| [190] | Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis (Manuel Benz, Erik Krogh Kristensen, Linghui Luo, Nataniel P. Borges Jr., Eric Bodden, Andreas Zeller), In International Conference for Software Engineering (ICSE), 2020. (To appear.) Awarded: Artifact Evaluation Award (Available, Reusable) [bib] [pdf] |
| [189] | A systematic literature review of model-driven security engineering for cyber–physical systems (Johannes Geismann, Eric Bodden), In Journal of Systems and Software, pages 110697, Volume 169, 2020. [bib] [pdf] [doi] |
| [188] | PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage (Andreas Fischer, Jonas Janneck, Jörn Kussmaul, Nikolas Krätzschmar, Florian Kerschbaum, Eric Bodden), In 2020 IEEE Computer Security Foundations Symposium (CSF), 2020. [bib] [pdf] |
| [187] | Computation on Encrypted Data using Dataflow Authentication (Andreas Fischer, Benny Fuhry, Florian Kerschbaum, Eric Bodden), In Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020. [bib] [pdf] |
| [186] | Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems (Iris Gräßler, Eric Bodden, Jens Pottebaum, Johannes Geismann, Daniel Roesmann), In Advanced, Contemporary Control (Andrzej Bartoszewicz, Jacek Kabziński, Janusz Kacprzyk, eds.), pages 1458--1469, Springer International Publishing, 2020. [bib] [pdf] |
| [185] | Using Abstract Contracts for Verifying Evolving Features and Their Interactions (Alexander Knüppel, Stefan Krüger, Thomas Thüm, Richard Bubel, Sebastian Krieter, Eric Bodden, Ina Schaefer), Chapter in (Wolfgang Ahrendt, Bernhard Beckert, Richard Bubel, Reiner Hähnle, Mattias Ulbrich, eds.), pages 122--148, Springer International Publishing, 2020. [bib] [pdf] [doi] |
| [184] | ModGuard: Identifying Integrity Confidentiality Violations in Java Modules (Andreas Dann, Ben Hermann, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2019. [bib] [pdf] [doi] |
| [183] | CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), In IEEE Transactions on Software Engineering, pages 1-1, (), 2019. [bib] [pdf] [doi] |
| [182] | PhASAR: An Inter-procedural Static Analysis Framework for C/C++ (Philipp Dominik Schubert, Ben Hermann, Eric Bodden), In Tools and Algorithms for the Construction and Analysis of Systems (Tomás Vojnar, Lijun Zhang, eds.), pages 393--410, Springer International Publishing, 2019. [bib] [pdf] |
| [181] | Architectural Runtime Verification (Lars Stockmann, Sven Laux, Eric Bodden), In 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), pages 77-84, 2019. [bib] [pdf] [doi] |
| [180] | Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems (Johannes Späth, Karim Ali, Eric Bodden), In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, pages 48:1--48:29, 3(POPL), 2019. Awarded: ACM Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf] [doi] |
| [179] | AuthCheck: Program-state Analysis for Access-control Vulnerabilities (Goran Piskachev, Tobias Petrasch, Johannes Späth, Eric Bodden), In 10th Workshop on Tools for Automatic Program Analysis (TAPAS), 2019. [bib] [pdf] |
| [178] | Synchronized Pushdown Systems for Pointer and Data-Flow Analysis (Johannes Späth), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude, UPB Doctoral Dissertation Award, Ernst Denert Software-Engineering Award and Fraunhofer IuK Dissertation Award [bib] [pdf] |
| [177] | User-Centered Tool Design for Data-Flow Analysis (Lisa Nguyen Quang Do), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude, UPB Doctoral Dissertation Award [bib] [pdf] |
| [176] | A Systematic Analysis and Hardening of the Java Security Architecture (Philipp Holzinger), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude [bib] [pdf] |
| [175] | Explaining Static Analysis -- A Perspective (Marcus Nachtigall, Lisa Nguyen Quang Do, Eric Bodden), In 1st International Workshop on Explainable Software (EXPLAIN) at ASE, 2019. [bib] [pdf] |
| [174] | Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, Eric Bodden), In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2019. Awarded: Artifact Evaluation Award [bib] [pdf] |
| [173] | Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen, Eric Bodden), Technical report tr-ri-19-356, Heinz Nixdorf Institut, 2019. [bib] |
| [172] | The Impact of Developer Experience in Using Java Cryptography (Mohammadreza Hazhirpasand, Mohammad Ghafari, Stefan Krüger, Eric Bodden, Oskar Nierstrasz), In 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pages 1-6, 2019. [bib] [pdf] [doi] |
| [171] | MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Linghui Luo, Julian Dolby, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2019. [bib] [pdf] |
| [170] | SootDiff: Bytecode Comparison across Different Java Compilers (Andreas Dann, Ben Hermann, Eric Bodden), In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 14–19, SOAP 2019, Association for Computing Machinery, 2019. [bib] [pdf] [doi] |
| [169] | ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware (Sigmund Albert Gorski, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, Alexandre Bartel), In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pages 25–36, CODASPY '19, Association for Computing Machinery, 2019. [bib] [pdf] [doi] |
| [168] | SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, Oshando Johnson, Eric Bodden), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019. [bib] [pdf] |
| [167] | A Qualitative Analysis of Android Taint-Analysis Results (Linghui Luo, Eric Bodden, Johannes Späth), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), 2019. [bib] [pdf] |
| [166] | Debugging Static Analysis (Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2018. [bib] [pdf] [doi] |