Publications
2024
Total Recall? How Good are Static Call Graphs Really?
Dominik Helm, Sven Keidel, Anemone Kampkötter, Johannes Düsing, Tobias Roth, Ben Hermann, Mira Mezini
In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024).
DOI: https://doi.org/10.1145/3650212.3652114
Artifact: https://doi.org/10.5281/zenodo.10888532
- Preprint PDF (1 MB)
2023
Persisting and Reusing Results of Static Program Analyses on a Large Scale
Johannes Düsing, Ben Hermann
In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023).
DOI: https://doi.org/10.1109/ASE56229.2023.00080
Artifact: https://doi.org/10.5281/zenodo.8238151
DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories
Tobias Litzenberger, Johannes Düsing, Ben Hermann
In Proceedings of IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)
DOI: https://doi.org/10.1109/MSR59073.2023.00028
Artifact: https://doi.org/10.5281/zenodo.7561081
UpCy: Safely Updating Outdated Dependencies
Andreas Dann, Ben Hermann, and Eric Bodden
In Proceedings of the IEEE/ACM 45th International Conference on Software Engineering (ICSE)
DOI: https://doi.org/10.1109/ICSE48619.2023.00031
Artifact: https://doi.org/10.5281/zenodo.7037673
(Re)Use of Research Results (Is Rampant)
Maria Teresa Baldassarre, Neil Ernst, Ben Hermann, Tim Menzies, and Rahul Yedida
In Communication of the ACM 66, 2 (February 2023), 75–81.
DOI: https://doi.org/10.1145/3554976
HTML Format: https://cacm.acm.org/magazines/2023/2/268938-reuse-of-research-results-is-rampant/fulltext
- BibTeX BIB (655 B)
- Summary Video VIMEO (9 B)
2022
A Retrospective Study of One Decade of Artifact Evaluations
Stefan Winter, Christopher S. Timperley, Ben Hermann, Jürgen Cito, Jonathan Bell, Michael Hilton, and Dirk Beyer
In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022).
Association for Computing Machinery, New York, NY, USA, 145–156.
DOI: https://doi.org/10.1145/3540250.3549172
Artifact: https://doi.org/10.5281/zenodo.7082407
What Has Artifact Evaluation Ever Done for Us?
Ben Hermann
in IEEE Security & Privacy, vol. 20, no. 5, pp. 96-99, Sept.-Oct. 2022
DOI: https://doi.org/10.1109/MSEC.2022.3184234
- BibTeX BIB (245 B)
Static Data-Flow Analysis for Software Product Lines
Revoking the preprocessor’s special role
Philipp Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden
in Automated Software Engineering Volume 29, Article 35 (2022).
DOI: https://doi.org/10.1007/s10515-022-00333-1
- BibTeX BIB (2 KB)
2021
Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++
Philipp Dominik Schubert, Ben Hermann, Eric Bodden, Richard Leer
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI: https://doi.org/10.1109/SCAM52516.2021.00011
- Preprint PDF (132 KB)
- BibTeX BIB (425 B)
- Talk Video YOUTUBE (11 B)
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, Eric Bodden
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI: https://doi.org/10.1109/SCAM52516.2021.00010
- Preprint PDF (223 KB)
- BibTeX BIB (440 B)
- Talk Video YOUTUBE (11 B)
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden
In IEEE Transactions on Software Engineering
DOI: https://doi.org/10.1109/TSE.2021.3101739
Artifact: https://github.com/secure-software-engineering/achilles-benchmark-depscanners
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci
In Empirical Software Engineering, Springer Heidelberg
DOI: https://doi.org/10.1007/s10664-021-10013-5
Artifact: https://taintbench.github.io
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
Johannes Düsing and Ben Hermann
In Digital Threats: Research and Practice - Special Issue on Vulnerabilities (2021)
DOI: https://doi.org/10.1145/3472811
Artifact: https://doi.org/10.5281/zenodo.5040439
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
Philipp Schubert, Ben Hermann, and Eric Bodden
In 35th European Conference on Object-Oriented Programming (ECOOP 2021)
DOI: https://doi.org/10.4230/LIPIcs.ECOOP.2021.2
- Preprint PDF (878 KB)
- BibTeX BIB (893 B)
- Talk Video YOUTUBE (11 B)
2020
Community Expectations for Research Artifacts and Evaluation Processes
Ben Hermann, Stefan Winter, and Janet Siegmund
In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020).
Association for Computing Machinery, New York, NY, USA, 469–480.
DOI:https://doi.org/10.1145/3368089.3409767
Artifact: https://doi.org/10.5281/zenodo.3951724
- Preprint PDF (563 KB)
- BibTeX BIB (2 KB)
- Summary Video YOUTUBE (11 B)
- Talk Video YOUTUBE (11 B)
TACAI: An Intermediate Representation Based on Abstract Interpretation
Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
In Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2020).
