Publications

You will find most of my publications below. Google scholar is keeping track of my publications as well. Click here to see my profile page there.

Click here to search or browse through these publications.

Publications of .* [rss]
Ph.D. theses advised by me
[13] Adapting Taint Analyses for Detecting Security Vulnerabilities (Goran Piskachev), PhD thesis, Universität Paderborn, 2022. Awarded: Summa cum laude [bib] [pdf]
[12] Improving Real-World Applicability of Static Taint Analysis (Linghui Luo), PhD thesis, Universität Paderborn, 2021. Awarded: Summa cum laude, Ernst Denert Software Engineering Award, UPB Doctoral Dissertation Award [bib] [pdf]
[11] Computing on Encrypted Data using Trusted Execution Environments (Andreas Fischer), PhD thesis, Universität Paderborn, 2021. [bib] [pdf]
[10] CogniCrypt — The Secure Integration of Cryptographic Software (Stefan Krüger), PhD thesis, Universität Paderborn, 2020. Awarded: Summa cum laude [bib] [pdf]
[9] Model-Driven Information Flow Security Engineering for Cyber-Physical Systems (Christopher Gerking), PhD thesis, Universität Paderborn, 2020. [bib] [pdf]
[8] Synchronized Pushdown Systems for Pointer and Data-Flow Analysis (Johannes Späth), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude, UPB Doctoral Dissertation Award, Ernst Denert Software-Engineering Award and Fraunhofer IuK Dissertation Award [bib] [pdf]
[7] User-Centered Tool Design for Data-Flow Analysis (Lisa Nguyen Quang Do), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude, UPB Doctoral Dissertation Award [bib] [pdf]
[6] A Systematic Analysis and Hardening of the Java Security Architecture (Philipp Holzinger), PhD thesis, Universität Paderborn, 2019. Awarded: Summa cum laude [bib] [pdf]
[5] Safety requirements engineering for early SIL tailoring (Markus Fockel), PhD thesis, Universität Paderborn, 2018. [bib] [pdf]
[4] Improving Mobile-Malware Investigations with Static and Dynamic Code Analysis Techniques (Siegfried Rasthofer), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf]
[3] On Generating Gadget Chains for Return-Oriented Programming (Andreas Follner), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf]
[2] On the Use of Migration to Stop Illicit Channels (Kevin Falzon), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf]
[1] Static Data Flow Analysis for Android Applications (Steven Arzt), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf]
Books
[3] Using Abstract Contracts for Verifying Evolving Features and Their Interactions (Alexander Knüppel, Stefan Krüger, Thomas Thüm, Richard Bubel, Sebastian Krieter, Eric Bodden, Ina Schaefer), Chapter in (Wolfgang Ahrendt, Bernhard Beckert, Richard Bubel, Reiner Hähnle, Mattias Ulbrich, eds.), pages 122–148, Springer International Publishing, 2020. [bib] [pdf] [doi]
[2] Industrial Security by Design (Christopher Gerking, Eric Bodden, Wilhelm Schäfer), Chapter in (Günter W. Maier, Gregor Engels, Eckhard Steffen, eds.), pages 1–24, Springer Berlin Heidelberg, 2017. [bib] [pdf] [doi]
[1] Entwicklung sicherer Software durch Security by Design (Michael Waidner, Michael Backes, Jörn Müller-Quade, Eric Bodden, Markus Schneider, Michael Kreutzer, Mira Mezini, Christian Hammer, Andreas Zeller, Dirk Achenbach, Matthias Huber, Daniel Kraschewski), (Michael Waidner, Michael Backes, Jörn Müller-Quade, eds.), SIT TECHNICAL REPORTS, Fraunhofer Verlag, 2013. (ISBN: 978-3-8396-0567-7) [bib] [pdf]
Theses
[2] Verifying finite-state properties of large-scale programs (Eric Bodden), PhD thesis, McGill University, 2009. (Available in print through ProQuest) [bib] [pdf]
[1] J-LO – A tool for runtime-checking temporal assertions (Eric Bodden), Diploma thesis, RWTH Aachen University, 2005. [bib] [pdf]
Patents
[2] Apparatuses, Mobile Devices, Methods and Computer Programs for Evaluating Runtime Information of an Extracted Set of Instructions based on at least a part of a Computer Program (Siegfried Rasthofer, Marc Miltenberger, Eric Bodden), European patent EP3029595A3 (granted), 2022. [bib] [pdf]
[1] Method and system for performance profiling of software (Eric Bodden, Christopher Goodfellow, Howard Hellyer), US Patent No. 7765094 (granted), 2010. [bib] [pdf]
Proceedings and Book Chapters
[4] Special Section on Runtime Verification and Analysis, (Eric Bodden, Shahar Maoz, eds.), Transactions on Aspect-Oriented Software Development (TAOSD), Springer, 2014. (To appear) [bib]
[3] Proceedings of the 12th International Conference on Software Composition, (Walter Binder, Eric Bodden, Welf Löwe, eds.), Lecture Notes in Computer Science, Springer, 2013. [bib]
[2] Proceedings of the 10th International Workshop on Dynamic Analysis (WODA 2012), (Eric Bodden, Madanlal Musuvathi, eds.), ACM, 2012. [bib]
[1] Proceedings of the 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), (Eric Bodden, Laurie Hendren, Patrick Lam, Elena Sherman, eds.), ACM, 2012. [bib]
Refereed Journal Articles
[33] Runtime Verification of Crypto APIs: An Empirical Study (Adriano Torres, Pedro Costa, Luis Amaral, Jonata Pastro, Rodrigo Bonifácio, Owolabi Legunsen, Marcelo d’Amorim, Eric Bodden, Edna Dias), In Transactions on Software Engineering, IEEE, 2023. (To appear.) [bib]
[32] Runtime Verification of Crypto APIs: An Empirical Study (Adriano Torres, Pedro Costa, Luis Amaral, Jonata Pastro, Rodrigo Bonifácio, Marcelo d’Amorim, Owolabi Legunsen, Eric Bodden, Edna Dias Canedo), In IEEE Transactions on Software Engineering, pages 4510-4525, 49(10), 2023. [bib] [doi]
[31] Defense-in-Depth als neues Paradigma der sicherheitsgerechten Produktentwicklung: interdisziplinäre, bedrohungsbewusste und lösungsorientierte Security/Defense-in-Depth as a new paradigm of security-oriented product engineering: interdisciplinary, threat-aware and solution-oriented security (Iris Gräßler, Eric Bodden, Dominik Wiechel, Jens Pottebaum), In Konstruktion, pages 60–65, 75(11–12), 2023. [bib] [doi]
[30] Verifying Software and Reconfigurable Hardware Services (Eric Bodden, Marie-Christine Jakobs, Felix Pauck, Marco Platzner, Philipp Schubert, Heike Wehrheim), Chapter in On-The-Fly Computing — Individualized IT-services in dynamic markets (Claus-Jochen Haake, Friedhelm Meyer auf der Heide, Marco Platzner, Henning Wachsmuth, Heike Wehrheim, eds.), pages 125-144, Volume 412 of Verlagsschriftenreihe des Heinz Nixdorf Instituts, Heinz Nixdorf Institut, Universität Paderborn, 2023. [bib] [pdf] [doi]
