112 Publications
2024 | Conference Paper | LibreCat-ID: 52235
M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for Data Protection,” presented at the 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal, 2024.
LibreCat
| Files available
| arXiv
2024 | Journal Article | LibreCat-ID: 52587
E. Bodden, J. Pottebaum, M. Fockel, and I. Gräßler, “Evaluating Security Through Isolation and Defense in Depth,” IEEE Security & Privacy, vol. 22, no. 1, pp. 69–72, 2024, doi: 10.1109/msec.2023.3336028.
LibreCat
| DOI
2024 | Misc | LibreCat-ID: 52663
A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability. 2024.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 35083
A. P. Dann, B. Hermann, and E. Bodden, “UpCy: Safely Updating Outdated Dependencies.” 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 36522 | 
A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis,” presented at the IEEE SANER 2023 (International Conference on Software Analysis, Evolution and Reengineering), 2023, doi: 10.48550/ARXIV.2301.04419.
LibreCat
| Files available
| DOI
2023 | Conference Paper | LibreCat-ID: 41812
L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden, “Model Generation For Java Frameworks,” 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 41813
A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis,” 2023.
LibreCat
2023 | Book Chapter | LibreCat-ID: 45888 |
H. Wehrheim, M. Platzner, E. Bodden, P. Schubert, F. Pauck, and M.-C. Jakobs, “Verifying Software and Reconfigurable Hardware Services,” in On-The-Fly Computing -- Individualized IT-services in dynamic markets, vol. 412, C.-J. Haake, F. Meyer auf der Heide, M. Platzner, H. Wachsmuth, and H. Wehrheim, Eds. Paderborn: Heinz Nixdorf Institut, Universität Paderborn, 2023, pp. 125–144.
LibreCat
| Files available
| DOI
2023 | Journal Article | LibreCat-ID: 46816
A. Torres et al., “Runtime Verification of Crypto APIs: An Empirical Study,” IEEE Transactions on Software Engineering, vol. 49, no. 10, pp. 4510–4525, 2023, doi: 10.1109/tse.2023.3301660.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 49439
G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study,” Empirical Software Engineering, vol. 28, no. 5, Art. no. 118, 2023, doi: 10.1007/s10664-023-10354-3.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support - A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 48946
I. Gräßler, E. Bodden, D. Wiechel, and J. Pottebaum, “Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security,” Konstruktion, vol. 75, no. 11–12, pp. 60–65, 2023, doi: 10.37544/0720-5953-2023-11-12-60.
LibreCat
| DOI
2023 | Book Chapter | LibreCat-ID: 52662
M. Nachtigall, M. Schlichtig, and E. Bodden, “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 95–96.
LibreCat
| Download (ext.)
2023 | Book Chapter | LibreCat-ID: 52660
M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 46500
J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.
LibreCat
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 29844
T. Koch, S. Trippel, S. Dziwok, and E. Bodden, “Integrating Security Protocols in Scenario-based Requirements Specifications,” 2022, doi: 10.5220/0010783300003119.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 31844
A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data Using Dataflow Authentication,” ACM Transactions on Privacy and Security, vol. 25, no. 3, pp. 1–36, 2022, doi: 10.1145/3513005.
LibreCat
| DOI
2022 | Misc | LibreCat-ID: 32409
M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022.
LibreCat
| Files available
| DOI
2022 | Conference Paper | LibreCat-ID: 32410
M. Nachtigall, M. Schlichtig, and E. Bodden, “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools,” in Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2022, pp. 532–543, doi: 10.1145/3533767.
LibreCat
| Files available
| DOI
2022 | Conference Paper | LibreCat-ID: 31133
M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework for API Usage constraint and Misuse Classification,” in 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684, doi: https://doi.org/10.1109/SANER53432.2022.00085.
LibreCat
| Files available
| DOI
2022 | Journal Article | LibreCat-ID: 30511 |
P. Schubert et al., “Static data-flow analysis for software product lines in C,” Automated Software Engineering, vol. 29, no. 1, Art. no. 35, 2022, doi: 10.1007/s10515-022-00333-1.
LibreCat
| DOI
| Download (ext.)
2022 | Journal Article | LibreCat-ID: 33835
I. Sayar, A. Bartel, E. Bodden, and Y. Le Traon, “An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities,” ACM Transactions on Software Engineering and Methodology, 2022, doi: 10.1145/3554732.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 33836
G. Piskachev, J. Späth, I. Budde, and E. Bodden, “Fluently specifying taint-flow queries with fluentTQL,” Empirical Software Engineering, vol. 27, no. 5, pp. 1–33, 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 33838
R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze Kotlin programs using existing Java taint analysis tools?” 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 33837
G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far are German companies in improving security through static program analysis tools?” 2022.
LibreCat
2021 | Journal Article | LibreCat-ID: 27045 |
L. Luo et al., “TaintBench: Automatic real-world malware benchmarking of Android taint analyses,” Empirical Software Engineering, 2021, doi: 10.1007/s10664-021-10013-5.
LibreCat
| DOI
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21595
L. Stockmann, S. Laux, and E. Bodden, “Using Architectural Runtime Verification for Offline Data Analysis,” Journal of Automotive Software Engineering, 2021, doi: 10.2991/jase.d.210205.001.