Association for Computing Machinery, New York, NY, USA, 2–7.
DOI:https://doi.org/10.1145/3394451.3397204
Artifact: https://github.com/opalj/opal/tree/develop/OPAL/tac
- Preprint PDF (473 KB)
- BibTeX BIB (2 KB)
- Talk Video YOUTUBE (11 B)
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
Charles Weir, Ben Hermann, and Sascha Fahl
29th {USENIX} Security Symposium ({USENIX} Security 20), 289-305
URL: https://www.usenix.org/conference/usenixsecurity20/presentation/weir
Artifact: https://doi.org/10.17635/lancaster/researchdata/319
- Preprint PDF (1 MB)
- BibTeX BIB (469 B)
- Talk Video YOUTUBE (11 B)
2019
ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
Andreas Dann, Ben Hermann, and Eric Bodden
In IEEE Transactions on Software Engineering, vol. 47, no. 8, pp. 1656-1667, 1 Aug. 2021
DOI: https://doi.org/10.1109/TSE.2019.2931331
- Preprint PDF (6 MB)
- BibTeX BIB (345 B)
- Talk Video (ICSE 2020) YOUTUBE (11 B)
SootDiff: Bytecode Comparison across Different Java Compilers
Andreas Dann, Ben Hermann, and Eric Bodden
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019).
Association for Computing Machinery, New York, NY, USA, 14–19.
DOI:https://doi.org/10.1145/3315568.3329966
Know your Analysis: How Instrumentation Aids Understanding Static Analysis
Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019).
Association for Computing Machinery, New York, NY, USA, 8–13.
DOI:https://doi.org/10.1145/3315568.3329965
Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts
Stefan Krüger and Ben Hermann
In Proceedings of the 2nd International Workshop on Gender Equality in Software Engineering (GE '19).
IEEE Press, 13–16.
DOI:https://doi.org/10.1109/GE.2019.00012
PhASAR: An Inter-procedural Static Analysis Framework for C/C++
Philipp Dominik Schubert, Ben Hermann, Eric Bodden
In: Vojnar T., Zhang L. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2019.
Lecture Notes in Computer Science, vol 11428. Springer, Cham.
DOI: https://doi.org/10.1007/978-3-030-17465-1_22
2017
CodeMatch: Obfuscation won't Conceal Your Repackaged App
Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017)
Association for Computing Machinery, New York, NY, USA, 638–648
DOI:https://doi.org/10.1145/3106237.3106305
SootKeeper: Runtime Reusability for Modular Static Analysis
Florian Kübler, Patrick Müller, and Ben Hermann
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017).
Association for Computing Machinery, New York, NY, USA, 19–24.
DOI: https://doi.org/10.1145/3088515.3088518
Hermes: Assessment and Creation of Effective Test Corpora
Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017).
Association for Computing Machinery, New York, NY, USA, 43–48.
DOI:https://doi.org/10.1145/3088515.3088523
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
In 2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 1027-1040
DOI: https://doi.org/10.1109/SP.2017.16
2016
Call Graph Construction for Java Libraries
Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016).
Association for Computing Machinery, New York, NY, USA, 474–486.
DOI: https://doi.org/10.1145/2950290.2950312
2015
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases
Leonid Glanz, Sebastian Schmidt, Sebastian Wollny, and Ben Hermann
In Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business (i-KNOW '15)
Association for Computing Machinery, New York, NY, USA, Article 28, 1–4.
DOI: https://doi.org/10.1145/2809563.2809612
Getting to Know You: Towards a Capability Model for Java
Ben Hermann, Michael Reif, Michael Eichberg, and Mira Mezini
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015).
Association for Computing Machinery, New York, NY, USA, 758–769.
DOI: https://doi.org/10.1145/2786805.2786829
Hidden Truths in Dead Software Paths
Michael Eichberg, Ben Hermann, Mira Mezini, and Leonid Glanz
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015)
Association for Computing Machinery, New York, NY, USA, 474–484.
DOI: https://doi.org/10.1145/2786805.2786865
Design your Analysis: A Case Study on Implementation Reusability of Data-flow Functions
Johannes Lerch and Ben Hermann
In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2015).
Association for Computing Machinery, New York, NY, USA, 26–30.
DOI: https://doi.org/10.1145/2771284.2771289
2014
FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases
Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014).
Association for Computing Machinery, New York, NY, USA, 98–108.
DOI: https://doi.org/10.1145/2635868.2635878
A Software Product Line for Static Analyses: The OPAL Framework
Michael Eichberg and Ben Hermann. 2014.
In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP '14).
Association for Computing Machinery, New York, NY, USA, 1–6.
DOI: https://doi.org/10.1145/2614628.2614630