[{"_id":"57416","publisher":"Paderborn University","user_id":"77394","ddc":["000"],"status":"public","has_accepted_license":"1","place":"Paderborn","oa":"1","file_date_updated":"2024-11-27T01:16:06Z","citation":{"apa":"Youkeim, M. H. F. (2024). <i>Tailoring Code Property Graphs to Jimple</i>. Paderborn University.","ieee":"M. H. F. Youkeim, <i>Tailoring Code Property Graphs to Jimple</i>. Paderborn: Paderborn University, 2024.","chicago":"Youkeim, Michael Hany Fawzy. <i>Tailoring Code Property Graphs to Jimple</i>. Paderborn: Paderborn University, 2024.","short":"M.H.F. Youkeim, Tailoring Code Property Graphs to Jimple, Paderborn University, Paderborn, 2024.","mla":"Youkeim, Michael Hany Fawzy. <i>Tailoring Code Property Graphs to Jimple</i>. Paderborn University, 2024.","ama":"Youkeim MHF. <i>Tailoring Code Property Graphs to Jimple</i>. Paderborn University; 2024.","bibtex":"@book{Youkeim_2024, place={Paderborn}, title={Tailoring Code Property Graphs to Jimple}, publisher={Paderborn University}, author={Youkeim, Michael Hany Fawzy}, year={2024} }"},"supervisor":[{"id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647","first_name":"Eric","full_name":"Bodden, Eric"}],"language":[{"iso":"eng"}],"year":"2024","title":"Tailoring Code Property Graphs to Jimple","author":[{"id":"77394","full_name":"Youkeim, Michael Hany Fawzy","last_name":"Youkeim","first_name":"Michael Hany Fawzy"}],"date_updated":"2024-11-27T01:16:38Z","file":[{"creator":"myoukeim","date_created":"2024-11-27T01:16:06Z","date_updated":"2024-11-27T01:16:06Z","relation":"main_file","access_level":"open_access","file_size":432800,"file_name":"Bachelor_Thesis__Michael_Youkeim_unsigned.pdf","content_type":"application/pdf","file_id":"57444"}],"date_created":"2024-11-26T09:13:02Z","type":"bachelorsthesis","department":[{"_id":"76"}],"abstract":[{"lang":"eng","text":"The increased complexity of modern software has led to much more\r\nsophisticated attack vectors. As a result, we require newer vulnerability detection\r\nmethods to ensure software security without compromising efficiency.\r\nThe Code Property Graph (CPG) is a program representation that provides a comprehensive overview of program behavior, combining abstract syntax trees, control flow\r\ngraphs, and program dependence graphs. With such a detailed data structure, we can\r\ndetect patterns that characterize known vulnerabilities and identify various security\r\nthreats. Querying the combined data structure instead of the individual graphs enables the detection of multidimensional scenarios.\r\nThis work aims to integrate the advantages of CPGs into software systems that utilize\r\nthe Jimple intermediate representation. We introduce JimNode, a novel approach for\r\ngenerating CPGs specifically tailored to Jimple. Despite the model incompatibility, our\r\nevaluation, which covered approximately 50,800 methods, reveals an 88.07% similarity\r\nof the inter-statement edges compared to Joern, the state-of-the-art tool for CPG\r\ngeneration. We provide a detailed analysis of our methodology and discuss why it is\r\nbetter suited for Jimple programs than Joern’s language-agnostic approach."}]},{"user_id":"5786","_id":"20513","language":[{"iso":"eng"}],"publisher":"Universitaetsbibliothek Paderborn","main_file_link":[{"url":"https://digital.ub.uni-paderborn.de/hs/document/preview/3500836"}],"date_updated":"2022-01-06T06:54:29Z","author":[{"full_name":"Krüger, Stefan","first_name":"Stefan","last_name":"Krüger"}],"title":"CogniCrypt -- The Secure Integration of Cryptographic Software","year":"2020","status":"public","department":[{"_id":"76"}],"type":"dissertation","date_created":"2020-11-26T09:02:19Z","abstract":[{"lang":"ger","text":"Frühere Studien haben empirisch offenbart, dass Fehlbenutzungen von kryptographischen APIs in Softwareanwendungen weitverbreitet