysis Reports","date_created":"2026-03-16T17:38:33Z","author":[{"first_name":"Tom","full_name":"Ohlmer, Tom","last_name":"Ohlmer"},{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171"},{"last_name":"Bodden","orcid":"0000-0003-3470-3647","id":"59256","full_name":"Bodden, Eric","first_name":"Eric"}],"date_updated":"2026-03-16T17:40:31Z","citation":{"apa":"Ohlmer, T., Schlichtig, M., &#38; Bodden, E. (2026). FP-Predictor - False Positive Prediction for Static Analysis Reports. In <i>arXiv:2603.10558</i>.","bibtex":"@article{Ohlmer_Schlichtig_Bodden_2026, title={FP-Predictor - False Positive Prediction for Static Analysis Reports}, journal={arXiv:2603.10558}, author={Ohlmer, Tom and Schlichtig, Michael and Bodden, Eric}, year={2026} }","short":"T. Ohlmer, M. Schlichtig, E. Bodden, ArXiv:2603.10558 (2026).","mla":"Ohlmer, Tom, et al. “FP-Predictor - False Positive Prediction for Static Analysis Reports.” <i>ArXiv:2603.10558</i>, 2026.","ama":"Ohlmer T, Schlichtig M, Bodden E. FP-Predictor - False Positive Prediction for Static Analysis Reports. <i>arXiv:260310558</i>. Published online 2026.","chicago":"Ohlmer, Tom, Michael Schlichtig, and Eric Bodden. “FP-Predictor - False Positive Prediction for Static Analysis Reports.” <i>ArXiv:2603.10558</i>, 2026.","ieee":"T. Ohlmer, M. Schlichtig, and E. Bodden, “FP-Predictor - False Positive Prediction for Static Analysis Reports,” <i>arXiv:2603.10558</i>. 2026."},"year":"2026","language":[{"iso":"eng"}],"department":[{"_id":"76"}],"user_id":"32312","_id":"65017","external_id":{"arxiv":["2603.10558"]},"status":"public","abstract":[{"lang":"eng","text":"Static Application Security Testing (SAST) tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false positives, which wastes developer's effort and undermines trust in automated analysis. This work presents a Graph Convolutional Network (GCN) model designed to predict SAST reports as true and false positive. The model leverages Code Property Graphs (CPGs) constructed from static analysis results to capture both, structural and semantic relationships within code. Trained on the CamBenchCAP dataset, the model achieved an accuracy of 100% on the test set using an 80/20 train-test split. Evaluation on the CryptoAPI-Bench benchmark further demonstrated the model's practical applicability, reaching an overall accuracy of up to 96.6%. A detailed qualitative inspection revealed that many cases marked as misclassifications corresponded to genuine security weaknesses, indicating that the model effectively reflects conservative, security-aware reasoning. Identified limitations include incomplete control-flow representation due to missing interprocedural connections. Future work will focus on integrating call graphs, applying graph explainability techniques, and extending training data across multiple SAST tools to improve generalization and interpretability."}],"publication":"arXiv:2603.10558","type":"preprint"},{"publication":"2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","type":"conference","status":"public","department":[{"_id":"76"}],"user_id":"32312","_id":"65030","language":[{"iso":"eng"}],"citation":{"mla":"Amaral, Luis, et al. “From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies.” <i>2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 2026.","short":"L. Amaral, M. Schlichtig, W. Emanuel, J. Almeida, C. Ferreira, J. Kempf, R. Bonifácio, E. Bodden, L. Peotta, G. Pinto, M. Ribeiro, in: 2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2026.","bibtex":"@inproceedings{Amaral_Schlichtig_Emanuel_Almeida_Ferreira_Kempf_Bonifácio_Bodden_Peotta_Pinto_et al._2026, title={From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies}, booktitle={2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)}, author={Amaral, Luis and Schlichtig, Michael and Emanuel, Wagner and Almeida, Joilton and Ferreira, Carine and Kempf, Jérôme and Bonifácio, Rodrigo and Bodden, Eric and Peotta, Laerte and Pinto, Gustavo and et al.}, year={2026} }","apa":"Amaral, L., Schlichtig, M., Emanuel, W., Almeida, J., Ferreira, C., Kempf, J., Bonifácio, R., Bodden, E., Peotta, L., Pinto, G., &#38; Ribeiro, M. (2026). From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies. <i>2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>.","chicago":"Amaral, Luis, Michael Schlichtig, Wagner Emanuel, Joilton Almeida, Carine Ferreira, Jérôme Kempf, Rodrigo Bonifácio, et al. “From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies.” In <i>2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 2026.","ieee":"L. Amaral <i>et al.</i>, “From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies,” 2026.","ama":"Amaral L, Schlichtig M, Emanuel W, et al. From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies. In: <i>2026 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>. ; 2026."},"year":"2026","author":[{"last_name":"Amaral","full_name":"Amaral, Luis","first_name":"Luis"},{"first_name":"Michael","id":"32312","full_name":"Schlichtig, Michael","orcid":"0000-0001-6600-6171","last_name":"Schlichtig"},{"full_name":"Emanuel, Wagner","last_name":"Emanuel","first_name":"Wagner"},{"first_name":"Joilton","full_name":"Almeida, Joilton","last_name":"Almeida"},{"first_name":"Carine","last_name":"Ferreira","full_name":"Ferreira, Carine"},{"full_name":"Kempf, Jérôme","last_name":"Kempf","first_name":"Jérôme"},{"full_name":"Bonifácio, Rodrigo","last_name":"Bonifácio","first_name":"Rodrigo"},{"orcid":"0000-0003-3470-3647","last_name":"Bodden","id":"59256","full_name":"Bodden, Eric","first_name":"Eric"},{"first_name":"Laerte","last_name":"Peotta","full_name":"Peotta, Laerte"},{"full_name":"Pinto, Gustavo","last_name":"Pinto","first_name":"Gustavo"},{"first_name":"Márcio","last_name":"Ribeiro","full_name":"Ribeiro, Márcio"}],"date_created":"2026-03-17T11:59:09Z","date_updated":"2026-03-17T12:02:14Z","title":"From Legacy Designs to Vulnerability Fixes: Understanding SAST Adoption in Non-Technological Companies"},{"title":"Visualizing Privacy-Relevant Data Flows in Android Applications","author":[{"first_name":"Mugdha","last_name":"Khedkar","id":"88024","full_name":"Khedkar, Mugdha"},{"last_name":"Schlichtig","orcid":"0000-0001-6600-6171","full_name":"Schlichtig, Michael","id":"32312","first_name":"Michael"},{"first_name":"Santhosh","full_name":"Mohan, Santhosh","last_name":"Mohan"},{"first_name":"Eric","id":"59256","full_name":"Bodden, Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647"}],"date_created":"2026-03-16T17:39:12Z","date_updated":"2026-03-16T17:40:56Z","citation":{"bibtex":"@article{Khedkar_Schlichtig_Mohan_Bodden_2025, title={Visualizing Privacy-Relevant Data Flows in Android Applications}, journal={arXiv:2503.16640}, author={Khedkar, Mugdha and Schlichtig, Michael and Mohan, Santhosh and Bodden, Eric}, year={2025} }","mla":"Khedkar, Mugdha, et al. “Visualizing Privacy-Relevant Data Flows in Android Applications.” <i>ArXiv:2503.16640</i>, 2025.","short":"M. Khedkar, M. Schlichtig, S. Mohan, E. Bodden, ArXiv:2503.16640 (2025).","apa":"Khedkar, M., Schlichtig, M., Mohan, S., &#38; Bodden, E. (2025). Visualizing Privacy-Relevant Data Flows in Android Applications. In <i>arXiv:2503.16640</i>.","chicago":"Khedkar, Mugdha, Michael Schlichtig, Santhosh Mohan, and Eric Bodden. “Visualizing Privacy-Relevant Data Flows in Android Applications.” <i>ArXiv:2503.16640</i>, 2025.","ieee":"M. Khedkar, M. Schlichtig, S. Mohan, and E. Bodden, “Visualizing Privacy-Relevant Data Flows in Android Applications,” <i>arXiv:2503.16640</i>. 2025.","ama":"Khedkar M, Schlichtig M, Mohan S, Bodden E. Visualizing Privacy-Relevant Data Flows in Android Applications. <i>arXiv:250316640</i>. Published online 2025."},"year":"2025","language":[{"iso":"eng"}],"department":[{"_id":"76"}],"user_id":"32312","_id":"65018","external_id":{"arxiv":["2503.16640"]},"status":"public","abstract":[{"text":"Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since in 2018 the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to integrate privacy-aware practices into source code development. Despite these legal obligations, developers have limited tool support to reason about data protection throughout their app development process.