Publications

You will find most of my publications below. Google scholar is keeping track of my publications as well. Click here to see my profile page there.

Click here to search or browse through these publications.

Publications of .* [rss]
Ph.D. theses advised by me
[4] Improving Mobile-Malware Investigations with Static and Dynamic Code Analysis Techniques (Siegfried Rashofer), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf]
[3] On Generating Gadget Chains for Return-Oriented Programming (Andreas Follner), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf]
[2] On the Use of Migration to Stop Illicit Channels (Kevin Falzon), PhD thesis, Technische Universität Darmstadt, 2016. [bib] [pdf]
[1] Static Data Flow Analysis for Android Applications (Steven Arzt), PhD thesis, Technische Universität Darmstadt, 2016. Awarded: Summa cum laude, Fraunhofer IuK Dissertation Award & Dissertation Award of the Ernst Denert Foundation [bib] [pdf]
Books
[2] Industrial Security by Design (Christopher Gerking, Eric Bodden, Wilhelm Schäfer), Chapter in (Günter W. Maier, Gregor Engels, Eckhard Steffen, eds.), pages 1–24, Springer Berlin Heidelberg, 2017. [bib] [pdf] [doi]
[1] Entwicklung sicherer Software durch Security by Design (Michael Waidner, Michael Backes, Jörn Müller-Quade, Eric Bodden, Markus Schneider, Michael Kreutzer, Mira Mezini, Christian Hammer, Andreas Zeller, Dirk Achenbach, Matthias Huber, Daniel Kraschewski), (Michael Waidner, Michael Backes, Jörn Müller-Quade, eds.), SIT TECHNICAL REPORTS, Fraunhofer Verlag, 2013. (ISBN: 978-3-8396-0567-7) [bib] [pdf]
Theses
[2] Verifying finite-state properties of large-scale programs (Eric Bodden), PhD thesis, McGill University, 2009. (Available in print through ProQuest) [bib] [pdf]
[1] J-LO – A tool for runtime-checking temporal assertions (Eric Bodden), Diploma thesis, RWTH Aachen University, 2005. [bib] [pdf]
Patents
[2] Apparatuses, Mobile Devices, Methods and Computer Programs for Evaluating Runtime Information of an Extracted Set of Instructions based on at least a part of a Computer Program (Siegfried Rasthofer, Marc Miltenberger, Eric Bodden), DPMA 10 2014 118 034.8, 2014. [bib]
[1] Method and system for performance profiling of software (Eric Bodden, Christopher Goodfellow, Howard Hellyer), US Patent No. 7765094 (granted), 2010. [bib] [pdf]
Proceedings and Book Chapters
[4] Special Section on Runtime Verification and Analysis, (Eric Bodden, Shahar Maoz, eds.), Transactions on Aspect-Oriented Software Development (TAOSD), Springer, 2014. (To appear) [bib]
[3] Proceedings of the 12th International Conference on Software Composition, (Walter Binder, Eric Bodden, Welf Löwe, eds.), Lecture Notes in Computer Science, Springer, 2013. [bib]
[2] Proceedings of the 10th International Workshop on Dynamic Analysis (WODA 2012), (Eric Bodden, Madanlal Musuvathi, eds.), ACM, 2012. [bib]
[1] Proceedings of the 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), (Eric Bodden, Laurie Hendren, Patrick Lam, Elena Sherman, eds.), ACM, 2012. [bib]
Refereed Journal Articles
[13] Debugging Static Analysis (Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, Eric Bodden), In IEEE Transactions on Software Engineering, pages 1-1, (), 2018. [bib] [doi]
[12] Tracking Load-time Configuration Options (M. Lillack, C. Kästner, E. Bodden), In IEEE Transactions on Software Engineering, pages 1-1, PP(99), 2017. [bib] [pdf] [doi]
[11] Time for Addressing Software Security Issues: Prediction Models and Impacting Factors (Lotfi Ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker), In Data Science and Engineering, pages 107–124, 2(2), 2017. [bib] [pdf] [doi]
[10] ROPocop — Dynamic mitigation of code-reuse attacks (Andreas Follner, Eric Bodden), In Journal of Information Security and Applications, pages 16–26, Volume 29, 2016. [bib] [pdf] [doi]
[9] Harvester – Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen (Siegfried Rasthofer, Steven Arzt, Eric Bodden, Marc Miltenberger), In Datenschutz und Datensicherheit, pages 718–722, 2016. [bib] [pdf] [doi]
[8] Incorporating Attacker Capabilities in Risk Estimation and Mitigation (Lotfi ben Othmane, Rohit Ranchal, Ruchith Fernando, Bharat Bhargava, Eric Bodden), In Elsevier Computers & Security, pages 41–61, Volume 51, 2015. [bib] [pdf]
[7] Join Point Interfaces for Safe and Flexible Decoupling of Aspects (Eric Bodden, Éric Tanter, Milton Inostroza), In ACM Trans. Softw. Eng. Methodol., pages 7:1–7:41, 23(1), 2014. [bib] [pdf] [doi]
