Publikationen der Fachgruppe Secure Software Engineering
Visualization Task Taxonomy to Understand the Fuzzing Internals
S. Kummita, M. Miao, E. Bodden, S. Wei, ACM Transactions on Software Engineering and Methodology (2025).
Program Feature-Based Benchmarking for Fuzz Testing
M. Miao, S. Kummita, E. Bodden, S. Wei, Proceedings of the ACM on Software Engineering 2 (2025) 527–549.
Pick Your Call Graphs Well: On Scaling IFDS-Based Data-Flow Analyses
K. Karakaya, P. Muthuraman, E. Bodden, in: Proceedings of the 14th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, ACM, 2025.
An Empirical Study of Large Language Models for Type and Call Graph Analysis in Python and JavaScript
A.P. Shivarpatna Venkatesh, R. Sunil, S. Sabu, A.M. Mir, S. Reis, E. Bodden, Empirical Software Engineering 30 (2025).
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden, Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability, 2024.
Evaluating Security Through Isolation and Defense in Depth
E. Bodden, J. Pottebaum, M. Fockel, I. Gräßler, IEEE Security & Privacy 22 (2024) 69–72.
Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems
K. Karakaya, E. Bodden, in: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, ACM, 2024.
Detecting Security-Relevant Methods using Multi-label Machine Learning
O. Johnson, G. Piskachev, R. Krishnamurthy, E. Bodden, in: Proceedings of the 46th International Conference on Software Engineering, IDE Workshop, 2024.
TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools
A.P. Shivarpatna Venkatesh, S. Sabu, J. Wang, A.M. Mir, L. Li, E. Bodden, in: Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings, Association for Computing Machinery, New York, NY, USA, 2024, pp. 49–53.
The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks
A.P. Shivarpatna Venkatesh, S. Sabu, A.M. Mir, S. Reis, E. Bodden, in: Proceedings of the 2024 IEEE/ACM First International Conference on AI Foundation Models and Software Engineering, ACM, 2024.
Toward an Android Static Analysis Approach for Data Protection
M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68., 2024.
Software Security Analysis in 2030 and Beyond: A Research Roadmap
M. Böhme, E. Bodden, T. Bultan, C. Cadar, Y. Liu, G. Scanniello, ACM Transactions on Software Engineering and Methodology (2024).
Do Android App Developers Accurately Report Collection of Privacy-Related Data?
M. Khedkar, A.K. Mondal, E. Bodden, in: In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24), 2024.
Advancing Android Privacy Assessments with Automation
M. Khedkar, M. Schlichtig, E. Bodden, in: In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ’24), 2024.
Tailoring Code Property Graphs to Jimple
M.H.F. Youkeim, Tailoring Code Property Graphs to Jimple, Paderborn University, Paderborn, 2024.
SootUp: A Redesign of the Soot Static Analysis Framework
K. Karakaya, S. Schott, J. Klauke, E. Bodden, M. Schmidt, L. Luo, D. He, in: Tools and Algorithms for the Construction and Analysis of Systems, Springer Nature Switzerland, Cham, 2024.
Java Bytecode Normalization for Code Similarity Analysis
S. Schott, S.E. Ponta, W. Fischer, J. Klauke, E. Bodden, in: 38th European Conference on Object-Oriented Programming (ECOOP 2024), 2024.
Compilation of Commit Changes Within Java Source Code Repositories
S. Schott, W. Fischer, S.E. Ponta, J. Klauke, E. Bodden, in: 2024 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, 2024.
Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications: An Experience Report
F.B. Schiebel, F. Sattler, P.D. Schubert, S. Apel, E. Bodden, in: J. Aldrich, G. Salvaneschi (Eds.), 38th European Conference on Object-Oriented Programming (ECOOP 2024), Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 2024, p. 36:1–36:28.
Runtime Verification of Crypto APIs: An Empirical Study
A. Torres, P. Costa, L. Amaral, J. Pastro, R. Bonifácio, M. d’Amorim, O. Legunsen, E. Bodden, E. Dias Canedo, IEEE Transactions on Software Engineering 49 (2023) 4510–4525.
Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study
G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023).
Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security
I. Gräßler, E. Bodden, D. Wiechel, J. Pottebaum, Konstruktion 75 (2023) 60–65.
Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale
M. Nachtigall, M. Schlichtig, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 95–96.
Introducing FUM: A Framework for API Usage Constraint and Misuse Classification
M. Schlichtig, S. Sassalla, K. Narasimhan, E. Bodden, in: Software Engineering 2023, Gesellschaft für Informatik e.V., Bonn, 2023, pp. 105–106.
Securing Your Crypto-API Usage Through Tool Support - A Usability Study
S. Krüger, M. Reif, A.-K. Wickert, S. Nadi, K. Ali, E. Bodden, Y. Acar, M. Mezini, S. Fahl, in: 2023 IEEE Secure Development Conference (SecDev), IEEE, 2023.
Alle Publikationen anzeigen