\r\n  This paper explores the use of static program slicing and software visualization to analyze privacy-relevant data flows in Android apps. We introduce SliceViz, a web tool that analyzes an Android app by slicing all privacy-relevant data sources detected in the source code on the back-end. It then helps developers by visualizing these privacy-relevant program slices.\r\n  We conducted a user study with 12 participants demonstrating that SliceViz effectively aids developers in identifying privacy-relevant properties in Android apps.\r\n  Our findings indicate that program slicing can be employed to identify and reason about privacy-relevant data flows in Android applications. With further usability improvements, developers can be better equipped to handle privacy-sensitive information.","lang":"eng"}],"publication":"arXiv:2503.16640","type":"preprint"},{"language":[{"iso":"eng"}],"keyword":["Static analysis","error chains","false positive re- duction","empirical studies"],"department":[{"_id":"76"}],"user_id":"32312","_id":"52663","status":"public","abstract":[{"lang":"eng","text":"Context\r\nStatic analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results.\r\nMethod\r\nTo address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview.\r\nResult\r\nWe found that 50 % of the projects with a report had at least one error chain. Our runtime benchmark demonstrated that our improvement caused only a minimal runtime overhead of less than 4 %. The results of our expert interview indicate that with our adapted version participants require fewer executions of the analysis.\r\nConclusion\r\nOur results indicate that error chains occur frequently in real-world projects, and ignoring them can lead to imprecise evaluation results. The runtime benchmark indicates that our tool is a feasible and efficient solution for detecting error chains in real-world projects. Further, our results gave a hint that the usability of static analyses may benefit from supporting error chains."}],"type":"misc","main_file_link":[{"url":"https://arxiv.org/abs/2403.07808"}],"title":"Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability","date_created":"2024-03-20T09:28:36Z","author":[{"first_name":"Anna-Katharina","full_name":"Wickert, Anna-Katharina","last_name":"Wickert"},{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","orcid":"0000-0001-6600-6171","last_name":"Schlichtig"},{"full_name":"Vogel, Marvin","last_name":"Vogel","first_name":"Marvin"},{"full_name":"Winter, Lukas","last_name":"Winter","first_name":"Lukas"},{"last_name":"Mezini","full_name":"Mezini, Mira","first_name":"Mira"},{"first_name":"Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","id":"59256","full_name":"Bodden, Eric"}],"date_updated":"2024-03-20T09:32:29Z","citation":{"apa":"Wickert, A.-K., Schlichtig, M., Vogel, M., Winter, L., Mezini, M., &#38; Bodden, E. (2024). <i>Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability</i>.","short":"A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability, 2024.","bibtex":"@book{Wickert_Schlichtig_Vogel_Winter_Mezini_Bodden_2024, title={Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability}, author={Wickert, Anna-Katharina and Schlichtig, Michael and Vogel, Marvin and Winter, Lukas and Mezini, Mira and Bodden, Eric}, year={2024} }","mla":"Wickert, Anna-Katharina, et al. <i>Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability</i>. 2024.","ama":"Wickert A-K, Schlichtig M, Vogel M, Winter L, Mezini M, Bodden E. <i>Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability</i>.; 2024.","chicago":"Wickert, Anna-Katharina, Michael Schlichtig, Marvin Vogel, Lukas Winter, Mira Mezini, and Eric Bodden. <i>Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability</i>, 2024.","ieee":"A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden, <i>Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability</i>. 2024."},"year":"2024"},{"user_id":"32312","department":[{"_id":"76"}],"_id":"56140","file_date_updated":"2024-09-16T08:55:23Z","type":"conference","status":"public","author":[{"full_name":"Khedkar, Mugdha","id":"88024","last_name":"Khedkar","first_name":"Mugdha"},{"full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171","first_name":"Michael"},{"full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"}],"date_updated":"2026-03-13T12:12:45Z","doi":"10.1145/3691621.3694953","conference":{"name":"39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024)","start_date":"2024-10-27","end_date":"2024-11-01","location":"Sacramento, California"},"has_accepted_license":"1","citation":{"ama":"Khedkar M, Schlichtig M, Bodden E. Advancing Android Privacy Assessments with Automation. In: <i>In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)</i>. ; 2024. doi:<a href=\"https://doi.org/10.1145/3691621.3694953\">10.1145/3691621.3694953</a>","chicago":"Khedkar, Mugdha, Michael Schlichtig, and Eric Bodden. “Advancing Android Privacy Assessments with Automation.” In <i>In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)</i>, 2024. <a href=\"https://doi.org/10.1145/3691621.3694953\">https://doi.org/10.1145/3691621.3694953</a>.","ieee":"M. Khedkar, M. Schlichtig, and E. Bodden, “Advancing Android Privacy Assessments with Automation,” presented at the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024), Sacramento, California, 2024, doi: <a href=\"https://doi.org/10.1145/3691621.3694953\">10.1145/3691621.3694953</a>.","apa":"Khedkar, M., Schlichtig, M., &#38; Bodden, E. (2024). Advancing Android Privacy Assessments with Automation. <i>In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)</i>. 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024), Sacramento, California. <a href=\"https://doi.org/10.1145/3691621.3694953\">https://doi.org/10.1145/3691621.3694953</a>","mla":"Khedkar, Mugdha, et al. “Advancing Android Privacy Assessments with Automation.” <i>In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)</i>, 2024, doi:<a href=\"https://doi.org/10.1145/3691621.3694953\">10.1145/3691621.3694953</a>.","short":"M. Khedkar, M. Schlichtig, E. Bodden, in: In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24), 2024.","bibtex":"@inproceedings{Khedkar_Schlichtig_Bodden_2024, title={Advancing Android Privacy Assessments with Automation}, DOI={<a href=\"https://doi.org/10.1145/3691621.3694953\">10.1145/3691621.3694953</a>}, booktitle={In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)}, author={Khedkar, Mugdha and Schlichtig, Michael and Bodden, Eric}, year={2024} }"},"external_id":{"arxiv":["2409.06564"]},"language":[{"iso":"eng"}],"ddc":["000"],"publication":"In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24)","file":[{"file_size":1207856,"file_name":"2409.06564v1.pdf","file_id":"56141","access_level":"closed","date_updated":"2024-09-16T08:55:23Z","date_created":"2024-09-16T08:55:23Z","creator":"khedkarm","success":1,"relation":"main_file","content_type":"application/pdf"}],"abstract":[{"lang":"eng","text":"    Android apps collecting data from users must comply with legal frameworks to ensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European Union in 2018. Moreover, with the proposed Cyber Resilience Act on the horizon, stakeholders will soon need to assess software against even more stringent security and privacy standards. Effective privacy assessments require collaboration among groups with diverse expertise to function effectively as a cohesive unit.