Ernst Denert Award for Software Engineering 2022
Practice Meets Foundations
Chapter
The Ernst Denert Award is already existing since 1992, which does not only honor the award winners but also the software engineering field in total. Software engineering is a vivid and intensively extending fi...
Chapter and Conference Paper
Since its inception two decades ago, Soot has become one of the most widely used open-source static analysis frameworks. Over time it has been extended with the contributions of countless researchers. Yet, at the...
Book
Article
The use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the fin...
Article
Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definit...
Article
Many critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any ...
Article
Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do...
Chapter and Conference Paper
Faults in the realization and usage of cyber-physical systems can cause significant security issues. Attackers might exploit vulnerabilities in the physical configurations, control systems, or accessibility t...
Chapter
Das Zukunftsszenario der Industrie 4.0 ist geprägt durch einen massiven Anstieg der unternehmensübergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten e...
Chapter
Today, software systems are rarely developed monolithically, but may be composed of numerous individually developed features. Their modularization facilitates independent development and verification. While fe...
Chapter and Conference Paper
According to security rankings such as the SANS Top 25 and the OWASP Top 10, access-control vulnerabilities are still highly relevant. Even though developers use web frameworks such as Spring and Struts, which...
Chapter and Conference Paper
Static program analysis is used to automatically determine program properties, or to detect bugs or security vulnerabilities in programs. It can be used as a stand-alone tool or to aid compiler optimization as...
Living Reference Work Entry In depth
Das Zukunftsszenario der Industrie 4.0 ist geprägt durch einen massiven Anstieg der unternehmensübergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten e...
Chapter and Conference Paper
Cyber-physical systems are processing large amounts of sensitive information, but are increasingly often becoming the target of cyber attacks. Thus, it is essential to verify the absence of unauthorized inform...
Article
Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why ...
Book and Conference Proceedings
9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings
Article
Mit Harvester können Sicherheitsexperten und Entwickler automatisch Laufzeitwerte aus Android-Apps extrahieren, selbst wenn diese nur verschlüsselt im Code vorliegen. Diese Werte zeigen, wie Apps mit Internetd...
Book and Conference Proceedings
8th International Symposium, ESSoS 2016, London, UK, April 6–8, 2016. Proceedings
Chapter and Conference Paper
We present the current state of the art of information flow analyses for Go applications. Based on our findings, we discuss future directions of where static analysis information can be used at runtime to for ...
Chapter and Conference Paper
The increased sharing of computational resources elevates the risk of side channels and covert channels, where an entity’s security is affected by the entities with which it is co-located. This introduces a st...