Home > Publications > Publikationen

Publications of Eric Bodden


Our publications from 2020:



Koch, Thorsten; Dziwok, Stefan; Holtmann, Jörg; Bodden, Eric: Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers. In: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20), Oct 18 - 23, 2020, ACM (more)

Fischer, Andreas; Fuhry, Benny; Kerschbaum, Florian; Bodden, Eric: Computation on Encrypted Data using Dataflow Authentication. In: Privacy Enhancing Technologies Symposium (PETS/PoPETS), July 2020 (more)

Benz, Manuel; Krogh Kristensen, Erik; Luo, Linghui; P. Borges Jr., Nataniel; Bodden, Eric; Zeller, Andreas: Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis. In: International Conference for Software Engineering (ICSE), volume ICSE ’20 , pp. 12, May 2020 Universität Paderborn, ACM (more)

Fischer, Andreas; Janneck, Jonas; Kussmaul, Jörn; Krätzschmar, Nikolas; Kerschbaum, Florian; Bodden, Eric: PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage. In: 2020 IEEE Computer Security Foundations Symposium (CSF), May 2020 (more)

Krüger, Stefan; Ali, Karim; Bodden, Eric: CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs. In: International Symposium on Code Generation and Optimization (CGO), pp. 185-198, Feb 2020 (more)

Knüppel, Alexander; Krüger, Stefan; Thüm, Thomas; Bubel, Richard; Krieter, Sebastian; Bodden, Eric; Schaefer, Ina: Using Abstract Contracts for Verifying Evolving Features and Their Interactions. , pp. 122--148, Springer International Publishing, Cham, 2020 (more)

Gräßler, Iris; Bodden, Eric; Pottebaum, Jens; Geismann, Johannes; Roesmann, Daniel: Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems. In: Advanced, Contemporary Control, Advances in Intelligent Systems and Computing, volume 1196 , pp. 1458--1469, 1 Jan 2020, Springer International Publishing (more)

Nguyen, Lisa; Bodden, Eric: Explaining Static Analysis with Rule Graphs. IEEE Transactions on Software Engineering, Jan 2020 (more)


Our publications from 2019:



Nachtigall, Marcus; Nguyen, Lisa; Bodden, Eric: Explaining Static Analysis - A Perspective. In: 1st International Workshop on Explainable Software (EXPLAIN) at ASE, Nov 2019 (more)

Luo, Linghui; Bodden, Eric; Späth, Johannes: A Qualitative Analysis of Android Taint-Analysis Results. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Nov 2019 (more)

Piskachev, Goran; Nguyen, Lisa; Johnson, Oshando; Bodden, Eric: SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, Nov 2019 (more)

Piskachev, Goran; Petrasch, Tobias; Späth, Johannes; Bodden, Eric: AuthCheck: Program-state Analysis for Access-control Vulnerabilities. In: 10th Workshop on Tools for Automatic Program Analysis (TAPAS), Oct 2019 (more)

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Krüger, Stefan; Bodden, Eric; Nierstrasz, Oscar: The Impact of Developer Experience in Using Java Cryptography. In: ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Emerging Results and Vision Track, pp. 1-6, Sep 2019 (more)

Luo, Linghui; Dolby, Julian; Bodden, Eric: MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors. In: European Conference on Object-Oriented Programming (ECOOP), July 2019 (more)

Stockmann, Lars; Laux, Sven; Bodden, Eric: Architectural Runtime Verification. In: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), pp. 77-84, Mar 2019 (more)

Albert Gorski Iii, Sigmund; Andow, Benjamin; Nadkarni, Adwait; Manandhar, Sunil; Enck, William; Bodden, Eric; Bartel, Alexandre: ACMiner: Extraction and Analysis of Authorization Checks in Android s Middleware. In: ACM Conference on Data and Application Security and Privacy (CODASPY 2019), 2019 (more)

Schubert, Philipp; Leer, Richard; Hermann, Ben; Bodden, Eric: Know Your Analysis: How Instrumentation Aids Understanding Static Analysis. In: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, SOAP 2019, pp. 8--13, New York, NY, USA, 2019, ACM (more)

Schubert, Philipp; Hermann, Ben; Bodden, Eric: PhASAR: An Inter-Procedural Static Analysis Framework for C/C++. In: Vojnar, Tomas; Zhang, Lijun (eds.) Tools and Algorithms for the Construction and Analysis of Systems, pp. 393-410, Cham, 2019, Springer International Publishing (more)

Späth, Johannes; Ali, Karim; Bodden, Eric: Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems. Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, 3(POPL): pp. 48:1--48:29, Jan 2019 (more)

Dann, Andreas; Hermann, Ben; Bodden, Eric: ModGuard: Identifying Integrity Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering: pp. 1-1 2019 (more)

Dann, Andreas; Hermann, Ben; Bodden, Eric: SootDiff: Bytecode Comparison Across Different Java Compilers. In: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, SOAP 2019, pp. 14--19, New York, NY, USA, 2019, ACM (more)