[29] Can the configuration of static analyses make resolving security vulnerabilities more effective? – A user study (Goran Piskachev, Matthias Becker, Eric Bodden), In Empirical Software Engineering, pages 118, 28(5), 2023. [bib] [pdf] [doi]
[28] Static Data-Flow Analysis for Software Product Lines in C (Philipp Dominik Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden), In Automated Software Engineering, Springer International Publishing, 2022. [bib] [pdf] [doi]
[27] An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities (Imen Sayar, Alexandre Bartel, Eric Bodden, Yves Le Traon), In ACM Trans. Softw. Eng. Methodol., Association for Computing Machinery, 2022. [bib] [pdf] [doi]
[26] Fluently specifying taint-flow queries with fluentTQL (Goran Piskachev, Johannes Späth, Ingo Budde, Eric Bodden), In Empirical Software Engineering, pages 1–33, 27(5), 2022. [bib] [pdf]
[25] TaintBench: Automatic real-world malware benchmarking of Android taint analyses (Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, Fabio Massacci), In Empirical Software Engineering, pages 1–41, 27(1), 2022. [bib] [pdf] [doi]
[24] Computation on Encrypted Data Using Dataflow Authentication (Andreas Fischer, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum, Eric Bodden), In ACM Trans. Priv. Secur., 25(3), 2022. [bib] [pdf] [doi]
[23] Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis (Philipp Schubert, Ben Hermann, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2021. Awarded: Distinguished Paper Award [bib] [pdf]
[22] A Systematic Hardening of Java’s Information Hiding (Philipp Holzinger, Eric Bodden), In International Symposium on Advanced Security on Software and Systems (ASSS), 2021. [bib] [pdf]
[21] Identifying Challenges for OSS Vulnerability Scanners – A Study & Test Suite (Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2021. [bib] [pdf] [doi]
[20] Dealing with Variability in API Misuse Specification (Rodrigo Bonifacio, Stefan Krüger, Krishna Narasimhan, Eric Bodden, Mira Mezini), In European Conference on Object-Oriented Programming (ECOOP), 2021. [bib] [pdf]
[19] Using Architectural Runtime Verification for Offline Data Analysis (Lars Stockmann, Sven Laux, Eric Bodden), In Journal of Automotive Software Engineering, 2021. [bib] [pdf] [doi]
[18] Explaining Static Analysis with Rule Graphs (Lisa Nguyen Quang Do, Eric Bodden), In IEEE Transactions on Software Engineering, 2020. (To appear.) [bib] [pdf]
[17] A systematic literature review of model-driven security engineering for cyber–physical systems (Johannes Geismann, Eric Bodden), In Journal of Systems and Software, pages 110697, Volume 169, 2020. [bib] [pdf] [doi]
[16] ModGuard: Identifying Integrity Confidentiality Violations in Java Modules (Andreas Dann, Ben Hermann, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2019. [bib] [pdf] [doi]
[15] CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), In IEEE Transactions on Software Engineering, pages 1-1, (), 2019. [bib] [pdf] [doi]
[14] Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems (Johannes Späth, Karim Ali, Eric Bodden), In Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, pages 48:1–48:29, 3(POPL), 2019. Awarded: ACM Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf] [doi]
[13] Debugging Static Analysis (Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2018. [bib] [pdf] [doi]
[12] Tracking Load-time Configuration Options (M. Lillack, C. Kästner, E. Bodden), In IEEE Transactions on Software Engineering, pages 1-1, PP(99), 2017. [bib] [pdf] [doi]
[11] Time for Addressing Software Security Issues: Prediction Models and Impacting Factors (Lotfi Ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker), In Data Science and Engineering, pages 107–124, 2(2), 2017. [bib] [pdf] [doi]
[10] ROPocop — Dynamic mitigation of code-reuse attacks (Andreas Follner, Eric Bodden), In Journal of Information Security and Applications, pages 16–26, Volume 29, 2016. [bib] [pdf] [doi]
[9] Harvester – Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen (Siegfried Rasthofer, Steven Arzt, Eric Bodden, Marc Miltenberger), In Datenschutz und Datensicherheit, pages 718–722, 2016. [bib] [pdf] [doi]
[8] Incorporating Attacker Capabilities in Risk Estimation and Mitigation (Lotfi ben Othmane, Rohit Ranchal, Ruchith Fernando, Bharat Bhargava, Eric Bodden), In Elsevier Computers & Security, pages 41–61, Volume 51, 2015. [bib] [pdf]
[7] Join Point Interfaces for Safe and Flexible Decoupling of Aspects (Eric Bodden, Éric Tanter, Milton Inostroza), In ACM Trans. Softw. Eng. Methodol., pages 7:1–7:41, 23(1), 2014. [bib] [pdf] [doi]
[6] Automated API Property Inference Techniques (Martin P. Robillard, Eric Bodden, David Kawrykow, Mira Mezini, Tristan Ratchford), In IEEE Trans. Softw. Eng., pages 613–637, 39(5), 2013. [bib] [pdf] [doi]
[5] Schutzmaßnahmen gegen Datenschutz-unfreundliche Smartphone-Apps (Eric Bodden, Siegfried Rasthofer, Philipp Richter, Alexander Roßnagel), In Datenschutz und Datensicherheit, 2013. [bib] [pdf]
[4] Partially evaluating finite-state runtime monitors ahead of time (Eric Bodden, Patrick Lam, Laurie Hendren), In ACM Transactions on Programming Languages and Systems (TOPLAS), pages 7:1–7:52, 34(2), 2012. [bib] [pdf] [doi]
[3] The Clara framework for hybrid typestate analysis (Eric Bodden, Laurie Hendren), In International Journal on Software Tools for Technology Transfer (STTT), pages 307-326, Volume 14, 2012. (10.1007/s10009-010-0183-5) [bib] [pdf]
[2] Aspect-oriented Race Detection in Java (Eric Bodden, Klaus Havelund), In IEEE Transactions on Software Engineering (TSE), pages 509–527, 36(4), 2010. [bib] [pdf]
[1] Collaborative Runtime Verification with Tracematches (Eric Bodden, Laurie Hendren, Patrick Lam, Ondrej Lhoták, Nomair A. Naeem), In Oxford Journal of Logics and Computation, 2008. [bib] [pdf] [doi]
Refereed Conference Papers
[103] Enhancing Comprehension and Navigation in Jupyter Notebooks with Static Analysis (Ashwin Prasad Shivarpatna Venkatesh, Jiawei Wang, Li Li, Eric Bodden), In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2023. (To appear.) Awarded: Distinguished Paper Award [bib] [pdf]
[102] Model Generation For Java Frameworks (Linghui Luo, Goran Piskachev, Ranjith Krishnamurthy, Julian Dolby, Martin Schäf), In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. (To appear.) [bib] [pdf]
