Publications at scientific conferences

PhD Theses of our researchers

Publications at industry conferences

Talks by our researchers

Videos by our researchers


Publications at scientific conferences

Towards Automatically Generating Security Analyses from Machine-Learned Library Models
Kober, Maria; Arzt, Steven
Computer Security – ESORICS 2021, 2021

User-Centered Design of Visualizations for Software Vulnerability Reports
Reynolds, Steven Lamarr; Mertz, Tobias; Arzt, Steven; Kohlhammer, Jörn
2021 IEEE Symposium on Visualization for Cyber Security (VizSec), 2021, p.1-11

Sustainable Solving: Reducing The Memory Footprint of IFDS-Based Data Flow Analyses Using Intelligent Garbage Collection
Arzt, Steven
2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, p.1098-1110

Tracing Contacts With Mobile Phones to Curb the Pandemic: Topics and Stances in People’s Online Comments About the Official German Contact-Tracing App
Arzt, Steven; Poller, Andreas; Vallejo, Gisela
Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, 2021, p.1-7

Security and Quality: Two Sides of the Same Coin?
Arzt, Steven
Proceedings of the 10th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 21), 2021

A Systematic Hardening of Java’s Information Hiding
Holzinger, Philipp; Bodden, Eric
Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems (ASSS ’21), 2021

Dealing with Variability in API Misuse Specification
Bonifacio, Rodrigo; Krüger, Stefan; Narasimhan, Krishna; Bodden, Eric; Mezini, Mira
European Conference on Object-Oriented Programming (ECOOP), 2021

Versatile Analysis of Class and Field Immutability
Roth, Tobias; Helm, Dominik; Reif, Michael; Mezini, Mira
36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021

DFarm: massive-scaling dynamic Android app analysis on real hardware
Miltenberger, Marc; Gerding, Julien; Guthmann, Jens; Arzt, Steven
Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems, 2020, p.12-15

Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Glanz, Leonid; Müller, Patrick; Baumgärtner, Lars; Reif, Michael; Amann, Sven; Anthonysamy, Pauline; Mezini, Mira
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, 2020, p.694–707

A Programming Model for Semi-implicit Parallelization of Static Analyses
Dominik Helm; Florian Kübler; Jan Thomas Kölzer; Philipp Haller; Michael Eichberg; Guido Salvaneschi; Mira Mezini
ISSTA 20: 29th SIGSOFT International Symposium on Software Testing and Analysis, 2020, p.428-439

Modular Collaborative Program Analysis in OPAL
Helm, Dominik; Kübler, Florian; Reif, Michael; Eichberg, Michael; Mezini, Mira
Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, p.184–196

Uncovering the Hidden Dangers: Finding Unsafe Go Code in the Wild
Johannes Lauinger; Lars Baumgärtner; Anna-Katharina Wickert; Mira Mezini
Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2020, p.410-417

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Lars Baumgärtner; Alexandra Dmitrienko; Bernd Freisleben; Alexander Gruler; Jonas Höchst; Joshua Kühlberg; Mira Mezini; Richard Mitev; Markus Miettinen; Anel Muhamedagic; Thien Duc Nguyen; Alvar Penning; Dermot Frederik Pustelnik; Filipp Roos; Ahmad-Reza Sadeghi; Michael Schwarz; Christian Uhl
19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, Guangzhou, China, December 29, 2020 - January 1, 2021, 2020, p.458-467

A Dataset of Parametric Cryptographic Misuses
Anna-Katharina Wickert; Michael Reif; Michael Eichberg; Anam Dodhy; Mira Mezini
2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), 2019

Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs
Reif, Michael; Kübler, Florian; Eichberg, Michael; Helm, Dominik; Mezini, Mira
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2019, p.251–261

Publications at industry conferences

Author Title Place of Publications Date
Stephan Huber, Philipp Roskosch I'm on your phone, listening - Attacking VoIP Configuration Interfaces DefCon 27 2019
Philipp Roskosch, Stephan Huber Dial V for Vulnerable: Attacking VoIP Phones 44con 2019


Workshop „Vergabe – einfach und sicher?!“ des Hessischen Ministeriums des Innern und für Sport
„Cybersicherheit in der Leistungsbeschreibung“
Talk by Dr. Steven Arzt on 14.09.2021

Workshop „Digitale Souveränität“ des Hessischen Ministeriums des Innern und für Sport
„Security by Design - Wo stehen wir?”
Talk by Dr. Steven Arzt on 27.08.2021

"Programming and Execution Models for Next Generation Code Intelligence Systems"
Keynote by Prof. Mira Mezini on 25.08.2021

WeAreDevelopers World Congress ´21
"Automated Software Security Analysis – Presented by the Digital Hub Initiative"
Talk by Dr. Steven Arzt on 30.06.2021

Convent Cyber­security Webcast Series
„Risiko Cyberattacke. Es kann jedes Unternehmen treffen – auch Ihres. Gezielt vorbeugen, richtig reagieren."
Talk by Dr. Steven Arzt on 10.07.2021
Talk on YouTube


Cryptographic Misuse Detection with CogniCrypt/CrySL

In both private and corporate contexts, more and more personal and confidential data is being communicated via the Internet and processed using software. This also increases the demands on developers to make their applications as secure as possible, for example, with cryptographic solutions such as encryption or digital signature schemes. However, studies show that developers frequently have problems using cryptographic libraries correctly and securely. This results in software not implementing the intended security. To help developers use cryptographic libraries correctly and securely, the Collaborative Research Center CROSSING has developed CogniCrypt.

See on YouTube

Tutorial: CogniCrypt basics, and how to integrate your own Crypto APIs into CognICrypt

CogniCrypt is framework to detect API misuses, and generate example correct uses of API, specifically Cryptographic APIs. CogniCrypt is extensible, meaning you can integrate your own crypto APIs into CogniCrypt. In this tutorial, we will look at some of the basics of CogniCrypt, and how to contribute extensions to the framework if you have your own custom API whose misuse detection, sample code generation you would like users to get access to. © Video: Dr. Krishna Narasimhan, TU Darmstadt

See on YouTube

CogniCrypt Integration PRNG Combiner: Misuse Detection Tutorial

Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit

See on YouTube

CogniCrypt Code Analysis Tutorial on the post-quantum signature scheme qTESLA

Cognicrypt is an intelligent open-source platform ensuring the secure usage of crypto components. To learn more about CogniCrypt please visit CogniCrypt started as a project in CROSSING, which is a Collaborative Research Center at the Technical University of Darmstadt and funded by the German Research Foundation.

See on YouTube