[6] Automated API Property Inference Techniques (Martin P. Robillard, Eric Bodden, David Kawrykow, Mira Mezini, Tristan Ratchford), In IEEE Trans. Softw. Eng., pages 613–637, 39(5), 2013. [bib] [pdf] [doi]
[5] Schutzmaßnahmen gegen Datenschutz-unfreundliche Smartphone-Apps (Eric Bodden, Siegfried Rasthofer, Philipp Richter, Alexander Roßnagel), In Datenschutz und Datensicherheit, 2013. [bib] [pdf]
[4] Partially evaluating finite-state runtime monitors ahead of time (Eric Bodden, Patrick Lam, Laurie Hendren), In ACM Transactions on Programming Languages and Systems (TOPLAS), pages 7:1–7:52, 34(2), 2012. [bib] [pdf] [doi]
[3] The Clara framework for hybrid typestate analysis (Eric Bodden, Laurie Hendren), In International Journal on Software Tools for Technology Transfer (STTT), pages 307-326, Volume 14, 2012. (10.1007/s10009-010-0183-5) [bib] [pdf]
[2] Aspect-oriented Race Detection in Java (Eric Bodden, Klaus Havelund), In IEEE Transactions on Software Engineering (TSE), pages 509–527, 36(4), 2010. [bib] [pdf]
[1] Collaborative Runtime Verification with Tracematches (Eric Bodden, Laurie Hendren, Patrick Lam, Ondrej Lhoták, Nomair A. Naeem), In Oxford Journal of Logics and Computation, 2008. [bib] [pdf] [doi]
Refereed Conference Papers
[74] Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems (Johannes Späth, Karim Ali, Eric Bodden), In ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2019), 2019. (To appear.) Awarded: Artifact Evaluation Award [bib] [pdf]
[73] Do Android Taint Analysis Tools Keep their Promises? (Felix Pauck, Eric Bodden, Heike Wehrheim), In ESEC/FSE ’18: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2018. (To appear.) Awarded: Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf]
[72] Gamifying Static Analysis (Lisa Nguyen Quang Do, Eric Bodden), In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 714–718, ESEC/FSE 2018, ACM, 2018. [bib] [pdf] [doi]
[71] Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes (Johannes Geismann, Christopher Gerking, Eric Bodden), In International Conference on Software and System Processes (ICSSP), 2018. [bib] [pdf]
[70] VISUFLOW, a Debugging Environment for Static Analyses (Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, Eric Bodden), In International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2018. [bib] [pdf]
[69] Self-adaptive Static Analysis (Eric Bodden), In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, pages 45–48, ICSE-NIER ’18, ACM, 2018. [bib] [pdf] [doi]
[68] Model Checking the Information Flow Security of Real-Time Systems (Christopher Gerking, David Schubert, Eric Bodden), In Engineering Secure Software and Systems (Mathias Payer, Awais Rashid, Jose M. Such, eds.), pages 27–43, Springer International Publishing, 2018. [bib] [pdf]
[67] CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), In European Conference on Object-Oriented Programming (ECOOP), pages 10:1–10:27, 2018. Awarded: Artifact Evaluation Award [bib] [pdf]
[66] Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation (Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, Mira Mezini), In 2017 IEEE Symposium on Security and Privacy (Oakland S&P), IEEE Press, 2017. [bib] [pdf]
[65] IDEal: Efficient and Precise Alias-aware Dataflow Analysis (Johannes Späth, Karim Ali, Eric Bodden), In 2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH), ACM Press, 2017. Awarded: Artifact Evaluation Award [bib] [pdf]
[64] The Soot-based Toolchain For Analyzing Android Apps (Steven Arzt, Siegfried Rasthofer, Eric Bodden), In IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), ACM Press, 2017. (Invited Paper. To appear.) [bib] [pdf]
[63] Just-in-time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 307–317, ISSTA 2017, ACM, 2017. Awarded: Distinguished Paper Award, Artifact Evaluation Award [bib] [pdf] [doi]
[62] Cheetah: Just-in-Time Taint Analysis for Android Apps (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), In International Conference for Software Engineering (ICSE), Tool Demonstrations Track, 2017. [bib] [pdf]
[61] CogniCrypt: Supporting Developers in using Cryptography (Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath), In International Conference on Automated Software Engineering (ASE 2017), Tool Demo Track, 2017. [bib] [pdf]
[60] Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels (Kevin Falzon, Eric Bodden), In Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2–8, 2016, Proceedings (Frank Piessens, Luca Viganò, eds.), pages 116–138, Springer Berlin Heidelberg, 2016. [bib] [pdf] [doi]
[59] Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), In Network and Distributed System Security Symposium (NDSS), 2016. [bib] [pdf]
