| [115] | (In)Security of Backend-as-a-Service (Steven Arzt Robert Hahn Max Kohlhagen Eric Bodden Siegfried Rasthofer), In blackhat europe 2015, 2015. [bib] [pdf] |
| [114] | Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis With Unbounded Access Paths (Johannes Lerch, Johannes Späth, Eric Bodden, Mira Mezini), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2015), pages 619--629, 2015. [bib] [pdf] |
| [113] | Sicherheitsanalyse TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Bundesamt für Sicherheit in der Informationstechnik, 2015. [bib] [pdf] |
| [112] | Security Analysis of TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Federal Office for Information Security, 2015. [bib] [pdf] |
| [111] | Time for Addressing Software Security Issues: Prediction Models and Impacting Factors (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker), Technical report TUD-CS-2015-1268, EC SPRIDE, 2015. [bib] |
| [110] | Toward a Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Eric Bodden, Benjamin Livshits), Technical report TUD-CS-2015-1167, EC SPRIDE, 2015. [bib] [pdf] |
| [109] | An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), Technical report TUD-CS-2015-0065, EC SPRIDE, 2015. [bib] [pdf] |
| [108] | Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), Technical report TUD-CS-2015-0031, EC SPRIDE, 2015. [bib] [pdf] |
| [107] | Towards Secure Integration of Cryptographic Software (Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, Sebastian Erdweg, Mira Mezini), In 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), pages 1--13, Onward! 2015, ACM, 2015. [bib] [pdf] [doi] |
| [106] | Join Point Interfaces for Safe and Flexible Decoupling of Aspects (Eric Bodden, Éric Tanter, Milton Inostroza), In ACM Trans. Softw. Eng. Methodol., pages 7:1--7:41, 23(1), 2014. [bib] [pdf] [doi] |
| [105] | TS4J: A Fluent Interface for Defining and Computing Typestate Analyses (Eric Bodden), In 3rd ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2014), 2014. [bib] [pdf] |
| [104] | Special Section on Runtime Verification and Analysis, (Eric Bodden, Shahar Maoz, eds.), Transactions on Aspect-Oriented Software Development (TAOSD), Springer, 2014. (To appear) [bib] |
| [103] | Reviser: Efficiently Updating IDE-/IFDS-based Data-flow Analyses in Response to Incremental Program Changes (Steven Arzt, Eric Bodden), In Proceedings of the 36th International Conference on Software Engineering, pages 288--298, 2014. [bib] [pdf] |
| [102] | A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (Siegfried Rasthofer, Steven Arzt, Eric Bodden), In 2014 Network and Distributed System Security Symposium (NDSS), 2014. [bib] [pdf] |
| [101] | Tracking Load-time Configuration Options (Max Lillack, Christian Kästner, Eric Bodden), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), pages 445--456, 2014. [bib] [pdf] [doi] |
| [100] | Zertifizierte Datensicherheit für mobile Anwendungen (Karsten Sohr, Steffen Bartsch, Melanie Volkamer, Bernhard Berger, Eric Bodden, Achim Brucker, Sönke Maseberg, Mehmet Kus, Jens Heider), In GI Sicherheit 2014, 2014. [bib] [pdf] |
| [99] | Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock Phones (Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden), In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones &\38; Mobile Devices, pages 21--26, SPSM '14, ACM, 2014. [bib] [pdf] [doi] |
| [98] | Variational Data Structures: Exploring Trade-Offs in Computing with Variability (Eric Walkingshaw, Christian Kästner, Martin Erwig, Sven Apel, Eric Bodden), In Onward! 2014, pages 213--226, 2014. [bib] [pdf] |
| [97] | FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel), In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 259--269, PLDI '14, ACM, 2014. Awarded: Artifact Evaluation Award [bib] [pdf] [doi] |
| [96] | FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases (Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini), In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 98--108, FSE 2014, ACM, 2014. [bib] [pdf] |
| [95] | DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android (Steven Arzt, Siegfried Rasthofer, Enrico Lovat, Eric Bodden), In International Conference on Availability, Reliability and Security (ARES 2014), pages 40--49, IEEE, 2014. [bib] [pdf] |
| [94] | Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis (Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, Yves Le Traon), In USENIX Security Symposium 2013, 2013. [bib] [pdf] |
| [93] | Automated API Property Inference Techniques (Martin P. Robillard, Eric Bodden, David Kawrykow, Mira Mezini, Tristan Ratchford), In IEEE Trans. Softw. Eng., pages 613--637, 39(5), 2013. [bib] [pdf] [doi] |
| [92] | SPLLIFT: statically analyzing software product lines in minutes instead of years (Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini), In Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation (PLDI), pages 355--364, 2013. [bib] [pdf] |
| [91] | Entwicklung sicherer Software durch Security by Design (Michael Waidner, Michael Backes, Jörn Müller-Quade, Eric Bodden, Markus Schneider, Michael Kreutzer, Mira Mezini, Christian Hammer, Andreas Zeller, Dirk Achenbach, Matthias Huber, Daniel Kraschewski), (Michael Waidner, Michael Backes, Jörn Müller-Quade, eds.), SIT TECHNICAL REPORTS, Fraunhofer Verlag, 2013. (ISBN: 978-3-8396-0567-7) [bib] [pdf] |