LibreCat
| DOI
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21597
P. Holzinger and E. Bodden, “A Systematic Hardening of Java’s Information Hiding,” International Symposium on Advanced Security on Software and Systems (ASSS), 2021.
LibreCat
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21599
R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, and M. Mezini, “Dealing with Variability in API Misuse Specification,” European Conference on Object-Oriented Programming (ECOOP), 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 22462
A. P. Shivarpatna Venkatesh and E. Bodden, “Automated Cell Header Generator for Jupyter Notebooks,” 2021, doi: 10.1145/3464968.3468410.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 23388
S. Kummita, G. Piskachev, J. Spaeth, and E. Bodden, “Qualitative and Quantitative Analysis of Callgraph Algorithms for PYTHON,” in Proceedings of the 2021 International Conference on Code Quality (ICCQ), Virtual, 2021.
LibreCat
| DOI
| Download (ext.)
2021 | Conference Paper | LibreCat-ID: 21598 |
P. Schubert, B. Hermann, and E. Bodden, “Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis,” 2021.
LibreCat
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 31132
A. P. Dann, H. Plate, B. Hermann, S. E. Ponta, and E. Bodden, “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite,” IEEE Transactions on Software Engineering, pp. 1–1, 2021, doi: 10.1109/tse.2021.3101739.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 26407
G. Piskachev, R. Krishnamurthy, and E. Bodden, “SecuCheck: Engineering configurable taint analysis for software developers,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 22463
L. Luo, M. Schäf, D. Sanchez, and E. Bodden, “IDE Support for Cloud-Based Static Analyses,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 33840
K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool for Java and Android,” in 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.
LibreCat
2021 | Conference Paper | LibreCat-ID: 26406
P. Schubert, B. Hermann, E. Bodden, and R. Leer, “Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 26405
P. Schubert, F. Sattler, F. Schiebel, B. Hermann, and E. Bodden, “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++,” 2021.
LibreCat
2020 | Journal Article | LibreCat-ID: 20507
J. Geismann and E. Bodden, “A systematic literature review of model-driven security engineering for cyber–physical systems,” Journal of Systems and Software, vol. 169, p. 110697, 2020, doi: https://doi.org/10.1016/j.jss.2020.110697.
LibreCat
| DOI
2020 | Journal Article | LibreCat-ID: 20508
L. Nguyen Quang Do and E. Bodden, “Explaining Static Analysis with Rule Graphs,” IEEE Transactions on Software Engineering, 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20509
A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, and E. Bodden, “PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage,” 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20510
M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, and A. Zeller, “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis,” 2020.
LibreCat
2020 | Conference Paper | LibreCat-ID: 20511
A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data using Dataflow Authentication,” 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20518
T. Koch, S. Dziwok, J. Holtmann, and E. Bodden, “Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers,” 2020, doi: 10.1145/3365438.3410946.
LibreCat
| DOI
2020 | Report | LibreCat-ID: 20712
P. Schubert, E. Bodden, and B. Hermann, Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries. 2020.
LibreCat
| Files available
2020 | Conference Paper | LibreCat-ID: 16214
F. Pauck, E. Bodden, and H. Wehrheim, “Reproducing Taint-Analysis Results with ReproDroid,” in Software Engineering 2020, Fachtagung des GI-Fachbereichs Softwaretechnik, 24.-28. Februar 2020, Innsbruck, Austria, 2020, pp. 123–124, doi: 10.18420/SE2020_36.
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 23521
I. Gräßler, E. Bodden, J. Pottebaum, J. Geismann, and D. Roesmann, “Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems,” in Advanced, Contemporary Control, Advances in Intelligent Systems and Computing, 2020, vol. 1196, pp. 1458–1469.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20525
L. Stockmann, S. Laux, and E. Bodden, “Architectural Runtime Verification,” in 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 2019, pp. 77–84, doi: 10.1109/ICSA-C.2019.00021.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20527
M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, and O. Nierstrasz, “The Impact of Developer Experience in Using Java Cryptography,” in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019, pp. 1–6, doi: 10.1109/ESEM.2019.8870184.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20528
G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-state Analysis for Access-control Vulnerabilities,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20529
M. Nachtigall, L. Nguyen Quang Do, and E. Bodden, “Explaining Static Analysis -- A Perspective,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20531
L. Luo, E. Bodden, and J. Späth, “A Qualitative Analysis of Android Taint-Analysis Results,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20532
G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2019.
LibreCat
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 20533
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20534
G. Piskachev, L. Nguyen Quang Do, and E. Bodden, “Codebase-Adaptive Detection of Security-Relevant Methods,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20535
L. Luo, J. Dolby, and E. Bodden, “MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors,” 2019.
LibreCat
| Download (ext.)
2019 | Report | LibreCat-ID: 20537
G. Piskachev, L. Nguyen, and E. Bodden, Codebase-Adaptive Detection of Security-Relevant Methods. 2019.
LibreCat
2019 | Conference Paper | LibreCat-ID: 20538
S. Albert Gorski Iii et al., “ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware,” 2019.
LibreCat
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 20539
J. Späth, K. Ali, and E. Bodden, “Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems,” Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, vol. 3, no. POPL, p. 48:1-48:29, 2019, doi: 10.1145/3290361.
