Current projects
Specifiable automated detection of API misuse in CI pipelines
The correct use of APIs is crucial to avoid erroneous and insecure code. Cryptographic APIs are particularly important for data security, but general (all other) APIs must be used correctly to develop secure, high-quality software. To check the secure and correct use of APIs, static analysis tools are used in practice.The "Secure Software ...
Duration: 02/2023 - 08/2024
Funded by: BMBF
SAIL: SustAInable Life-cycle of Intelligent Socio-Technical Systems
Current systems that incorporate AI technology mainly target the introduction phase, where a core component is training and adaptation of AI models based on given example data. SAIL’s focus on the full life-cycle moves the current emphasis towards sustainable long-term development in real life. The joint project SAIL addresses both basic research ...
Duration: 08/2022 - 07/2026
Funded by: MKW NRW
CRC 901 - Automated risk analysis with respect to open-source dependencies (Hektor) (Transfer project T3)
This transfer project builds on top of research from the collaborative research center 901 “On-The-Fly Computing”. It researches how techniques from the quality assurance of services in On-The-Fly service markets can be applied to the pressing problem of securely managing open-source dependencies in large software development ecosystems. ...
Duration: 08/2021 - 09/2024
Funded by: DFG
CROSSING - Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
As part of the DFG Collaborative Research Center 1119, CROSSING, we lead the Secure Integration of Cryptographic Software project. Together with Mira Mezini's Software Technology Group, we are exploring means to support developers in the secure integration of cryptographic libraries.
Duration: 07/2018 - 06/2026
Funded by: DFG