\r\n    This paper motivates the need for an automated approach that enhances understanding of data protection in Android apps and improves communication between the various parties involved in privacy assessments. We propose the Assessor View, a tool designed to bridge the knowledge gap between these parties, facilitating more effective privacy assessments of Android applications. "}],"date_created":"2024-09-16T08:55:34Z","title":"Advancing Android Privacy Assessments with Automation","year":"2024"},{"date_updated":"2024-03-20T09:27:41Z","publisher":"Gesellschaft für Informatik e.V.","date_created":"2024-03-20T09:26:29Z","author":[{"last_name":"Nachtigall","full_name":"Nachtigall, Marcus","id":"41213","first_name":"Marcus"},{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171"},{"full_name":"Bodden, Eric","id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647","first_name":"Eric"}],"title":"Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale","main_file_link":[{"url":"https://dl.gi.de/items/5afe477f-2f6a-4b3d-b391-f024baf0b7a5"}],"publication_identifier":{"isbn":["978-3-88579-726-5"]},"place":"Bonn","year":"2023","citation":{"ieee":"M. Nachtigall, M. Schlichtig, and E. Bodden, “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale,” in <i>Software Engineering 2023</i>, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 95–96.","chicago":"Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale.” In <i>Software Engineering 2023</i>, 95–96. Bonn: Gesellschaft für Informatik e.V., 2023.","ama":"Nachtigall M, Schlichtig M, Bodden E. Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale. In: <i>Software Engineering 2023</i>. Gesellschaft für Informatik e.V.; 2023:95–96.","apa":"Nachtigall, M., Schlichtig, M., &#38; Bodden, E. (2023). Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale. In <i>Software Engineering 2023</i> (pp. 95–96). Gesellschaft für Informatik e.V.","bibtex":"@inbook{Nachtigall_Schlichtig_Bodden_2023, place={Bonn}, title={Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale}, booktitle={Software Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Nachtigall, Marcus and Schlichtig, Michael and Bodden, Eric}, year={2023}, pages={95–96} }","short":"M. Nachtigall, M. Schlichtig, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 95–96.","mla":"Nachtigall, Marcus, et al. “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale.” <i>Software Engineering 2023</i>, Gesellschaft für Informatik e.V., 2023, pp. 95–96."},"page":"95–96","_id":"52662","user_id":"32312","department":[{"_id":"76"}],"keyword":["Automated static analysis","Software usability"],"language":[{"iso":"eng"}],"type":"book_chapter","publication":"Software Engineering 2023","abstract":[{"text":"Static analysis tools support developers in detecting potential coding issues, such as bugs or vulnerabilities. Research emphasizes technical challenges of such tools but also mentions severe usability shortcomings. These shortcomings hinder the adoption of static analysis tools, and user dissatisfaction may even lead to tool abandonment. To comprehensively assess the state of the art, we present the first systematic usability evaluation of a wide range of static analysis tools. We derived a set of 36 relevant criteria from the literature and used them to evaluate a total of 46 static analysis tools complying with our inclusion and exclusion criteria - a representative set of mainly non-proprietary tools. The evaluation against the usability criteria in a multiple-raters approach shows that two thirds of the considered tools off er poor warning messages, while about three-quarters provide hardly any fix support. Furthermore, the integration of user knowledge is strongly neglected, which could be used for instance, to improve handling of false positives. Finally, issues regarding workflow integration and specialized user interfaces are revealed. These findings should prove useful in guiding and focusing further research and development in user experience for static code analyses.","lang":"eng"}],"status":"public"},{"year":"2023","place":"Bonn","citation":{"ama":"Schlichtig M, Sassalla S, Narasimhan K, Bodden E. Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In: <i>Software Engineering 2023</i>. Gesellschaft für Informatik e.V.; 2023:105–106.","chicago":"Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” In <i>Software Engineering 2023</i>, 105–106. Bonn: Gesellschaft für Informatik e.V., 2023.","ieee":"M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification,” in <i>Software Engineering 2023</i>, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.","mla":"Schlichtig, Michael, et al. “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification.” <i>Software Engineering 2023</i>, Gesellschaft für Informatik e.V., 2023, pp. 105–106.","bibtex":"@inbook{Schlichtig_Sassalla_Narasimhan_Bodden_2023, place={Bonn}, title={Introducing FUM: A Framework for API Usage Constraint and Misuse Classification}, booktitle={Software Engineering 2023}, publisher={Gesellschaft für Informatik e.V.}, author={Schlichtig, Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2023}, pages={105–106} }","short":"M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.","apa":"Schlichtig, M., Sassalla, S., Narasimhan, K., &#38; Bodden, E. (2023). Introducing FUM: A Framework for API Usage Constraint and Misuse Classification. In <i>Software Engineering 2023</i> (pp. 105–106). Gesellschaft für Informatik e.V."},"page":"105–106","publication_identifier":{"isbn":["978-3-88579-726-5"]},"title":"Introducing FUM: A Framework for API Usage Constraint and Misuse Classification","main_file_link":[{"url":"https://dl.gi.de/items/c4825557-cf3d-4038-933a-d8f95fd324a2"}],"date_updated":"2024-03-20T09:25:46Z","publisher":"Gesellschaft für Informatik e.V.","date_created":"2024-03-20T09:22:27Z","author":[{"full_name":"Schlichtig, Michael","id":"32312","orcid":"0000-0001-6600-6171","last_name":"Schlichtig","first_name":"Michael"},{"last_name":"Sassalla","full_name":"Sassalla, Steffen","first_name":"Steffen"},{"first_name":"Krishna","full_name":"Narasimhan, Krishna","last_name":"Narasimhan"},{"first_name":"Eric","full_name":"Bodden, Eric","id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647"}],"abstract":[{"text":"Application Programming Interfaces (APIs) are the primary mechanism developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and how they are caused, is important to prevent them, eg, with API misuse detectors. However, definitions for API misuses and related terms in literature vary. This paper presents a systematic literature review to clarify these terms and introduces FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To address this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detector’s capabilities, we performed a case study on the state-of the-art misuse detection tool CogniCrypt. The study showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify weaknesses and assist in deriving mitigations and improvements.","lang":"eng"}],"status":"public","type":"book_chapter","publication":"Software Engineering 2023","keyword":["API misuses  API usage constraints","classification framework","API misuse detection","static analysis"],"language":[{"iso":"eng"}],"_id":"52660","user_id":"32312","department":[{"_id":"76"}]},{"date_updated":"2022-07-25T10:23:44Z","author":[{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","orcid":"0000-0001-6600-6171","last_name":"Schlichtig"},{"first_name":"Anna-Katharina","full_name":"Wickert, Anna-Katharina","last_name":"Wickert"},{"first_name":"Stefan","last_name":"Krüger","full_name":"Krüger, Stefan"},{"first_name":"Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","id":"59256"},{"first_name":"Mira","full_name":"Mezini, Mira","last_name":"Mezini"}],"date_created":"2022-07-25T07:56:59Z","title":"CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite","doi":"10.48550/ARXIV.2204.06447","related_material":{"link":[{"relation":"confirmation","url":"https://arxiv.org/abs/2204.06447"}]},"year":"2022","citation":{"apa":"Schlichtig, M., Wickert, A.-K., Krüger, S., Bodden, E., &#38; Mezini, M. (2022). <i>CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite</i>. <a href=\"https://doi.org/10.48550/ARXIV.2204.06447\">https://doi.org/10.48550/ARXIV.2204.06447</a>","short":"M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022.","bibtex":"@book{Schlichtig_Wickert_Krüger_Bodden_Mezini_2022, title={CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite}, DOI={<a href=\"https://doi.org/10.48550/ARXIV.2204.06447\">10.48550/ARXIV.2204.06447</a>}, author={Schlichtig, Michael and Wickert, Anna-Katharina and Krüger, Stefan and Bodden, Eric and Mezini, Mira}, year={2022} }","mla":"Schlichtig, Michael, et al. <i>CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite</i>. 