[101] Securing Your Crypto-API Usage Through Tool Support – A Usability Study (Stefan Krüger, Michael Reif, Anna-Katharina Wickert, Sarah Nadi, Karim Ali, Eris Bodden, Yasemin Acar, Mira Mezini, Sascha Fahl), In 2023 IEEE Secure Development Conference (SecDev), pages 14-25, IEEE Computer Society, 2023. [bib] [pdf] [doi]
[100] Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis (Kadiray Karakaya, Eric Bodden), In IEEE International Conference on Software Testing, Verification and Validation (ICST), 2023. (To appear.) [bib] [pdf]
[99] UpCy: Safely Updating Outdated Dependencies (Andreas Dann, Ben Hermann, Eric Bodden), In , International Conference on Software Engineering (ICSE), , 2023. (To appear.) [bib] [pdf]
[98] FUM – A Framework for API Usage constraint and Misuse Classification (Michael Schlichtig, Steffen Sassalla, Krishna Narasimhan, Eric Bodden), In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022. [bib] [pdf]
[97] How far are German companies in improving security through static program analysis tools? (Goran Piskachev, Stefan Dziwok, Thorsten Koch, Sven Merschjohan, Eric Bodden), In , IEEE Secure Development Conference (SecDev), , 2022. [bib] [pdf]
[96] A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools (Marcus Nachtigall, Michael Schlichtig, Eric Bodden), In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 532–543, ISSTA 2022, Association for Computing Machinery, 2022. [bib] [pdf] [doi]
[95] To what extent can we analyze Kotlin programs using existing Java taint analysis tools? (Ranjith Krishnamurthy, Goran Piskachev, Eric Bodden), In , IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), , 2022. Awarded: Best Paper Award (Engineering Track) [bib] [pdf]
[94] Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++ (Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, Eric Bodden), In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), pages 12–17, 2021. [bib] [pdf]
[93] Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++ (Philipp Dominik Schubert, Ben Hermann, Eric Bodden, Richard Leer), In SCAM ’21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track), 2021. [bib] [pdf]
[92] SecuCheck: Engineering configurable taint analysis for software developers (Goran Piskachev, Ranjith Krishnamurthy, Eric Bodden), In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), pages 24–29, 2021. [bib] [pdf]
[91] IDE support for cloud-based static analyses (Linghui Luo, Martin Schäf, Daniel Sanchez, Eric Bodden), In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 1178–1189, 2021. [bib] [pdf]
[90] Qualitative and Quantitative Analysis of Callgraph Algorithms for Python (Sriteja Kummita, Goran Piskachev, Johannes Späth, Eric Bodden), In 2021 International Conference on Code Quality (ICCQ), pages 1-15, 2021. [bib] [pdf] [doi]
[89] SootFX: A Static Code Feature Extraction Tool for Java and Android (Kadiray Karakaya, Eric Bodden), In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), pages 181–186, 2021. [bib] [pdf]
[88] CogniCrypt$_GEN$ – Generating Code for the Secure Usage of Crypto APIs (Stefan Krüger, Karim Ali, Eric Bodden), In International Symposium on Code Generation and Optimization (CGO), pages 185–198, 2020. [bib] [pdf]
[87] Scenario-based specification of security protocols and transformation to security model checkers (Thorsten Koch, Stefan Dziwok, Jörg Holtmann, Eric Bodden), In MoDELS ’20: ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems, Virtual Event, Canada, 18-23 October, 2020 (Eugene Syriani, Houari A. Sahraoui, Juan de Lara, Silvia Abrahão, eds.), pages 343–353, ACM, 2020. [bib] [pdf] [doi]
[86] Heaps’n Leaks: How Heap Snapshots Improve Android Taint Analysis (Manuel Benz, Erik Krogh Kristensen, Linghui Luo, Nataniel P. Borges Jr., Eric Bodden, Andreas Zeller), In International Conference for Software Engineering (ICSE), 2020. (To appear.) Awarded: Artifact Evaluation Award (Available, Reusable) [bib] [pdf]
[85] PASAPTO: Policy-aware Security and Performance Trade-off Analysis – Computation on Encrypted Data with Restricted Leakage (Andreas Fischer, Jonas Janneck, Jörn Kussmaul, Nikolas Krätzschmar, Florian Kerschbaum, Eric Bodden), In 2020 IEEE Computer Security Foundations Symposium (CSF), 2020. [bib] [pdf]
[84] Computation on Encrypted Data using Dataflow Authentication (Andreas Fischer, Benny Fuhry, Florian Kerschbaum, Eric Bodden), In Privacy Enhancing Technologies Symposium (PETS/PoPETS), 2020. [bib] [pdf]
[83] Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems (Iris Gräßler, Eric Bodden, Jens Pottebaum, Johannes Geismann, Daniel Roesmann), In Advanced, Contemporary Control (Andrzej Bartoszewicz, Jacek Kabziński, Janusz Kacprzyk, eds.), pages 1458–1469, Springer International Publishing, 2020. [bib] [pdf]
[82] PhASAR: An Inter-procedural Static Analysis Framework for C/C++ (Philipp Dominik Schubert, Ben Hermann, Eric Bodden), In Tools and Algorithms for the Construction and Analysis of Systems (Tomás Vojnar, Lijun Zhang, eds.), pages 393–410, Springer International Publishing, 2019. [bib] [pdf]
[81] Architectural Runtime Verification (Lars Stockmann, Sven Laux, Eric Bodden), In 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), pages 77-84, 2019. [bib] [pdf] [doi]
[80] Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, Eric Bodden), In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2019. Awarded: Artifact Evaluation Award [bib] [pdf]
[79] The Impact of Developer Experience in Using Java Cryptography (Mohammadreza Hazhirpasand, Mohammad Ghafari, Stefan Krüger, Eric Bodden, Oskar Nierstrasz), In 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pages 1-6, 2019. [bib] [pdf] [doi]
[78] MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Linghui Luo, Julian Dolby, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2019. [bib] [pdf]
[77] ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware (Sigmund Albert Gorski, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, Alexandre Bartel), In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pages 25–36, CODASPY ’19, Association for Computing Machinery, 2019. [bib] [pdf] [doi]
[76] SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods (Goran Piskachev, Lisa Nguyen Quang Do, Oshando Johnson, Eric Bodden), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track, 2019. [bib] [pdf]
