Browse by Research Area

Conference or Workshop Item (A Paper)

(2024) AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis. (In Press)

(2024) Revisiting Android App Categorization. (In Press)

(2023) FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the Network.

(2023) Learning Program Models from Generated Inputs.

(2023) Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks.

(2023) Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle.

(2023) Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication.

(2023) From Input to Failure: Explaining Program Behavior via Cause-Effect Chains. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) Semantic Debugging. (In Press)

(2023) EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems.

(2023) Drone Security and the Mysterious Case of DJI's DroneID.

(2023) MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research. (In Press)

(2023) TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors.

(2022) Assessing Model-free Anomaly Detection in Industrial Control Systems Against Generic Concealment Attacks.

(2022) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs. (In Press)

(2022) CLIFuzzer: Mining Grammars for Command-Line Invocations.

(2022) Smooth Transition of Vehicles' Maximum Speed for Lane Detection based on Computer Vision. (In Press)

(2022) SFLKit: A Workbench for Statistical Fault Localization. (In Press)

(2022) Blurtooth: Exploiting cross-transport key derivation in Bluetooth classic and Bluetooth low energy.

(2022) V-Range: Enabling Secure Ranging in 5G Wireless Networks. (In Press)

(2021) A11y and Privacy don’t have to be mutually exclusive: Constraining Accessibility Service Misuse on Android. (In Press)

(2021) Frontmatter: Mining Android User Interfaces at Scale.

(2021) Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. (In Press)

(2021) Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers.

(2021) Input Algebras.

(2021) Restoring Execution Environments of Jupyter Notebooks.

(2021) Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework.

(2020) Up2Dep: Android Tool Support to Fix Insecure Code Dependencies.

(2020) Differential Analysis and Fingerprinting of ZombieLoads on Block Ciphers.

(2020) Mining Input Grammars from Dynamic Control Flow.

(2020) Debugging Inputs.

(2020) Revisiting the Relationship Between Fault Detection,Test Adequacy Criteria, and Test Set Size.

(2020) Learning Input Tokens for Effective Fuzzing. (In Press)

(2020) When does my Program do this? Learning Circumstances of Software Behavior. (In Press)

(2020) Abstracting Failure-Inducing Inputs.

(2020) Automatically Granted Permissions in Android apps: An Empirical Study on their Prevalence and on the Potential Threats for Privacy.

(2020) Better Code, Better Sharing: On the Need of Analyzing Jupyter Notebooks.

(2020) Testing Apps With Real-World Inputs. (In Press)

(2020) Heaps’n’Leaks: How Heap Snapshots Improve Android Taint Analysis.

(2019) Poster: simFIDO – FIDO2 User Authentication with simTPM.

(2019) Systematically Covering Input Structure.

(2019) The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR.

(2019) AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service.

(2019) Learning User Interface Element Interactions.

(2019) Parser-Directed Fuzzing. (In Press)

(2019) simTPM: User-centric TPM for Mobile Devices.

(2019) Carving Parameterized Unit Tests.

(2019) Secure Multi-Execution in Android.

(2019) Why does this App need this Data? Automatic Tightening of Resource Access.

(2019) DroidCap: OS Support for Capability-based Permissions in Android.

(2019) Poster: TGX: Secure SGX enclave management using TPM.

(2019) Nearby Threats: Reversing, Analyzing, and Attacking Google’s 'Nearby Connections' on Android.

(2019) Evaluating Fault Localization for Resource Adaptation via Test-Based Software Modification.

(2019) Up-To-Crash: Evaluating Third-Party Library Updatability on Android.

(2018) You Are Where You APP: An Assessment on Location Privacy of Social APPs.

(2018) DroidMate-2: A Platform for Android Test Generation.

(2018) Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies.

(2018) Efficient GUI Test Generation by Learning from Tests of Other Apps.

(2018) Guiding app testing with mined interaction models.

(2018) Analyzing the User Interface of Android Apps.

(2018) Design and Large-Scale Evaluation of WiFi Proximity Metrics.

(2018) If You Can't Kill a Supermutant, You Have a Problem.

(2018) State-Aware Anomaly Detection for Industrial Control Systems.

(2018) Detecting Information Flow by Mutating Input data.

(2017) Automatically Inferring and Enforcing User Expectations.

(2017) Data flow oriented UI testing: exploiting data flows and UI elements to test Android applications.

(2017) Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security.

(2017) Detecting behavior anomalies in graphical user interfaces.

(2017) ARTist: The Android Runtime Instrumentation and Security Toolkit.

(2017) LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning.

(2017) The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android.

(2017) Detecting Information Flow by Mutating Input Data.

(2017) Dynamic Tainting for Automatic Test Case Generation.

(2017) Generating Unit Tests with Structured System Interactions.

(2017) Mining Sandboxes for Security - Automatisches Sandboxing für Software-Sicherheit.

(2017) Quantifying the information leak in cache attacks via symbolic execution.

(2017) Seamless In-App Ad Blocking on Stock Android.

(2017) Search-Based Testing and System Testing: A Marriage in Heaven.

(2017) A Stitch in Time: Supporting Android Developers in Writing Secure Code.

(2016) Reliable Third-Party Library Detection in Android and its Security Applications.

(2016) On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis.

(2016) Privacy Capsules: Preventing Information Leaks by Mobile Apps.

(2016) R-Droid: Leveraging Android App Analysis with Static Slice Optimization.

(2016) SoK: Lessons Learned From Android Security Research For Appified Software Platforms.

(2016) DroidMate: a robust and extensible test generator for Android.

(2016) POSTER: The ART of App Compartmentalization.

(2016) Abnormal Sensitive Data Usage in Android Apps.