2022, doi:<a href=\"https://doi.org/10.48550/ARXIV.2204.06447\">10.48550/ARXIV.2204.06447</a>.","ama":"Schlichtig M, Wickert A-K, Krüger S, Bodden E, Mezini M. <i>CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite</i>.; 2022. doi:<a href=\"https://doi.org/10.48550/ARXIV.2204.06447\">10.48550/ARXIV.2204.06447</a>","ieee":"M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, <i>CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite</i>. 2022.","chicago":"Schlichtig, Michael, Anna-Katharina Wickert, Stefan Krüger, Eric Bodden, and Mira Mezini. <i>CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite</i>, 2022. <a href=\"https://doi.org/10.48550/ARXIV.2204.06447\">https://doi.org/10.48550/ARXIV.2204.06447</a>."},"_id":"32409","department":[{"_id":"76"}],"user_id":"32312","keyword":["cryptography","benchmark","API misuse","static analysis"],"language":[{"iso":"eng"}],"type":"misc","abstract":[{"lang":"eng","text":"Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive comparison and evaluation of these tools. While there are benchmarks, they often only address a subset of the domain or were only used to evaluate a subset of existing misuse detection tools. Objective: To fairly compare cryptographic API misuse detection tools and to drive future development in this domain, we will devise such a benchmark. Openness and transparency in the generation process are key factors to fairly generate and establish the needed benchmark. Method: We propose an approach where we derive the benchmark generation methodology from the literature which consists of general best practices in benchmarking and domain-specific benchmark generation. A part of this methodology is transparency and openness of the generation process, which is achieved by pre-registering this work. Based on our methodology we design CamBench, a fair \"Cryptographic API Misuse Detection Tool Benchmark Suite\". We will implement the first version of CamBench limiting the domain to Java, the JCA, and static analyses. Finally, we will use CamBench to compare current misuse detection tools and compare CamBench to related benchmarks of its domain."}],"status":"public"},{"department":[{"_id":"76"}],"user_id":"32312","_id":"32410","language":[{"iso":"eng"}],"keyword":["Automated static analysis","Software usability"],"publication":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","type":"conference","status":"public","abstract":[{"text":"Static analysis tools support developers in detecting potential coding issues, such as bugs or vulnerabilities. Research on static analysis emphasizes its technical challenges but also mentions severe usability shortcomings. These shortcomings hinder the adoption of static analysis tools, and in some cases, user dissatisfaction even leads to tool abandonment.\r\nTo comprehensively assess the current state of the art, this paper presents the first systematic usability evaluation in a wide range of static analysis tools. We derived a set of 36 relevant criteria from the scientific literature and gathered a collection of 46 static analysis tools complying with our inclusion and exclusion criteria - a representative set of mainly non-proprietary tools. Then, we evaluated how well these tools fulfill the aforementioned criteria.\r\nThe evaluation shows that more than half of the considered tools offer poor warning messages, while about three-quarters of the tools provide hardly any fix support. Furthermore, the integration of user knowledge is strongly neglected, which could be used for improved handling of false positives and tuning the results for the corresponding developer. Finally, issues regarding workflow integration and specialized user interfaces are proved further.\r\nThese findings should prove useful in guiding and focusing further research and development in the area of user experience for static code analyses.","lang":"eng"}],"author":[{"id":"41213","full_name":"Nachtigall, Marcus","last_name":"Nachtigall","first_name":"Marcus"},{"last_name":"Schlichtig","orcid":"0000-0001-6600-6171","id":"32312","full_name":"Schlichtig, Michael","first_name":"Michael"},{"last_name":"Bodden","orcid":"0000-0003-3470-3647","id":"59256","full_name":"Bodden, Eric","first_name":"Eric"}],"date_created":"2022-07-25T08:02:36Z","publisher":"ACM","date_updated":"2022-07-26T11:42:23Z","doi":"10.1145/3533767","title":"A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools","related_material":{"link":[{"relation":"confirmation","url":"https://dl.acm.org/doi/10.1145/3533767.3534374"}]},"quality_controlled":"1","publication_identifier":{"isbn":["9781450393799"]},"publication_status":"published","page":"532 - 543","citation":{"bibtex":"@inproceedings{Nachtigall_Schlichtig_Bodden_2022, title={A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools}, DOI={<a href=\"https://doi.org/10.1145/3533767\">10.1145/3533767</a>}, booktitle={Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis}, publisher={ACM}, author={Nachtigall, Marcus and Schlichtig, Michael and Bodden, Eric}, year={2022}, pages={532–543} }","short":"M. Nachtigall, M. Schlichtig, E. Bodden, in: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2022, pp. 532–543.","mla":"Nachtigall, Marcus, et al. “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools.” <i>Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis</i>, ACM, 2022, pp. 532–43, doi:<a href=\"https://doi.org/10.1145/3533767\">10.1145/3533767</a>.","apa":"Nachtigall, M., Schlichtig, M., &#38; Bodden, E. (2022). A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools. <i>Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis</i>, 532–543. <a href=\"https://doi.org/10.1145/3533767\">https://doi.org/10.1145/3533767</a>","chicago":"Nachtigall, Marcus, Michael Schlichtig, and Eric Bodden. “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools.” In <i>Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis</i>, 532–43. ACM, 2022. <a href=\"https://doi.org/10.1145/3533767\">https://doi.org/10.1145/3533767</a>.","ieee":"M. Nachtigall, M. Schlichtig, and E. Bodden, “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools,” in <i>Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis</i>, 2022, pp. 532–543, doi: <a href=\"https://doi.org/10.1145/3533767\">10.1145/3533767</a>.","ama":"Nachtigall M, Schlichtig M, Bodden E. A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools. In: <i>Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis</i>. ACM; 2022:532-543. doi:<a href=\"https://doi.org/10.1145/3533767\">10.1145/3533767</a>"},"year":"2022"},{"keyword":["API misuses","API usage constraints","classification framework","API misuse detection","static analysis"],"language":[{"iso":"eng"}],"_id":"31133","user_id":"32312","department":[{"_id":"76"}],"abstract":[{"lang":"eng","text":"Application Programming Interfaces (APIs) are the primary mechanism that developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and for what reasons they are caused, is important to prevent them, e.g., with API misuse detectors. However, definitions and nominations for API misuses and related terms in literature vary and are diverse. This paper addresses the problem of scattered knowledge and definitions of API misuses by presenting a systematic literature review on the subject and introducing FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To capture this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detectors' capabilities, we performed a case study on CogniCrypt, a state-of-the-art misuse detector for cryptographic APIs. The study showed that FUM can be used to properly assess CogniCrypt's capabilities, identify weaknesses and assist in deriving mitigations and improvements. And it appears that also more generally FUM can aid the development and improvement of misuse detection tools."