[58] Information Flow Analysis for Go (Eric Bodden, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques – 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part I, pages 431–445, 2016. [bib] [pdf] [doi]
[57] StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework (Steven Arzt, Eric Bodden), In International Conference for Software Engineering (ICSE), 2016. [bib] [pdf]
[56] Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs? (Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden), In International Conference for Software Engineering (ICSE), pages 935–946, 2016. [bib] [pdf]
[55] Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment (N. Eling, S. Rasthofer, M. Kolhagen, Eric Bodden, P. Buxmann), In 2016 49th Hawaii International Conference on System Sciences (HICSS), pages 3666–3675, 2016. [bib] [pdf] [doi]
[54] Analyzing the Gadgets – Towards a Metric to Measure Gadget Quality (Andreas Follner, Alexandre Bartel, Eric Bodden), In International Symposium on Engineering Secure Software and Systems (ESSoS), 2016. (To appear.) Awarded: Artifact Evaluation Award [bib] [pdf]
[53] Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, Eric Bodden), In European Conference on Object-Oriented Programming (ECOOP), 2016. Awarded: Artifact Evaluation Award [bib] [pdf]
[52] An In-Depth Study of More Than Ten Years of Java Exploitation (Philipp Holzinger, Stefan Triller, Alexandre Bartel, Eric Bodden), In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 779–790, CCS ’16, , 2016. [bib] [pdf] [doi]
[51] How Current Android Malware Seeks to Evade Automated Code Analysis (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), In International Conference on Information Security Theory and Practice (WISTP’2015), 2015. [bib] [pdf]
[50] Factors Impacting the Effort Required to Fix Security Vulnerabilities – An industrial Case Study (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, Achim D. Brucker, Philip Miseldine), In Information Security Conference (ISC 2015), pages 102–119, Volume 9290 of Lecture Notes in Computer Science, Springer, 2015. [bib] [pdf]
[49] DroidSearch: A Powerful Search Engine for Android Applications (Siegfried Rasthofer, Steven Arzt, Max Kolhagen, Brian Pfretzschner, Stephan Huber, Eric Bodden, Philipp Richter), In 2015 Science and Information Conference (SAI), 2015. [bib] [pdf]
[48] jäk: Using Dynamic Analysis to Crawl and Test Modern Web Applications (Giancarlo Pellegrino, Constantin Tschürtz, Eric Bodden, Christian Rossow), In Research in Attacks, Intrusions, and Defenses (RAID), pages 295–316, Lecture Notes in Computer Science, Springer International Publishing, 2015. [bib] [pdf]
[47] Dynamically Provisioning Isolation in Hierarchical Architectures (Kevin Falzon, Eric Bodden), In Information Security (Javier Lopez, Chris J. Mitchell, eds.), pages 83–101, Volume 9290 of Lecture Notes in Computer Science, Springer International Publishing, 2015. Awarded: Best Student Paper Award [bib] [pdf] [doi]
[46] Mining Apps for Abnormal Usage of Sensitive Data (Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, Eric Bodden), In 2015 International Conference on Software Engineering (ICSE), pages 426–436, 2015. Awarded: Best paper award at the 2016 Spanish Cybersecurity Days (Jornadas Nacionales de Investigación en Ciberseguridad) [bib] [pdf]
[45] IccTA: Detecting Inter-Component Privacy Leaks in Android Apps (Li Li, Alexandre Bartel, Tegawende F. Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, Patrick McDaniel), In 2015 International Conference on Software Engineering (ICSE), pages 280–291, 2015. [bib] [pdf]
[44] (In)Security of Backend-as-a-Service (Steven Arzt Robert Hahn Max Kohlhagen Eric Bodden Siegfried Rasthofer), In blackhat europe 2015, 2015. [bib] [pdf]
[43] Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis With Unbounded Access Paths (Johannes Lerch‡, Johannes Späth, Eric Bodden, Mira Mezini‡), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2015), pages 619–629, 2015. [bib] [pdf]
[42] Towards Secure Integration of Cryptographic Software (Steven Arzt, Sarah Nadi, Karim Ali, Eric Bodden, Sebastian Erdweg, Mira Mezini), In 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), pages 1–13, Onward! 2015, ACM, 2015. [bib] [pdf] [doi]
[41] Reviser: Efficiently Updating IDE-/IFDS-based Data-flow Analyses in Response to Incremental Program Changes (Steven Arzt, Eric Bodden), In Proceedings of the 36th International Conference on Software Engineering, pages 288–298, 2014. [bib] [pdf]