Krüger, Stefan; Späth, Johannes; Ali, Karim; Bodden, Eric; Mezini, Mira: CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering: pp. 1-1, Jan 2019 (more)


Our publications from 2018:



Pauck, Felix; Bodden, Eric; Wehrheim, Heike: Do Android Taint Analysis Tools Keep their Promises?. In: ESEC/FSE 2018: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, Nov 4 - 9, 2018 (more)

Nguyen, Lisa; Bodden, Eric: Gamifying Static Analysis. In: ESEC/FSE 2018: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering - New Ideas Track, ESEC/FSE 2018, pp. 714--718, New York, NY, USA, Nov 4 - 9, 2018, ACM (more)

Bodden, Eric: The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them). In: ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), ISSTA '18, pp. 85-93, New York, NY, USA, July 2018, ACM (more)

Krüger, Stefan; Späth, Johannes; Ali, Karim; Bodden, Eric; Mezini, Mira: CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In: European Conference on Object-Oriented Programming (ECOOP), pp. 10:1-10:27, July 2018 (more)

Gerking, Christopher; Schubert, David; Bodden, Eric: Model Checking the Information Flow Security of Real-Time Systems. In: International Symposium on Engineering Secure Software and Systems (ESSoS 2018), number 10953 , pp. 27-43, June 26 - 27, 2018, Springer (more)

Bodden, Eric: Self-adaptive static analysis. In: Proceedings of the 40 International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER '18, pp. 45--48, New York, NY, USA, May 30 - June 1, 2018, ACM (more)

Geismann, Johannes; Gerking, Christopher; Bodden, Eric: Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes. In: Kuhrmann, Marco; O'Connor, Rory V.; Houston, Dan (eds.) International Conference on Software and System Process (ICSSP 2018), pp. 123-127, May 26 - 27, 2018, ACM (more)

Bodden, Eric; Nguyen, Lisa: Explainable Static Analysis. In: Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany., {LNI}, pp. 205-208, Mar 5 - 6, 2018 (more)

Tichy, Matthias; Bodden, Eric; Kuhrmann, Marco; Wagner, Stefan; Steghöfer, Jan-Philipp (eds.) Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany. LNI, volume P-279 , Mar 2018, Gesellschaft fuer Informatik (more)

Nguyen, Lisa; Krüger, Stefan; Hill, Patrick; Ali, Karim; Bodden, Eric: VISUFLOW, a Debugging Environment for Static Analyses. In: International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 1 Jan 2018 (more)

Bodden, Eric: State of the systems security. In: International Conference for Software Engineering (ICSE), Technical Briefing, 2018 (more)

Nguyen, Lisa; Krüger, Stefan; Hill, Patrick; Ali, Karim; Bodden, Eric: Debugging Static Analysis. IEEE Transactions on Software Engineering: pp. 1-1 2018 (more)


Our publications from 2017:



Nguyen, Lisa; Ali, Karim; Livshits, Benjamin; Bodden, Eric; Smith, Justin; Murphy-Hill, Emerson: Just-in-Time Static Analysis. In: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 207, pp. 307--317, New York, NY, USA, Nov 4 - 9, 2017, ACM (more)

Krüger, Stefan; Nadi, Sarah; Reif, Michael; Ali, Karim; Mezini, Mira; Bodden, Eric: CogniCrypt: Supporting Developers in using Cryptography. In: International Conference on Automated Software Engineering (ASE 2017), Tool Demo Track, Oct 31 - Nov 2, 2017 ACM (more)

Gerking, Christopher; Bodden, Eric; Schäfer, Wilhelm: Industrial Security by Design - Nachverfolgbare Informationssicherheit für Cyber-Physische Produktionssysteme. In: Maier, Günter W.; Engels, Gregor; Steffen, Eckhard (eds.) Handbuch Gestaltung digitaler und vernetzter Arbeitswelten, Springer Reference Psychologie Springer, Berlin/Heidelberg, Oct 2017 (more)

Späth, Johannes; Ali, Karim; Bodden, Eric: IDEal: Efficient and Precise Alias-aware Dataflow Analysis. In: 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), Oct 2017, ACM Press (more)

Krüger, Stefan; Späth, Johannes; Ali, Karim; Bodden, Eric; Mezini, Mira: CrySL: Validating Correct Usage of Cryptographic APIs. 1710.00564, Oct 2017 (more)

Lillack, Max; Kästner, Christian; Bodden, Eric: Tracking Load-time Configuration Options. IEEE Transactions on Software Engineering, PP(99): pp. 1-1, Sep 2017 (more)

Ben Othmane, Lotfi; Chehrazi, Golriz; Bodden, Eric; Tsalovski, Petar; Brucker, Achim D.: Time for Addressing Software Security Issues: Prediction Models and Impacting Factors. Data Science and Engineering, 2(2): pp. 107--124, June 2017 (more)