LibreCat
| DOI
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 14896
A. Dann, B. Hermann, and E. Bodden, “ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/tse.2019.2931331.
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 14897
A. Dann, B. Hermann, and E. Bodden, “SootDiff: bytecode comparison across different Java compilers,” 2019, doi: 10.1145/3315568.3329966.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 7626 |
P. Schubert, B. Hermann, and E. Bodden, “PhASAR: An Inter-Procedural Static Analysis Framework for C/C++,” in Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), Prague, Czech Republic, 2019, vol. II, pp. 393–410, doi: 10.1007/978-3-030-17465-1_22.
LibreCat
| Files available
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 14898
P. Schubert, R. Leer, B. Hermann, and E. Bodden, “Know your analysis: how instrumentation aids understanding static analysis,” 2019, doi: 10.1145/3315568.3329965.
LibreCat
| DOI
2018 | Preprint | LibreCat-ID: 2711
F. Pauck, E. Bodden, and H. Wehrheim, “Do Android Taint Analysis Tools Keep their Promises?,” arXiv:1804.02903. 2018.
LibreCat
| Files available
2018 | Conference Paper | LibreCat-ID: 20530
E. Bodden and L. Nguyen Quang Do, “Explainable Static Analysis,” in Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–208.
LibreCat
| Download (ext.)
2018 | Journal Article | LibreCat-ID: 20543
L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging Static Analysis,” IEEE Transactions on Software Engineering, pp. 1–1, 2018, doi: 10.1109/TSE.2018.2868349.
LibreCat
| DOI
| Download (ext.)
2018 | Conference (Editor) | LibreCat-ID: 20544
M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, and J.-P. Steghöfer, Eds., Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany, vol. {P-279}. Gesellschaft für Informatik, 2018.
LibreCat
2018 | Conference Paper | LibreCat-ID: 20546
C. Gerking, D. Schubert, and E. Bodden, “Model Checking the Information Flow Security of Real-Time Systems,” in Engineering Secure Software and Systems, 2018, pp. 27–43.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20547
L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2018, pp. 714–718, doi: 10.1145/3236024.3264830.
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20548
E. Bodden, “The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them),” in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), 2018, pp. 85–93, doi: 10.1145/3236454.3236500.
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20549
J. Geismann, C. Gerking, and E. Bodden, “Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes,” 2018.
LibreCat
| Files available
2018 | Conference Paper | LibreCat-ID: 20550
E. Bodden, “Self-adaptive Static Analysis,” in Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 2018, pp. 45–48, doi: 10.1145/3183399.3183401.
LibreCat
| Files available
| DOI
2018 | Conference Paper | LibreCat-ID: 20551
L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “VISUFLOW, a Debugging Environment for Static Analyses,” 2018.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 4999
F. Pauck, E. Bodden, and H. Wehrheim, “Do Android taint analysis tools keep their promises?,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018, 2018.
LibreCat
| Files available
| DOI
2018 | Conference Paper | LibreCat-ID: 5203
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” in European Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.
LibreCat
| Files available
| Download (ext.)
2017 | Misc | LibreCat-ID: 28231
E. Bodden, F. Dressler, F. Meyer auf der Heide, C. Scheytt, and A. Trächtler, Intelligente technische Systeme, vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
2017 | Book | LibreCat-ID: 24221
J. Gausemeier et al., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys), vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
| Files available
| DOI
2017 | Book (Editor) | LibreCat-ID: 27415
J. Gausemeier et al., Eds., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys). , Band 369, vol. 369. Paderborn: Verlagsschriftenreihe des Heinz Nixdorf Instituts, 2017.
LibreCat
2017 | Journal Article | LibreCat-ID: 20553
L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, and A. D. Brucker, “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors,” Data Science and Engineering, vol. 2, no. 2, pp. 107–124, 2017, doi: https://doi.org/10.1007/s41019-016-0019-8.
LibreCat
| Files available
| DOI
2017 | Report | LibreCat-ID: 20554
E. Bodden, Self-adaptive static analysis. 2017.
LibreCat
| Download (ext.)
2017 | Report | LibreCat-ID: 20555
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, CrySL: Validating Correct Usage of Cryptographic APIs. 2017.
LibreCat
| Download (ext.)
2017 | Journal Article | LibreCat-ID: 20557
M. Lillack, C. Kästner, and E. Bodden, “Tracking Load-time Configuration Options,” IEEE Transactions on Software Engineering, vol. PP, no. 99, pp. 1–1, 2017, doi: 10.1109/TSE.2017.2756048.
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20558
S. Krüger et al., “CogniCrypt: Supporting Developers in using Cryptography,” 2017.
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20559
L. N. Q. Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, “Just-in-time Static Analysis,” in Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2017, pp. 307–317, doi: 10.1145/3092703.3092705.
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20715
L. Nguyen Quang Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, “Cheetah: Just-in-Time Taint Analysis for Android Apps,” 2017.
LibreCat
| Download (ext.)
2017 | Book | LibreCat-ID: 23010
J. Gausemeier et al., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys), vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 5204
J. Späth, K. Ali, and E. Bodden, “IDEal: Efficient and Precise Alias-aware Dataflow Analysis,” in 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), 2017.
LibreCat
| Files available
| Download (ext.)
2017 | Journal Article | LibreCat-ID: 5209
A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data using Data Flow Authentication,” CoRR, vol. abs/1710.00390, 2017.