[40] A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (Siegfried Rasthofer, Steven Arzt, Eric Bodden), In 2014 Network and Distributed System Security Symposium (NDSS), 2014. [bib] [pdf]
[39] Tracking Load-time Configuration Options (Max Lillack, Christian Kästner, Eric Bodden), In IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), pages 445–456, 2014. [bib] [pdf] [doi]
[38] Zertifizierte Datensicherheit für mobile Anwendungen (Karsten Sohr, Steffen Bartsch, Melanie Volkamer, Bernhard Berger, Eric Bodden, Achim Brucker, Sönke Maseberg, Mehmet Kus, Jens Heider), In GI Sicherheit 2014, 2014. [bib] [pdf]
[37] Variational Data Structures: Exploring Trade-Offs in Computing with Variability (Eric Walkingshaw, Christian Kästner, Martin Erwig, Sven Apel, Eric Bodden), In Onward! 2014, pages 213–226, 2014. [bib] [pdf]
[36] FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel), In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 259–269, PLDI ’14, ACM, 2014. Awarded: Artifact Evaluation Award [bib] [pdf] [doi]
[35] FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases (Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini), In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 98–108, FSE 2014, ACM, 2014. [bib] [pdf]
[34] DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android (Steven Arzt, Siegfried Rasthofer, Enrico Lovat, Eric Bodden), In International Conference on Availability, Reliability and Security (ARES 2014), pages 40–49, IEEE, 2014. [bib] [pdf]
[33] Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis (Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, Yves Le Traon), In USENIX Security Symposium 2013, 2013. [bib] [pdf]
[32] SPLLIFT: statically analyzing software product lines in minutes instead of years (Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini), In Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation (PLDI), pages 355–364, 2013. [bib] [pdf]
[31] Distributed Finite-State Runtime Monitoring with Aggregated Events (Kevin Falzon, Eric Bodden, Rahul Purandare), In Runtime Verification (Axel Legay, Saddek Bensalem, eds.), pages 94–111, Volume 8174 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013. [bib] [pdf] [doi]
[30] Reducing human factors in software security architectures (Eric Bodden, Ben Hermann, Johannes Lerch, Mira Mezini), In Future Security Conference 2013, pages 275–285, 2013. [bib] [pdf]
[29] How useful are existing monitoring languages for securing Android apps? (Steven Arzt, Kevin Falzon, Andreas Follner, Siegfried Rasthofer, Eric Bodden, Volker Stolz), In ATPS, pages 107–122, Volume P-215 of GI Lecture Notes in Informatics, Gesellschaft für Informatik, 2013. [bib] [pdf]
[28] Challenges for Refinement and Composition of Instrumentations (Position Paper) (Danilo Ansaloni, Walter Binder, Christoph Bockisch, Eric Bodden, Kardelen Hatun, Lukas Marek, Zhengwei Qi, Aibek Sarimbekov, Andreas Sewe, Petr Tuma, Yudi Zheng), In International Conference on Software Composition (SC 2012) (Thomas Gschwind, Flavio Paoli, Volker Gruhn, Matthias Book, eds.), pages 86-96, Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2012. [bib] [pdf] [doi]
[27] RefaFlex: Safer Refactorings for Reflective Java Programs (Andreas Thies, Eric Bodden), In International Symposium on Software Testing and Analysis (ISSTA 2012), pages 1–14, 2012. Awarded: SIGSOFT Distinguished Paper Award [bib] [pdf]
[26] Delta-oriented Monitor Specification (Eric Bodden, Kevin Falzon, Ka I Pun, Volker Stolz), In 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2012), pages 162–177, Springer, 2012. [bib] [pdf]
[25] Challenges in defining a programming language for provably correct dynamic analyses (Eric Bodden, Andreas Follner, Siegfried Rasthofer), In 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2012), pages 4–18, Springer, 2012. [bib] [pdf]
[24] Dynamic Anomaly Detection for More Trustworthy Outsourced Computation in Hybrid Clouds (Sami Alsouri, Jan Sinschek, Andreas Sewe, Eric Bodden, Stefan Katzenbeisser, Mira Mezini), In Information Security Conference (ISC 2012), pages 168–187, Volume 7483 of LNCS, Springer, 2012. [bib] [pdf]
[23] MOPBox: A Library Approach to Runtime Verification (Eric Bodden), In Runtime Verification, pages 365–369, Volume 7186 of LNCS, Springer, 2012. [bib] [pdf]
[22] Join Point Interfaces for Modular Reasoning in Aspect-Oriented Programs (Milton Inostroza, Éric Tanter, Eric Bodden), In ESEC/FSE ’11: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 508–511, 2011. [bib] [pdf]
