Publications at scientific conferences
A Modular Soundness Theory for the Blackboard Analysis Architecture
Sven Keidel; Dominik Helm; Tobias Roth; Mira Mezini
33rd European Symposium on Programming, 2024 (forthcoming)
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
Anna-Katharina Wickert; Michael Schlichtig; Marvin Vogel; Lukas Winter; Mira Mezini; Eric Bodden
2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, 2024 (forthcoming)
Total Recall? How Good are Static Call Graphs Really?
Dominik Helm; Sven Keidel; Anemone Kampkötter; Johannes Düsing; Tobias Roth; Ben Hermann; Mira Mezini
33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (forthcoming)
Unimocg: Modular Call-Graph Algorithms for Consistent Handling of Language Features
Dominik Helm; Tobias Roth; Sven Keidel; Michael Reif; Mira Mezini
33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (forthcoming)
Adaptive Rational Activations to Boost Deep Reinforcement Learning
Quentin Delfosse; Patrick Schramowski; Martin Mundt; Alejandro Molina; Kristian Kersting
International Conference on Learning Representations (ICLR), 2024
Precisely Extracting Complex Variable Values from Android Apps
Marc Miltenberger; Steven Arzt
ACM Trans. Softw. Eng. Methodol., 2024
ValBench: Benchmarking Exact Value Analysis
Marc Miltenberger; Steven Arzt
Proceedings of the 13th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2024, p.45-51
Benchmarking the Benchmarks
Marc Miltenberger; Steven Arzt; Philipp Holzinger; Julius Näumann
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, 2023, p.387-400
Boosting Object Representation Learning via Motion and Object Continuity
Quentin Delfosse; Wolfgang Stammer; Thomas Rothenbacher; Dwarak Vittal; Kristian Kersting
European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML), 2023
Evaluating and Improving transformers pre trained on ASTs for Code Completion
Marcel Ochs; Krishna Narasimhan; Mira Mezini
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023
Extensible and Scalable Architecture for Hybrid Analysis
Marc Miltenberger; Steven Arzt
Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2023, p.34-39
Interpretable and Explainable Logical Policies via Neurally Guided Symbolic Abstraction
Quentin Delfosse; Hikaru Shindo; Devendra Singh Dhami; Kristian Kersting
Advances in Neural Information Processing (NeurIPS), 2023
Negative Results of Fusing Code and Documentation for Learning to Accurately Identify Sensitive Source and Sink Methods An Application to the Android Framework for Data Leak Detection
Jordan Samhi; Maria Kober; Abdoul Kader Kabore; Steven Arzt; Tegawendé F Bissyandé; Jacques Klein
arXiv preprint arXiv:2301.03207, 2023
Sensitive and Personal Data: What Exactly Are You Talking About?
Maria Kober; Jordan Samhi; Steven Arzt; Tegawendé F Bissyandé; Jacques Klein
2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2023, p.70-74
UNGOML: Automated Classification of unsafe Usages in Go
Anna-Katharina Wickert; Clemens Damke; Lars Baumgärtner; Eyke Hüllermeier; Mira Mezini
2023 IEEE/ACM 20th International Conference on Mining Software Repositories, 2023
WasmA: A Static WebAssembly Analysis Framework for Everyone
Florian Breitfelder; Tobias Roth; Lars Baumgärtner; Mira Mezini
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023
CiFi: Versatile Analysis of Class and Field Immutability
Tobias Roth; Dominik Helm; Michael Reif; Mira Mezini
Software Engineering 2022, 2022, p.81-82
Security code smells in apps: are we getting better?
Steven Arzt
Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2022, p.245-255
To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild
Anna-Katharina Wickert; Lars Baumgärtner; Michael Schlichtig; Krishna Narasimhan; Mira Mezini
2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2022, p.315-322
A Systematic Hardening of Java’s Information Hiding
Philipp Holzinger; Eric Bodden
Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems (ASSS ’21), 2021
Dealing with Variability in API Misuse Specification
Rodrigo Bonifacio; Stefan Krüger; Krishna Narasimhan; Eric Bodden; Mira Mezini
European Conference on Object-Oriented Programming (ECOOP), 2021
Python Crypto Misuses in the Wild
Anna-Katharina Wickert; Lars Baumgärtner; Florian Breitfelder; Mira Mezini
Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, 2021, p.1-6
Security and Quality: Two Sides of the Same Coin?