Arzt, Steven; Rasthofer, Siegfried; Bodden, Eric: The Soot-based Toolchain For Analyzing Android Apps. In: IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), May 2017 ACM, ACM Press (more)

Holzinger, Philipp; Hermann, Ben; Lerch, Johannes; Bodden, Eric; Mezini, Mira: Hardening Java's Access Control by Abolishing Implicit Privilege Elevation. In: 2017 IEEE Symposium on Security and Privacy (Oakland S&P), May 2017 IEEE, IEEE Press (more)

Nguyen, Lisa; Ali, Karim; Livshits, Benjamin; Bodden, Eric; Smith, Justin; Murphy-Hill, Emerson: Cheetah: Just-in-Time Taint Analysis for Android Apps. In: International Conference for Software Engineering (ICSE), Tool Demonstrations Track, May 2017 (more)

Nadi, Sarah; Krüger, Stefan; Mezini, Mira; Bodden, Eric: \"Jumping Through Hoops\": Why do Java Developers Struggle With Cryptography APIs?. In: Jürjens, Jan; Schneider, Kurt (eds.) Software Engineering 2017, Fachtagung des GI-Fachbereichs Softwaretechnik, 21.-24. Februar 2017, Hannover, Deutschland, {LNI}, volume {P-267} , pp. 57, 2017, {GI} (more)


Our publications from 2016:



Rasthofer, Siegfried; Arzt, Steven; Bodden, Eric; Miltenberger, Marc: Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen. Datenschutz und Datensicherheit: pp. 718-722, Nov 2016 (more)

Holzinger, Philipp; Triller, Stefan; Bartel, Alexandre; Bodden, Eric: An In-Depth Study of More Than Ten Years of Java Exploitation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, pp. 779-790, Vienna, Austria, Oct 24 - 28, 2016 (more)

Bodden, Eric; Eichberg, Michael; I Pun, Ka; Steffen, Martin; Stolz, Volker; Wickert, Anna-Katharina: Don't let data Go astray - A Context-Sensitive Taint Analysis for Concurrent Programs in Go. In: Nordic Workshop on Programming Theory (NWPT'16), Oct 2016 (more)

Follner, Andreas; Bartel, Alexandre; Peng, Hui; Chang, Yu-Chen; Ispoglou, Kyriakos; Payer, Mathias; Bodden, Eric: PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution. In: International Workshop on Security and Trust Management (STM), pp. 212-228, Sep 26 - 27, 2016 (more)

Nguyen, Lisa; Ali, Karim; Livshits, Benjamin; Bodden, Eric; Smith, Justin; Murphy-Hill, Emerson: Just-in-Time Static Analysis. , Aug 2016 (more)

Follner, Andreas; Bodden, Eric: ROPocop - Dynamic Mitigation of Code-Reuse Attacks. Journal of Information Security and Applications, 29: pp. 16-26, Aug 2016 (more)

Späth, Johannes; Nguyen, Lisa; Ali, Karim; Bodden, Eric: Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java. In: European Conference on Object-Oriented Programming (ECOOP), July 17 - 22, 2016 (more)

Arzt, Steven; Kussmaul, Tobias; Bodden, Eric: Towards Cross-Platform Cross-Language Analysis with Soot. In: Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, SOAP 2016, pp. 1-6, June 2016 (more)

Nguyen, Lisa; Eichberg, Michael; Bodden, Eric: Toward an Automated Benchmark Management System. In: Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, SOAP 2016, pp. 13-17, June 2016 (more)

Nadi, Sarah; Krüger, Stefan; Mezini, Mira; Bodden, Eric: Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?. In: International Conference for Software Engineering (ICSE), pp. 935-946, May 2016 (more)

Bodden, Eric; I Pun, Ka; Steffen, Martin; Stolz, Volker; Wickert, Anna-Katharina: Information Flow Analysis for Go. In: Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part I, pp. 431-445, May 2016 (more)

Arzt, Steven; Bodden, Eric: StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework. In: International Conference for Software Engineering (ICSE), May 2016 (more)

Follner, Andreas; Bartel, Alexandre; Bodden, Eric: Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality. In: International Symposium on Engineering Secure Software and Systems (ESSoS), Apr 2016 (more)

Falzon, Kevin; Bodden, Eric: Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels. In: Piessens, Frank; Viganò, Luca (eds.) Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2--8, 2016, Proceedings, pp. 116-138, Berlin, Heidelberg, Apr 2016, Springer (more)

Rasthofer, Siegfried; Arzt, Steven; Miltenberger, Marc; Bodden, Eric: Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. In: Network and Distributed System Security Symposium (NDSS), Feb 2016 (more)

Eling, Nicole; Rasthofer, Siegfried; Bodden, Eric; Buxmann, Peter: Investigating Users' Reaction to Fine-Grained Data Requests: A Market Experiment. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 3666-3675, Jan 2016 (more)