[75] A Qualitative Analysis of Android Taint-Analysis Results (Linghui Luo, Eric Bodden, Johannes Späth), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), 2019. [bib] [pdf]
[74] Do Android Taint Analysis Tools Keep Their Promises? (Felix Pauck, Eric Bodden, Heike Wehrheim), In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 331–341, ESEC/FSE 2018, Association for Computing Machinery, 2018. Awarded: ACM Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf] [doi]
[73] Gamifying Static Analysis (Lisa Nguyen Quang Do, Eric Bodden), In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 714–718, ESEC/FSE 2018, ACM, 2018. [bib] [pdf] [doi]
[72] Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes (Johannes Geismann, Christopher Gerking, Eric Bodden), In International Conference on Software and System Processes (ICSSP), 2018. [bib] [pdf]
[71] VISUFLOW, a Debugging Environment for Static Analyses (Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, Eric Bodden), In International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018. [bib] [pdf]
[70] Self-adaptive Static Analysis (Eric Bodden), In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, pages 45–48, ICSE-NIER ’18, ACM, 2018. [bib] [pdf] [doi]
[69] Model Checking the Information Flow Security of Real-Time Systems (Christopher Gerking, David Schubert, Eric Bodden), In Engineering Secure Software and Systems (Mathias Payer, Awais Rashid, Jose M. Such, eds.), pages 27–43, Springer International Publishing, 2018. [bib] [pdf]
[68] CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), In European Conference on Object-Oriented Programming (ECOOP), pages 10:1–10:27, 2018. Awarded: Artifact Evaluation Award [bib] [pdf]
[67] Explainable Static Analysis (Eric Bodden, Lisa Nguyen Quang Do), In Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany., pages 205–208, LNI, , 2018. [bib] [pdf]
[66] Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation (Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, Mira Mezini), In 2017 IEEE Symposium on Security and Privacy (Oakland S&P), IEEE Press, 2017. [bib] [pdf]
[65] IDEal: Efficient and Precise Alias-aware Dataflow Analysis (Johannes Späth, Karim Ali, Eric Bodden), In 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), ACM Press, 2017. Awarded: Artifact Evaluation Award [bib] [pdf]
[64] The Soot-based Toolchain For Analyzing Android Apps (Steven Arzt, Siegfried Rasthofer, Eric Bodden), In IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), ACM Press, 2017. (Invited Paper. To appear.) [bib] [pdf]
[63] Just-in-time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 307–317, ISSTA 2017, ACM, 2017. Awarded: Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf] [doi]
[62] Cheetah: Just-in-Time Taint Analysis for Android Apps (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), In International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2017. [bib] [pdf]
[61] CogniCrypt: Supporting Developers in using Cryptography (Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath), In International Conference on Automated Software Engineering (ASE 2017), Tool Demo Track, 2017. [bib] [pdf]
[60] Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels (Kevin Falzon, Eric Bodden), In Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2–8, 2016, Proceedings (Frank Piessens, Luca Viganò, eds.), pages 116–138, Springer Berlin Heidelberg, 2016. [bib] [pdf] [doi]
[59] Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), In Network and Distributed System Security Symposium (NDSS), 2016. [bib] [pdf]
[58] Information Flow Analysis for Go (Eric Bodden, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques – 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part I, pages 431–445, 2016. [bib] [pdf] [doi]
[57] StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework (Steven Arzt, Eric Bodden), In International Conference for Software Engineering (ICSE), 2016. [bib] [pdf]
[56] Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs? (Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden), In International Conference for Software Engineering (ICSE), pages 935–946, 2016. [bib] [pdf]
[55] Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment (N. Eling, S. Rasthofer, M. Kolhagen, Eric Bodden, P. Buxmann), In 2016 49th Hawaii International Conference on System Sciences (HICSS), pages 3666–3675, 2016. [bib] [pdf] [doi]
[54] Analyzing the Gadgets – Towards a Metric to Measure Gadget Quality (Andreas Follner, Alexandre Bartel, Eric Bodden), In International Symposium on Engineering Secure Software and Systems (ESSoS), 2016. (To appear.) Awarded: Artifact Evaluation Award [bib] [pdf]
[53] Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2016. Awarded: Artifact Evaluation Award [bib] [pdf]
[52] An In-Depth Study of More Than Ten Years of Java Exploitation (Philipp Holzinger, Stefan Triller, Alexandre Bartel, Eric Bodden), In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 779–790, CCS ’16, , 2016. [bib] [pdf] [doi]
[51] How Current Android Malware Seeks to Evade Automated Code Analysis (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), In International Conference on Information Security Theory and Practice (WISTP’2015), 2015. [bib] [pdf]
[50] Factors Impacting the Effort Required to Fix Security Vulnerabilities – An industrial Case Study (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker, Philip Miseldine), In Information Security Conference (ISC 2015), pages 102–119, Volume 9290 of Lecture Notes in Computer Science, Springer, 2015. [bib] [pdf]
[49] DroidSearch: A Powerful Search Engine for Android Applications (Siegfried Rasthofer, Steven Arzt, Max Kolhagen, Brian Pfretzschner, Stephan Huber, Eric Bodden, Philipp Richter), In 2015 Science and Information Conference (SAI), 2015. [bib] [pdf]
[48] jäk: Using Dynamic Analysis to Crawl and Test Modern Web Applications (Giancarlo Pellegrino, Constantin Tschürtz, Eric Bodden, Christian Rossow), In Research in Attacks, Intrusions, and Defenses (RAID), pages 295–316, Lecture Notes in Computer Science, Springer International Publishing, 2015. [bib] [pdf]
