| [140] | Improving Mobile-Malware Investigations with Static and Dynamic Code Analysis Techniques (Siegfried Rasthofer), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf] |
| [139] | On Generating Gadget Chains for Return-Oriented Programming (Andreas Follner), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf] |
| [138] | On the Use of Migration to Stop Illicit Channels (Kevin Falzon), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf] |
| [137] | Static Data Flow Analysis for Android Applications (Steven Arzt), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf] |
| [136] | Don't let data Go astray---A Context-Sensitive Taint Analysis for Concurrent Programs in Go (Eric Bodden, Michael Eichberg, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Nordic Workshop on Programming Theory (NWPT'16), 2016. [bib] [pdf] |
| [135] | Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), In Network and Distributed System Security Symposium (NDSS), 2016. [bib] [pdf] |
| [134] | ROPocop — Dynamic mitigation of code-reuse attacks (Andreas Follner, Eric Bodden), In Journal of Information Security and Applications, pages 16--26, Volume 29, 2016. [bib] [pdf] [doi] |
| [133] | Information Flow Analysis for Go (Eric Bodden, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part I, pages 431--445, 2016. [bib] [pdf] [doi] |
| [132] | StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework (Steven Arzt, Eric Bodden), In International Conference for Software Engineering (ICSE), 2016. [bib] [pdf] |
| [131] | Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs? (Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden), In International Conference for Software Engineering (ICSE), pages 935--946, 2016. [bib] [pdf] |
| [130] | Investigating Users' Reaction to Fine-Grained Data Requests: A Market Experiment (N. Eling, S. Rasthofer, M. Kolhagen, Eric Bodden, P. Buxmann), In 2016 49th Hawaii International Conference on System Sciences (HICSS), pages 3666--3675, 2016. [bib] [pdf] [doi] |
| [129] | Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality (Andreas Follner, Alexandre Bartel, Eric Bodden), In International Symposium on Engineering Secure Software and Systems (ESSoS), 2016. (To appear.) Awarded: Artifact Evaluation Award [bib] [pdf] |
| [128] | Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2016. Awarded: Artifact Evaluation Award [bib] [pdf] |
| [127] | Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen (Siegfried Rasthofer, Steven Arzt, Eric Bodden, Marc Miltenberger), In Datenschutz und Datensicherheit, pages 718--722, 2016. [bib] [pdf] [doi] |
| [126] | An In-Depth Study of More Than Ten Years of Java Exploitation (Philipp Holzinger, Stefan Triller, Alexandre Bartel, Eric Bodden), In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 779--790, CCS '16, , 2016. [bib] [pdf] [doi] |
| [125] | Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), Technical report, University of Alberta Dataverse, 2016. [bib] [pdf] [doi] |
| [124] | How Current Android Malware Seeks to Evade Automated Code Analysis (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), In International Conference on Information Security Theory and Practice (WISTP'2015), 2015. [bib] [pdf] |
| [123] | Using Targeted Symbolic Execution for Reducing False-positives in Dataflow Analysis (Steven Arzt, Siegfried Rasthofer, Robert Hahn, Eric Bodden), In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 1--6, SOAP 2015, , 2015. [bib] [pdf] [doi] |
| [122] | Factors Impacting the Effort Required to Fix Security Vulnerabilities - An industrial Case Study (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker, Philip Miseldine), In Information Security Conference (ISC 2015), pages 102--119, Volume 9290 of Lecture Notes in Computer Science, Springer, 2015. [bib] [pdf] |
| [121] | DroidSearch: A Powerful Search Engine for Android Applications (Siegfried Rasthofer, Steven Arzt, Max Kolhagen, Brian Pfretzschner, Stephan Huber, Eric Bodden, Philipp Richter), In 2015 Science and Information Conference (SAI), 2015. [bib] [pdf] |
| [120] | jäk: Using Dynamic Analysis to Crawl and Test Modern Web Applications (Giancarlo Pellegrino, Constantin Tschürtz, Eric Bodden, Christian Rossow), In Research in Attacks, Intrusions, and Defenses (RAID), pages 295--316, Lecture Notes in Computer Science, Springer International Publishing, 2015. [bib] [pdf] |
| [119] | Dynamically Provisioning Isolation in Hierarchical Architectures (Kevin Falzon, Eric Bodden), In Information Security (Javier Lopez, Chris J. Mitchell, eds.), pages 83--101, Volume 9290 of Lecture Notes in Computer Science, Springer International Publishing, 2015. Awarded: Best Student Paper Award [bib] [pdf] [doi] |
| [118] | Mining Apps for Abnormal Usage of Sensitive Data (Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, Eric Bodden), In 2015 International Conference on Software Engineering (ICSE), pages 426--436, 2015. Awarded: Best paper award at the 2016 Spanish Cybersecurity Days (Jornadas Nacionales de Investigación en Ciberseguridad) [bib] [pdf] |
| [117] | IccTA: Detecting Inter-Component Privacy Leaks in Android Apps (Li Li, Alexandre Bartel, Tegawende F. Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, Patrick McDaniel), In 2015 International Conference on Software Engineering (ICSE), pages 280--291, 2015. [bib] [pdf] |
| [116] | Incorporating Attacker Capabilities in Risk Estimation and Mitigation (Lotfi ben Othmane, Rohit Ranchal, Ruchith Fernando, Bharat Bhargava, Eric Bodden), In Elsevier Computers & Security, pages 41--61, Volume 51, 2015. [bib] [pdf] |