Ernst Denert Award for Software Engineering 2022
Practice Meets Foundations
Page
%P
-
Chapter
Ernst Denert Software Engineering Award 2022
The Ernst Denert Award is already existing since 1992, which does not only honor the award winners but also the software engineering field in total. Software engineering is a vivid and intensively extending fi...
-
Chapter and Conference Paper
SootUp: A Redesign of the Soot Static Analysis Framework
Since its inception two decades ago, Soot has become one of the most widely used open-source static analysis frameworks. Over time it has been extended with the contributions of countless researchers. Yet, at the...
-
Book
-
Article
Open AccessCan the configuration of static analyses make resolving security vulnerabilities more effective? - A user study
The use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the fin...
-
Article
Open AccessFluently specifying taint-flow queries with fluentTQL
Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definit...
-
Article
Open AccessStatic data-flow analysis for software product lines in C
Many critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any ...
-
Article
Open AccessTaintBench: Automatic real-world malware benchmarking of Android taint analyses
Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do...
-
Chapter and Conference Paper
Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems
Faults in the realization and usage of cyber-physical systems can cause significant security issues. Attackers might exploit vulnerabilities in the physical configurations, control systems, or accessibility t...
-
Chapter
Industrial Security by Design
Das Zukunftsszenario der Industrie 4.0 ist geprägt durch einen massiven Anstieg der unternehmensübergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten e...
-
Chapter
Using Abstract Contracts for Verifying Evolving Features and Their Interactions
Today, software systems are rarely developed monolithically, but may be composed of numerous individually developed features. Their modularization facilitates independent development and verification. While fe...
-
Chapter and Conference Paper
AuthCheck: Program-State Analysis for Access-Control Vulnerabilities
According to security rankings such as the SANS Top 25 and the OWASP Top 10, access-control vulnerabilities are still highly relevant. Even though developers use web frameworks such as Spring and Struts, which...
-
Chapter and Conference Paper
PhASAR: An Inter-procedural Static Analysis Framework for C/C++
Static program analysis is used to automatically determine program properties, or to detect bugs or security vulnerabilities in programs. It can be used as a stand-alone tool or to aid compiler optimization as...
-
Living Reference Work Entry In depth
Industrial Security by Design
Das Zukunftsszenario der Industrie 4.0 ist geprägt durch einen massiven Anstieg der unternehmensübergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten e...
-
Chapter and Conference Paper
Model Checking the Information Flow Security of Real-Time Systems
Cyber-physical systems are processing large amounts of sensitive information, but are increasingly often becoming the target of cyber attacks. Thus, it is essential to verify the absence of unauthorized inform...
-
Article
Open AccessTime for Addressing Software Security Issues: Prediction Models and Impacting Factors
Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why ...
-
Book and Conference Proceedings
Engineering Secure Software and Systems
9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings
-
Article
Harvester
Mit Harvester können Sicherheitsexperten und Entwickler automatisch Laufzeitwerte aus Android-Apps extrahieren, selbst wenn diese nur verschlüsselt im Code vorliegen. Diese Werte zeigen, wie Apps mit Internetd...
-
Book and Conference Proceedings
Engineering Secure Software and Systems
8th International Symposium, ESSoS 2016, London, UK, April 6–8, 2016. Proceedings
-
Chapter and Conference Paper
Information Flow Analysis for Go
We present the current state of the art of information flow analyses for Go applications. Based on our findings, we discuss future directions of where static analysis information can be used at runtime to for ...
-
Chapter and Conference Paper
Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels
The increased sharing of computational resources elevates the risk of side channels and covert channels, where an entity’s security is affected by the entities with which it is co-located. This introduces a st...
