Eric Bodden appointed as ISSTA 2018 Program Chair

Eric | February 6, 2016

I am glad to report that I have just been appointed Program Chair of the 2018 International Symposium of Software Testing and Analysis (ISSTA). ISSTA is the leading research symposium on software testing and analysis, bringing together academics, industrial researchers, and practitioners to exchange new ideas, problems, and experience on how to analyze and test software systems. I wish to thank the organizing chair Frank Tip as well as the entire steering committee for this great honor.

ISSTA 2018 will be co-located with the European Conference on Object-Oriented Programming (ECOOP), in beautiful Amsterdam, Netherlands. Let’s make it a great event!

Cross-posted from Secure Software Engineering

Comments
Comments Off on Eric Bodden appointed as ISSTA 2018 Program Chair
Categories
Misc, Research, Uncategorized

CYSEC researchers score five ICSE publications

Eric | January 12, 2016

ICSE is the premier academic conference for Software Engineering. In total, researchers of CYSEC managed to publish at least five ICSE publications this year, two with contributions from SSE:

Cross-posted from Secure Software Engineering

Comments
Comments Off on CYSEC researchers score five ICSE publications
Categories
Misc, Research, Uncategorized

CYSEC researchers score five ICSE publications

Eric | January 12, 2016

ICSE is the premier academic conference for Software Engineering. In total, researchers of CYSEC managed to publish at least five ICSE publications this year, two with contributions from SSE:

Cross-posted from Secure Software Engineering

Comments
Comments Off on CYSEC researchers score five ICSE publications
Categories
Misc, Research, Uncategorized

“Looking for crypto backdoors is like searching camouflaged needles in a haystack” – Deutschlandfunk reports about our TrueCrypt study (German only)

Eric | December 31, 2015

Recently, our team member Andreas Poller gave an interview at Deutschlandfunk. The radio report shone a light on the reasons why the German Federal Office for Information Security (BSI) asked us to investigate TrueCrypt, how we executed the study, and what common users shall consider when using harddisk encryption.

The interview is available in German here.

Cross-posted from Secure Software Engineering

Comments
Comments Off on “Looking for crypto backdoors is like searching camouflaged needles in a haystack” – Deutschlandfunk reports about our TrueCrypt study (German only)
Categories
Misc, Research, Uncategorized

“Looking for crypto backdoors is like searching camouflaged needles in a haystack” – Deutschlandfunk reports about our TrueCrypt study (German only)

Eric | December 31, 2015

Recently, our team member Andreas Poller gave an interview at Deutschlandfunk. The radio report shone a light on the reasons why the German Federal Office for Information Security (BSI) asked us to investigate TrueCrypt, how we executed the study, and what common users shall consider when using harddisk encryption.

The interview is available in German here.

Cross-posted from Secure Software Engineering

Comments
Comments Off on “Looking for crypto backdoors is like searching camouflaged needles in a haystack” – Deutschlandfunk reports about our TrueCrypt study (German only)
Categories
Misc, Research, Uncategorized

Harvester will be presented at NDSS 2016

Eric | December 20, 2015

We are happy to announce our new publication “Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques” which will be presented at NDSS 2016. Harvester combines static and dynamic code analysis techniques to extract runtime values (e.g. URLs, SMS messages/numbers, etc.) from Android binaries. Furthermore, it can also be used for de-obfuscating Android applications. More details can be found here.

Looking forward to a great conference.

Cross-posted from Secure Software Engineering

Comments
Comments Off on Harvester will be presented at NDSS 2016
Categories
Misc, Research, Uncategorized

Harvester will be presented at NDSS 2016

Eric | December 20, 2015

We are happy to announce our new publication “Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques” which will be presented at NDSS 2016. Harvester combines static and dynamic code analysis techniques to extract runtime values (e.g. URLs, SMS messages/numbers, etc.) from Android binaries. Furthermore, it can also be used for de-obfuscating Android applications. More details can be found here.

Looking forward to a great conference.

Cross-posted from Secure Software Engineering

Comments
Comments Off on Harvester will be presented at NDSS 2016
Categories
Misc, Research, Uncategorized

SSE Group contributes to McAfee’s Q4 Threat Report

Eric | December 18, 2015

As a follow up to our BlackHat EU 2015 presentation about benign applications not securing user data in the cloud (Backend-as-a-Service) we also looked into malicious applications whether we can find similar data leakages. In a collaboration with McAfee Security Lab (Intel Security Lab) we analyzed 294,817 malware-laden mobile apps and found that 16 of them are connected with vulnerable Backend-as-a-Service instances implemented in Facebook Parse. Since the malware authors did not secure the backend (BaaS-backend) securely we had access to the complete database including Command&Control (C&C) communications and tasks for victims. This gave us very interesting insights about current state-of-the-art C&C communication/protocols in the context of mobile malware.
The results were presented at VirusBulletin 2015 and AVAR 2015. More details can be looked up from our whitepaper and the corresponding slides. This project is also part of McAfee’s Q4 Threat report.

Media report:

Cross-posted from Secure Software Engineering

Comments
Comments Off on SSE Group contributes to McAfee’s Q4 Threat Report
Categories
Misc, Research, Uncategorized

SSE Group contributes to McAfee’s Q4 Threat Report

Eric | December 18, 2015

As a follow up to our BlackHat EU 2015 presentation about benign applications not securing user data in the cloud (Backend-as-a-Service) we also looked into malicious applications whether we can find similar data leakages. In a collaboration with McAfee Security Lab (Intel Security Lab) we analyzed 294,817 malware-laden mobile apps and found that 16 of them are connected with vulnerable Backend-as-a-Service instances implemented in Facebook Parse. Since the malware authors did not secure the backend (BaaS-backend) securely we had access to the complete database including Command&Control (C&C) communications and tasks for victims. This gave us very interesting insights about current state-of-the-art C&C communication/protocols in the context of mobile malware.
The results were presented at VirusBulletin 2015 and AVAR 2015. More details can be looked up from our whitepaper and the corresponding slides. This project is also part of McAfee’s Q4 Threat report.

Media report:

Cross-posted from Secure Software Engineering

Comments
Comments Off on SSE Group contributes to McAfee’s Q4 Threat Report
Categories
Misc, Research, Uncategorized

Looking for Research Assistants (doctoral or post-doc) at University of Paderborn

Eric | November 28, 2015

As I announced a few weeks ago, in 2016 I will be moving to the University of Paderborn to start a tenured professorship there. As part of this move, I am looking for a number of new Ph.D. students and also PostDocs. The positions come with full funding for a number of years. You can find more information about these positions here. As stated, please direct your applications to se-jobs.cs@upb.de

If you have a deep interest in software engineering, especially software security, the I am very much looking forward to your application!

Cross-posted from Secure Software Engineering

Comments
Comments Off on Looking for Research Assistants (doctoral or post-doc) at University of Paderborn
Categories
Misc, Research, Uncategorized