sind. Dies geschieht vor allem, weil Software-Entwickler_innen aufgrund schlechten API-Designs und fehlenden Kryptographiewissens Probleme bekommen, wenn sie versuchen kryptographische Features zu implementieren. Die Literatur liefert mehrere Ansätze und Vorschläge diese Probleme zu lösen, aber alle scheitern schlussendlich auf die eine oder andere Weise daran die Anforderungen der Entwickler_innenzu erfüllen. Das Resultat ist eine insgesamt lückenhafte Landschaft verschiedener nur wenigkomplementärer Ansätze.In dieser Arbeit adressieren wir das Problem kryptographischer Fehlbenutzungen systematischer durch CogniCrypt. CogniCrypt integriert verschiedene Arten von Tool Supportin einen gemeinsamen Ansatz, der Entwickler_innen davon befreit wissen zu müssen, wie diese APIs benutzt werden müssen. Zentral für unseren Ansatz ist CrySL, eine Beschreibungssprache,die die kognitive Lücke zwischen Kryptographie-Expert_innen und Software-Entwickler_innenüberbrückt. CrySL ermöglicht es Kryptographie-Expert_innen zu spezifizeren, wie die APIs,die sie bereitstellen, richtig benutzt werden. Wir haben einen Compiler für CrySL implementiert, der es erlaubt auf CrySL-Spezifikationen aufbauenden Tool Support zu entwickeln. Wir haben weiterhin die statische Analyse CogniCrypt_SAST und den Code-Generator CogniCrypt_GEN entwickelt. Schlussendlich haben wir CogniCrypt prototypisch implementiert und diesen Prototyp in einem kontrollierten Experiment evaluiert.\r\n"}],"citation":{"short":"S. Krüger, CogniCrypt -- The Secure Integration of Cryptographic Software, Universitaetsbibliothek Paderborn, 2020.","chicago":"Krüger, Stefan. <i>CogniCrypt -- The Secure Integration of Cryptographic Software</i>. Universitaetsbibliothek Paderborn, 2020.","apa":"Krüger, S. (2020). <i>CogniCrypt -- The Secure Integration of Cryptographic Software</i>. Universitaetsbibliothek Paderborn.","ieee":"S. Krüger, <i>CogniCrypt -- The Secure Integration of Cryptographic Software</i>. Universitaetsbibliothek Paderborn, 2020.","ama":"Krüger S. <i>CogniCrypt -- The Secure Integration of Cryptographic Software</i>. Universitaetsbibliothek Paderborn; 2020.","bibtex":"@book{Krüger_2020, title={CogniCrypt -- The Secure Integration of Cryptographic Software}, publisher={Universitaetsbibliothek Paderborn}, author={Krüger, Stefan}, year={2020} }","mla":"Krüger, Stefan. <i>CogniCrypt -- The Secure Integration of Cryptographic Software</i>. Universitaetsbibliothek Paderborn, 2020."},"supervisor":[{"first_name":"Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","full_name":"Bodden, Eric","id":"59256"}]},{"supervisor":[{"first_name":"Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","id":"59256"}],"citation":{"chicago":"Gerking, Christopher. <i>Model-Driven Information Flow Security Engineering for Cyber-Physical Systems</i>. Paderborn University, 2020. <a href=\"https://doi.org/10.17619/UNIPB/1-1033\">https://doi.org/10.17619/UNIPB/1-1033</a>.","short":"C. Gerking, Model-Driven Information Flow Security Engineering for Cyber-Physical Systems, Paderborn University, 2020.","apa":"Gerking, C. (2020). <i>Model-Driven Information Flow Security Engineering for Cyber-Physical Systems</i>. Paderborn University. <a href=\"https://doi.org/10.17619/UNIPB/1-1033\">https://doi.org/10.17619/UNIPB/1-1033</a>","ieee":"C. Gerking, <i>Model-Driven Information Flow Security Engineering for Cyber-Physical Systems</i>. Paderborn University, 2020.","ama":"Gerking C. <i>Model-Driven Information Flow Security Engineering for Cyber-Physical Systems</i>. Paderborn University; 2020. doi:<a href=\"https://doi.org/10.17619/UNIPB/1-1033\">10.17619/UNIPB/1-1033</a>","bibtex":"@book{Gerking_2020, title={Model-Driven Information Flow Security Engineering for Cyber-Physical Systems}, DOI={<a href=\"https://doi.org/10.17619/UNIPB/1-1033\">10.17619/UNIPB/1-1033</a>}, publisher={Paderborn University}, author={Gerking, Christopher}, year={2020} }","mla":"Gerking, Christopher. <i>Model-Driven Information Flow Security Engineering for Cyber-Physical Systems</i>. Paderborn University, 2020, doi:<a href=\"https://doi.org/10.17619/UNIPB/1-1033\">10.17619/UNIPB/1-1033</a>."