}],"status":"public","type":"conference","publication":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","title":"FUM - A Framework for API Usage constraint and Misuse Classification","doi":"https://doi.org/10.1109/SANER53432.2022.00085","date_updated":"2022-07-26T11:42:30Z","date_created":"2022-05-09T13:04:10Z","author":[{"first_name":"Michael","orcid":"0000-0001-6600-6171","last_name":"Schlichtig","full_name":"Schlichtig, Michael","id":"32312"},{"last_name":"Sassalla","full_name":"Sassalla, Steffen","first_name":"Steffen"},{"last_name":"Narasimhan","full_name":"Narasimhan, Krishna","first_name":"Krishna"},{"first_name":"Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","id":"59256"}],"year":"2022","citation":{"apa":"Schlichtig, M., Sassalla, S., Narasimhan, K., &#38; Bodden, E. (2022). FUM - A Framework for API Usage constraint and Misuse Classification. <i>2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 673–684. <a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>","mla":"Schlichtig, Michael, et al. “FUM - A Framework for API Usage Constraint and Misuse Classification.” <i>2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 2022, pp. 673–84, doi:<a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>.","bibtex":"@inproceedings{Schlichtig_Sassalla_Narasimhan_Bodden_2022, title={FUM - A Framework for API Usage constraint and Misuse Classification}, DOI={<a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>}, booktitle={2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)}, author={Schlichtig, Michael and Sassalla, Steffen and Narasimhan, Krishna and Bodden, Eric}, year={2022}, pages={673–684} }","short":"M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684.","ama":"Schlichtig M, Sassalla S, Narasimhan K, Bodden E. FUM - A Framework for API Usage constraint and Misuse Classification. In: <i>2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>. ; 2022:673-684. doi:<a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>","chicago":"Schlichtig, Michael, Steffen Sassalla, Krishna Narasimhan, and Eric Bodden. “FUM - A Framework for API Usage Constraint and Misuse Classification.” In <i>2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 673–84, 2022. <a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>.","ieee":"M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework for API Usage constraint and Misuse Classification,” in <i>2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)</i>, 2022, pp. 673–684, doi: <a href=\"https://doi.org/10.1109/SANER53432.2022.00085\">https://doi.org/10.1109/SANER53432.2022.00085</a>."},"page":"673 - 684","quality_controlled":"1","related_material":{"link":[{"url":"https://ieeexplore.ieee.org/document/9825763","relation":"confirmation"}]}},{"related_material":{"link":[{"url":"https://arxiv.org/abs/2209.11103","relation":"confirmation"}]},"citation":{"ama":"Wickert A-K, Baumgärtner L, Schlichtig M, Mezini M. <i>To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild</i>.; 2022. doi:<a href=\"https://doi.org/10.48550/ARXIV.2209.11103\">10.48550/ARXIV.2209.11103</a>","ieee":"A.-K. Wickert, L. Baumgärtner, M. Schlichtig, and M. Mezini, <i>To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild</i>. 2022.","chicago":"Wickert, Anna-Katharina, Lars Baumgärtner, Michael Schlichtig, and Mira Mezini. <i>To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild</i>, 2022. <a href=\"https://doi.org/10.48550/ARXIV.2209.11103\">https://doi.org/10.48550/ARXIV.2209.11103</a>.","mla":"Wickert, Anna-Katharina, et al. <i>To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild</i>. 2022, doi:<a href=\"https://doi.org/10.48550/ARXIV.2209.11103\">10.48550/ARXIV.2209.11103</a>.","short":"A.-K. Wickert, L. Baumgärtner, M. Schlichtig, M. Mezini, To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild, 2022.","bibtex":"@book{Wickert_Baumgärtner_Schlichtig_Mezini_2022, title={To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild}, DOI={<a href=\"https://doi.org/10.48550/ARXIV.2209.11103\">10.48550/ARXIV.2209.11103</a>}, author={Wickert, Anna-Katharina and Baumgärtner, Lars and Schlichtig, Michael and Mezini, Mira}, year={2022} }","apa":"Wickert, A.-K., Baumgärtner, L., Schlichtig, M., &#38; Mezini, M. (2022). <i>To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild</i>. <a href=\"https://doi.org/10.48550/ARXIV.2209.11103\">https://doi.org/10.48550/ARXIV.2209.11103</a>"},"year":"2022","author":[{"last_name":"Wickert","full_name":"Wickert, Anna-Katharina","first_name":"Anna-Katharina"},{"full_name":"Baumgärtner, Lars","last_name":"Baumgärtner","first_name":"Lars"},{"last_name":"Schlichtig","orcid":"0000-0001-6600-6171","full_name":"Schlichtig, Michael","id":"32312","first_name":"Michael"},{"first_name":"Mira","last_name":"Mezini","full_name":"Mezini, Mira"}],"date_created":"2022-10-28T13:21:05Z","date_updated":"2022-10-28T13:26:39Z","doi":"10.48550/ARXIV.2209.11103","title":"To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild","type":"misc","status":"public","abstract":[{"text":"Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks.","lang":"eng"}],"department":[{"_id":"76"}],"user_id":"32312","_id":"33959","language":[{"iso":"eng"}]},{"type":"conference","status":"public","editor":[{"last_name":"Vollmer","full_name":"Vollmer, Thomas","first_name":"Thomas"},{"first_name":"Torben","last_name":"Karges","full_name":"Karges, Torben"},{"first_name":"Tim","full_name":"Richter, Tim","last_name":"Richter"},{"full_name":"Schlömer, Britta","last_name":"Schlömer","first_name":"Britta"},{"last_name":"Schütt-Sayed","full_name":"Schütt-Sayed, Sören","first_name":"Sören"}],"department":[{"_id":"67"}],"user_id":"32312","series_title":"Berufsbildung, Arbeit und Innovation","_id":"29298","publication_status":"published","page":"176-194","intvolume":"        55","citation":{"mla":"Opel, Simone Anna, and Michael Schlichtig. “Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II.” <i>Sammelband der 27. Fachtagung der BAG Berufliche Bildung</i>, edited by Thomas Vollmer et al., vol. 55, wbv Media GmbH &#38; Co. KG, 2020, pp. 176–94, doi:<a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>.","bibtex":"@inproceedings{Opel_Schlichtig_2020, place={Bielefeld}, series={Berufsbildung, Arbeit und Innovation}, title={Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II}, volume={55}, DOI={<a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>}, booktitle={Sammelband der 27. Fachtagung der BAG Berufliche Bildung}, publisher={wbv Media GmbH &#38; Co. KG}, author={Opel, Simone Anna and Schlichtig, Michael}, editor={Vollmer, Thomas and Karges, Torben and Richter, Tim and Schlömer, Britta and Schütt-Sayed, Sören}, year={2020}, pages={176–194}, collection={Berufsbildung, Arbeit und Innovation} }","short":"S.A. Opel, M. Schlichtig, in: T. Vollmer, T. Karges, T. Richter, B. Schlömer, S. Schütt-Sayed (Eds.), Sammelband der 27. Fachtagung der BAG Berufliche Bildung, wbv Media GmbH &#38; Co. KG, Bielefeld, 2020, pp. 176–194.","apa":"Opel, S. A., &#38; Schlichtig, M. (2020). Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II. In T. Vollmer, T. Karges, T. Richter, B. Schlömer, &#38; S. Schütt-Sayed (Eds.), <i>Sammelband der 27. Fachtagung der BAG Berufliche Bildung</i> (Vol. 55, pp. 176–194). wbv Media GmbH &#38; Co. KG. <a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>","ama":"Opel SA, Schlichtig M. Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II. In: Vollmer T, Karges T, Richter T, Schlömer B, Schütt-Sayed S, eds. <i>Sammelband der 27. Fachtagung der BAG Berufliche Bildung</i>. Vol 55. Berufsbildung, Arbeit und Innovation. wbv Media GmbH &#38; Co. KG; 2020:176-194. doi:<a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>","ieee":"S. A. Opel and M. Schlichtig, “Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II,” in <i>Sammelband der 27. Fachtagung der BAG Berufliche Bildung</i>, Siegen, 2020, vol. 55, pp. 176–194, doi: <a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>.","chicago":"Opel, Simone Anna, and Michael Schlichtig. “Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II.” In <i>Sammelband der 27. Fachtagung der BAG Berufliche Bildung</i>, edited by Thomas Vollmer, Torben Karges, Tim Richter, Britta Schlömer, and Sören Schütt-Sayed, 55:176–94. Berufsbildung, Arbeit und Innovation. Bielefeld: wbv Media GmbH &#38; Co. KG, 2020. <a href=\"https://doi.org/10.3278/6004722w\">https://doi.org/10.3278/6004722w</a>."