Prof. Dr. Eric Bodden

We have just published online information about our new seminar on Tool-based approaches to Software Security which we will be having this summer.

Cross-posted from SEEBlog

Over the past few years, we have developed and open-sourced a whole range of program-analysis tools surrounding the Soot framework. Are you using Soot or any related tools?

Then please let us know by briefly filling out this form. It will not even take a minute!

This will help us when trying to acquire money with funding agencies and will help you help us keep up the level of support that you have provided so far.

Many thanks in advance!

Cross-posted from SEEBlog

The Deutsche Forschungsgemeinschaft (DFG) has awarded Eric Bodden the Heinz Maier-Leibnitz Price 2014. The Heinz Maier-Leibnitz Prize, named after the physicist and former president of the DFG, is a distinction for young researchers and provides further incentive for excellent achievements in their research work. Every year, up to 10 researchers in Germany are awarded with this price.

More information is available here in German

Cross-posted from SEEBlog

Together with their colleague Stephan Huber from Fraunhofer SIT, Steven Arzt and Siegfried Rasthofer from the SSE group discovered a security issue present in all current versions of Android. As Google now confirmed, the attack vector allows to forbid the future installation of arbitrary Android apps at the choice of the attacker. For instance, it can be used to forbid the installation of the facebook app for basically the entire lifetime of the mobile device until a factory reset has been performed or the issue is fixed manually which, however, requires root access to the device and some expertise in the Android OS.

We tested the attack on Android Version 4.x and 2.3.6. It is likely that this attack affects ALL Android versions, though. We wish to note, though, that this vulnerability was discovered under lab conditions, and that there is currently no indication that the vulnerability is exploited in the wild.

We are currently in contact with the Android security team to fix this problem. A detailed explanation of the attack will be published after a fix is available.

Cross-posted from SEEBlog

Due to author requests, the submission deadline has been postponed by two days. Nevertheless authors will be required to register abstracts by the original deadline, though. See the website for further details.

Third ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2014)

Sponsor: ACM SIGPLAN, co-located with PLDI 2014
When: June 12, 2014 in Edinburgh, UK

Web: http://www.sable.mcgill.ca/soap
Publication: ACM Digital Library

DESCRIPTION
Static and dynamic analysis techniques and tools for the Java language have received widespread attention for a long time. The application domains of these analyses range from core libraries to modern technologies such as web services and Android applications. Over time, analysis frameworks for Java such as Soot and WALA have been developed to better support techniques for optimizing programs, ensuring code quality, and assessing security and compliance.

Sponsored by ACM SIGPLAN, the Soot community brought together its members and other researchers by organizing the International Workshop on the State Of the Art in Java Program Analysis (SOAP) in 2012 and 2013 in conjunction with PLDI. The presentations and discussions helped share new developments and shape new innovations in Java analysis and frameworks with a focus on Soot. The workshops received very positive feedback from Soot contributors and users as well as other SOAP/PLDI attendees. SOAP ’14 will enhance that positive experience with an increased emphasis on contributions from outside the Soot community.

For SOAP 2014, we enthusiastically invite contributions and inspirations from developers and researchers working with Soot or other analysis frameworks. We are particularly interested in exciting framework ideas, innovative designs, and extensions to related languages such as JavaScript (as a client-side complement of server-side Java). The workshop agenda will continue its tradition of lively discussion sessions on extensions to Soot and integrations and synergies between Soot and other frameworks.

FORMAT
The workshop will take one day and will feature an invited talk by a leading member of the Java analysis community (regardless of relationship with Soot), presentations of all accepted refereed papers with plenty of time for discussion, and a lively concluding session for a discussion of the present and future of Soot as well as program analysis for Java in general.

SUBMISSIONS
Submissions should be four to six-page papers in ACM sig-alternate style. Possible submissions include, but are not limited to:
* A report on a novel implementation of a program analysis, with a focus on technical details or optimizations, particularly discussing how Soot or some other system was used
* A report describing an innovative tool built on top of Soot or a similar framework
* A compelling use case for a feature not yet supported by Soot. Such work should provide good examples and an informal design of the proposed feature.
* An idea paper proposing the integration of two or more existing program analyses (which may or may not be based on Soot) to answer interesting novel questions about Java programs. Such papers should focus on the added benefit obtained by the combinations.

PUBLICATION
Accepted papers will appear in the ACM Digital Library. They will also be made available to participants by May 11, 2014.
At least one author of each accepted paper must register as a regular participant and present their paper in person.

