Home

I am a professor for Software Engineering (Softwaretechnik) at Paderborn University  and co-director of the Fraunhofer Institute for Mechatronic Systems Design, where I am also heading the Attract-Group on Secure Software Engineering. Here we develop code analysis technology for security, in collaboration with the leading national and international software development companies. In 2014, the DFG awarded me the Heinz Maier-Leibnitz-Preis. In 2013, BITKOM elected me into their mentoring program BITKOM Management Club.

I am one of the chief maintainers of the Soot program analysis and optimization framework, a contributor to the AspectBench Compiler, the open research compiler for AspectJ, the inventor of the Clara and TamiFlex frameworks. Together with my research group, I have created the FlowDroid analysis framework for Android and the DroidBench benchmark suiteOur blog gives more information about our current research.

Previously, I spent six years in Darmstadt where I was heading the Secure Software Engineering Group at Fraunhofer SIT, Technische Universität Darmstadt and the European Center for Security and Privacy by Design (EC SPRIDE), as well as the Emmy Noether Group RUNSECURE funded through the DFG. At Darmstadt I was further a Principal Investigator of the Center for Advanced Security Research Darmstadt (CASED), which has now become the Center for Research in Security and Privacy (CRISP).

Until fall 2011, I was a Post-doctoral Researcher at the Software Technology Group of the Technical University Darmstadt. During this time, I also coordinated the Graduate School at CASED.

As a graduate student, I pursued my doctoral studies at the Sable Research Group at McGill University, under the supervision of Laurie Hendren. My thesis work was on evaluating runtime monitors ahead of time. As a result of my work, I created the Clara framework.

My Diploma thesis was on J-LO, the Java Logical Observer.  J-LO was the first tool to conduct runtime verification using aspects, and it was one of the first tools that allows for parametric runtime verification, i.e., runtime monitors that reason about per-object properties rather than “flat” properties. It turns out that this was quite a trendsetter, as today most runtime verification tools use both aspects and parameters. Hence, in hindsight it is not so surprising that my paper Efficient and Expressive Runtime Verification for Java won the Grand Finals of the worldwide ACM Student Research Competition in 2005.

During July to September 2003 I was working at IBM UK at Hursley at the Java performance team where another student and I designed and implemented a performance monitoring framework for J9, IBM’s Java Virtual Machine. Some principles are in the process I have patented.

From September 2002 till June 2003 I was at the University of Kent at Canterbury (UK) for studying a year abroad.