Browse by Research Area

(2024) AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis. (In Press)

(2024) Revisiting Android App Categorization. (In Press)

(2023) FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the Network.

(2023) Learning Program Models from Generated Inputs.

(2023) Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks.

(2023) Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle.

(2023) Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication.

(2023) From Input to Failure: Explaining Program Behavior via Cause-Effect Chains. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems.

(2023) Drone Security and the Mysterious Case of DJI's DroneID.

(2023) MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research. (In Press)

(2023) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version).

(2023) TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors.

(2022) Assessing Model-free Anomaly Detection in Industrial Control Systems Against Generic Concealment Attacks.

(2022) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs. (In Press)

(2022) CLIFuzzer: Mining Grammars for Command-Line Invocations.

(2022) Smooth Transition of Vehicles' Maximum Speed for Lane Detection based on Computer Vision. (In Press)

(2022) SFLKit: A Workbench for Statistical Fault Localization. (In Press)

(2022) Blurtooth: Exploiting cross-transport key derivation in Bluetooth classic and Bluetooth low energy.

(2022) V-Range: Enabling Secure Ranging in 5G Wireless Networks. (In Press)

(2022) Constrained Proximity Attacks on Mobile Targets.

(2021) A11y and Privacy don’t have to be mutually exclusive: Constraining Accessibility Service Misuse on Android. (In Press)

(2021) Frontmatter: Mining Android User Interfaces at Scale.

(2021) Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. (In Press)

(2021) Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers.

(2021) Input Algebras.

(2021) Restoring Execution Environments of Jupyter Notebooks.

(2021) Locating Faults with Program Slicing: An Empirical Analysis.

(2021) Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework.

(2020) Up2Dep: Android Tool Support to Fix Insecure Code Dependencies.

(2020) Differential Analysis and Fingerprinting of ZombieLoads on Block Ciphers.

(2020) Mining Input Grammars from Dynamic Control Flow.

(2020) Debugging Inputs.

(2020) Revisiting the Relationship Between Fault Detection,Test Adequacy Criteria, and Test Set Size.

(2020) Learning Input Tokens for Effective Fuzzing. (In Press)

(2020) When does my Program do this? Learning Circumstances of Software Behavior. (In Press)

(2020) Abstracting Failure-Inducing Inputs.

(2020) Automatically Granted Permissions in Android apps: An Empirical Study on their Prevalence and on the Potential Threats for Privacy.

(2020) Better Code, Better Sharing: On the Need of Analyzing Jupyter Notebooks.

(2020) Testing Apps With Real-World Inputs. (In Press)

(2020) Formale Methoden für rekonfigurierbare cyber-physische Systeme in der Produktion.

(2020) Heaps’n’Leaks: How Heap Snapshots Improve Android Taint Analysis.

(2019) Poster: simFIDO – FIDO2 User Authentication with simTPM.

(2019) Systematically Covering Input Structure.

(2019) ACM Computer Science in Cars Symposium.

(2019) The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR.

(2019) AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service.

(2019) Learning User Interface Element Interactions.

(2019) Parser-Directed Fuzzing. (In Press)

(2019) simTPM: User-centric TPM for Mobile Devices (Technical Report).

(2019) simTPM: User-centric TPM for Mobile Devices.

(2019) Carving Parameterized Unit Tests.

(2019) Secure Multi-Execution in Android.

(2019) Why does this App need this Data? Automatic Tightening of Resource Access.

(2019) DroidCap: OS Support for Capability-based Permissions in Android.

(2019) Poster: TGX: Secure SGX enclave management using TPM.

(2019) Nearby Threats: Reversing, Analyzing, and Attacking Google’s 'Nearby Connections' on Android.

(2019) Evaluating Fault Localization for Resource Adaptation via Test-Based Software Modification.

(2019) The Fuzzing Book.

(2019) Up-To-Crash: Evaluating Third-Party Library Updatability on Android.

(2018) You Are Where You APP: An Assessment on Location Privacy of Social APPs.

(2018) DroidMate-2: A Platform for Android Test Generation.

(2018) Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies.

(2018) Efficient GUI Test Generation by Learning from Tests of Other Apps.

(2018) Guiding app testing with mined interaction models.

(2018) Analyzing the User Interface of Android Apps.

(2018) Design and Large-Scale Evaluation of WiFi Proximity Metrics.

(2018) If You Can't Kill a Supermutant, You Have a Problem.

(2018) State-Aware Anomaly Detection for Industrial Control Systems.

(2018) OS Support For Capabilities In Android.

(2018) Detecting Information Flow by Mutating Input data.

(2017) Automatically Inferring and Enforcing User Expectations.

(2017) Data flow oriented UI testing: exploiting data flows and UI elements to test Android applications.

(2017) Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security.

(2017) Detecting behavior anomalies in graphical user interfaces.

(2017) ARTist: The Android Runtime Instrumentation and Security Toolkit.

(2017) LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning.

(2017) The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android.

(2017) App Mining.

(2017) Ask Your Neurons: A Deep Learning Approach to Visual Question Answering.

(2017) Detecting Information Flow by Mutating Input Data.

(2017) Dynamic Tainting for Automatic Test Case Generation.

(2017) Generating Unit Tests with Structured System Interactions.

(2017) Mining Sandboxes for Security - Automatisches Sandboxing für Software-Sicherheit.

(2017) Quantifying the information leak in cache attacks via symbolic execution.

(2017) Seamless In-App Ad Blocking on Stock Android.

(2017) Search-Based Testing and System Testing: A Marriage in Heaven.