LibreCat
| Files available
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20556
E. Bodden, K. I Pun, M. Steffen, V. Stolz, and A.-K. Wickert, “Information Flow Analysis for Go,” in Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part {I}, 2016, pp. 431–445, doi: 10.1007/978-3-319-47166-2_30.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 20716
E. Bodden, M. Eichberg, K. I Pun, M. Steffen, V. Stolz, and A.-K. Wickert, “Don’t let data Go astray---A Context-Sensitive Taint Analysis for Concurrent Programs in Go,” 2016.
LibreCat
| Download (ext.)
2016 | Report | LibreCat-ID: 20717
L. Nguyen Quang Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, Just-in-Time Static Analysis. 2016.
LibreCat
| DOI
| Download (ext.)
2016 | Journal Article | LibreCat-ID: 20718
S. Rasthofer, S. Arzt, E. Bodden, and M. Miltenberger, “Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen,” Datenschutz und Datensicherheit, pp. 718–722, 2016, doi: https://www.springerprofessional.de/en/datenschutz-und-datensicherheit-dud-11-2016/10866536.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20719
P. Holzinger, S. Triller, A. Bartel, and E. Bodden, “An In-Depth Study of More Than Ten Years of Java Exploitation,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–790, doi: http://doi.acm.org/10.1145/2976749.2978361.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 20720
A. Follner et al., “PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution,” in International Workshop on Security and Trust Management (STM), 2016, pp. 212–228.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20721
L. Nguyen Quang Do, M. Eichberg, and E. Bodden, “Toward an Automated Benchmark Management System,” in Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2016, pp. 13–17.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20722
S. Arzt, T. Kussmaul, and E. Bodden, “Towards Cross-Platform Cross-Language Analysis with Soot,” in Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2016, pp. 1–6.
LibreCat
| Download (ext.)
2016 | Journal Article | LibreCat-ID: 20724
A. Follner and E. Bodden, “ROPocop — Dynamic mitigation of code-reuse attacks,” Journal of Information Security and Applications , vol. 29, pp. 16–26, 2016, doi: http://dx.doi.org/10.1016/j.jisa.2016.01.002.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20725
A. Follner, A. Bartel, and E. Bodden, “Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20726
K. Falzon and E. Bodden, “Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels,” in Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2--8, 2016, Proceedings, 2016, pp. 116–138, doi: 10.1007/978-3-662-49635-0_7.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20727
S. Rasthofer, S. Arzt, M. Miltenberger, and E. Bodden, “Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20728
S. Nadi, S. Krüger, M. Mezini, and E. Bodden, “Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?,” in International Conference for Software Engineering (ICSE), 2016, pp. 935–946.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20729
S. Arzt and E. Bodden, “StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20730
N. Eling, S. Rasthofer, M. Kolhagen, E. Bodden, and P. Buxmann, “Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment,” in 2016 49th Hawaii International Conference on System Sciences (HICSS), 2016, pp. 3666–3675, doi: 10.1109/HICSS.2016.458.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 5205
J. Späth, L. Nguyen Quang Do, K. Ali, and E. Bodden, “Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java,” in European Conference on Object-Oriented Programming (ECOOP), 2016.
LibreCat
| Files available
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 5207
L. Li et al., “IccTA: Detecting Inter-Component Privacy Leaks in Android Apps,” in 2015 International Conference on Software Engineering (ICSE), 2015, pp. 280–291.
LibreCat
| Files available
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 5734
J. Lerch, B. Hermann, E. Bodden, and M. Mezini, “FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases,” in Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014, 2014.
LibreCat
| DOI
2014 | Conference Paper | LibreCat-ID: 5189
S. Arzt et al., “FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps,” in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI ’14, 2014.
LibreCat
| Files available
| DOI
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 5190
S. Arzt, S. Rasthofer, E. Lovat, and E. Bodden, “DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android,” in International Conference on Availability, Reliability and Security (ARES 2014), 2014, pp. 40–49.
LibreCat
| Files available
| Download (ext.)
2012 | Journal Article | LibreCat-ID: 5183
E. Bodden, P. Lam, and L. Hendren, “Partially Evaluating Finite-State Runtime Monitors Ahead of Time,” ACM Transactions on Programming Languages and Systems, vol. 34, no. 2, pp. 1–52, 2012.
LibreCat
| Files available
| DOI
| Download (ext.)
112 Publications
2024 | Conference Paper | LibreCat-ID: 52235
M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for Data Protection,” presented at the 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal, 2024.
LibreCat
| Files available
| arXiv
2024 | Journal Article | LibreCat-ID: 52587
E. Bodden, J. Pottebaum, M. Fockel, and I. Gräßler, “Evaluating Security Through Isolation and Defense in Depth,” IEEE Security & Privacy, vol. 22, no. 1, pp. 69–72, 2024, doi: 10.1109/msec.2023.3336028.
LibreCat
| DOI
2024 | Misc | LibreCat-ID: 52663
A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability. 2024.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 35083
A. P. Dann, B. Hermann, and E. Bodden, “UpCy: Safely Updating Outdated Dependencies.” 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 36522 |
A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis,” presented at the IEEE SANER 2023 (International Conference on Software Analysis, Evolution and Reengineering), 2023, doi: 10.48550/ARXIV.2301.04419.
LibreCat
| Files available
| DOI
2023 | Conference Paper | LibreCat-ID: 41812
L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, and E. Bodden, “Model Generation For Java Frameworks,” 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 41813
A. P. Shivarpatna Venkatesh, J. Wang, L. Li, and E. Bodden, “Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis,” 2023.