[21] Taming Reflection: Aiding Static Analysis in the Presence of Reflection and Custom Class Loaders (Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, Mira Mezini), In ICSE ’11: International Conference on Software Engineering, pages 241–250, ACM, 2011. [bib] [pdf]
[20] Stateful Breakpoints: A Practical Approach to Defining Parameterized Runtime Monitors (Eric Bodden), In ESEC/FSE ’11: Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 492–495, 2011. [bib] [pdf]
[19] Closure Joinpoints: Block joinpoints without surprises (Eric Bodden), In AOSD ’11: Proceedings of the 10th International Conference on Aspect-oriented Software Development, pages 117–128, ACM, 2011. [bib] [pdf]
[18] Reducing Configurations to Monitor in a Software Product Line (Chang Hwan Peter Kim, Eric Bodden, Don Batory, Sarfraz Khurshid), In 1st International Conference on Runtime Verification (RV), pages 285–299, Volume 6418 of LNCS, Springer, 2010. [bib] [pdf]
[17] Clara: a Framework for Statically Evaluating Finite-state Runtime Monitors (Eric Bodden, Patrick Lam, Laurie Hendren), In 1st International Conference on Runtime Verification (RV), pages 74–88, Volume 6418 of LNCS, Springer, 2010. [bib] [pdf]
[16] Clara: Partially Evaluating Runtime Monitors at Compile Time (Eric Bodden, Patrick Lam), In 1st International Conference on Runtime Verification (RV), pages 183–197, Volume 6418 of LNCS, Springer, 2010. (Tutorial) [bib] [pdf]
[15] Effective API Navigation and Reuse (Awny Alnusair, Tian Zhao, Eric Bodden), In International Conference on Information Reuse and Integration (IEEE IRI), pages 7–12, IEEE, 2010. [bib] [pdf] [doi]
[14] Efficient Hybrid Typestate Analysis by Determining Continuation-Equivalent States (Eric Bodden), In ICSE ’10: International Conference on Software Engineering, pages 5–14, ACM, 2010. [bib] [pdf]
[13] Dependent advice: A general approach to optimizing history-based aspects (Eric Bodden, Feng Chen, Grigore Rosu), In AOSD ’09: Proceedings of the 8th international conference on Aspect-oriented software development, pages 3–14, ACM, 2009. [bib] [pdf]
[12] Racer: Effective Race Detection Using AspectJ (Eric Bodden, Klaus Havelund), In International Symposium on Software Testing and Analysis (ISSTA 2008), Seattle, WA, pages 155–165, ACM, 2008. Awarded: SIGSOFT Distinguished Paper Award [bib] [pdf]
[11] Finding programming errors earlier by evaluating runtime monitors ahead-of-time (Eric Bodden, Patrick Lam, Laurie Hendren), In 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT’08/FSE-16), pages 36–47, ACM, 2008. [bib] [pdf] [doi]
[10] Object representatives: a uniform abstraction for pointer information (Eric Bodden, Patrick Lam, Laurie Hendren), In Visions of Computer Science – International Academic Conference of the British Computer Society (BCS 2008), London, United Kingdom, 2008. [bib] [pdf]
[9] Relational aspects as tracematches (Eric Bodden, Reehan Shaikh, Laurie Hendren), In AOSD ’08: Proceedings of the 7th international conference on Aspect-oriented software development, pages 84–95, ACM, 2008. [bib] [pdf] [doi]
[8] The design and implementation of formal monitoring techniques (Eric Bodden), In OOPSLA ’07: Companion of the 22nd annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, 2007. (Doctoral Symposium) [bib] [pdf]
[7] Domain-Specific Modelling with AToM-3 (Hans Vangheluwe, Ximeng Sun, Eric Bodden), In Second International Conference on Software and Data Technologies (ICSOFT). Special Session on Metamodelling — Utilization in Software Engineering (MUSE), pages 305 — 314, INSTICC Press, 2007. [bib] [pdf]
[6] The design and implementation of formal monitoring techniques (Eric Bodden), In Doctoral Symposium at the 21st European Conference on Object-Oriented Programming, Berlin, Germany, 2007. [bib] [pdf]
[5] A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring (Eric Bodden, Laurie Hendren, Ondrej Lhoták), In ECOOP (Erik Ernst, ed.), pages 525–549, Volume 4609 of Lecture Notes in Computer Science, Springer, 2007. [bib] [pdf]
[4] Transforming Timeline specifications into automata for runtime monitoring (Eric Bodden, Hans Vangheluwe), In 3rd International Symposium on Applications of Graph Transformations with Industrial Relevance (AGTIVE), pages 249–265, Volume 5088 of Lecture Notes of Computer Science, Springer, 2007. [bib] [pdf]
[3] Avoiding Infinite Recursion with Stratified Aspects (Eric Bodden, Florian Forster, Friedrich Steimann), In GI-Edition Lecture Notes in Informatics “NODe 2006 GSEM 2006” (Robert Hirschfeld, Andreas Polze, Ryszard Kowalczyk, eds.), pages 49 — 64, Bonner Köllen Verlag, 2006. [bib] [pdf]