[47] Dynamically Provisioning Isolation in Hierarchical Architectures (Kevin Falzon, Eric Bodden), In Information Security (Javier Lopez, Chris J. Mitchell, eds.), pages 83–101, Volume 9290 of Lecture Notes in Computer Science, Springer International Publishing, 2015. Awarded: Best Student Paper Award [bib] [pdf] [doi]
[46] Mining Apps for Abnormal Usage of Sensitive Data (Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, Eric Bodden), In 2015 International Conference on Software Engineering (ICSE), pages 426–436, 2015. Awarded: Best paper award at the 2016 Spanish Cybersecurity Days (Jornadas Nacionales de Investigación en Ciberseguridad) [bib] [pdf]
[45] IccTA: Detecting Inter-Component Privacy Leaks in Android Apps (Li Li, Alexandre Bartel, Tegawende F. Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, Patrick McDaniel), In 2015 International Conference on Software Engineering (ICSE), pages 280–291, 2015. [bib] [pdf]
[44] (In)Security of Backend-as-a-Service (Steven Arzt Robert Hahn Max Kohlhagen Eric Bodden Siegfried Rasthofer), In blackhat europe 2015, 2015. [bib] [pdf]
[43] Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis With Unbounded Access Paths (Johannes Lerch‡, Johannes Späth, Eric Bodden, Mira Mezini‡), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2015), pages 619–629, 2015. [bib] [pdf]
[42] Towards Secure Integration of Cryptographic Software (Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, Sebastian Erdweg, Mira Mezini), In 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), pages 1–13, Onward! 2015, ACM, 2015. [bib] [pdf] [doi]
[41] Reviser: Efficiently Updating IDE-/IFDS-based Data-flow Analyses in Response to Incremental Program Changes (Steven Arzt, Eric Bodden), In Proceedings of the 36th International Conference on Software Engineering, pages 288–298, 2014. [bib] [pdf]
[40] A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (Siegfried Rasthofer, Steven Arzt, Eric Bodden), In 2014 Network and Distributed System Security Symposium (NDSS), 2014. [bib] [pdf]
[39] Tracking Load-time Configuration Options (Max Lillack, Christian Kästner, Eric Bodden), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), pages 445–456, 2014. [bib] [pdf] [doi]
[38] Zertifizierte Datensicherheit für mobile Anwendungen (Karsten Sohr, Steffen Bartsch, Melanie Volkamer, Bernhard Berger, Eric Bodden, Achim Brucker, Sönke Maseberg, Mehmet Kus, Jens Heider), In GI Sicherheit 2014, 2014. [bib] [pdf]
[37] Variational Data Structures: Exploring Trade-Offs in Computing with Variability (Eric Walkingshaw, Christian Kästner, Martin Erwig, Sven Apel, Eric Bodden), In Onward! 2014, pages 213–226, 2014. [bib] [pdf]
[36] FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel), In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 259–269, PLDI ’14, ACM, 2014. Awarded: Artifact Evaluation Award [bib] [pdf] [doi]
[35] FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases (Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini), In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 98–108, FSE 2014, ACM, 2014. [bib] [pdf]
[34] DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android (Steven Arzt, Siegfried Rasthofer, Enrico Lovat, Eric Bodden), In International Conference on Availability, Reliability and Security (ARES 2014), pages 40–49, IEEE, 2014. [bib] [pdf]
[33] Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis (Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, Yves Le Traon), In USENIX Security Symposium 2013, 2013. [bib] [pdf]
[32] SPLLIFT: statically analyzing software product lines in minutes instead of years (Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini), In Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation (PLDI), pages 355–364, 2013. [bib] [pdf]
[31] Distributed Finite-State Runtime Monitoring with Aggregated Events (Kevin Falzon, Eric Bodden, Rahul Purandare), In Runtime Verification (Axel Legay, Saddek Bensalem, eds.), pages 94–111, Volume 8174 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013. [bib] [pdf] [doi]
[30] Reducing human factors in software security architectures (Eric Bodden, Ben Hermann, Johannes Lerch, Mira Mezini), In Future Security Conference 2013, pages 275–285, 2013. [bib] [pdf]
[29] How useful are existing monitoring languages for securing Android apps? (Steven Arzt, Kevin Falzon, Andreas Follner, Siegfried Rasthofer, Eric Bodden, Volker Stolz), In ATPS, pages 107–122, Volume P-215 of GI Lecture Notes in Informatics, Gesellschaft für Informatik, 2013. [bib] [pdf]
[28] Challenges for Refinement and Composition of Instrumentations (Position Paper) (Danilo Ansaloni, Walter Binder, Christoph Bockisch, Eric Bodden, Kardelen Hatun, Lukas Marek, Zhengwei Qi, Aibek Sarimbekov, Andreas Sewe, Petr Tuma, Yudi Zheng), In International Conference on Software Composition (SC 2012) (Thomas Gschwind, Flavio Paoli, Volker Gruhn, Matthias Book, eds.), pages 86-96, Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2012. [bib] [pdf] [doi]
[27] RefaFlex: Safer Refactorings for Reflective Java Programs (Andreas Thies, Eric Bodden), In International Symposium on Software Testing and Analysis (ISSTA 2012), pages 1–14, 2012. Awarded: SIGSOFT Distinguished Paper Award [bib] [pdf]
[26] Delta-oriented Monitor Specification (Eric Bodden, Kevin Falzon, Ka I Pun, Volker Stolz), In 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2012), pages 162–177, Springer, 2012. [bib] [pdf]
[25] Challenges in defining a programming language for provably correct dynamic analyses (Eric Bodden, Andreas Follner, Siegfried Rasthofer), In 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2012), pages 4–18, Springer, 2012. [bib] [pdf]
[24] Dynamic Anomaly Detection for More Trustworthy Outsourced Computation in Hybrid Clouds (Sami Alsouri, Jan Sinschek, Andreas Sewe, Eric Bodden, Stefan Katzenbeisser, Mira Mezini), In Information Security Conference (ISC 2012), pages 168–187, Volume 7483 of LNCS, Springer, 2012. [bib] [pdf]
[23] MOPBox: A Library Approach to Runtime Verification (Eric Bodden), In Runtime Verification, pages 365–369, Volume 7186 of LNCS, Springer, 2012. [bib] [pdf]
[22] Join Point Interfaces for Modular Reasoning in Aspect-Oriented Programs (Milton Inostroza, Éric Tanter, Eric Bodden), In ESEC/FSE ’11: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 508–511, 2011. [bib] [pdf]
