| [240] | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability (Anna-Katharina Wickert, Michael Schlichtig, Marvin Vogel, Lukas Winter, Mira Mezini, Eric Bodden), In 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pages to appear, 2024. [bib] [pdf] |
| [239] | TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools (Ashwin Prasad Shivarpatna Venkatesh, Samkutty Sabu, Jiawei Wang, Amir M. Mir, Li Li, Eric Bodden), In Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings, pages 49–53, ICSE-Companion '24, Association for Computing Machinery, 2024. [bib] [pdf] [doi] |
| [238] | The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks (Ashwin Prasad Shivarpatna Venkatesh, Samkutty Sabu, Amir M. Mir, Sofia Reis, Eric Bodden), In Proceedings of the 2024 IEEE/ACM First International Conference on AI Foundation Models and Software Engineering, pages 35–39, FORGE '24, Association for Computing Machinery, 2024. [bib] [pdf] [doi] |
| [237] | Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems (K. Karakaya, E. Bodden), In 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE), pages 888-888, IEEE Computer Society, 2024. [bib] [pdf] [doi] |
| [236] | Evaluating security through isolation and defense in depth (Eric Bodden, Jens Pottebaum, Markus Fockel, Iris Gräßler), In IEEE Security Privacy, 22(1), 2024. [bib] [pdf] [doi] |
| [235] | SootUp: A Redesign of the Soot Static Analysis Framework (Kadiray Karakaya, Stefan Schott, Jonas Klauke, Eric Bodden, Markus Schmidt, Linghui Luo, Dongjie He), In Tools and Algorithms for the Construction and Analysis of Systems (Bernd Finkbeiner, Laura Kovács, eds.), pages 229--247, Springer Nature Switzerland, 2024. [bib] [pdf] |
| [234] | Toward an Android Static Analysis Approach for Data Protection (Mugdha Khedkar, Eric Bodden), In Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024. [bib] |
| [233] | Detecting Security-Relevant Methods using Multi-label Machine Learning (Oshando Johnson, Goran Piskachev, Ranjith Krishnamurthy, Eric Bodden), In Proceedings of the 46th International Conference on Software Engineering, IDE Workshop, 2024. (accepted) [bib] |
| [232] | Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis (Ashwin Prasad Shivarpatna Venkatesh, Jiawei Wang, Li Li, Eric Bodden), In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023. (To appear.) Awarded: Distinguished Paper Award [bib] [pdf] |
| [231] | Runtime Verification of Crypto APIs: An Empirical Study (Adriano Torres, Pedro Costa, Luis Amaral, Jonata Pastro, Rodrigo Bonifácio, Marcelo d'Amorim, Owolabi Legunsen, Eric Bodden, Edna Dias Canedo), In IEEE Transactions on Software Engineering, pages 4510-4525, 49(10), 2023. [bib] [pdf] [doi] |
| [230] | Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth (Jens Pottebaum, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr, Patricia Arias Cabarcos, Eric Bodden, Iris Gräßler), In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 379-385, 2023. [bib] [doi] |
| [229] | Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security/Defense-in-Depth as a new paradigm of security-oriented product engineering: interdisciplinary, threat-aware and solution-oriented security (Iris Gräßler, Eric Bodden, Dominik Wiechel, Jens Pottebaum), In Konstruktion, pages 60–65, 75(11–12), 2023. [bib] [pdf] [doi] |
| [228] | Model Generation For Java Frameworks (Linghui Luo, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin Schäf), In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. (To appear.) [bib] [pdf] |
| [227] | Securing Your Crypto-API Usage Through Tool Support - A Usability Study (Stefan Krüger, Michael Reif, Anna-Katharina Wickert, Sarah Nadi, Karim Ali, Eris Bodden, Yasemin Acar, Mira Mezini, Sascha Fahl), In 2023 IEEE Secure Development Conference (SecDev), pages 14-25, IEEE Computer Society, 2023. [bib] [pdf] [doi] |
| [226] | Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis (Kadiray Karakaya, Eric Bodden), In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. (To appear.) [bib] [pdf] |
| [225] | UpCy: Safely Updating Outdated Dependencies (Andreas Dann, Ben Hermann, Eric Bodden), In , International Conference on Software Engineering (ICSE), , 2023. (To appear.) [bib] [pdf] |
| [224] | Verifying Software and Reconfigurable Hardware Services (Eric Bodden, Marie-Christine Jakobs, Felix Pauck, Marco Platzner, Philipp Schubert, Heike Wehrheim), Chapter in On-The-Fly Computing -- Individualized IT-services in dynamic markets (Claus-Jochen Haake, Friedhelm Meyer auf der Heide, Marco Platzner, Henning Wachsmuth, Heike Wehrheim, eds.), pages 125-144, Volume 412 of Verlagsschriftenreihe des Heinz Nixdorf Instituts, Heinz Nixdorf Institut, Universität Paderborn, 2023. [bib] [pdf] [doi] |
| [223] | Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study (Goran Piskachev, Matthias Becker, Eric Bodden), In Empirical Software Engineering, pages 118, 28(5), 2023. [bib] [pdf] [doi] |
| [222] | FUM - A Framework for API Usage constraint and Misuse Classification (Michael Schlichtig, Steffen Sassalla, Krishna Narasimhan, Eric Bodden), In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022. [bib] [pdf] |
| [221] | Static Data-Flow Analysis for Software Product Lines in C (Philipp Dominik Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden), In Automated Software Engineering, Springer International Publishing, 2022. [bib] [pdf] [doi] |
| [220] | An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities (Imen Sayar, Alexandre Bartel, Eric Bodden, Yves Le Traon), In ACM Trans. Softw. Eng. Methodol., Association for Computing Machinery, 2022. [bib] [pdf] [doi] |
| [219] | Fluently specifying taint-flow queries with fluentTQL (Goran Piskachev, Johannes Späth, Ingo Budde, Eric Bodden), In Empirical Software Engineering, pages 1--33, 27(5), 2022. [bib] [pdf] |
| [218] | How far are German companies in improving security through static program analysis tools? (Goran Piskachev, Stefan Dziwok, Thorsten Koch, Sven Merschjohan, Eric Bodden), In , IEEE Secure Development Conference (SecDev), , 2022. [bib] [pdf] |
| [217] | Adapting Taint Analyses for Detecting Security Vulnerabilities (Goran Piskachev), PhD thesis, Universität Paderborn, 2022. Awarded: Summa cum laude [bib] [pdf] |
| [216] | A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools (Marcus Nachtigall, Michael Schlichtig, Eric Bodden), In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 532–543, ISSTA 2022, Association for Computing Machinery, 2022. [bib] [pdf] [doi] |