[2] Aspects and Data Refinement (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Oege de Moor, Neil Ongkingco, Damien Sereni, Ganesh Sittampalam, Julian Tibble), In Mathematics of Program Construction (MPC) (Tarmo Uustalu, ed.), Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
[1] Aspects for Trace Monitoring (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Laurie Hendren, Ondrej Lhoták, Oege de Moor, Neil Ongkingco, Damien Sereni, Ganesh Sittampalam, Julian Tibble, Mathieu Verbaere), In Formal Approaches to Testing Systems and Runtime Verification (FATES/RV) (Klaus Havelund, Manuel Nunez, Grigore Rosu, Burkhart Wolff, eds.), pages 20–39, Volume 4262 of Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
Refereed Workshop Papers
[24] The Secret Sauce in Efficient and Precise Static Analysis (Eric Bodden), In Proceedings of the 7th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 84–92, SOAP 2018, , 2018. (To appear.) [bib] [pdf]
[23] PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution (Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer, Eric Bodden), In International Workshop on Security and Trust Management (STM), pages 212–228, 2016. [bib] [pdf]
[22] Towards Cross-Platform Cross-Language Analysis with Soot (Steven Arzt, Tobias Kussmaul, Eric Bodden), In Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 1–6, SOAP 2016, , 2016. [bib] [pdf]
[21] Toward an Automated Benchmark Management System (Lisa Nguyen Quang Do, Michael Eichberg, Eric Bodden), In Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 13–17, SOAP 2016, , 2016. [bib] [pdf]
[20] Don’t let data Go astray—A Context-Sensitive Taint Analysis for Concurrent Programs in Go (Eric Bodden, Michael Eichberg, Ka I Pun, Martin Steffen, Volker Stolz, Anna-Katharina Wickert), In Nordic Workshop on Programming Theory (NWPT’16), 2016. [bib] [pdf]
[19] Using Targeted Symbolic Execution for Reducing False-positives in Dataflow Analysis (Steven Arzt, Siegfried Rasthofer, Robert Hahn, Eric Bodden), In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, pages 1–6, SOAP 2015, , 2015. [bib] [pdf] [doi]
[18] TS4J: A Fluent Interface for Defining and Computing Typestate Analyses (Eric Bodden), In 3rd ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2014), 2014. [bib] [pdf]
[17] Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock Phones (Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden), In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones &\38; Mobile Devices, pages 21–26, SPSM ’14, ACM, 2014. [bib] [pdf] [doi]
[16] InvokeDynamic support in Soot (Eric Bodden), In 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), pages 51–55, 2012. [bib] [pdf] [doi]
[15] Inter-procedural Data-flow Analysis with IFDS/IDE and Soot (Eric Bodden), In 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012), pages 3–8, 2012. [bib] [pdf] [doi]
[14] Position Paper: Static Flow-Sensitive & Context-Sensitive Information-flow Analysis for Software Product Lines (Eric Bodden), In ACM SIGPLAN Seventh Workshop on Programming Languages and Analysis for Security (PLAS 2012), pages 6:1–6:6, 2012. [bib] [pdf] [doi]
[13] Towards Typesafe Weaving for Modular Reasoning in Aspect-Oriented Programs (Eric Bodden), In FOAL ’12: International Workshop on the Foundations of Aspect-Oriented Languages, 2012. (Keynote abstract.) [bib] [pdf]
[12] The Soot framework for Java program analysis: a retrospective (Patrick Lam, Eric Bodden, Ondrej Lhoták, Laurie Hendren), In Cetus Users and Compiler Infrastructure Workshop (CETUS 2011), 2011. [bib] [pdf]
[11] Continuation equivalence: a Correctness Criterion for Static Optimizations of Dynamic Analyses (Eric Bodden), In WODA ’11: International Workshop on Dynamic Analysis, pages 24–28, ACM, 2011. [bib] [pdf]
[10] IDE 2.0: Collective Intelligence in Software Development (Marcel Bruch, Eric Bodden, Martin Monperrus, Mira Mezini), In FSE/SDP Workshop on the Future of Software Engineering, pages 53–58, ACM, 2010. [bib] [pdf]
[9] Specifying and Exploiting Advice-Execution Ordering using Dependency State Machines (Eric Bodden), In International Workshop on the Foundations of Aspect-Oriented Languages (FOAL), 2010. [bib] [pdf]
[8] Collaborative runtime verification with tracematches (Eric Bodden, Laurie Hendren, Patrick Lam, Ondrej Lhoták, Nomair A. Naeem), In 7th workshop on Runtime Verification at the 6th International Conference on Aspect-Oriented Software Development, Vancouver, Canada, pages 22–37, Volume 4839 of LNCS, Springer, 2007. [bib] [pdf]
[7] Tracechecks: Defining Semantic Interfaces with Temporal Logic (Eric Bodden, Volker Stolz), In Software Composition (Welf Löwe, Mario Südholt, eds.), pages 147–162, Volume 4089 of Lecture Notes in Computer Science, Springer, 2006. [bib] [pdf]