[21] Taming Reflection: Aiding Static Analysis in the Presence of Reflection and Custom Class Loaders (Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, Mira Mezini), In ICSE ’11: International Conference on Software Engineering, pages 241–250, ACM, 2011. [bib] [pdf]
[20] Stateful Breakpoints: A Practical Approach to Defining Parameterized Runtime Monitors (Eric Bodden), In ESEC/FSE ’11: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 492–495, 2011. [bib] [pdf]
[19] Closure Joinpoints: Block joinpoints without surprises (Eric Bodden), In AOSD ’11: Proceedings of the 10th International Conference on Aspect-oriented Software Development, pages 117–128, ACM, 2011. [bib] [pdf]
[18] Reducing Configurations to Monitor in a Software Product Line (Chang Hwan Peter Kim, Eric Bodden, Don Batory, Sarfraz Khurshid), In 1st International Conference on Runtime Verification (RV), pages 285–299, Volume 6418 of LNCS, Springer, 2010. [bib] [pdf]
[17] Clara: a Framework for Statically Evaluating Finite-state Runtime Monitors (Eric Bodden, Patrick Lam, Laurie Hendren), In 1st International Conference on Runtime Verification (RV), pages 74–88, Volume 6418 of LNCS, Springer, 2010. [bib] [pdf]
[16] Clara: Partially Evaluating Runtime Monitors at Compile Time (Eric Bodden, Patrick Lam), In 1st International Conference on Runtime Verification (RV), pages 183–197, Volume 6418 of LNCS, Springer, 2010. (Tutorial) [bib] [pdf]
[15] Effective API Navigation and Reuse (Awny Alnusair, Tian Zhao, Eric Bodden), In International Conference on Information Reuse and Integration (IEEE IRI), pages 7–12, IEEE, 2010. [bib] [pdf] [doi]
[14] Efficient Hybrid Typestate Analysis by Determining Continuation-Equivalent States (Eric Bodden), In ICSE ’10: International Conference on Software Engineering, pages 5–14, ACM, 2010. [bib] [pdf]
[13] Dependent advice: A general approach to optimizing history-based aspects (Eric Bodden, Feng Chen, Grigore Rosu), In AOSD ’09: Proceedings of the 8th international conference on Aspect-oriented software development, pages 3–14, ACM, 2009. [bib] [pdf]
[12] Racer: Effective Race Detection Using AspectJ (Eric Bodden, Klaus Havelund), In International Symposium on Software Testing and Analysis (ISSTA 2008), Seattle, WA, pages 155–165, ACM, 2008. Awarded: SIGSOFT Distinguished Paper Award [bib] [pdf]
[11] Finding programming errors earlier by evaluating runtime monitors ahead-of-time (Eric Bodden, Patrick Lam, Laurie Hendren), In 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT’08/FSE-16), pages 36–47, ACM, 2008. [bib] [pdf] [doi]
[10] Object representatives: a uniform abstraction for pointer information (Eric Bodden, Patrick Lam, Laurie Hendren), In Visions of Computer Science – International Academic Conference of the British Computer Society (BCS 2008), London, United Kingdom, 2008. [bib] [pdf]
[9] Relational aspects as tracematches (Eric Bodden, Reehan Shaikh, Laurie Hendren), In AOSD ’08: Proceedings of the 7th international conference on Aspect-oriented software development, pages 84–95, ACM, 2008. [bib] [pdf] [doi]
[8] The design and implementation of formal monitoring techniques (Eric Bodden), In OOPSLA ’07: Companion of the 22nd annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, 2007. (Doctoral Symposium) [bib] [pdf]
[7] Domain-Specific Modelling with AToM-3 (Hans Vangheluwe, Ximeng Sun, Eric Bodden), In Second International Conference on Software and Data Technologies (ICSOFT). Special Session on Metamodelling — Utilization in Software Engineering (MUSE), pages 305 — 314, INSTICC Press, 2007. [bib] [pdf]
[6] The design and implementation of formal monitoring techniques (Eric Bodden), In Doctoral Symposium at the 21st European Conference on Object-Oriented Programming, Berlin, Germany, 2007. [bib] [pdf]
[5] A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring (Eric Bodden, Laurie Hendren, Ondrej Lhoták), In ECOOP (Erik Ernst, ed.), pages 525–549, Volume 4609 of Lecture Notes in Computer Science, Springer, 2007. [bib] [pdf]
[4] Transforming Timeline specifications into automata for runtime monitoring (Eric Bodden, Hans Vangheluwe), In 3rd International Symposium on Applications of Graph Transformations with Industrial Relevance (AGTIVE), pages 249–265, Volume 5088 of Lecture Notes of Computer Science, Springer, 2007. [bib] [pdf]
[3] Avoiding Infinite Recursion with Stratified Aspects (Eric Bodden, Florian Forster, Friedrich Steimann), In GI-Edition Lecture Notes in Informatics “NODe 2006 GSEM 2006” (Robert Hirschfeld, Andreas Polze, Ryszard Kowalczyk, eds.), pages 49 — 64, Bonner Köllen Verlag, 2006. [bib] [pdf]
[2] Aspects and Data Refinement (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Oege de Moor, Neil Ongkingco, Damien Sereni, Ganesh Sittampalam, Julian Tibble), In Mathematics of Program Construction (MPC) (Tarmo Uustalu, ed.), Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
[1] Aspects for Trace Monitoring (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Laurie Hendren, Ondrej Lhoták, Oege de Moor, Neil Ongkingco, Damien Sereni, Ganesh Sittampalam, Julian Tibble, Mathieu Verbaere), In Formal Approaches to Testing Systems and Runtime Verification (FATES/RV) (Klaus Havelund, Manuel Nunez, Grigore Rosu, Burkhart Wolff, eds.), pages 20–39, Volume 4262 of Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
Refereed Workshop Papers
[28] Automated Cell Header Generator for Jupyter Notebooks (Ashwin Prasad Shivarpatna Venkatesh, Eric Bodden), In International Workshop on AI and Software Testing/Analysis (AISTA), 2021. (To appear.) [bib] [pdf]
[27] AuthCheck: Program-state Analysis for Access-control Vulnerabilities (Goran Piskachev, Tobias Petrasch, Johannes Späth, Eric Bodden), In 10th Workshop on Tools for Automatic Program Analysis (TAPAS), 2019. [bib] [pdf]
[26] Explaining Static Analysis — A Perspective (Marcus Nachtigall, Lisa Nguyen Quang Do, Eric Bodden), In 1st International Workshop on Explainable Software (EXPLAIN) at ASE, 2019. [bib] [pdf]
[25] SootDiff: Bytecode Comparison across Different Java Compilers (Andreas Dann, Ben Hermann, Eric Bodden), In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 14–19, SOAP 2019, Association for Computing Machinery, 2019. [bib] [pdf] [doi]
[24] The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them) (Eric Bodden), In ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018), pages 85–93, ISSTA ’18, ACM, 2018. [bib] [pdf] [doi]