(2017) A Stitch in Time: Supporting Android Developers in Writing Secure Code.

(2017) Whitening Black-Box Neural Networks.

(2016) Extracting and Modeling Typosquatting Errors from Large-scale Passive DNS Data.

(2016) Full Reference Monitoring for Android Intents.

(2016) Hardening Intel SGX enclaves against memory safety exploits.

(2016) Static Analysis of Non-interference for Android Apps.

(2016) Time-to-Live based Trilateration.

(2016) Towards Native Client Executables via Binary Translation on the x86 Platform.

(2016) Reliable Third-Party Library Detection in Android and its Security Applications.

(2016) On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis.

(2016) Mining Apps for Anomalies.

(2016) Privacy Capsules: Preventing Information Leaks by Mobile Apps.

(2016) Boxify: Bringing Full-Fledged App Sandboxing to Stock Android.

(2016) R-Droid: Leveraging Android App Analysis with Static Slice Optimization.

(2016) SoK: Lessons Learned From Android Security Research For Appified Software Platforms.

(2016) DroidMate: a robust and extensible test generator for Android.

(2016) Autonome Systeme.

(2016) Establishing mandatory access control on Android OS.

(2016) POSTER: The ART of App Compartmentalization.

(2016) Abnormal Sensitive Data Usage in Android Apps.

(2016) CALAPPA: A Toolchain for Mining Android Applications.

(2016) Challenges for functional testing of reconfigurable production systems.

(2016) Checking App User Interfaces Against App Descriptions.

(2016) Mining input grammars from dynamic taints.

(2016) The Truth, The Whole Truth, and Nothing But the Truth: A Pragmatic Guide to Assessing Empirical Evaluations.

(2015) Towards Compiler-Assisted Taint Tracking on the Android Runtime.

(2015) Toward a Backward-compatible API for Defining Fine-grained App Policies on Android.

(2015) POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART).

(2015) Security Analysis of Telematic and Emergency Devices in a Modern Car.

(2015) Security Analysis of Mobile Banking Apps.

(2015) Mining Android Apps for Anomalies.

(2015) Boxify: Full-fledged App Sandboxing for Stock Android.

(2015) To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections.

(2015) ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART.

(2015) Mining Apps for Abnormal Usage of Sensitive Data.

(2015) Inferring Loop Invariants by Mutation, Dynamic Analysis, and Static Checking.

(2015) Mining Workflow Models from Web Applications.

(2015) Mining apps for abnormal usage of sensitive data.

(2015) Test case selection for networked production systems.

(2014) Android Security Framework: Extensible Multi-Layered Access Control on Android.

(2014) Scippa: System-Centric IPC Provenance on Android.

(2014) Taking Android App Vetting to the Next Level with Path-sensitive Value Analysis. (Unpublished)

(2014) SDDR: Light-Weight, Secure Mobile Encounters.

(2014) Static Analysis of Android Applications.

(2014) Application-level Firewall in Stock Android.

(2014) Brave new world: privacy risks for mobile users.

(2014) Checking App Behavior Against App Descriptions.

(2014) Developing a RiskScore for Android Applications.

(2014) EnCore: Private, Context-based Communication for Mobile Social Apps.

(2014) Evaluating the Effectiveness of In-app DRM Systems for Android.

(2014) Identifying the Optimal Permission Set of Android Applications.

(2014) System Centric IPC Call Chains for Android.

(2014) Verifying the Internet Access of Android Applications.

(2014) Automating Full Functional Verification of Programs with Loops.

(2014) DynaMate: Dynamically Inferring Loop Invariants for Automatic Full Functional Verification.

(2013) Using Mobile Device Communication to Strengthen e-Voting Protocols.

(2013) AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications.

(2013) On Limitations of Friendly Jamming for Confidentiality.

(2013) A Privacy-aware Shopping Scenario.

(2013) Advances in Mobile Security.

(2013) AppGuard - Enforcing User Requirements on Android Apps.

(2013) Callee-site Rewriting of Sealed System Libraries.

(2013) Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies.

(2013) A Holistic View of Security and Privacy Issues in Smart Grids.

(2013) Idea: Callee-Site Rewriting of Sealed System Libraries.

(2012) A comparative analysis of decentralized power grid stabilization strategies.

(2012) MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones.

(2012) Securing User-data in Android - A conceptual approach for consumer and enterprise usage.

(2012) Towards Taming Privilege-Escalation Attacks on Android.

(2012) User-controlled Internet Connections in Android.

(2012) Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security.

(2011) AmazonIA: When Elasticity Snaps Back.

(2011) On the Requirements for Successful GPS Spoofing Attacks.

(2011) CFI Goes Mobile: Control-Flow Integrity for Smartphones.

(2011) A Local Cross-Site Scripting Attack against Android Phones.

(2011) Poster: Control-flow Integrity for Smartphones.

(2011) Practical and Lightweight Domain Isolation on Android.

(2011) Scalable Trust Establishment with Software Reputation.

(2011) Assessing Oracle Quality with Checked Coverage.

(2011) Assessing modularity via usage changes.

(2011) Breeding High-Impact Mutations.

(2011) Calibrated Mutation Testing.

(2011) Exploiting Common Object Usage in Test Case Generation.

(2011) Generating parameterized unit tests.

(2011) Minimizing reproduction of software failures.

(2011) Mining Cause-Effect-Chains from Version Histories.

(2011) Mining Evolution of Object Usage.

(2011) Mining temporal specifications from object usage.

(2011) When Does My Program Fail?

(2006) On the Necessity of Rewinding in Secure Multiparty Computation.