[6] Efficient temporal pointcuts through dynamic advice deployment (Eric Bodden, Volker Stolz), In Workshop on Open Aspect Languages, Bonn, Germany, 2006. [bib] [pdf]
[5] Concern specific languages and their implementation with abc (Eric Bodden), In 3rd Workshop on Software-engineering Properties of Languages and Aspect Technologies (SPLAT) at the 4th International Conference on Aspect-oriented Software Development, March 15th 2005, Chicago, USA, 2005. [bib] [pdf]
[4] Temporal Assertions using AspectJ (Volker Stolz, Eric Bodden), In 5th Workshop on Runtime Verification, pages 109–124, 144(4) of Electronic Notes in Theoretical Computer Science, Elsevier, 2005. [bib] [pdf]
[3] Efficient and Expressive Runtime Verification for Java (Eric Bodden), In Grand Finals of the ACM Student Research Competition 2005, 2005. Awarded: Winner paper of the Grand Finals [bib] [pdf]
[2] A lightweight LTL runtime verification tool for Java (Eric Bodden), In Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2004, October 24-28, 2004, Vancouver, BC, Canada, pages 306–307, ACM, 2004. (ACM Student Research Competition) [bib] [pdf]
[1] A high-level view of Java applications (Eric Bodden), In OOPSLA ’03: Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pages 384–385, ACM Press, 2003. (ACM Student Research Competition) [bib] [pdf] [doi]
Other Publications
[40] Self-adaptive static analysis (Eric Bodden), Technical report arXiv:1710.07430, arXiv.org, 2017. [bib] [pdf]
[39] CrySL: Validating Correct Usage of Cryptographic APIs (Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini), Technical report arXiv:1710.00564, arXiv.org, 2017. [bib] [pdf]
[38] Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill), Technical report, University of Alberta Dataverse, 2016. [bib] [pdf] [doi]
[37] Sicherheitsanalyse TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Bundesamt für Sicherheit in der Informationstechnik, 2015. [bib] [pdf]
[36] Security Analysis of TrueCrypt (Mauro Baluda, Andreas Fuchs, Philipp Holzinger, Lotfi ben Othmane, Andreas Poller, Jürgen Repp, Johannes Späth, Jan Steffan, Stefan Triller, Eric Bodden), Technical report, Federal Office for Information Security, 2015. [bib] [pdf]
[35] Time for Addressing Software Security Issues: Prediction Models and Impacting Factors (Lotfi ben Othmane, Golriz Chehrazi, Eric Bodden, Petar Tsalovski, and Achim D. Brucker), Technical report TUD-CS-2015-1268, EC SPRIDE, 2015. [bib]
[34] Toward a Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Eric Bodden, Benjamin Livshits), Technical report TUD-CS-2015-1167, EC SPRIDE, 2015. [bib] [pdf]
[33] An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack (Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden), Technical report TUD-CS-2015-0065, EC SPRIDE, 2015. [bib] [pdf]
[32] Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis (Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden), Technical report TUD-CS-2015-0031, EC SPRIDE, 2015. [bib] [pdf]
[31] A Brief Tour of Join Point Interfaces (Eric Bodden, Éric Tanter, Milton Inostroza), pages 19–22, International Conference on Aspect-oriented Programming (AOSD), demo track, 2013. [bib] [pdf]
[30] SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks (Steven Arzt, Siegfried Rasthofer, Eric Bodden), Technical report TUD-CS-2013-0114, EC SPRIDE, 2013. [bib] [pdf]
[29] Efficiently updating IDE-based data-flow analyses in response to incremental program changes (Steven Arzt, Eric Bodden), Technical report TUD-CS-2013-0253, EC SPRIDE, 2013. [bib] [pdf]
[28] Highly Precise Taint Analysis for Android Applications (Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau, Patrick McDaniel), Technical report TUD-CS-2013-0113, EC SPRIDE, 2013. [bib] [pdf]
[27] Transparent and Efficient Reuse of IFDS-based Static Program Analyses for Software Product Lines (Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini), Technical report TUD-CS-2012-0239, EC SPRIDE, Technische Universität Darmstadt, 2012. [bib] [pdf]
[26] Safe and Practical Decoupling of Aspects with Join Point Interfaces (Eric Bodden, Éric Tanter, Milton Inostroza), Technical report TUD-CS-2012-0106, CASED, 2012. [bib] [pdf]
[25] Identifying meaningless parameterized linear-temporal-logic formulas (Eric Bodden), Technical report TUD-CS-2012-0014, CASED, 2012. [bib] [pdf]
[24] On the Expressiveness of Parameterized Finite-state Runtime Monitors (Eric Bodden), Technical report TUD-CS-2012-0013, CASED, 2012. [bib] [pdf]
