Publications of the Secure Software Engineering Group
Toward an Android Static Analysis Approach for Data Protection
M. Khedkar, E. Bodden, in: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024.
Evaluating Security Through Isolation and Defense in Depth
E. Bodden, J. Pottebaum, M. Fockel, I. Gräßler, IEEE Security & Privacy 22 (2024) 69–72.
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability, 2024.
Model Generation For Java Frameworks
L. Luo, G. Piskachev, R. Krishnamurthy, J. Dolby, M. Schäf, E. Bodden, in: IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023.
Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis
A.P. Shivarpatna Venkatesh, J. Wang, L. Li, E. Bodden, in: IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023.
Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis
K. Karakaya, E. Bodden, in: 2023 IEEE Conference on Software Testing, Verification and Validation (ICST), IEEE, 2023.
Runtime Verification of Crypto APIs: An Empirical Study
A. Torres, P. Costa, L. Amaral, J. Pastro, R. Bonifácio, M. d’Amorim, O. Legunsen, E. Bodden, E. Dias Canedo, IEEE Transactions on Software Engineering 49 (2023) 4510–4525.
Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study
G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023).
Securing Your Crypto-API Usage Through Tool Support - A Usability Study
S. Krüger, M. Reif, A.-K. Wickert, S. Nadi, K. Ali, E. Bodden, Y. Acar, M. Mezini, S. Fahl, in: 2023 IEEE Secure Development Conference (SecDev), IEEE, 2023.
Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security
I. Gräßler, E. Bodden, D. Wiechel, J. Pottebaum, Konstruktion 75 (2023) 60–65.
Static Analysis for Android GDPR Compliance Assurance
M. Khedkar, in: Proceedings of the 45th International Conference on Software Engineering: Companion Proceedings (ICSE ‘23), n.d.
Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale
M. Nachtigall, M. Schlichtig, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 95–96.
Introducing FUM: A Framework for API Usage Constraint and Misuse Classification
M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.
Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
Computation on Encrypted Data Using Dataflow Authentication
A. Fischer, B. Fuhry, J. Kußmaul, J. Janneck, F. Kerschbaum, E. Bodden, ACM Transactions on Privacy and Security 25 (2022) 1–36.
CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite
M. Schlichtig, A.-K. Wickert, S. Krüger, E. Bodden, M. Mezini, CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite, 2022.
A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools
M. Nachtigall, M. Schlichtig, E. Bodden, in: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2022, pp. 532–543.
FUM - A Framework for API Usage constraint and Misuse Classification
M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022, pp. 673–684.
Domain-specific Language for Condition Monitoring Software Development
F. Pasic, M. Becker, in: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, 2022.
Static data-flow analysis for software product lines in C
P. Schubert, P. Gazzillo, Z. Patterson, J. Braha, F. Schiebel, B. Hermann, S. Wei, E. Bodden, Automated Software Engineering 29 (2022).
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
I. Sayar, A. Bartel, E. Bodden, Y. Le Traon, ACM Transactions on Software Engineering and Methodology (2022).
Fluently specifying taint-flow queries with fluentTQL
G. Piskachev, J. Späth, I. Budde, E. Bodden, Empirical Software Engineering 27 (2022) 1–33.
To what extent can we analyze Kotlin programs using existing Java taint analysis tools?
R. Krishnamurthy, G. Piskachev, E. Bodden, (2022).
How far are German companies in improving security through static program analysis tools?
Show all publications
G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, E. Bodden, (2022).