[23] PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution (Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer, Eric Bodden), In International Workshop on Security and Trust Management (STM), pages 212–228, 2016. [bib] [pdf]
[22] Towards Cross-Platform Cross-Language Analysis with Soot (Steven Arzt, Tobias Kussmaul, Eric Bodden), In Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 1–6, SOAP 2016, , 2016. [bib] [pdf]
[21] Toward an Automated Benchmark Management System (Lisa Nguyen Quang Do, Michael Eichberg, Eric Bodden), In Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 13–17, SOAP 2016, , 2016. [bib] [pdf]
[20] Don’t let data Go astray—A Context-Sensitive Taint Analysis for Concurrent Programs in Go (Eric Bodden, Michael Eichberg, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Nordic Workshop on Programming Theory (NWPT’16), 2016. [bib] [pdf]
[19] Using Targeted Symbolic Execution for Reducing False-positives in Dataflow Analysis (Steven Arzt, Siegfried Rasthofer, Robert Hahn, Eric Bodden), In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 1–6, SOAP 2015, , 2015. [bib] [pdf] [doi]
[18] TS4J: A Fluent Interface for Defining and Computing Typestate Analyses (Eric Bodden), In 3rd ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2014), 2014. [bib] [pdf]
[17] Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock Phones (Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden), In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones &\38; Mobile Devices, pages 21–26, SPSM ’14, ACM, 2014. [bib] [pdf] [doi]
[16] InvokeDynamic support in Soot (Eric Bodden), In 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), pages 51–55, 2012. [bib] [pdf] [doi]
[15] Inter-procedural Data-flow Analysis with IFDS/IDE and Soot (Eric Bodden), In 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), pages 3–8, 2012. [bib] [pdf] [doi]
[14] Position Paper: Static Flow-Sensitive & Context-Sensitive Information-flow Analysis for Software Product Lines (Eric Bodden), In ACM SIGPLAN Seventh Workshop on Programming Languages and Analysis for Security (PLAS 2012), pages 6:1–6:6, 2012. [bib] [pdf] [doi]
[13] Towards Typesafe Weaving for Modular Reasoning in Aspect-Oriented Programs (Eric Bodden), In FOAL ’12: International Workshop on the Foundations of Aspect-Oriented Languages, 2012. (Keynote abstract.) [bib] [pdf]
[12] The Soot framework for Java program analysis: a retrospective (Patrick Lam, Eric Bodden, Ondrej Lhoták, Laurie Hendren), In Cetus Users and Compiler Infrastructure Workshop (CETUS 2011), 2011. [bib] [pdf]
[11] Continuation equivalence: a Correctness Criterion for Static Optimizations of Dynamic Analyses (Eric Bodden), In WODA ’11: International Workshop on Dynamic Analysis, pages 24–28, ACM, 2011. [bib] [pdf]
[10] IDE 2.0: Collective Intelligence in Software Development (Marcel Bruch, Eric Bodden, Martin Monperrus, Mira Mezini), In FSE/SDP Workshop on the Future of Software Engineering, pages 53–58, ACM, 2010. [bib] [pdf]
[9] Specifying and Exploiting Advice-Execution Ordering using Dependency State Machines (Eric Bodden), In International Workshop on the Foundations of Aspect-Oriented Languages (FOAL), 2010. [bib] [pdf]
[8] Collaborative runtime verification with tracematches (Eric Bodden, Laurie Hendren, Patrick Lam, Ondrej Lhoták, Nomair A. Naeem), In 7th workshop on Runtime Verification at the 6th International Conference on Aspect-Oriented Software Development, Vancouver, Canada, pages 22–37, Volume 4839 of LNCS, Springer, 2007. [bib] [pdf]
[7] Tracechecks: Defining Semantic Interfaces with Temporal Logic (Eric Bodden, Volker Stolz), In Software Composition (Welf Löwe, Mario Südholt, eds.), pages 147–162, Volume 4089 of Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
[6] Efficient temporal pointcuts through dynamic advice deployment (Eric Bodden, Volker Stolz), In Workshop on Open Aspect Languages, Bonn, Germany, 2006. [bib] [pdf]
[5] Concern specific languages and their implementation with abc (Eric Bodden), In 3rd Workshop on Software-engineering Properties of Languages and Aspect Technologies (SPLAT) at the 4th International Conference on Aspect-oriented Software Development, March 15th 2005, Chicago, USA, 2005. [bib] [pdf]
[4] Temporal Assertions using AspectJ (Volker Stolz, Eric Bodden), In 5th Workshop on Runtime Verification, pages 109–124, 144(4) of Electronic Notes in Theoretical Computer Science, Elsevier, 2005. [bib] [pdf]
[3] Efficient and Expressive Runtime Verification for Java (Eric Bodden), In Grand Finals of the ACM Student Research Competition 2005, 2005. Awarded: Winner paper of the Grand Finals [bib] [pdf]
[2] A lightweight LTL runtime verification tool for Java (Eric Bodden), In Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2004, October 24-28, 2004, Vancouver, BC, Canada, pages 306–307, ACM, 2004. (ACM Student Research Competition) [bib] [pdf]
[1] A high-level view of Java applications (Eric Bodden), In OOPSLA ’03: Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pages 384–385, ACM Press, 2003. (ACM Student Research Competition) [bib] [pdf] [doi]
Other Publications
[41] Codebase-Adaptive Detection of Security-Relevant Methods (Goran Piskachev, Lisa Nguyen, Eric Bodden), Technical report tr-ri-19-356, Heinz Nixdorf Institut, 2019. [bib]
[40] Self-adaptive static analysis (Eric Bodden), Technical report arXiv:1710.07430, arXiv.org, 2017. [bib] [pdf]
[39] CrySL: Validating Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), Technical report arXiv:1710.00564, arXiv.org, 2017. [bib] [pdf]
[38] Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), Technical report, University of Alberta Dataverse, 2016. [bib] [pdf] [doi]
[37] Sicherheitsanalyse TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Bundesamt für Sicherheit in der Informationstechnik, 2015. [bib] [pdf]
[36] Security Analysis of TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Federal Office for Information Security, 2015. [bib] [pdf]
[35] Time for Addressing Software Security Issues: Prediction Models and Impacting Factors (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker), Technical report TUD-CS-2015-1268, EC SPRIDE, 2015. [bib]
[34] Toward a Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Eric Bodden, Benjamin Livshits), Technical report TUD-CS-2015-1167, EC SPRIDE, 2015. [bib] [pdf]