[23] Modular Reasoning with Join Point Interfaces (Milton Inostroza, Éric Tanter, Eric Bodden), Technical report TUD-CS-2011-0272, CASED, 2011. [bib] [pdf]
[22] Defining Access Control Policies as Tracematches (Eric Bodden), Technical report TUD-CS-2011-0149, CASED, 2011. [bib] [pdf]
[21] Taming Reflection: Static Analysis in the Presence of Reflection and Custom Class Loaders (Eric Bodden, Andreas Sewe, Jan Sinschek, Mira Mezini), Technical report TUD-CS-2010-0066, CASED, 2010. [bib] [pdf]
[20] Sicher fahren: Absicherung moderner Fahrzeugsoftware (Eric Bodden, Mira Mezini, Sven Patzina, Lars Patzina, Andreas Sewe, Andy Schürr), Forschen, Technische Universität Darmstadt, 2010. [bib] [pdf]
[19] Clara: a framework for implementing hybrid typestate analyses (Eric Bodden), Technical report Clara-2, http://www.bodden.de/clara/, 2009. [bib] [pdf]
[18] Efficient and Precise Typestate Analysis by Determining Continuation-Equivalent States (Eric Bodden), Technical report Clara-1, http://www.bodden.de/clara/, 2009. [bib] [pdf]
[17] Transforming Timeline specifications into automata for runtime monitoring (Eric Bodden, Hans Vangheluwe), Technical report SABLE-TR-2008-1, Sable Research Group, School of Computer Science, McGill University, 2008. [bib] [pdf]
[16] Dependent advice: A general approach to optimizing history-based aspects (extended version) (Eric Bodden, Feng Chen, Grigore Rosu), Technical report abc-2008-2, http://www.aspectbench.org/, 2008. [bib] [pdf]
[15] Relational Aspects as Tracematches (Eric Bodden, Reehan Shaikh, Laurie Hendren), Technical report abc-2007-4, http://www.aspectbench.org/, 2007. [bib] [pdf]
[14] Instance keys: A technique for sharpening whole-program pointer analyses with intraprocedural information (Eric Bodden, Patrick Lam, Laurie Hendren), Technical report SABLE-TR-2007-8, Sable Research Group, School of Computer Science, McGill University, 2007. [bib] [pdf]
[13] Flow-sensitive static optimizations for runtime monitoring (Eric Bodden, Patrick Lam, Laurie Hendren), Technical report abc-2007-3, http://www.aspectbench.org/, 2007. [bib] [pdf]
[12] Arithmetic Coding revealed – A guided tour from theory to praxis (Eric Bodden, Malte Clasen, Joachim Kneis), Technical report 2007-5, Sable Research Group, McGill University, 2007. [bib] [pdf]
[11] A staged static program analysis to improve the performance of runtime monitoring (extended version) (Eric Bodden, Laurie Hendren, Ondrej Lhoták), Technical report abc-2007-2, http://www.aspectbench.org/, 2007. [bib] [pdf]
[10] Efficient runtime monitoring through static analysis (Eric Bodden), Poster, 21st European Conference on Object-Oriented Programming, July 30th 2007, Berlin, Germany, 2007. [bib]
[9] Efficient runtime monitoring through static analysis (Eric Bodden), Poster, 6th International Conference on Aspect-Oriented Software Development, March 12th-16th 2007, Vancouver, BC, Canada, 2007. [bib]
[8] abc: How to implement your own tools for AOP research (Pavel Avgustinov, Eric Bodden, Elnar Hajiyev, Ondrej Lhoták, Oege de Moor, Neil Ongkingco, Julian Tibble), Tutorial, 5th International Conference on Aspect-oriented Software Development, March 20th-24th 2006, Bonn, Germany, 2006. [bib]
[7] Efficient Trace Monitoring (Pavel Avgustinov, Julian Tibble, Eric Bodden, Ondrej Lhoták, Laurie Hendren, Oege de Moor, Neil Ongkingco, Ganesh Sittampalam), Technical report abc-2006-1, http://www.aspectbench.org/, 2006. [bib] [pdf]
[6] A staged static program analysis to improve the performance of runtime monitoring (Eric Bodden, Laurie Hendren, Ondrej Lhoták), Technical report abc-2006-4, http://www.aspectbench.org/, 2006. [bib] [pdf]
[5] More Efficient Runtime Monitors Through Static Analysis (Eric Bodden), Poster, ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, ON, Canada, 2006. [bib]
[4] Efficient trace monitoring (Pavel Avgustinov, Julian Tibble, Eric Bodden, Laurie Hendren, Ondrej Lhotak, Oege de Moor, Neil Ongkingco, Ganesh Sittampalam), Poster with abstract, pages 685–686, ACM Press, 2006. [bib] [pdf] [doi]
[3] Temporal Assertions using AspectJ (Eric Bodden), Poster, 4th International Conference on Aspect-oriented Software Development, March 14th-18th 2005, Chicago, IL, USA, 2006. [bib]
[2] Zweigstelle, Hauptstelle, Dienstleister: Aspektorientierte Programmierung mit .NET (Torsten Weber, Eric Bodden), ObjektSPEKTRUM, SIGS-DATACOM, 2006. [bib] [pdf]
[1] Implementing concern-specific languages with abc (Eric Bodden), Seminar on Aspect-oriented Programming, Prof. Friedrich Steimann, Hannover University, 2005. [bib] [pdf]
Powered by bibtexbrowser