A Modular Soundness Theory for the Blackboard Analysis Architecture
Sven Keidel; Dominik Helm; Tobias Roth; Mira Mezini
33rd European Symposium on Programming, 2024 (forthcoming)

Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
Anna-Katharina Wickert; Michael Schlichtig; Marvin Vogel; Lukas Winter; Mira Mezini; Eric Bodden
2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, 2024 (forthcoming)

Total Recall? How Good are Static Call Graphs Really?
Dominik Helm; Sven Keidel; Anemone Kampkötter; Johannes Düsing; Tobias Roth; Ben Hermann; Mira Mezini
33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (forthcoming)

Unimocg: Modular Call-Graph Algorithms for Consistent Handling of Language Features
Dominik Helm; Tobias Roth; Sven Keidel; Michael Reif; Mira Mezini
33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (forthcoming)

Adaptive Rational Activations to Boost Deep Reinforcement Learning
Quentin Delfosse; Patrick Schramowski; Martin Mundt; Alejandro Molina; Kristian Kersting
International Conference on Learning Representations (ICLR), 2024

Precisely Extracting Complex Variable Values from Android Apps
Marc Miltenberger; Steven Arzt
ACM Trans. Softw. Eng. Methodol., 2024

ValBench: Benchmarking Exact Value Analysis
Marc Miltenberger; Steven Arzt
Proceedings of the 13th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2024, p.45-51

Benchmarking the Benchmarks
Marc Miltenberger; Steven Arzt; Philipp Holzinger; Julius Näumann
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, 2023, p.387-400

Boosting Object Representation Learning via Motion and Object Continuity
Quentin Delfosse; Wolfgang Stammer; Thomas Rothenbacher; Dwarak Vittal; Kristian Kersting
European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML), 2023

Evaluating and Improving transformers pre trained on ASTs for Code Completion
Marcel Ochs; Krishna Narasimhan; Mira Mezini
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023

Extensible and Scalable Architecture for Hybrid Analysis
Marc Miltenberger; Steven Arzt
Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2023, p.34-39

Interpretable and Explainable Logical Policies via Neurally Guided Symbolic Abstraction
Quentin Delfosse; Hikaru Shindo; Devendra Singh Dhami; Kristian Kersting
Advances in Neural Information Processing (NeurIPS), 2023

Negative Results of Fusing Code and Documentation for Learning to Accurately Identify Sensitive Source and Sink Methods An Application to the Android Framework for Data Leak Detection
Jordan Samhi; Maria Kober; Abdoul Kader Kabore; Steven Arzt; Tegawendé F Bissyandé; Jacques Klein
arXiv preprint arXiv:2301.03207, 2023

Sensitive and Personal Data: What Exactly Are You Talking About?
Maria Kober; Jordan Samhi; Steven Arzt; Tegawendé F Bissyandé; Jacques Klein
2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2023, p.70-74

UNGOML: Automated Classification of unsafe Usages in Go
Anna-Katharina Wickert; Clemens Damke; Lars Baumgärtner; Eyke Hüllermeier; Mira Mezini
2023 IEEE/ACM 20th International Conference on Mining Software Repositories, 2023

WasmA: A Static WebAssembly Analysis Framework for Everyone
Florian Breitfelder; Tobias Roth; Lars Baumgärtner; Mira Mezini
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023

CiFi: Versatile Analysis of Class and Field Immutability
Tobias Roth; Dominik Helm; Michael Reif; Mira Mezini
Software Engineering 2022, 2022, p.81-82

Security code smells in apps: are we getting better?
Steven Arzt
Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2022, p.245-255

To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild
Anna-Katharina Wickert; Lars Baumgärtner; Michael Schlichtig; Krishna Narasimhan; Mira Mezini
2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2022, p.315-322

A Systematic Hardening of Java’s Information Hiding
Philipp Holzinger; Eric Bodden
Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems (ASSS ’21), 2021

Dealing with Variability in API Misuse Specification
Rodrigo Bonifacio; Stefan Krüger; Krishna Narasimhan; Eric Bodden; Mira Mezini
European Conference on Object-Oriented Programming (ECOOP), 2021

Python Crypto Misuses in the Wild
Anna-Katharina Wickert; Lars Baumgärtner; Florian Breitfelder; Mira Mezini
Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, 2021, p.1-6

Security and Quality: Two Sides of the Same Coin?
Steven Arzt
Proceedings of the 10th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 21), 2021

Sustainable Solving: Reducing The Memory Footprint of IFDS-Based Data Flow Analyses Using Intelligent Garbage Collection
Steven Arzt
2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, p.1098-1110

Towards Automatically Generating Security Analyses from Machine-Learned Library Models
Maria Kober; Steven Arzt
Computer Security – ESORICS 2021, 2021

Tracing Contacts With Mobile Phones to Curb the Pandemic: Topics and Stances in People’s Online Comments About the Official German Contact-Tracing App
Steven Arzt; Andreas Poller; Gisela Vallejo
Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, 2021, p.1-7