},"place":"Bielefeld","volume":55,"author":[{"first_name":"Simone Anna","full_name":"Opel, Simone Anna","id":"72932","last_name":"Opel"},{"last_name":"Schlichtig","id":"32312","full_name":"Schlichtig, Michael","first_name":"Michael"}],"date_updated":"2022-01-12T17:04:10Z","oa":"1","doi":"https://doi.org/10.3278/6004722w","conference":{"start_date":"2019-03-11","name":"20. Hochschultage Berufliche Bildung (HTBB) \"Digitale Welt - Bildung und Arbeit in Transformationsgesellschaften\".","location":"Siegen","end_date":"2019-03-13"},"main_file_link":[{"open_access":"1","url":"https://library.oapen.org/handle/20.500.12657/43933"}],"publication":"Sammelband der 27. Fachtagung der BAG Berufliche Bildung","abstract":[{"text":"Die Themen „Big Data“, „Künstliche Intelligenz und „Data Science“ werden seit einiger Zeit nicht nur in der breiten Öffentlichkeit kontrovers diskutiert, sondern stellen für die Ausbildung in den IT- und IT-nahen Berufen schon heute neue Herausforderungen dar, die in Zukunft durch die gesellschaftliche und technologische Weiterentwicklung hin zu einer Datengesellschaft noch größer werden.\r\nAn dieser Stelle stellt sich die Frage, welche Aspekte dieses großen Themenkomplexes für Schule und Ausbildung von Wichtigkeit sind und wie diese Themen sinnstiftend und gewinnbringend in die informatische Ausbildung in verschiedenen Bildungsgängen integriert werden können. Im Rahmen des von uns im Jahr 2017 organisierten Symposiums zum Thema „Data Science“ wurden für die Bildung relevante Aspekte erörtert, wodurch als Kernelemente für den Unterricht Algorithmen der Künstlichen Intelligenz und ihre Anwendung in Industrie und Gesellschaft, Explorationen von Big Data sowie der Umgang mit eigenen Daten in sozialen Netzwerken herausgearbeitet wurden. Ziel ist, aus diesen Themenbereichen sowohl ein umfassendes Curriculum als auch Module für verschiedene Unterrichtsszenarien zu entwickeln und zu erproben. Durch diese Materialien soll es Lehrkräften aus der Informatik, Mathematik oder Technik ermöglicht werden, diese Themen auf Basis des Curriculums und der erprobten Unterrichtskonzepte selbst zu unterrichten.\r\nHierfür wurde im Rahmen des Projekts ProDaBi (Projekt Data Science und Big Data in der Schule, https://www.prodabi.de), initiiert von der Telekom Stiftung, ein experimenteller Projektkurs entwickelt, den wir mit Schüler:innen der Sekundarstufe II an der Universität Paderborn im Schuljahr 2018/19 durchführten. Dieser Kurs enthält neben einem Modul zur Exploration von Big Data und einem weiteren Modul zum Maschinellen Lernen als Teil der Künstlichen Intelligenz auch eine Projektphase, die es in Zusammenarbeit mit lokalen Unternehmen den Schüler:innen\r\nermöglicht, das Erlernte in ein reales Data Science-Projekt einzubringen. Aus den Erfahrungen dieses Projektkurses sowie den parallel durchgeführten Erprobungen einzelner Bausteine auch mit beruflichen Schulen werden ab dem Schuljahr 2019/20 die hierfür verwendeten Materialien weiterentwickelt und weiteren Kooperationspartnern zur Erprobung zur Verfügung gestellt. Damit wurden zum Ende des Projekts nicht nur vollständige Unterrichtsmaterialien, sondern auch ein umfassendes Curriculum entwickelt.","lang":"ger"},{"text":"The topics ”Big Data”, “Artificial Intelligence” and “Data Science” are controversially discussed among the general public, but they present new challenges for training in IT and IT-related professions. These challenges will become more important in the future as a result of further social and technological development towards a data society.\r\nAt this point, the question arises as to which aspects of this large complex of topics are important for school and education, and how these topics can be integrated in a meaningful and profitable way into informatics education in vocational education. In 2017, we organized a symposium towards the topic “Data Science” and discussed relevant aspects for general and vocational education. Algorithms of artificial intelligence and their application in industry and society, explorations of Big Data as well as the handling of one's own data in social networks were worked out as core elements for teaching. For this reason, our aim is to develop a comprehensive curriculum on this topic from these subject areas and to develop and test modules for various teaching scenarios in order to enable teachers from computer science, mathematics or technology to teach these topics themselves.\r\nFor this purpose, an experimental project course was developed within the framework of the ProDaBi project (Project Data Science and Big Data at School, https://www.prodabi.de), which we conducted with students from upper secondary classes at the University of Paderborn in the school year 2018/19. In this course we try to address all these aspects. This course consists of several modules: One module has been designed to teach the exploration of Big Data. Another module encompasses aspects of machine learning as part of artificial intelligence. The course concludes in a project phase which, in cooperation with local companies, will enable the students to apply what they have learned into a real Data Science project. Based on the experiences of this project course and the parallel testing of individual modules with vocational schools, we will further develop the material and make it available to other cooperation partners for testing, so that not only complete teaching materials but also a comprehensive curriculum will have been developed until the end of the project.","lang":"eng"}],"language":[{"iso":"ger"}],"keyword":["Berufsbildung","vocational education","Ausbildung","training","berufliche Weiterbildung","advanced vocational education","Digitalisierung","digitalization","Unterricht","teaching","Lehrmethode","teaching method","Interdisziplinarität","interdisciplinarity","Fachdidaktik","subject didactics","Curriculum","curriculum","gewerblich-technischer Beruf","vocational/technical occupation","Fachkraft","specialist","Qualifikationsanforderungen","qualification requirements","Kompetenz","competence","Lehrerbildung","teacher training","Bundesrepublik Deutschland","Federal Republic of Germany"],"year":"2020","date_created":"2022-01-12T16:43:38Z","publisher":"wbv Media GmbH & Co. KG","title":"Data Science und Big Data in der beruflichen Bildung – Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II"},{"type":"conference","status":"public","editor":[{"last_name":"Jasutė","full_name":"Jasutė, Eglė","first_name":"Eglė"},{"first_name":"Sergei","full_name":"Pozdniakov, Sergei","last_name":"Pozdniakov"}],"department":[{"_id":"67"}],"user_id":"32312","_id":"15332","publication_identifier":{"isbn":["978-9925-553-27-3"]},"publication_status":"published","page":"65 - 73","intvolume":"        12","citation":{"ama":"Schlichtig M, Opel SA, Budde L, Schulte C. Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material. In: Jasutė E, Pozdniakov S, eds. <i>ISSEP 2019 - 12th International Conference on Informatics in Schools: Situation, Evaluation and Perspectives, Local Proceedings</i>. Vol 12. ; 2019:65-73.","ieee":"M. Schlichtig, S. A. Opel, L. Budde, and C. Schulte, “Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material,” in <i>ISSEP 2019 - 12th International conference on informatics in schools: Situation, evaluation and perspectives, Local Proceedings</i>, Lanarca, 2019, vol. 12, pp. 65–73.","chicago":"Schlichtig, Michael, Simone Anna Opel, Lea Budde, and Carsten Schulte. “Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material.” In <i>ISSEP 2019 - 12th International Conference on Informatics in Schools: Situation, Evaluation and Perspectives, Local Proceedings</i>, edited by Eglė Jasutė and Sergei Pozdniakov, 12:65–73, 2019.","apa":"Schlichtig, M., Opel, S. A., Budde, L., &#38; Schulte, C. (2019). Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material. In E. Jasutė &#38; S. Pozdniakov (Eds.), <i>ISSEP 2019 - 12th International conference on informatics in schools: Situation, evaluation and perspectives, Local Proceedings</i> (Vol. 12, pp. 65–73).","bibtex":"@inproceedings{Schlichtig_Opel_Budde_Schulte_2019, title={Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material}, volume={12}, booktitle={ISSEP 2019 - 12th International conference on informatics in schools: Situation, evaluation and perspectives, Local Proceedings}, author={Schlichtig, Michael and Opel, Simone Anna and Budde, Lea and Schulte, Carsten}, editor={Jasutė, Eglė and Pozdniakov, Sergei}, year={2019}, pages={65–73} }","mla":"Schlichtig, Michael, et al. “Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material.” <i>ISSEP 2019 - 12th International Conference on Informatics in Schools: Situation, Evaluation and Perspectives, Local Proceedings</i>, edited by Eglė Jasutė and Sergei Pozdniakov, vol. 12, 2019, pp. 65–73.","short":"M. Schlichtig, S.A. Opel, L. Budde, C. Schulte, in: E. Jasutė, S. Pozdniakov (Eds.), ISSEP 2019 - 12th International Conference on Informatics in Schools: Situation, Evaluation and Perspectives, Local Proceedings, 2019, pp. 65–73."},"volume":12,"author":[{"full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171","first_name":"Michael"},{"first_name":"Simone Anna","id":"72932","full_name":"Opel, Simone Anna","last_name":"Opel"},{"id":"32443","full_name":"Budde, Lea","last_name":"Budde","first_name":"Lea"},{"first_name":"Carsten","id":"60311","full_name":"Schulte, Carsten","last_name":"Schulte"}],"date_updated":"2022-07-26T11:41:41Z","conference":{"name":"ISSEP 2019 - 12th International conference on informatics in schools: Situation, evaluation and perspectives","start_date":"2019-11-18","end_date":"2019-11-20","location":"Lanarca"},"main_file_link":[{"url":"http://cyprusconferences.org/issep2019/wp-content/uploads/2019/10/LocalISSEP-v5.pdf"}],"publication":"ISSEP 2019 - 12th International conference on informatics in schools: Situation, evaluation and perspectives, Local Proceedings","abstract":[{"lang":"eng","text":"Artificial intelligence (AI) has the potential for far-reaching – in our opinion – irreversible changes.\r\nThey range from effects on the individual and society to new societal and social issues. The question arises\r\nas to how students can learn the basic functioning of AI systems, what areas of life and society are affected\r\nby these and – most important – how their own lives are affected by these changes. Therefore, we are developing and evaluating school materials for the German ”Science Year AI”. It can be used for students of all\r\nschool types from the seventh grade upwards and will be distributed to about 2000 schools in autumn with\r\nthe support of the Federal Ministry of Education and Research. The material deals with the following aspects\r\nof AI: Discussing everyday experiences with AI, how does machine learning work, historical development\r\nof AI concepts, difference between man and machine, future distribution of roles between man and machine,\r\nin which AI world do we want to live and how much AI would we like to have in our lives. Through an\r\naccompanying evaluation, high quality of the technical content and didactic preparation is achieved in order\r\nto guarantee the long-term applicability in the teaching context in the different age groups and school types.\r\nIn this paper, we describe the current state of the material development, the challenges arising, and the results\r\nof tests with different classes to date. We also present first ideas for evaluating the results."}],"language":[{"iso":"eng"}],"keyword":["Artificial Intelligence","Machine Learning","Teaching Material","Societal Aspects","Ethics. Social Aspects","Science Year","Simulation Game"],"quality_controlled":"1","year":"2019","date_created":"2019-12-16T17:50:08Z","title":"Understanding Artificial Intelligence – A Project for the Development of Comprehensive Teaching Material"},{"status":"public","type":"conference","publication":"INFOS","language":[{"iso":"ger"}],"_id":"15640","series_title":"LNI","user_id":"32312","department":[{"_id":"67"}],"year":"2019","citation":{"apa":"Opel, S. A., Schlichtig, M., Schulte, C., Biehler, R., Frischemeier, D., Podworny, S., &#38; Wassong, T. (2019). Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II. <i>INFOS</i>, <i>P-288</i>, 285–294.","mla":"Opel, Simone Anna, et al. “Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II.” <i>INFOS</i>, vol. P-288, Gesellschaft für Informatik, 2019, pp. 285–94.","bibtex":"@inproceedings{Opel_Schlichtig_Schulte_Biehler_Frischemeier_Podworny_Wassong_2019, series={LNI}, title={Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II}, volume={P-288}, booktitle={INFOS}, publisher={Gesellschaft für Informatik}, author={Opel, Simone Anna and Schlichtig, Michael and Schulte, Carsten and Biehler, Rolf and Frischemeier, Daniel and Podworny, Susanne and Wassong, Thomas}, year={2019}, pages={285–294}, collection={LNI} }","short":"S.A. Opel, M. Schlichtig, C. Schulte, R. Biehler, D. Frischemeier, S. Podworny, T. Wassong, in: INFOS, Gesellschaft für Informatik, 2019, pp. 285–294.","ama":"Opel SA, Schlichtig M, Schulte C, et al. Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II. In: <i>INFOS</i>. Vol P-288. LNI. Gesellschaft für Informatik; 2019:285-294.","chicago":"Opel, Simone Anna, Michael Schlichtig, Carsten Schulte, Rolf Biehler, Daniel Frischemeier, Susanne Podworny, and Thomas Wassong. “Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II.” In <i>INFOS</i>, P-288:285–94. LNI. Gesellschaft für Informatik, 2019.","ieee":"S. A. Opel <i>et al.</i>, “Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II,” in <i>INFOS</i>, 2019, vol. P-288, pp. 285–294."},"page":"285-294","quality_controlled":"1","title":"Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II","publisher":"Gesellschaft für Informatik","date_updated":"2022-07-26T11:42:05Z","date_created":"2020-01-28T10:28:34Z","author":[{"last_name":"Opel","id":"72932","full_name":"Opel, Simone Anna","first_name":"Simone Anna"},{"first_name":"Michael","orcid":"0000-0001-6600-6171","last_name":"Schlichtig","full_name":"Schlichtig, Michael","id":"32312"},{"id":"60311","full_name":"Schulte, Carsten","last_name":"Schulte","first_name":"Carsten"},{"full_name":"Biehler, Rolf","last_name":"Biehler","first_name":"Rolf"},{"first_name":"Daniel","last_name":"Frischemeier","full_name":"Frischemeier, Daniel"},{"first_name":"Susanne","full_name":"Podworny, Susanne","last_name":"Podworny"},{"first_name":"Thomas","id":"21241","full_name":"Wassong, Thomas","last_name":"Wassong"}],"volume":"P-288"},{"language":[{"iso":"ger"}],"_id":"15641","department":[{"_id":"67"}],"series_title":"LNI","user_id":"32312","status":"public","publication":"INFOS","type":"conference","title":"Maschinelles Lernen im Unterricht mit Jupyter Notebook","date_updated":"2022-07-26T11:41:58Z","publisher":"Gesellschaft für Informatik","volume":"P-288","author":[{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171"},{"last_name":"Opel","id":"72932","full_name":"Opel, Simone Anna","first_name":"Simone Anna"},{"first_name":"Carsten","full_name":"Schulte, Carsten","id":"60311","last_name":"Schulte"},{"first_name":"Rolf","full_name":"Biehler, Rolf","last_name":"Biehler"},{"first_name":"Daniel","last_name":"Frischemeier","full_name":"Frischemeier, Daniel"},{"full_name":"Podworny, Susanne","last_name":"Podworny","first_name":"Susanne"},{"first_name":"Thomas","full_name":"Wassong, Thomas","id":"21241","last_name":"Wassong"}],"date_created":"2020-01-28T10:28:35Z","year":"2019","page":"385","citation":{"ieee":"M. Schlichtig <i>et al.