(2016) CALAPPA: A Toolchain for Mining Android Applications.

(2016) Challenges for functional testing of reconfigurable production systems.

(2016) Checking App User Interfaces Against App Descriptions.

(2016) Mining input grammars from dynamic taints.

(2015) POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART).

(2015) Boxify: Full-fledged App Sandboxing for Stock Android.

(2015) To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections.

(2015) Mining Apps for Abnormal Usage of Sensitive Data.

(2015) Mining apps for abnormal usage of sensitive data.

(2015) Test case selection for networked production systems.

(2014) Android Security Framework: Extensible Multi-Layered Access Control on Android.

(2014) Scippa: System-Centric IPC Provenance on Android.

(2014) SDDR: Light-Weight, Secure Mobile Encounters.

(2014) Brave new world: privacy risks for mobile users.

(2014) Checking App Behavior Against App Descriptions.

(2014) EnCore: Private, Context-based Communication for Mobile Social Apps.

(2014) DynaMate: Dynamically Inferring Loop Invariants for Automatic Full Functional Verification.

(2013) Using Mobile Device Communication to Strengthen e-Voting Protocols.

(2013) AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications.

(2013) On Limitations of Friendly Jamming for Confidentiality.

(2013) A Privacy-aware Shopping Scenario.

(2013) Advances in Mobile Security.

(2013) Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies.

(2013) Idea: Callee-Site Rewriting of Sealed System Libraries.

(2012) A comparative analysis of decentralized power grid stabilization strategies.

(2012) MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones.

(2012) Towards Taming Privilege-Escalation Attacks on Android.

(2012) Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security.

(2011) AmazonIA: When Elasticity Snaps Back.

(2011) On the Requirements for Successful GPS Spoofing Attacks.

(2011) Poster: Control-flow Integrity for Smartphones.

(2011) Practical and Lightweight Domain Isolation on Android.

(2011) Scalable Trust Establishment with Software Reputation.

(2011) Assessing Oracle Quality with Checked Coverage.

(2011) Assessing modularity via usage changes.

(2011) Breeding High-Impact Mutations.

(2011) Calibrated Mutation Testing.

(2011) Exploiting Common Object Usage in Test Case Generation.

(2011) Generating parameterized unit tests.

(2011) Minimizing reproduction of software failures.

(2011) Mining Cause-Effect-Chains from Version Histories.

(2011) Mining Evolution of Object Usage.

(2011) When Does My Program Fail?

Article

(2022) Constrained Proximity Attacks on Mobile Targets.

(2021) Locating Faults with Program Slicing: An Empirical Analysis.

(2020) Formale Methoden für rekonfigurierbare cyber-physische Systeme in der Produktion.

(2019) simTPM: User-centric TPM for Mobile Devices (Technical Report).

(2017) Ask Your Neurons: A Deep Learning Approach to Visual Question Answering.

(2016) Boxify: Bringing Full-Fledged App Sandboxing to Stock Android.

(2016) Autonome Systeme.

(2016) The Truth, The Whole Truth, and Nothing But the Truth: A Pragmatic Guide to Assessing Empirical Evaluations.

(2015) Inferring Loop Invariants by Mutation, Dynamic Analysis, and Static Checking.

(2015) Mining Workflow Models from Web Applications.

(2014) Automating Full Functional Verification of Programs with Loops.

(2011) CFI Goes Mobile: Control-Flow Integrity for Smartphones.

(2011) A Local Cross-Site Scripting Attack against Android Phones.

(2011) Mining temporal specifications from object usage.

Thesis

(2018) OS Support For Capabilities In Android.

(2016) Extracting and Modeling Typosquatting Errors from Large-scale Passive DNS Data.

(2016) Full Reference Monitoring for Android Intents.

(2016) Hardening Intel SGX enclaves against memory safety exploits.

(2016) Static Analysis of Non-interference for Android Apps.

(2016) Time-to-Live based Trilateration.

(2016) Towards Native Client Executables via Binary Translation on the x86 Platform.

(2016) Establishing mandatory access control on Android OS.

(2015) Towards Compiler-Assisted Taint Tracking on the Android Runtime.

(2015) Toward a Backward-compatible API for Defining Fine-grained App Policies on Android.

(2015) Security Analysis of Telematic and Emergency Devices in a Modern Car.

(2015) Security Analysis of Mobile Banking Apps.

(2015) ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART.

(2014) Static Analysis of Android Applications.

(2014) Application-level Firewall in Stock Android.

(2014) Developing a RiskScore for Android Applications.

(2014) Evaluating the Effectiveness of In-app DRM Systems for Android.

(2014) Identifying the Optimal Permission Set of Android Applications.

(2014) System Centric IPC Call Chains for Android.

(2014) Verifying the Internet Access of Android Applications.

(2012) Securing User-data in Android - A conceptual approach for consumer and enterprise usage.

(2012) User-controlled Internet Connections in Android.

Book Section

(2017) App Mining.

(2016) Mining Apps for Anomalies.

(2015) Mining Android Apps for Anomalies.

(2013) AppGuard - Enforcing User Requirements on Android Apps.

(2013) Callee-site Rewriting of Sealed System Libraries.

(2013) A Holistic View of Security and Privacy Issues in Smart Grids.

Book

(2019) ACM Computer Science in Cars Symposium.

(2019) The Fuzzing Book.

Monograph

(2023) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version).

(2017) Whitening Black-Box Neural Networks.

(2014) Taking Android App Vetting to the Next Level with Path-sensitive Value Analysis. (Unpublished)

Other

(2006) On the Necessity of Rewinding in Secure Multiparty Computation.