[33] An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), Technical report TUD-CS-2015-0065, EC SPRIDE, 2015. [bib] [pdf]
[32] Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), Technical report TUD-CS-2015-0031, EC SPRIDE, 2015. [bib] [pdf]
[31] A Brief Tour of Join Point Interfaces (Eric Bodden, Éric Tanter, Milton Inostroza), pages 19–22, International Conference on Aspect-oriented Programming (AOSD), demo track, 2013. [bib] [pdf]
[30] SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks (Steven Arzt, Siegfried Rasthofer, Eric Bodden), Technical report TUD-CS-2013-0114, EC SPRIDE, 2013. [bib] [pdf]
[29] Efficiently updating IDE-based data-flow analyses in response to incremental program changes (Steven Arzt, Eric Bodden), Technical report TUD-CS-2013-0253, EC SPRIDE, 2013. [bib] [pdf]
[28] Highly Precise Taint Analysis for Android Applications (Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau, Patrick McDaniel), Technical report TUD-CS-2013-0113, EC SPRIDE, 2013. [bib] [pdf]
[27] Transparent and Efficient Reuse of IFDS-based Static Program Analyses for Software Product Lines (Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini), Technical report TUD-CS-2012-0239, EC SPRIDE, Technische Universität Darmstadt, 2012. [bib] [pdf]
[26] Safe and Practical Decoupling of Aspects with Join Point Interfaces (Eric Bodden, Éric Tanter, Milton Inostroza), Technical report TUD-CS-2012-0106, CASED, 2012. [bib] [pdf]
[25] Identifying meaningless parameterized linear-temporal-logic formulas (Eric Bodden), Technical report TUD-CS-2012-0014, CASED, 2012. [bib] [pdf]
[24] On the Expressiveness of Parameterized Finite-state Runtime Monitors (Eric Bodden), Technical report TUD-CS-2012-0013, CASED, 2012. [bib] [pdf]
[23] Modular Reasoning with Join Point Interfaces (Milton Inostroza, Éric Tanter, Eric Bodden), Technical report TUD-CS-2011-0272, CASED, 2011. [bib] [pdf]
[22] Defining Access Control Policies as Tracematches (Eric Bodden), Technical report TUD-CS-2011-0149, CASED, 2011. [bib] [pdf]
[21] Taming Reflection: Static Analysis in the Presence of Reflection and Custom Class Loaders (Eric Bodden, Andreas Sewe, Jan Sinschek, Mira Mezini), Technical report TUD-CS-2010-0066, CASED, 2010. [bib] [pdf]
[20] Sicher fahren: Absicherung moderner Fahrzeugsoftware (Eric Bodden, Mira Mezini, Sven Patzina, Lars Patzina, Andreas Sewe, Andy Schürr), Forschen, Technische Universität Darmstadt, 2010. [bib] [pdf]
[19] Clara: a framework for implementing hybrid typestate analyses (Eric Bodden), Technical report Clara-2, https://www.bodden.de/clara/, 2009. [bib] [pdf]
[18] Efficient and Precise Typestate Analysis by Determining Continuation-Equivalent States (Eric Bodden), Technical report Clara-1, https://www.bodden.de/clara/, 2009. [bib] [pdf]
[17] Transforming Timeline specifications into automata for runtime monitoring (Eric Bodden, Hans Vangheluwe), Technical report SABLE-TR-2008-1, Sable Research Group, School of Computer Science, McGill University, 2008. [bib] [pdf]
[16] Dependent advice: A general approach to optimizing history-based aspects (extended version) (Eric Bodden, Feng Chen, Grigore Rosu), Technical report abc-2008-2, https://www.aspectbench.org/, 2008. [bib] [pdf]
[15] Relational Aspects as Tracematches (Eric Bodden, Reehan Shaikh, Laurie Hendren), Technical report abc-2007-4, https://www.aspectbench.org/, 2007. [bib] [pdf]
[14] Instance keys: A technique for sharpening whole-program pointer analyses with intraprocedural information (Eric Bodden, Patrick Lam, Laurie Hendren), Technical report SABLE-TR-2007-8, Sable Research Group, School of Computer Science, McGill University, 2007. [bib] [pdf]
[13] Flow-sensitive static optimizations for runtime monitoring (Eric Bodden, Patrick Lam, Laurie Hendren), Technical report abc-2007-3, https://www.aspectbench.org/, 2007. [bib] [pdf]
[12] Arithmetic Coding revealed – A guided tour from theory to praxis (Eric Bodden, Malte Clasen, Joachim Kneis), Technical report 2007-5, Sable Research Group, McGill University, 2007. [bib] [pdf]
[11] A staged static program analysis to improve the performance of runtime monitoring (extended version) (Eric Bodden, Laurie Hendren, Ondrej Lhoták), Technical report abc-2007-2, https://www.aspectbench.org/, 2007. [bib] [pdf]
[10] Efficient runtime monitoring through static analysis (Eric Bodden), Poster, 21st European Conference on Object-Oriented Programming, July 30th 2007, Berlin, Germany, 2007. [bib]
[9] Efficient runtime monitoring through static analysis (Eric Bodden), Poster, 6th International Conference on Aspect-Oriented Software Development, March 12th-16th 2007, Vancouver, BC, Canada, 2007. [bib]
[8] abc: How to implement your own tools for AOP research (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Ondrej Lhoták, Oege de Moor, Neil Ongkingco, Julian Tibble), Tutorial, 5th International Conference on Aspect-oriented Software Development, March 20th-24th 2006, Bonn, Germany, 2006. [bib]
[7] Efficient Trace Monitoring (Pavel Avgustinov, Julian Tibble, Eric Bodden, Ondrej Lhoták, Laurie Hendren, Oege de Moor, Neil Ongkingco, Ganesh Sittampalam), Technical report abc-2006-1, https://www.aspectbench.org/, 2006. [bib] [pdf]
[6] A staged static program analysis to improve the performance of runtime monitoring (Eric Bodden, Laurie Hendren, Ondrej Lhoták), Technical report abc-2006-4, https://www.aspectbench.org/, 2006. [bib] [pdf]
[5] More Efficient Runtime Monitors Through Static Analysis (Eric Bodden), Poster, ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, ON, Canada, 2006. [bib]
[4] Efficient trace monitoring (Pavel Avgustinov, Julian Tibble, Eric Bodden, Laurie Hendren, Ondrej Lhotak, Oege de Moor, Neil Ongkingco, Ganesh Sittampalam), Poster with abstract, pages 685–686, ACM Press, 2006. [bib] [pdf] [doi]
[3] Temporal Assertions using AspectJ (Eric Bodden), Poster, 4th International Conference on Aspect-oriented Software Development, March 14th-18th 2005, Chicago, IL, USA, 2006. [bib]
[2] Zweigstelle, Hauptstelle, Dienstleister: Aspektorientierte Programmierung mit .NET (Torsten Weber, Eric Bodden), ObjektSPEKTRUM, SIGS-DATACOM, 2006. [bib] [pdf]
[1] Implementing concern-specific languages with abc (Eric Bodden), Seminar on Aspect-oriented Programming, Prof. Friedrich Steimann, Hannover University, 2005. [bib] [pdf]
Powered by bibtexbrowser