Steven Arzt
Proceedings of the 10th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 21), 2021
Sustainable Solving: Reducing The Memory Footprint of IFDS-Based Data Flow Analyses Using Intelligent Garbage Collection
Steven Arzt
2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, p.1098-1110
Towards Automatically Generating Security Analyses from Machine-Learned Library Models
Maria Kober; Steven Arzt
Computer Security – ESORICS 2021, 2021
Tracing Contacts With Mobile Phones to Curb the Pandemic: Topics and Stances in People’s Online Comments About the Official German Contact-Tracing App
Steven Arzt; Andreas Poller; Gisela Vallejo
Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, 2021, p.1-7
User-Centered Design of Visualizations for Software Vulnerability Reports
Steven Lamarr Reynolds; Tobias Mertz; Steven Arzt; Jörn Kohlhammer
2021 IEEE Symposium on Visualization for Cyber Security (VizSec), 2021, p.1-11
Versatile Analysis of Class and Field Immutability
Tobias Roth; Dominik Helm; Michael Reif; Mira Mezini
36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021
A Programming Model for Semi-implicit Parallelization of Static Analyses
Dominik Helm; Florian Kübler; Jan Thomas Kölzer; Philipp Haller; Michael Eichberg; Guido Salvaneschi; Mira Mezini
ISSTA 20: 29th SIGSOFT International Symposium on Software Testing and Analysis, 2020, p.428-439
DFarm: massive-scaling dynamic Android app analysis on real hardware
Marc Miltenberger; Julien Gerding; Jens Guthmann; Steven Arzt
Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems, 2020, p.12-15
Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Leonid Glanz; Patrick Müller; Lars Baumgärtner; Michael Reif; Sven Amann; Pauline Anthonysamy; Mira Mezini
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, 2020, p.694–707
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Lars Baumgärtner; Alexandra Dmitrienko; Bernd Freisleben; Alexander Gruler; Jonas Höchst; Joshua Kühlberg; Mira Mezini; Richard Mitev; Markus Miettinen; Anel Muhamedagic; Thien Duc Nguyen; Alvar Penning; Dermot Frederik Pustelnik; Filipp Roos; Ahmad-Reza Sadeghi; Michael Schwarz; Christian Uhl
19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, December 29, 2020 - January 1, 2021, 2020, p.458-467
Modular Collaborative Program Analysis in OPAL
Dominik Helm; Florian Kübler; Michael Reif; Michael Eichberg; Mira Mezini
Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, p.184–196
TACAI: An Intermediate Representation Based on Abstract Interpretation
Michael Reif; Florian Kübler; Dominik Helm; Ben Hermann; Michael Eichberg; Mira Mezini
Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2020, p.2-7
Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild
Johannes Lauinger; Lars Baumgärtner; Anna-Katharina Wickert; Mira Mezini
Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2020, p.410-417
A Dataset of Parametric Cryptographic Misuses
Anna-Katharina Wickert; Michael Reif; Michael Eichberg; Anam Dodhy; Mira Mezini
2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), 2019
Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs
Michael Reif; Florian Kübler; Michael Eichberg; Dominik Helm; Mira Mezini
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019, p.251–261
PhD Theses
Dominik Helm
TU Darmstadt, doctorates 2023
Modular Collaborative Program Analysis
Michael Reif
TU Darmstadt, doctorates 2021
Novel Approaches to Systematically Evaluating and Constructing Call Graphs for Java Software
Leo Glanz
TU Darmstadt, doctorates 2020
Automatic Identification and Recovery of Obfuscated Android Apps
Philipp Holzinger
Fraunhofer SIT, doctorates 2019
A systematic analysis and hardening of the Java security architecture
Publications at industry conferences
Author | Title | Place of Publications | Date |
Stephan Huber, Philipp Roskosch | I'm on your phone, listening - Attacking VoIP Configuration Interfaces | DefCon 27 | 2019 |
Philipp Roskosch, Stephan Huber | Dial V for Vulnerable: Attacking VoIP Phones | 44con | 2019 |
Talks
Workshop „Vergabe – einfach und sicher?!“ des Hessischen Ministeriums des Innern und für Sport
„Cybersicherheit in der Leistungsbeschreibung“
Talk by Dr. Steven Arzt on 14.09.2021
Workshop „Digitale Souveränität“ des Hessischen Ministeriums des Innern und für Sport
„Security by Design - Wo stehen wir?”
Talk by Dr. Steven Arzt on 27.08.2021
ESEC/FSE 2021
"Programming and Execution Models for Next Generation Code Intelligence Systems"
Keynote by Prof. Mira Mezini on 25.08.2021
WeAreDevelopers World Congress ´21
"Automated Software Security Analysis – Presented by the Digital Hub Initiative"
Talk by Dr. Steven Arzt on 30.06.2021
Convent Cybersecurity Webcast Series
„Risiko Cyberattacke. Es kann jedes Unternehmen treffen – auch Ihres. Gezielt vorbeugen, richtig reagieren."
Talk by Dr. Steven Arzt on 10.07.2021
Talk on YouTube
Videos
Cryptographic Misuse Detection with CogniCrypt/CrySL
In both private and corporate contexts, more and more personal and confidential data is being communicated via the Internet and processed using software. This also increases the demands on developers to make their applications as secure as possible, for example, with cryptographic solutions such as encryption or digital signature schemes. However, studies show that developers frequently have problems using cryptographic libraries correctly and securely. This results in software not implementing the intended security. To help developers use cryptographic libraries correctly and securely, the Collaborative Research Center CROSSING has developed CogniCrypt.
Tutorial: CogniCrypt basics, and how to integrate your own Crypto APIs into CognICrypt
CogniCrypt is framework to detect API misuses, and generate example correct uses of API, specifically Cryptographic APIs. CogniCrypt is extensible, meaning you can integrate your own crypto APIs into CogniCrypt. In this tutorial, we will look at some of the basics of CogniCrypt, and how to contribute extensions to the framework if you have your own custom API whose misuse detection, sample code generation you would like users to get access to. © Video: Dr. Krishna Narasimhan, TU Darmstadt
CogniCrypt Integration PRNG Combiner: Misuse Detection Tutorial
Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de.
CogniCrypt Code Analysis Tutorial on the post-quantum signature scheme qTESLA
Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de. CogniCrypt started as a project in CROSSING, which is a Collaborative Research Center at the Technical University of Darmstadt and funded by the German Research Foundation.