LibreCat
2023 | Book Chapter | LibreCat-ID: 45888 |
H. Wehrheim, M. Platzner, E. Bodden, P. Schubert, F. Pauck, and M.-C. Jakobs, “Verifying Software and Reconfigurable Hardware Services,” in On-The-Fly Computing -- Individualized IT-services in dynamic markets, vol. 412, C.-J. Haake, F. Meyer auf der Heide, M. Platzner, H. Wachsmuth, and H. Wehrheim, Eds. Paderborn: Heinz Nixdorf Institut, Universität Paderborn, 2023, pp. 125–144.
LibreCat
| Files available
| DOI
2023 | Journal Article | LibreCat-ID: 46816
A. Torres et al., “Runtime Verification of Crypto APIs: An Empirical Study,” IEEE Transactions on Software Engineering, vol. 49, no. 10, pp. 4510–4525, 2023, doi: 10.1109/tse.2023.3301660.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 49439
G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study,” Empirical Software Engineering, vol. 28, no. 5, Art. no. 118, 2023, doi: 10.1007/s10664-023-10354-3.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support - A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 48946
I. Gräßler, E. Bodden, D. Wiechel, and J. Pottebaum, “Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security,” Konstruktion, vol. 75, no. 11–12, pp. 60–65, 2023, doi: 10.37544/0720-5953-2023-11-12-60.
LibreCat
| DOI
2023 | Book Chapter | LibreCat-ID: 52662
M. Nachtigall, M. Schlichtig, and E. Bodden, “Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 95–96.
LibreCat
| Download (ext.)
2023 | Book Chapter | LibreCat-ID: 52660
M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “Introducing FUM: A Framework for API Usage Constraint and Misuse Classification,” in Software Engineering 2023, Bonn: Gesellschaft für Informatik e.V., 2023, pp. 105–106.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 46500
J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.
LibreCat
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 29844
T. Koch, S. Trippel, S. Dziwok, and E. Bodden, “Integrating Security Protocols in Scenario-based Requirements Specifications,” 2022, doi: 10.5220/0010783300003119.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 31844
A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data Using Dataflow Authentication,” ACM Transactions on Privacy and Security, vol. 25, no. 3, pp. 1–36, 2022, doi: 10.1145/3513005.
LibreCat
| DOI
2022 | Misc | LibreCat-ID: 32409
M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, and M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite. 2022.
LibreCat
| Files available
| DOI
2022 | Conference Paper | LibreCat-ID: 32410
M. Nachtigall, M. Schlichtig, and E. Bodden, “A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools,” in Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2022, pp. 532–543, doi: 10.1145/3533767.
LibreCat
| Files available
| DOI
2022 | Conference Paper | LibreCat-ID: 31133
M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden, “FUM - A Framework for API Usage constraint and Misuse Classification,” in 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684, doi: https://doi.org/10.1109/SANER53432.2022.00085.
LibreCat
| Files available
| DOI
2022 | Journal Article | LibreCat-ID: 30511 |
P. Schubert et al., “Static data-flow analysis for software product lines in C,” Automated Software Engineering, vol. 29, no. 1, Art. no. 35, 2022, doi: 10.1007/s10515-022-00333-1.
LibreCat
| DOI
| Download (ext.)
2022 | Journal Article | LibreCat-ID: 33835
I. Sayar, A. Bartel, E. Bodden, and Y. Le Traon, “An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities,” ACM Transactions on Software Engineering and Methodology, 2022, doi: 10.1145/3554732.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 33836
G. Piskachev, J. Späth, I. Budde, and E. Bodden, “Fluently specifying taint-flow queries with fluentTQL,” Empirical Software Engineering, vol. 27, no. 5, pp. 1–33, 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 33838
R. Krishnamurthy, G. Piskachev, and E. Bodden, “To what extent can we analyze Kotlin programs using existing Java taint analysis tools?” 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 33837
G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far are German companies in improving security through static program analysis tools?” 2022.
LibreCat
2021 | Journal Article | LibreCat-ID: 27045 |
L. Luo et al., “TaintBench: Automatic real-world malware benchmarking of Android taint analyses,” Empirical Software Engineering, 2021, doi: 10.1007/s10664-021-10013-5.
LibreCat
| DOI
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21595
L. Stockmann, S. Laux, and E. Bodden, “Using Architectural Runtime Verification for Offline Data Analysis,” Journal of Automotive Software Engineering, 2021, doi: 10.2991/jase.d.210205.001.
LibreCat
| DOI
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21597
P. Holzinger and E. Bodden, “A Systematic Hardening of Java’s Information Hiding,” International Symposium on Advanced Security on Software and Systems (ASSS), 2021.
LibreCat
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 21599
R. Bonifacio, S. Krüger, K. Narasimhan, E. Bodden, and M. Mezini, “Dealing with Variability in API Misuse Specification,” European Conference on Object-Oriented Programming (ECOOP), 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 22462
A. P. Shivarpatna Venkatesh and E. Bodden, “Automated Cell Header Generator for Jupyter Notebooks,” 2021, doi: 10.1145/3464968.3468410.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 23388
S. Kummita, G. Piskachev, J. Spaeth, and E. Bodden, “Qualitative and Quantitative Analysis of Callgraph Algorithms for PYTHON,” in Proceedings of the 2021 International Conference on Code Quality (ICCQ), Virtual, 2021.