},"department":[{"_id":"76"}],"type":"dissertation","date_created":"2020-11-26T10:37:17Z","date_updated":"2022-01-06T06:54:29Z","author":[{"first_name":"Christopher","last_name":"Gerking","full_name":"Gerking, Christopher"}],"status":"public","year":"2020","title":"Model-Driven Information Flow Security Engineering for Cyber-Physical Systems","doi":"10.17619/UNIPB/1-1033","user_id":"5786","_id":"20521","publisher":"Paderborn University","language":[{"iso":"eng"}]},{"type":"dissertation","department":[{"_id":"76"}],"date_created":"2020-11-26T10:47:51Z","citation":{"ieee":"L. Nguyen Quang Do, <i>User-Centered Tool Design for Data-Flow Analysis</i>. Universität Paderborn, 2019.","apa":"Nguyen Quang Do, L. (2019). <i>User-Centered Tool Design for Data-Flow Analysis</i>. Universität Paderborn.","chicago":"Nguyen Quang Do, Lisa. <i>User-Centered Tool Design for Data-Flow Analysis</i>. Universität Paderborn, 2019.","short":"L. Nguyen Quang Do, User-Centered Tool Design for Data-Flow Analysis, Universität Paderborn, 2019.","mla":"Nguyen Quang Do, Lisa. <i>User-Centered Tool Design for Data-Flow Analysis</i>. Universität Paderborn, 2019.","bibtex":"@book{Nguyen Quang Do_2019, title={User-Centered Tool Design for Data-Flow Analysis}, publisher={Universität Paderborn}, author={Nguyen Quang Do, Lisa}, year={2019} }","ama":"Nguyen Quang Do L. <i>User-Centered Tool Design for Data-Flow Analysis</i>. Universität Paderborn; 2019."},"supervisor":[{"id":"59256","full_name":"Bodden, Eric","first_name":"Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647"}],"user_id":"5786","_id":"20524","language":[{"iso":"eng"}],"publisher":"Universität Paderborn","date_updated":"2022-01-06T06:54:29Z","year":"2019","status":"public","title":"User-Centered Tool Design for Data-Flow Analysis","author":[{"first_name":"Lisa","last_name":"Nguyen Quang Do","full_name":"Nguyen Quang Do, Lisa"}]},{"date_updated":"2022-01-06T06:54:29Z","author":[{"last_name":"Späth","first_name":"Johannes","full_name":"Späth, Johannes"}],"title":"Synchronized Pushdown Systems for Pointer and Data-Flow Analysis","year":"2019","status":"public","user_id":"5786","language":[{"iso":"eng"}],"_id":"20536","publisher":"Universität Paderborn","main_file_link":[{"url":"http://www.bodden.de/pubs/phdSpaeth.pdf"}],"citation":{"apa":"Späth, J. (2019). <i>Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</i>. Universität Paderborn.","ieee":"J. Späth, <i>Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</i>. Universität Paderborn, 2019.","short":"J. Späth, Synchronized Pushdown Systems for Pointer and Data-Flow Analysis, Universität Paderborn, 2019.","chicago":"Späth, Johannes. <i>Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</i>. Universität Paderborn, 2019.","mla":"Späth, Johannes. <i>Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</i>. Universität Paderborn, 2019.","ama":"Späth J. <i>Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</i>. Universität Paderborn; 2019.","bibtex":"@book{Späth_2019, title={Synchronized Pushdown Systems for Pointer and Data-Flow Analysis}, publisher={Universität Paderborn}, author={Späth, Johannes}, year={2019} }"},"supervisor":[{"id":"59256","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"}],"department":[{"_id":"76"}],"type":"dissertation","date_created":"2020-11-27T10:50:55Z"},{"user_id":"5786","doi":"10.17619/UNIPB/1-490","_id":"20779","language":[{"iso":"eng"}],"publisher":"Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn","date_updated":"2022-01-06T06:54:38Z","year":"2018","status":"public","title":"Safety