IMPORTANT DATES
Paper submissions: March 14, 2014
Notification of authors: April 14, 2014
Submission of camera-ready copies: April 28, 2014
Workshop date: June 12, 2014 (duration: 1 day)

ORGANIZERS
Steven Arzt, European Center for Security and Privacy by Design, Darmstadt, Germany
Raul Santelices, University of Notre Dame, USA

PROGRAM COMMITTEE
Saswat Anand, Stanford University, USA
Alexandre Bartel, University of Luxembourg, Luxembourg
Eric Bodden, Technische Universität Darmstadt, Germany
Laurie Hendren, McGill University, Canada
Uday Khedker, Indian Institute of Technology – Bombay, India
Patrick Lam, University of Waterloo, Canada
Anders Møller, Aarhus University, Denmark
Rahul Purandare, Indraprastha Institute of Information Technology – Delhi, India
Elena Sherman, Boise State University, USA
Oksana Tkachuk, NASA Ames, USA
Dacong Yan, Ohio State University, USA

Cross-posted from SEEBlog

2013 was an exciting year for me. It was the first full year I had with my new set of PhD students who I had hired through EC SPRIDE and through my Emmy Noether Research Group RUNSECURE. Also, 2013 was the year in which I started a cooperative professorship with Fraunhofer SIT – an exciting new challenge with the opportunity to bring academic research into industry. Last but not least it is the first year in which we actually managed to place publications at top security venues such as USENIX Security and NDSS. But let me start from the beginning.

The year started great with our paper on Join Point Interfaces getting accepted into TOSEM. This paper (for now) marks the final word on this research topic, which I had been working on with Eric Tanter and Milton Inostroza from the University of Chile for more than two years.

Just a few days later, we go the notification that our paper SPLLIFT: statically analyzing software product lines in minutes instead of years got accepted into PLDI. This is join work with Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba and Mira Mezini, which I am extremely proud of. Not only could we show in this paper that one can really speed up the execution of IFDS-based static analyses for product lines by several orders of magnitudes in practice, but after further investigation it even seems that our approach even lowers the theoretical complexity of the analysis problem from exponential in the number of features to linear. Expect to see a follow-up implementation on this topic.

In March we then received our Google Faculty Research Award, together with the group of Patrick McDaniel (Penn State) and Yves le Traon (University of Luxembourg). The award will allow us to build a map of how Android applications communicate with one another. The project has already lead to some much-cited publications. Our USENIX paper is on a static-analysis tool called EPICC, which is able to resolve intend-based inter-component communication in Android in most cases. In other words, the tool will tell you which app(s) a given intent-call site in a given app might call. FlowDroid has gotten at least just as much attention. FlowDroid is our static taint-analysis tool for Android. It seems to be the most precise and efficient Android taint-analysis tool out there, and most importantly it is the only one that is actually available as open source. We open sourced FlowDroid after having to learn the hard way that no other research tools were actually available. Since making FlowDroid available online it has been used and extended by multiple research groups. The FlowDroid paper, unfortunately, is still waiting to be published. Apparently, PCs at security conferences prefer papers with weak tools but big data over papers with sophisticated tools and a careful evaluation…

Another work we did manage to place at a security conference, though, namely our work on SuSi, our new machine-learning approach for inferring sources and sinks for Android taint analyses, a project headed by my PhD students Siegfried Rasthofer and Siegfried Arzt. This approach addresses the fundamental problem that no matter which taint analysis you use, it is going to be only as effective as your source and sink specifications. As we found, for all existing taint analyses these specifications are largely incomplete, and thus all those tools can be bypassed with ease. SuSi determines and even categorizes relevant sources and sinks with 95% accuracy, which solves the problem to a large extend. In practice we use SuSi in combination with FlowDroid. And just as FlowDroid also SuSi is open source.

Another project that got a lot of attention is DroidBench, our benchmark suite for testing the effectiveness of taint analyses for Android applications. DroidBench is open source, and as we hoped people have started to extend it and to pick it up for testing their security analysis tools.

Another recent and still unpublished work by my PhD student Andreas Follner is ROPocop, our new approach to defending against buffer-overflow attacks based on return-oriented programming. The approach word on X86 Windows binaries, through dynamic binary instrumentation. ROPocop applies a well tuned heuristic to detect ROP attacks with great accuracy (and no false alarms in our tests).

Also, Kevin Falzon presented a paper on Distributed Finite-State Runtime Monitoring with Aggregated Events at this year’s RV conference. Hi work is quite exciting in scenarios where one tries to implement distributive runtime monitoring with high loads. Kevin’s work evaluates to what extend one may aggregate events before submitting them to a centralized monitor such that one can speed up the overall monitoring process.

Steven Arzt further developed Reviser, an approach for automatically incrementalizing IFDS/IDE-based static analyses. As we could show, using incremental evaluation of program updates, one can often save about 80% of re-computation time. This work is currently under submission.

Last but not least, our Future-Security paper on Reducing human factors in software security architectures investigates several software security architectures including Java, .NET, JavaScript, etc. and to what extent they are prone to human error. This is join work with Ben Hermann, Johannes Lerch and Mira Mezini. The four of us are also currently working on a static analysis to detect security vulnerabilities in the Java Runtime Library. On this topic we just got awarded an Oracle Collaborative Research Grant. Thanks a lot to Michael Haupt, Cristina Cifuentes and Andrew Gross for supporting this initiative!