User-Centered Design of Visualizations for Software Vulnerability Reports
Steven Lamarr Reynolds; Tobias Mertz; Steven Arzt; Jörn Kohlhammer
2021 IEEE Symposium on Visualization for Cyber Security (VizSec), 2021, p.1-11

Versatile Analysis of Class and Field Immutability
Tobias Roth; Dominik Helm; Michael Reif; Mira Mezini
36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021

A Programming Model for Semi-implicit Parallelization of Static Analyses
Dominik Helm; Florian Kübler; Jan Thomas Kölzer; Philipp Haller; Michael Eichberg; Guido Salvaneschi; Mira Mezini
ISSTA 20: 29th SIGSOFT International Symposium on Software Testing and Analysis, 2020, p.428-439

DFarm: massive-scaling dynamic Android app analysis on real hardware
Marc Miltenberger; Julien Gerding; Jens Guthmann; Steven Arzt
Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems, 2020, p.12-15

Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Leonid Glanz; Patrick Müller; Lars Baumgärtner; Michael Reif; Sven Amann; Pauline Anthonysamy; Mira Mezini
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, 2020, p.694–707

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Lars Baumgärtner; Alexandra Dmitrienko; Bernd Freisleben; Alexander Gruler; Jonas Höchst; Joshua Kühlberg; Mira Mezini; Richard Mitev; Markus Miettinen; Anel Muhamedagic; Thien Duc Nguyen; Alvar Penning; Dermot Frederik Pustelnik; Filipp Roos; Ahmad-Reza Sadeghi; Michael Schwarz; Christian Uhl
19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, December 29, 2020 - January 1, 2021, 2020, p.458-467

Modular Collaborative Program Analysis in OPAL
Dominik Helm; Florian Kübler; Michael Reif; Michael Eichberg; Mira Mezini
Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, p.184–196

TACAI: An Intermediate Representation Based on Abstract Interpretation
Michael Reif; Florian Kübler; Dominik Helm; Ben Hermann; Michael Eichberg; Mira Mezini
Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2020, p.2-7

Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild
Johannes Lauinger; Lars Baumgärtner; Anna-Katharina Wickert; Mira Mezini
Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2020, p.410-417

A Dataset of Parametric Cryptographic Misuses
Anna-Katharina Wickert; Michael Reif; Michael Eichberg; Anam Dodhy; Mira Mezini
2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), 2019

Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs
Michael Reif; Florian Kübler; Michael Eichberg; Dominik Helm; Mira Mezini
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019, p.251–261

Dominik Helm
TU Darmstadt, doctorates 2023
Modular Collaborative Program Analysis

Michael Reif
TU Darmstadt, doctorates 2021
Novel Approaches to Systematically Evaluating and Constructing Call Graphs for Java Software

Leo Glanz
TU Darmstadt, doctorates 2020
Automatic Identification and Recovery of Obfuscated Android Apps

Philipp Holzinger
Fraunhofer SIT, doctorates 2019
A systematic analysis and hardening of the Java security architecture

Workshop „Vergabe – einfach und sicher?!“ des Hessischen Ministeriums des Innern und für Sport
„Cybersicherheit in der Leistungsbeschreibung“
Talk by Dr. Steven Arzt on 14.09.2021

Workshop „Digitale Souveränität“ des Hessischen Ministeriums des Innern und für Sport
„Security by Design - Wo stehen wir?”
Talk by Dr. Steven Arzt on 27.08.2021

ESEC/FSE 2021
"Programming and Execution Models for Next Generation Code Intelligence Systems"
Keynote by Prof. Mira Mezini on 25.08.2021

WeAreDevelopers World Congress ´21
"Automated Software Security Analysis – Presented by the Digital Hub Initiative"
Talk by Dr. Steven Arzt on 30.06.2021

Convent Cybersecurity Webcast Series
„Risiko Cyberattacke. Es kann jedes Unternehmen treffen – auch Ihres. Gezielt vorbeugen, richtig reagieren."
Talk by Dr. Steven Arzt on 10.07.2021
Talk on YouTube

In both private and corporate contexts, more and more personal and confidential data is being communicated via the Internet and processed using software. This also increases the demands on developers to make their applications as secure as possible, for example, with cryptographic solutions such as encryption or digital signature schemes. However, studies show that developers frequently have problems using cryptographic libraries correctly and securely. This results in software not implementing the intended security. To help developers use cryptographic libraries correctly and securely, the Collaborative Research Center CROSSING has developed CogniCrypt.

See on YouTube

CogniCrypt is framework to detect API misuses, and generate example correct uses of API, specifically Cryptographic APIs. CogniCrypt is extensible, meaning you can integrate your own crypto APIs into CogniCrypt. In this tutorial, we will look at some of the basics of CogniCrypt, and how to contribute extensions to the framework if you have your own custom API whose misuse detection, sample code generation you would like users to get access to. © Video: Dr. Krishna Narasimhan, TU Darmstadt

See on YouTube

Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de.

See on YouTube

Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de. CogniCrypt started as a project in CROSSING, which is a Collaborative Research Center at the Technical University of Darmstadt and funded by the German Research Foundation.

See on YouTube