Requirements Engineering for Early SIL Tailoring","author":[{"full_name":"Fockel, Markus","last_name":"Fockel","first_name":"Markus","orcid":"0000-0002-1269-0702","id":"8472"}],"type":"dissertation","department":[{"_id":"76"},{"_id":"241"},{"_id":"662"}],"date_created":"2020-12-17T11:59:05Z","abstract":[{"lang":"eng","text":"Der hohe Grad an Innovation in mechatronischen Systemen führt zu sogenannten Cyber-Physical Systems (CPS). Diese haben eine komplexe Funktionalität und Kommunikation. Wie sicherheitskritisch solche Systeme sind, wird durch sogenannte Sicherheits-Integritätslevel (SIL) kategorisiert, die durch Normen wie der ISO 26262 definiert werden. Ein bestimmter SIL beschreibt nicht nur die Höhe des Gefährdungsrisikos, sondern diktiert auch den erforderlichen Grad an Sorgfalt bei der Entwicklung des Systems. Ein hoher SIL erfordert die Anwendung von Safety-Maßnahmen mit einem hohen Sorgfaltsgrad in allen Phasen der Entwicklung und impliziert daher einen hohen Safety-Aufwand. SIL-Tailoring ist ein Mittel um den Safety-Aufwand zu reduzieren, indem man Subsystemen geringere SILs zuordnet, falls sie von kritischeren Subsystemen getrennt sind oder redundante Safety-Anforderungen erfüllen. Um den nötigen Safety-Aufwand zu planen, sollten Möglichkeiten für SIL-Tailoring so früh wie möglich identifiziert werden - d.h. bereits in der Anforderungsanalyse. Durch die Komplexität von CPS, ist es schwierig valide SIL-Tailorings zu finden. Die Validität von SIL-Tailorings muss durch Analyse von Fehlerpropagierungspfaden geprüft und durch Argumente im Safety Case begründet werden. Der Beitrag dieser Dissertation ist ein systematischer, tool-unterstützter SIL-Tailoring-Prozess, der im Safety Requirements Engineering angewendet wird. Der Prozess nutzt eine modell-basierte, formale Anforderungsspezifikation und stellt einen Katalog von Anforderungsmustern bereit. Basierend auf diesen Anforderungen werden Fehlerpropagierungsmodelle generiert und Subsystemen automatisch SILs zugeordnet. Das minimiert den Sicherheitsanalyseaufwand. Aus den generierten Ergebnissen wird automatisch ein Safety Case mit Argumenten für die SIL-Tailoring-Validität abgeleitet."}],"citation":{"ieee":"M. Fockel, <i>Safety Requirements Engineering for Early SIL Tailoring</i>. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018.","apa":"Fockel, M. (2018). <i>Safety Requirements Engineering for Early SIL Tailoring</i>. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn. <a href=\"https://doi.org/10.17619/UNIPB/1-490\">https://doi.org/10.17619/UNIPB/1-490</a>","short":"M. Fockel, Safety Requirements Engineering for Early SIL Tailoring, Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018.","chicago":"Fockel, Markus. <i>Safety Requirements Engineering for Early SIL Tailoring</i>. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018. <a href=\"https://doi.org/10.17619/UNIPB/1-490\">https://doi.org/10.17619/UNIPB/1-490</a>.","mla":"Fockel, Markus. <i>Safety Requirements Engineering for Early SIL Tailoring</i>. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn, 2018, doi:<a href=\"https://doi.org/10.17619/UNIPB/1-490\">10.17619/UNIPB/1-490</a>.","bibtex":"@book{Fockel_2018, title={Safety Requirements Engineering for Early SIL Tailoring}, DOI={<a href=\"https://doi.org/10.17619/UNIPB/1-490\">10.17619/UNIPB/1-490</a>}, publisher={Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn}, author={Fockel, Markus}, year={2018} }","ama":"Fockel M. <i>Safety Requirements Engineering for Early SIL Tailoring</i>. Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn; 2018. doi:<a href=\"https://doi.org/10.17619/UNIPB/1-490\">10.17619/UNIPB/1-490</a>"},"supervisor":[{"id":"59256","full_name":"Bodden, Eric","last_name":"Bodden","first_name":"Eric","orcid":"0000-0003-3470-3647"}]},{"file":[{"date_updated":"2018-11-21T06:15:51Z","relation":"main_file","access_level":"closed","file_size":1383049,"file_name":"ba_leer.pdf","success":1,"content_type":"application/pdf","file_id":"5768","creator":"florida","date_created":"2018-11-21T06:15:51Z"}],"date_created":"2017-12-13T07:52:01Z","type":"bachelorsthesis","department":[{"_id":"76"}],"file_date_updated":"2018-11-21T06:15:51Z","citation":{"apa":"Leer, R. (2018). <i>Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis</i>. Universität Paderborn.","mla":"Leer, Richard. <i>Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis</i>. Universität Paderborn, 2018.","ieee":"R. Leer, <i>Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis</i>. Universität Paderborn, 2018.","chicago":"Leer, Richard. <i>Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis</i>. Universität Paderborn, 2018.","short":"R. Leer, Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis, Universität Paderborn, 2018.","ama":"Leer R. <i>Measuring Performance of a Static Analysis Framework with an Application to Immutability Analysis</i>. Universität Paderborn; 2018.","bibtex":"@book{Leer_2018, title={Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis}, publisher={Universität Paderborn}, author={Leer, Richard}, year={2018} }"},"supervisor":[{"id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647","first_name":"Eric","full_name":"Bodden, Eric"}],"project":[{"_id":"1","name":"SFB 901"},{"_id":"3","name":"SFB 901 - Project Area B"},{"_id":"12","name":"SFB 901 - Subproject B4"}],"_id":"1044","language":[{"iso":"eng"}],"publisher":"Universität Paderborn","user_id":"15504","ddc":["000"],"title":"Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis","status":"public","year":"2018","author":[{"full_name":"Leer, Richard","first_name":"Richard","last_name":"Leer"}],"date_updated":"2022-01-06T06:50:39Z","has_accepted_license":"1"},{"file_date_updated":"2018-11-21T06:14:15Z","citation":{"chicago":"Strüwer, Jan Niclas. <i>Interactive Data Visualization for Exploded Supergraphs</i>. Universität Paderborn, 2018.","short":"J.N. Strüwer, Interactive Data Visualization for Exploded Supergraphs, Universität Paderborn, 2018.","ieee":"J. N. Strüwer, <i>Interactive Data Visualization for Exploded Supergraphs</i>. Universität Paderborn, 2018.","apa":"Strüwer, J. N. (2018). <i>Interactive Data Visualization for Exploded Supergraphs</i>. Universität Paderborn.","bibtex":"@book{Strüwer_2018, title={Interactive Data Visualization for Exploded Supergraphs}, publisher={Universität Paderborn}, author={Strüwer, Jan Niclas}, year={2018} }","ama":"Strüwer JN. <i>Interactive Data Visualization for Exploded Supergraphs</i>. Universität Paderborn; 2018.","mla":"Strüwer, Jan Niclas. <i>Interactive Data Visualization for Exploded Supergraphs</i>. Universität Paderborn, 2018."},"supervisor":[{"id":"59256","last_name":"Bodden","first_name":"Eric","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric"}],"project":[{"name":"SFB 901","_id":"1"},{"name":"SFB 901 - Project Area B","_id":"3"},{"name":"SFB 901 - Subproject B4","_id":"12"}],"file":[{"date_created":"2018-11-21T06:14:15Z","creator":"florida","success":1,"content_type":"application/pdf","file_id":"5767","file_size":15839765,"access_level":"closed","file_name":"ba_struewer.pdf","date_updated":"2018-11-21T06:14:15Z","relation":"main_file"}],"date_created":"2017-12-13T07:53:49Z","type":"bachelorsthesis","department":[{"_id":"76"}],"title":"Interactive Data Visualization for Exploded Supergraphs","status":"public","year":"2018","author":[{"full_name":"Strüwer, Jan Niclas","last_name":"Strüwer","first_name":"Jan Niclas"}],"date_updated":"2022-01-06T06:50:40Z","has_accepted_license":"1","publisher":"Universität Paderborn","_id":"1045","language":[{"iso":"eng"}],"user_id":"15504","ddc":["000"]}]