LibreCat
| DOI
| Download (ext.)
2021 | Conference Paper | LibreCat-ID: 21598 |
P. Schubert, B. Hermann, and E. Bodden, “Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis,” 2021.
LibreCat
| Download (ext.)
2021 | Journal Article | LibreCat-ID: 31132
A. P. Dann, H. Plate, B. Hermann, S. E. Ponta, and E. Bodden, “Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite,” IEEE Transactions on Software Engineering, pp. 1–1, 2021, doi: 10.1109/tse.2021.3101739.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 26407
G. Piskachev, R. Krishnamurthy, and E. Bodden, “SecuCheck: Engineering configurable taint analysis for software developers,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 22463
L. Luo, M. Schäf, D. Sanchez, and E. Bodden, “IDE Support for Cloud-Based Static Analyses,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 33840
K. Karakaya and E. Bodden, “SootFX: A Static Code Feature Extraction Tool for Java and Android,” in 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021, pp. 181–186.
LibreCat
2021 | Conference Paper | LibreCat-ID: 26406
P. Schubert, B. Hermann, E. Bodden, and R. Leer, “Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++,” 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 26405
P. Schubert, F. Sattler, F. Schiebel, B. Hermann, and E. Bodden, “Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++,” 2021.
LibreCat
2020 | Journal Article | LibreCat-ID: 20507
J. Geismann and E. Bodden, “A systematic literature review of model-driven security engineering for cyber–physical systems,” Journal of Systems and Software, vol. 169, p. 110697, 2020, doi: https://doi.org/10.1016/j.jss.2020.110697.
LibreCat
| DOI
2020 | Journal Article | LibreCat-ID: 20508
L. Nguyen Quang Do and E. Bodden, “Explaining Static Analysis with Rule Graphs,” IEEE Transactions on Software Engineering, 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20509
A. Fischer, J. Janneck, J. Kussmaul, N. Krätzschmar, F. Kerschbaum, and E. Bodden, “PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage,” 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20510
M. Benz, E. Krogh Kristensen, L. Luo, N. P. Borges Jr., E. Bodden, and A. Zeller, “Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis,” 2020.
LibreCat
2020 | Conference Paper | LibreCat-ID: 20511
A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data using Dataflow Authentication,” 2020.
LibreCat
| Download (ext.)
2020 | Conference Paper | LibreCat-ID: 20518
T. Koch, S. Dziwok, J. Holtmann, and E. Bodden, “Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers,” 2020, doi: 10.1145/3365438.3410946.
LibreCat
| DOI
2020 | Report | LibreCat-ID: 20712
P. Schubert, E. Bodden, and B. Hermann, Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries. 2020.
LibreCat
| Files available
2020 | Conference Paper | LibreCat-ID: 16214
F. Pauck, E. Bodden, and H. Wehrheim, “Reproducing Taint-Analysis Results with ReproDroid,” in Software Engineering 2020, Fachtagung des GI-Fachbereichs Softwaretechnik, 24.-28. Februar 2020, Innsbruck, Austria, 2020, pp. 123–124, doi: 10.18420/SE2020_36.
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 23521
I. Gräßler, E. Bodden, J. Pottebaum, J. Geismann, and D. Roesmann, “Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems,” in Advanced, Contemporary Control, Advances in Intelligent Systems and Computing, 2020, vol. 1196, pp. 1458–1469.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20525
L. Stockmann, S. Laux, and E. Bodden, “Architectural Runtime Verification,” in 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), 2019, pp. 77–84, doi: 10.1109/ICSA-C.2019.00021.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20527
M. Hazhirpasand, M. Ghafari, S. Krüger, E. Bodden, and O. Nierstrasz, “The Impact of Developer Experience in Using Java Cryptography,” in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019, pp. 1–6, doi: 10.1109/ESEM.2019.8870184.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20528
G. Piskachev, T. Petrasch, J. Späth, and E. Bodden, “AuthCheck: Program-state Analysis for Access-control Vulnerabilities,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20529
M. Nachtigall, L. Nguyen Quang Do, and E. Bodden, “Explaining Static Analysis -- A Perspective,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20531
L. Luo, E. Bodden, and J. Späth, “A Qualitative Analysis of Android Taint-Analysis Results,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20532
G. Piskachev, L. Nguyen Quang Do, O. Johnson, and E. Bodden, “SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods,” 2019.
LibreCat
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 20533
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/TSE.2019.2948910.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20534
G. Piskachev, L. Nguyen Quang Do, and E. Bodden, “Codebase-Adaptive Detection of Security-Relevant Methods,” 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 20535
L. Luo, J. Dolby, and E. Bodden, “MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors,” 2019.
LibreCat
| Download (ext.)
2019 | Report | LibreCat-ID: 20537
G. Piskachev, L. Nguyen, and E. Bodden, Codebase-Adaptive Detection of Security-Relevant Methods. 2019.
LibreCat
2019 | Conference Paper | LibreCat-ID: 20538
S. Albert Gorski Iii et al., “ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware,” 2019.
LibreCat
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 20539
J. Späth, K. Ali, and E. Bodden, “Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems,” Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, vol. 3, no. POPL, p. 48:1-48:29, 2019, doi: 10.1145/3290361.
