Publications at scientific conferences
WasmA: A Static WebAssembly Analysis Framework for Everyone
Breitfelder, Florian; Roth, Tobias; Baumgärtner, Lars; Mezini, Mira
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023
Evaluating and Improving transformers pre trained on ASTs for Code Completion
Ochs, Marcel Ochs; Narasimhan,Krishna; Mezini, Mira
2023 IEEE 30nd International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2023
Negative Results of Fusing Code and Documentation for Learning to Accurately Identify Sensitive Source and Sink Methods An Application to the Android Framework for Data Leak Detection
Samhi, Jordan; Kober, Maria; Kabore, Abdoul Kader; Arzt, Steven; Bissyandé, Tegawendé F; Klein, Jacques
arXiv preprint arXiv:2301.03207, 2023
CiFi: Versatile Analysis of Class and Field Immutability
Roth, Tobias; Helm, Dominik; Reif, Michael; Mezini, Mira
Software Engineering 2022, 2022, p.81-82
Security code smells in apps: are we getting better?
Arzt, Steven
Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2022, p.245-255
Towards Automatically Generating Security Analyses from Machine-Learned Library Models
Kober, Maria; Arzt, Steven
Computer Security – ESORICS 2021, 2021
User-Centered Design of Visualizations for Software Vulnerability Reports
Reynolds, Steven Lamarr; Mertz, Tobias; Arzt, Steven; Kohlhammer, Jörn
2021 IEEE Symposium on Visualization for Cyber Security (VizSec), 2021, p.1-11
Dealing with Variability in API Misuse Specification
Bonifacio, Rodrigo; Krüger, Stefan; Narasimhan, Krishna; Bodden, Eric; Mezini, Mira
European Conference on Object-Oriented Programming (ECOOP), 2021
A Systematic Hardening of Java’s Information Hiding
Holzinger, Philipp; Bodden, Eric
Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems (ASSS ’21), 2021
Security and Quality: Two Sides of the Same Coin?
Arzt, Steven
Proceedings of the 10th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 21), 2021
Tracing Contacts With Mobile Phones to Curb the Pandemic: Topics and Stances in People’s Online Comments About the Official German Contact-Tracing App
Arzt, Steven; Poller, Andreas; Vallejo, Gisela
Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, 2021, p.1-7
Sustainable Solving: Reducing The Memory Footprint of IFDS-Based Data Flow Analyses Using Intelligent Garbage Collection
Arzt, Steven
2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, p.1098-1110
Versatile Analysis of Class and Field Immutability
Roth, Tobias; Helm, Dominik; Reif, Michael; Mezini, Mira
36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021
DFarm: massive-scaling dynamic Android app analysis on real hardware
Miltenberger, Marc; Gerding, Julien; Guthmann, Jens; Arzt, Steven
Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems, 2020, p.12-15
Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Glanz, Leonid; Müller, Patrick; Baumgärtner, Lars; Reif, Michael; Amann, Sven; Anthonysamy, Pauline; Mezini, Mira
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, 2020, p.694–707
A Programming Model for Semi-implicit Parallelization of Static Analyses
Dominik Helm; Florian Kübler; Jan Thomas Kölzer; Philipp Haller; Michael Eichberg; Guido Salvaneschi; Mira Mezini
ISSTA 20: 29th SIGSOFT International Symposium on Software Testing and Analysis, 2020, p.428-439
Modular Collaborative Program Analysis in OPAL
Helm, Dominik; Kübler, Florian; Reif, Michael; Eichberg, Michael; Mezini, Mira
Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, p.184–196
Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild
Johannes Lauinger; Lars Baumgärtner; Anna-Katharina Wickert; Mira Mezini
Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2020, p.410-417
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Lars Baumgärtner; Alexandra Dmitrienko; Bernd Freisleben; Alexander Gruler; Jonas Höchst; Joshua Kühlberg; Mira Mezini; Richard Mitev; Markus Miettinen; Anel Muhamedagic; Thien Duc Nguyen; Alvar Penning; Dermot Frederik Pustelnik; Filipp Roos; Ahmad-Reza Sadeghi; Michael Schwarz; Christian Uhl
