New seminar on Tool-based approaches to Software Security

Eric | February 21, 2014

We have just published online information about our new seminar on Tool-based approaches to Software Security which we will be having this summer.

Cross-posted from SEEBlog

Comments
Comments Off on New seminar on Tool-based approaches to Software Security
Categories
Research

Are you using our tools? Please let us know!

Eric | February 17, 2014

Over the past few years, we have developed and open-sourced a whole range of program-analysis tools surrounding the Soot framework. Are you using Soot or any related tools?

Then please let us know by briefly filling out this form. It will not even take a minute!

This will help us when trying to acquire money with funding agencies and will help you help us keep up the level of support that you have provided so far.

Many thanks in advance!

Cross-posted from SEEBlog

Comments
Comments Off on Are you using our tools? Please let us know!
Categories
Research

DFG awards Eric Bodden the Heinz Maier-Leibnitz Price

Eric | February 17, 2014

The Deutsche Forschungsgemeinschaft (DFG) has awarded Eric Bodden the Heinz Maier-Leibnitz Price 2014. The Heinz Maier-Leibnitz Prize, named after the physicist and former president of the DFG, is a distinction for young researchers and provides further incentive for excellent achievements in their research work. Every year, up to 10 researchers in Germany are awarded with this price.

More information is available here in German

Cross-posted from SEEBlog

Comments
Comments Off on DFG awards Eric Bodden the Heinz Maier-Leibnitz Price
Categories
Research

Google Confirms Denial-of-”App” Attack – Likely All Android Versions Affected

Eric | February 3, 2014

Together with their colleague Stephan Huber from Fraunhofer SIT, Steven Arzt and Siegfried Rasthofer from the SSE group discovered a security issue present in all current versions of Android. As Google now confirmed, the attack vector allows to forbid the future installation of arbitrary Android apps at the choice of the attacker. For instance, it can be used to forbid the installation of the facebook app for basically the entire lifetime of the mobile device until a factory reset has been performed or the issue is fixed manually which, however, requires root access to the device and some expertise in the Android OS.

We tested the attack on Android Version 4.x and 2.3.6. It is likely that this attack affects ALL Android versions, though. We wish to note, though, that this vulnerability was discovered under lab conditions, and that there is currently no indication that the vulnerability is exploited in the wild.

We are currently in contact with the Android security team to fix this problem. A detailed explanation of the attack will be published after a fix is available.

Cross-posted from SEEBlog

Comments
Comments Off on Google Confirms Denial-of-”App” Attack – Likely All Android Versions Affected
Categories
Research