LibreCat
| DOI
| Download (ext.)
2019 | Journal Article | LibreCat-ID: 14896
A. Dann, B. Hermann, and E. Bodden, “ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules,” IEEE Transactions on Software Engineering, pp. 1–1, 2019, doi: 10.1109/tse.2019.2931331.
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 14897
A. Dann, B. Hermann, and E. Bodden, “SootDiff: bytecode comparison across different Java compilers,” 2019, doi: 10.1145/3315568.3329966.
LibreCat
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 7626 |
P. Schubert, B. Hermann, and E. Bodden, “PhASAR: An Inter-Procedural Static Analysis Framework for C/C++,” in Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019), Prague, Czech Republic, 2019, vol. II, pp. 393–410, doi: 10.1007/978-3-030-17465-1_22.
LibreCat
| Files available
| DOI
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 14898
P. Schubert, R. Leer, B. Hermann, and E. Bodden, “Know your analysis: how instrumentation aids understanding static analysis,” 2019, doi: 10.1145/3315568.3329965.
LibreCat
| DOI
2018 | Preprint | LibreCat-ID: 2711
F. Pauck, E. Bodden, and H. Wehrheim, “Do Android Taint Analysis Tools Keep their Promises?,” arXiv:1804.02903. 2018.
LibreCat
| Files available
2018 | Conference Paper | LibreCat-ID: 20530
E. Bodden and L. Nguyen Quang Do, “Explainable Static Analysis,” in Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany., 2018, pp. 205–208.
LibreCat
| Download (ext.)
2018 | Journal Article | LibreCat-ID: 20543
L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging Static Analysis,” IEEE Transactions on Software Engineering, pp. 1–1, 2018, doi: 10.1109/TSE.2018.2868349.
LibreCat
| DOI
| Download (ext.)
2018 | Conference (Editor) | LibreCat-ID: 20544
M. Tichy, E. Bodden, M. Kuhrmann, S. Wagner, and J.-P. Steghöfer, Eds., Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany, vol. {P-279}. Gesellschaft für Informatik, 2018.
LibreCat
2018 | Conference Paper | LibreCat-ID: 20546
C. Gerking, D. Schubert, and E. Bodden, “Model Checking the Information Flow Security of Real-Time Systems,” in Engineering Secure Software and Systems, 2018, pp. 27–43.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20547
L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2018, pp. 714–718, doi: 10.1145/3236024.3264830.
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20548
E. Bodden, “The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them),” in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), 2018, pp. 85–93, doi: 10.1145/3236454.3236500.
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 20549
J. Geismann, C. Gerking, and E. Bodden, “Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes,” 2018.
LibreCat
| Files available
2018 | Conference Paper | LibreCat-ID: 20550
E. Bodden, “Self-adaptive Static Analysis,” in Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, 2018, pp. 45–48, doi: 10.1145/3183399.3183401.
LibreCat
| Files available
| DOI
2018 | Conference Paper | LibreCat-ID: 20551
L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “VISUFLOW, a Debugging Environment for Static Analyses,” 2018.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 4999
F. Pauck, E. Bodden, and H. Wehrheim, “Do Android taint analysis tools keep their promises?,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018, 2018.
LibreCat
| Files available
| DOI
2018 | Conference Paper | LibreCat-ID: 5203
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, “CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs,” in European Conference on Object-Oriented Programming (ECOOP), 2018, pp. 10:1-10:27.
LibreCat
| Files available
| Download (ext.)
2017 | Misc | LibreCat-ID: 28231
E. Bodden, F. Dressler, F. Meyer auf der Heide, C. Scheytt, and A. Trächtler, Intelligente technische Systeme, vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
2017 | Book | LibreCat-ID: 24221
J. Gausemeier et al., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys), vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
| Files available
| DOI
2017 | Book (Editor) | LibreCat-ID: 27415
J. Gausemeier et al., Eds., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys). , Band 369, vol. 369. Paderborn: Verlagsschriftenreihe des Heinz Nixdorf Instituts, 2017.
LibreCat
2017 | Journal Article | LibreCat-ID: 20553
L. Ben Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, and A. D. Brucker, “Time for Addressing Software Security Issues: Prediction Models and Impacting Factors,” Data Science and Engineering, vol. 2, no. 2, pp. 107–124, 2017, doi: https://doi.org/10.1007/s41019-016-0019-8.
LibreCat
| Files available
| DOI
2017 | Report | LibreCat-ID: 20554
E. Bodden, Self-adaptive static analysis. 2017.
LibreCat
| Download (ext.)
2017 | Report | LibreCat-ID: 20555
S. Krüger, J. Späth, K. Ali, E. Bodden, and M. Mezini, CrySL: Validating Correct Usage of Cryptographic APIs. 2017.
LibreCat
| Download (ext.)
2017 | Journal Article | LibreCat-ID: 20557
M. Lillack, C. Kästner, and E. Bodden, “Tracking Load-time Configuration Options,” IEEE Transactions on Software Engineering, vol. PP, no. 99, pp. 1–1, 2017, doi: 10.1109/TSE.2017.2756048.
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20558
S. Krüger et al., “CogniCrypt: Supporting Developers in using Cryptography,” 2017.
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20559
L. N. Q. Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, “Just-in-time Static Analysis,” in Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2017, pp. 307–317, doi: 10.1145/3092703.3092705.