So much about 2013, but what’s to be expected from 2014? Well, in this summer I won an Attract Grant to establish a new research group at Fraunhofer SIT, so my first task will be to staff this group with some highly skilled people – not an easy undertaking in today’s job market. The goal of this group will be to make static analysis really work in practice, and we will go through all it takes to make this happen. We have already been targeting this goal for about a year now, and it has already yielded some very exciting research problems. So stay tuned for more. Until then I wish you all some wonderful Christmas Holidays and a happy and successful 2014!

Cross-posted from SEEBlog

FOAL: Foundations of Aspect-Oriented Languages

Paper Submission Deadline: Jan 26th, 2014

A one day workshop affiliated with MODULARITY’14 at the University of Lugano (USI), Switzerland on April 22, 2014.

THEMES AND GOALS

FOAL is a forum for research in foundations of aspect-oriented and other advanced separation of concern mechanisms. Areas of interest include but are not limited to:

• Semantics of advanced separation of concern mechanisms,
• Specification and verification for languages with such mechanisms
• Type systems,
• Static analysis,
• Theory of testing,
• Theory of composition,
• Theory of translation (compilation) and rewriting,
• Comparison of different advanced modularization and separation of concern mechanisms.

The workshop aims to foster work in foundations, including formal studies, promote the exchange of ideas, and encourage workers in the semantics and formal methods communities to consider advanced separation of concern mechanisms. All theoretical and foundational studies of this topic are welcome. Even though the workshop title contains the term “aspect-oriented”, the workshop is not limited to aspect-oriented programming languages, but welcomes topics on other advanced separation of concern mechanisms such as feature-oriented or context-oriented programming.

The goals of FOAL are to:

• Make progress on the foundations of aspect-oriented and other advanced separation of concern mechanisms.
• Exchange ideas about semantics and formal methods for aspect-oriented and other languages with advanced separation of concerns.
• Foster interest within the programming language theory and types communities in languages with advanced separation of concerns.
• Foster interest within the formal methods community in aspect-oriented programming and other advanced separation of concern mechanisms, and the problems of reasoning about them.

WORKSHOP FORMAT

The planned workshop format is primarily presentation of papers and group discussion. Talks will come in two categories: regular (25 minutes plus 5 minutes of discussion) and short (7 minutes plus 3 minutes of discussion). The short talks will allow for presentations of topics for which results are not yet available, perhaps for researchers who are seeking feedback on ideas or seek collaborations.

We also plan to ensure sufficient time for discussion of each presentation by limiting the overall number of talks.

SUBMISSIONS

Invitation to the workshop will be based on papers selected by the program committee; those wishing to attend but not having a paper to submit should contact the organizers directly to see if there is sufficient space in the workshop.

FOAL solicits regular and short papers on all areas of formal foundations of advanced separation of concern mechanisms. Submissions will be read by the program committee and designated reviewers. Papers will be selected for regular and short presentation at the workshop based on their length, scientific merit, innovation, readability, and relevance. Papers previously published or already being reviewed by another conference are not eligible. Some papers may not be selected for presentation, and some may be selected for presentation in shorter talks than their paper length would otherwise command. We will limit the length of paper presentations and the number of papers presented to make sure that there is enough time for discussion.

Additional information is available online:
http://www.eecs.ucf.edu/~leavens/FOAL/cfp-2014.shtml

IMPORTANT DATES

• Paper Submission Deadline 23:00 GMT, 26 January 2014
• Notification of Acceptance 16 February 2014
• Final Versions of Papers Due 24 February 2014
• Workshop 22 April 2014
• Call last modified Tuesday, November 19, 2013.

We are pleased to have assembled another exceptional program committee for FOAL this year:

• Eric Bodden (Program Committee Chair)
• Sven Apel — University of Passau
• Paulo Borba — Federal University of Pernambuco
• Somayeh Malakuti — University of Twente
• Cynthia Disenfeld — Technion
• Robert Dyer — Iowa State University
• Marieke Huisman — University of Twente
• Gary T. Leavens — University of Central Florida
• Hidehiko Masuhara — Tokyo Institute of Technology
• Hridesh Rajan — Iowa State University
• Guido Salvaneschi — TU Darmstadt
• Éric Tanter — University of Chile
• Nicolas Tabareau — INRIA

Cross-posted from SEEBlog

In its current edition, the German IT-experts magazine iX is featuring our Android taint-analysis tool FlowDroid.

Cross-posted from SEEBlog

(This article is only available in German. It is about the legal aspects of approaches that try to protect the privacy in mobile apps, with respect to German law).

Zusammen mit Prof. Dr. Alexander Roßnagel und Dr. Philipp Richter (beide juristische Fakultät an der Universität Kassel) haben wir einen Artikel in der DuD (Datenschutz und Datensicherheit) veröffentlicht, der technische Möglichkeiten für den Privatsphärenschutz auf mobilen Geräten auf rechtliche Aspekte hin untersucht.

Abstract:

Cross-posted from SEEBlog