</i>, “Maschinelles Lernen im Unterricht mit Jupyter Notebook,” in <i>INFOS</i>, 2019, vol. P-288, p. 385.","chicago":"Schlichtig, Michael, Simone Anna Opel, Carsten Schulte, Rolf Biehler, Daniel Frischemeier, Susanne Podworny, and Thomas Wassong. “Maschinelles Lernen im Unterricht mit Jupyter Notebook.” In <i>INFOS</i>, P-288:385. LNI. Gesellschaft für Informatik, 2019.","ama":"Schlichtig M, Opel SA, Schulte C, et al. Maschinelles Lernen im Unterricht mit Jupyter Notebook. In: <i>INFOS</i>. Vol P-288. LNI. Gesellschaft für Informatik; 2019:385.","apa":"Schlichtig, M., Opel, S. A., Schulte, C., Biehler, R., Frischemeier, D., Podworny, S., &#38; Wassong, T. (2019). Maschinelles Lernen im Unterricht mit Jupyter Notebook. <i>INFOS</i>, <i>P-288</i>, 385.","bibtex":"@inproceedings{Schlichtig_Opel_Schulte_Biehler_Frischemeier_Podworny_Wassong_2019, series={LNI}, title={Maschinelles Lernen im Unterricht mit Jupyter Notebook}, volume={P-288}, booktitle={INFOS}, publisher={Gesellschaft für Informatik}, author={Schlichtig, Michael and Opel, Simone Anna and Schulte, Carsten and Biehler, Rolf and Frischemeier, Daniel and Podworny, Susanne and Wassong, Thomas}, year={2019}, pages={385}, collection={LNI} }","mla":"Schlichtig, Michael, et al. “Maschinelles Lernen im Unterricht mit Jupyter Notebook.” <i>INFOS</i>, vol. P-288, Gesellschaft für Informatik, 2019, p. 385.","short":"M. Schlichtig, S.A. Opel, C. Schulte, R. Biehler, D. Frischemeier, S. Podworny, T. Wassong, in: INFOS, Gesellschaft für Informatik, 2019, p. 385."},"quality_controlled":"1"},{"language":[{"iso":"eng"}],"user_id":"32312","department":[{"_id":"67"}],"_id":"15643","status":"public","type":"conference","publication":"WiPSCE","title":"Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress)","date_created":"2020-01-28T10:28:37Z","author":[{"last_name":"Opel","full_name":"Opel, Simone Anna","id":"72932","first_name":"Simone Anna"},{"first_name":"Michael","full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171"},{"last_name":"Schulte","id":"60311","full_name":"Schulte, Carsten","first_name":"Carsten"}],"date_updated":"2022-07-26T11:41:51Z","publisher":"ACM","citation":{"bibtex":"@inproceedings{Opel_Schlichtig_Schulte_2019, title={Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress)}, booktitle={WiPSCE}, publisher={ACM}, author={Opel, Simone Anna and Schlichtig, Michael and Schulte, Carsten}, year={2019}, pages={11:1-11:2} }","mla":"Opel, Simone Anna, et al. “Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress).” <i>WiPSCE</i>, ACM, 2019, p. 11:1-11:2.","short":"S.A. Opel, M. Schlichtig, C. Schulte, in: WiPSCE, ACM, 2019, p. 11:1-11:2.","apa":"Opel, S. A., Schlichtig, M., &#38; Schulte, C. (2019). Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress). <i>WiPSCE</i>, 11:1-11:2.","ieee":"S. A. Opel, M. Schlichtig, and C. Schulte, “Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress),” in <i>WiPSCE</i>, 2019, p. 11:1-11:2.","chicago":"Opel, Simone Anna, Michael Schlichtig, and Carsten Schulte. “Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress).” In <i>WiPSCE</i>, 11:1-11:2. ACM, 2019.","ama":"Opel SA, Schlichtig M, Schulte C. Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress). In: <i>WiPSCE</i>. ACM; 2019:11:1-11:2."},"page":"11:1-11:2","year":"2019","quality_controlled":"1"},{"language":[{"iso":"ger"}],"user_id":"21241","department":[{"_id":"67"},{"_id":"97"}],"_id":"14848","status":"public","abstract":[{"lang":"ger","text":"Data Science und Big Data durchdringt in ihren diversen Facetten unser tägliches Leben– kaum ein Tag, an dem nicht verschiedene Meldungen über technische Innovationen, Einsatzmöglichkeiten von Künstlicher Intelligenz (KI) und Maschinelles Lernen (ML) und ihre ethischen sowie gesellschaftlichen Implikationen in den unterschiedlichen Medien diskutiert werden. Aus diesem Grund erscheint es uns immens wichtig, diese Fragestellungen und Technologien auch in den Unterricht der Sekundarstufe II zu integrieren. Um diesem Anspruch gerecht zu werden, entwickelten wir im Rahmen eines Forschungsprojekts ein Curriculum, welches wir als konkretes Unterrichtskonzept innerhalb eines Projektkurses erprobt, evaluiert weiterentwickelt wird. Bei der Implementierung entschieden wir uns, zur aktiven Umsetzung von Konzepten von ML als Plattform Jupyter Notebook mit Python zu verwenden, da diese Umgebung durch die Verbindung von Code und Hypertext zur Dokumentation und Erklärung Medienbrüche im Lernprozess verringern kann. Zudem ist Python zur Implementierung der Methoden von ML sehr gut geeignet. Im Themenfeld des ML als Teilgebiet der KI legen wir den Fokus auf zwei unterschiedliche Lernverfahren um verschieden Aspekte von ML, u.A. wie Nachvollziehbarkeit unter gesellschaftlichen Gesichtspunkten zu vermitteln. Diese sind Künstliche Neuronale Netze (bei denen die Berechnung und Bedeutung der Kantengewichte zwischen den Neuronen für den Menschen insbesondere bei komplexeren Netzen kaum nachvollziehbar erschienen) und Entscheidungsbäume (strukturierte und gerichtete Bäume zur Darstellung von Entscheidungsregeln, welche auch für Schülerinnen und Schüler meist gut nachvollziehbares und verständliches KI-Modell darstellen). In diesem Workshop stellen wir konkrete Umsetzungsbeispiele inklusive der Programmierung für beide Verfahren mit Jupyter Notebook und Python als Teil einer Unterrichtssequenz vor und diskutieren diese."}],"editor":[{"first_name":"Arno","full_name":"Pasternak, Arno","last_name":"Pasternak"}],"type":"conference","publication":"Informatik für alle","main_file_link":[{"url":"https://dl.gi.de/handle/20.500.12116/28964"}],"conference":{"name":"INFOS 2019","start_date":"2019-09-16","end_date":"2019-09-18","location":"Dortmund, Germany"},"title":"Maschinelles Lernen im Unterricht mit Jupyter Notebook","date_created":"2019-11-07T14:08:13Z","author":[{"full_name":"Schlichtig, Michael","id":"32312","last_name":"Schlichtig","orcid":"0000-0001-6600-6171","first_name":"Michael"},{"first_name":"Simone","last_name":"Opel","full_name":"Opel, Simone"},{"first_name":"Carsten","full_name":"Schulte, Carsten","last_name":"Schulte"},{"full_name":"Biehler, Rolf","last_name":"Biehler","first_name":"Rolf"},{"full_name":"Frischemeier, Daniel","last_name":"Frischemeier","first_name":"Daniel"},{"first_name":"Susanne","last_name":"Podworny","full_name":"Podworny, Susanne"},{"last_name":"Wassong","id":"21241","full_name":"Wassong, Thomas","first_name":"Thomas"}],"publisher":"Gesellschaft für Informatik","date_updated":"2025-05-25T20:01:30Z","citation":{"apa":"Schlichtig, M., Opel, S., Schulte, C., Biehler, R., Frischemeier, D., Podworny, S., &#38; Wassong, T. (2019). Maschinelles Lernen im Unterricht mit Jupyter Notebook. In A. Pasternak (Ed.), <i>Informatik für alle</i> (p. 385). Gesellschaft für Informatik.","short":"M. Schlichtig, S. Opel, C. Schulte, R. Biehler, D. Frischemeier, S. Podworny, T. Wassong, in: A. Pasternak (Ed.), Informatik für alle, Gesellschaft für Informatik, Bonn, 2019, p. 385.","bibtex":"@inproceedings{Schlichtig_Opel_Schulte_Biehler_Frischemeier_Podworny_Wassong_2019, place={Bonn}, title={Maschinelles Lernen im Unterricht mit Jupyter Notebook}, booktitle={Informatik für alle}, publisher={Gesellschaft für Informatik}, author={Schlichtig, Michael and Opel, Simone and Schulte, Carsten and Biehler, Rolf and Frischemeier, Daniel and Podworny, Susanne and Wassong, Thomas}, editor={Pasternak, Arno}, year={2019}, pages={385} }","mla":"Schlichtig, Michael, et al. “Maschinelles Lernen im Unterricht mit Jupyter Notebook.” <i>Informatik für alle</i>, edited by Arno Pasternak, Gesellschaft für Informatik, 2019, p. 385.","chicago":"Schlichtig, Michael, Simone Opel, Carsten Schulte, Rolf Biehler, Daniel Frischemeier, Susanne Podworny, and Thomas Wassong. “Maschinelles Lernen im Unterricht mit Jupyter Notebook.” In <i>Informatik für alle</i>, edited by Arno Pasternak, 385. Bonn: Gesellschaft für Informatik, 2019.","ieee":"M. Schlichtig <i>et al.</i>, “Maschinelles Lernen im Unterricht mit Jupyter Notebook,” in <i>Informatik für alle</i>, Dortmund, Germany, 2019, p. 385.","ama":"Schlichtig M, Opel S, Schulte C, et al. Maschinelles Lernen im Unterricht mit Jupyter Notebook. In: Pasternak A, ed. <i>Informatik für alle</i>. Gesellschaft für Informatik; 2019:385."},"page":" 385 ","place":"Bonn","year":"2019","publication_status":"published","publication_identifier":{"isbn":["978-3-88579-682-4"]}}]