19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, December 29, 2020 - January 1, 2021, 2020, p.458-467
TACAI: An Intermediate Representation Based on Abstract Interpretation
Reif, Michael; Kübler, Florian; Helm, Dominik; Hermann, Ben; Eichberg, Michael; Mezini, Mira
Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2020, p.2-7
A Dataset of Parametric Cryptographic Misuses
Anna-Katharina Wickert; Michael Reif; Michael Eichberg; Anam Dodhy; Mira Mezini
2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), 2019
Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs
Reif, Michael; Kübler, Florian; Eichberg, Michael; Helm, Dominik; Mezini, Mira
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019, p.251–261
PhD Theses
Michael Reif
TU Darmstadt, doctorates 2021
Novel Approaches to Systematically Evaluating and Constructing Call Graphs for Java Software
Leo Glanz
TU Darmstadt, doctorates 2020
Automatic Identification and Recovery of Obfuscated Android Apps
Philipp Holzinger
Fraunhofer SIT, doctorates 2019
A systematic analysis and hardening of the Java security architecture
Publications at industry conferences
Author | Title | Place of Publications | Date |
Stephan Huber, Philipp Roskosch | I'm on your phone, listening - Attacking VoIP Configuration Interfaces | DefCon 27 | 2019 |
Philipp Roskosch, Stephan Huber | Dial V for Vulnerable: Attacking VoIP Phones | 44con | 2019 |
Talks
Workshop „Vergabe – einfach und sicher?!“ des Hessischen Ministeriums des Innern und für Sport
„Cybersicherheit in der Leistungsbeschreibung“
Talk by Dr. Steven Arzt on 14.09.2021
Workshop „Digitale Souveränität“ des Hessischen Ministeriums des Innern und für Sport
„Security by Design - Wo stehen wir?”
Talk by Dr. Steven Arzt on 27.08.2021
ESEC/FSE 2021
"Programming and Execution Models for Next Generation Code Intelligence Systems"
Keynote by Prof. Mira Mezini on 25.08.2021
WeAreDevelopers World Congress ´21
"Automated Software Security Analysis – Presented by the Digital Hub Initiative"
Talk by Dr. Steven Arzt on 30.06.2021
Convent Cybersecurity Webcast Series
„Risiko Cyberattacke. Es kann jedes Unternehmen treffen – auch Ihres. Gezielt vorbeugen, richtig reagieren."
Talk by Dr. Steven Arzt on 10.07.2021
Talk on YouTube
Videos
Cryptographic Misuse Detection with CogniCrypt/CrySL
In both private and corporate contexts, more and more personal and confidential data is being communicated via the Internet and processed using software. This also increases the demands on developers to make their applications as secure as possible, for example, with cryptographic solutions such as encryption or digital signature schemes. However, studies show that developers frequently have problems using cryptographic libraries correctly and securely. This results in software not implementing the intended security. To help developers use cryptographic libraries correctly and securely, the Collaborative Research Center CROSSING has developed CogniCrypt.
Tutorial: CogniCrypt basics, and how to integrate your own Crypto APIs into CognICrypt
CogniCrypt is framework to detect API misuses, and generate example correct uses of API, specifically Cryptographic APIs. CogniCrypt is extensible, meaning you can integrate your own crypto APIs into CogniCrypt. In this tutorial, we will look at some of the basics of CogniCrypt, and how to contribute extensions to the framework if you have your own custom API whose misuse detection, sample code generation you would like users to get access to. © Video: Dr. Krishna Narasimhan, TU Darmstadt
CogniCrypt Integration PRNG Combiner: Misuse Detection Tutorial
Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de.
CogniCrypt Code Analysis Tutorial on the post-quantum signature scheme qTESLA
Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit www.cognicrypt.de. CogniCrypt started as a project in CROSSING, which is a Collaborative Research Center at the Technical University of Darmstadt and funded by the German Research Foundation.