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 20715
L. Nguyen Quang Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, “Cheetah: Just-in-Time Taint Analysis for Android Apps,” 2017.
LibreCat
| Download (ext.)
2017 | Book | LibreCat-ID: 23010
J. Gausemeier et al., Wissenschaftsforum Intelligente Technische Systeme (WInTeSys), vol. 369. Verlagsschriftenreihe des Heinz Nixdorf Instituts, Paderborn, 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 5204
J. Späth, K. Ali, and E. Bodden, “IDEal: Efficient and Precise Alias-aware Dataflow Analysis,” in 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), 2017.
LibreCat
| Files available
| Download (ext.)
2017 | Journal Article | LibreCat-ID: 5209
A. Fischer, B. Fuhry, F. Kerschbaum, and E. Bodden, “Computation on Encrypted Data using Data Flow Authentication,” CoRR, vol. abs/1710.00390, 2017.
LibreCat
| Files available
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20556
E. Bodden, K. I Pun, M. Steffen, V. Stolz, and A.-K. Wickert, “Information Flow Analysis for Go,” in Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part {I}, 2016, pp. 431–445, doi: 10.1007/978-3-319-47166-2_30.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 20716
E. Bodden, M. Eichberg, K. I Pun, M. Steffen, V. Stolz, and A.-K. Wickert, “Don’t let data Go astray---A Context-Sensitive Taint Analysis for Concurrent Programs in Go,” 2016.
LibreCat
| Download (ext.)
2016 | Report | LibreCat-ID: 20717
L. Nguyen Quang Do, K. Ali, B. Livshits, E. Bodden, J. Smith, and E. Murphy-Hill, Just-in-Time Static Analysis. 2016.
LibreCat
| DOI
| Download (ext.)
2016 | Journal Article | LibreCat-ID: 20718
S. Rasthofer, S. Arzt, E. Bodden, and M. Miltenberger, “Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen,” Datenschutz und Datensicherheit, pp. 718–722, 2016, doi: https://www.springerprofessional.de/en/datenschutz-und-datensicherheit-dud-11-2016/10866536.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20719
P. Holzinger, S. Triller, A. Bartel, and E. Bodden, “An In-Depth Study of More Than Ten Years of Java Exploitation,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–790, doi: http://doi.acm.org/10.1145/2976749.2978361.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 20720
A. Follner et al., “PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution,” in International Workshop on Security and Trust Management (STM), 2016, pp. 212–228.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20721
L. Nguyen Quang Do, M. Eichberg, and E. Bodden, “Toward an Automated Benchmark Management System,” in Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2016, pp. 13–17.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20722
S. Arzt, T. Kussmaul, and E. Bodden, “Towards Cross-Platform Cross-Language Analysis with Soot,” in Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2016, pp. 1–6.
LibreCat
| Download (ext.)
2016 | Journal Article | LibreCat-ID: 20724
A. Follner and E. Bodden, “ROPocop — Dynamic mitigation of code-reuse attacks,” Journal of Information Security and Applications , vol. 29, pp. 16–26, 2016, doi: http://dx.doi.org/10.1016/j.jisa.2016.01.002.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20725
A. Follner, A. Bartel, and E. Bodden, “Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20726
K. Falzon and E. Bodden, “Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels,” in Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2--8, 2016, Proceedings, 2016, pp. 116–138, doi: 10.1007/978-3-662-49635-0_7.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20727
S. Rasthofer, S. Arzt, M. Miltenberger, and E. Bodden, “Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20728
S. Nadi, S. Krüger, M. Mezini, and E. Bodden, “Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?,” in International Conference for Software Engineering (ICSE), 2016, pp. 935–946.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20729
S. Arzt and E. Bodden, “StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework,” 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 20730
N. Eling, S. Rasthofer, M. Kolhagen, E. Bodden, and P. Buxmann, “Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment,” in 2016 49th Hawaii International Conference on System Sciences (HICSS), 2016, pp. 3666–3675, doi: 10.1109/HICSS.2016.458.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 5205
J. Späth, L. Nguyen Quang Do, K. Ali, and E. Bodden, “Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java,” in European Conference on Object-Oriented Programming (ECOOP), 2016.
LibreCat
| Files available
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 5207
L. Li et al., “IccTA: Detecting Inter-Component Privacy Leaks in Android Apps,” in 2015 International Conference on Software Engineering (ICSE), 2015, pp. 280–291.
LibreCat
| Files available
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 5734
J. Lerch, B. Hermann, E. Bodden, and M. Mezini, “FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases,” in Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014, 2014.
LibreCat
| DOI
2014 | Conference Paper | LibreCat-ID: 5189
S. Arzt et al., “FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps,” in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI ’14, 2014.
LibreCat
| Files available
| DOI
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 5190
S. Arzt, S. Rasthofer, E. Lovat, and E. Bodden, “DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android,” in International Conference on Availability, Reliability and Security (ARES 2014), 2014, pp. 40–49.
LibreCat
| Files available
| Download (ext.)
2012 | Journal Article | LibreCat-ID: 5183
E. Bodden, P. Lam, and L. Hendren, “Partially Evaluating Finite-State Runtime Monitors Ahead of Time,” ACM Transactions on Programming Languages and Systems, vol. 34, no. 2, pp. 1–52, 2012.
LibreCat
| Files available
| DOI
| Download (ext.)