To content
Fakultät für Informatik

Publications

2024

Total Recall? How Good are Static Call Graphs Really?
Dominik Helm, Sven Keidel, Anemone Kampkötter, Johannes Düsing, Tobias Roth, Ben Hermann, Mira Mezini
In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024).  
DOI: https://doi.org/10.1145/3650212.3652114
Artifact: https://doi.org/10.5281/zenodo.10888532

2023

Persisting and Reusing Results of Static Program Analyses on a Large Scale
 Johannes Düsing, Ben Hermann
In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023).
DOI: https://doi.org/10.1109/ASE56229.2023.00080
Artifact: https://doi.org/10.5281/zenodo.8238151

DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories
Tobias Litzenberger, Johannes Düsing, Ben Hermann
In Proceedings of IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)
DOI: https://doi.org/10.1109/MSR59073.2023.00028
Artifact: https://doi.org/10.5281/zenodo.7561081

UpCy: Safely Updating Outdated Dependencies
Andreas Dann, Ben Hermann, and Eric Bodden
In Proceedings of the IEEE/ACM 45th International Conference on Software Engineering (ICSE)
DOI: https://doi.org/10.1109/ICSE48619.2023.00031
Artifact: https://doi.org/10.5281/zenodo.7037673

(Re)Use of Research Results (Is Rampant)
Maria Teresa Baldassarre, Neil Ernst, Ben Hermann, Tim Menzies, and Rahul Yedida
In Communication of the ACM 66, 2 (February 2023), 75–81.
DOI: https://doi.org/10.1145/3554976
HTML Format: https://cacm.acm.org/magazines/2023/2/268938-reuse-of-research-results-is-rampant/fulltext

2022

A Retrospective Study of One Decade of Artifact Evaluations
Stefan Winter, Christopher S. Timperley, Ben Hermann, Jürgen Cito, Jonathan Bell, Michael Hilton, and Dirk Beyer
In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022).
Association for Computing Machinery, New York, NY, USA, 145–156.
DOI: https://doi.org/10.1145/3540250.3549172
Artifact: https://doi.org/10.5281/zenodo.7082407

What Has Artifact Evaluation Ever Done for Us?
Ben Hermann
in IEEE Security & Privacy, vol. 20, no. 5, pp. 96-99, Sept.-Oct. 2022
DOI: https://doi.org/10.1109/MSEC.2022.3184234

Static Data-Flow Analysis for Software Product Lines
Revoking the preprocessor’s special role

Philipp Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden
in Automated Software Engineering  Volume 29,  Article 35 (2022).
DOI: https://doi.org/10.1007/s10515-022-00333-1

2021

Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++
Philipp Dominik Schubert, Ben Hermann, Eric Bodden, Richard Leer
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI: https://doi.org/10.1109/SCAM52516.2021.00011

Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, Eric Bodden
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI: https://doi.org/10.1109/SCAM52516.2021.00010

Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden
In IEEE Transactions on Software Engineering
DOI: https://doi.org/10.1109/TSE.2021.3101739
Artifact: https://github.com/secure-software-engineering/achilles-benchmark-depscanners

TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci
In Empirical Software Engineering, Springer Heidelberg
DOI: https://doi.org/10.1007/s10664-021-10013-5
Artifact: https://taintbench.github.io

Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
Johannes Düsing and Ben Hermann
In Digital Threats: Research and Practice - Special Issue on Vulnerabilities (2021)
DOI: https://doi.org/10.1145/3472811
Artifact: https://doi.org/10.5281/zenodo.5040439

Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
Philipp Schubert, Ben Hermann, and Eric Bodden
In 35th European Conference on Object-Oriented Programming (ECOOP 2021)
DOI: https://doi.org/10.4230/LIPIcs.ECOOP.2021.2

2020

Community Expectations for Research Artifacts and Evaluation Processes
Ben Hermann, Stefan Winter, and Janet Siegmund
In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020).
Association for Computing Machinery, New York, NY, USA, 469–480.
DOI:https://doi.org/10.1145/3368089.3409767
Artifact:  https://doi.org/10.5281/zenodo.3951724

TACAI: An Intermediate Representation Based on Abstract Interpretation
Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
In Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2020).
Association for Computing Machinery, New York, NY, USA, 2–7.
DOI:https://doi.org/10.1145/3394451.3397204
Artifact: https://github.com/opalj/opal/tree/develop/OPAL/tac

From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
Charles Weir, Ben Hermann, and Sascha Fahl
29th {USENIX} Security Symposium ({USENIX} Security 20), 289-305  
URL: https://www.usenix.org/conference/usenixsecurity20/presentation/weir
Artifact: https://doi.org/10.17635/lancaster/researchdata/319

2019

ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
Andreas Dann, Ben Hermann, and Eric Bodden
In IEEE Transactions on Software Engineering, vol. 47, no. 8, pp. 1656-1667, 1 Aug. 2021
DOI: https://doi.org/10.1109/TSE.2019.2931331

SootDiff: Bytecode Comparison across Different Java Compilers
Andreas Dann, Ben Hermann, and Eric Bodden
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019).
Association for Computing Machinery, New York, NY, USA, 14–19.
DOI:https://doi.org/10.1145/3315568.3329966

Know your Analysis: How Instrumentation Aids Understanding Static Analysis
Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019).
Association for Computing Machinery, New York, NY, USA, 8–13.
DOI:https://doi.org/10.1145/3315568.3329965

Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts
Stefan Krüger and Ben Hermann
In Proceedings of the 2nd International Workshop on Gender Equality in Software Engineering (GE '19).
IEEE Press, 13–16.
DOI:https://doi.org/10.1109/GE.2019.00012

PhASAR: An Inter-procedural Static Analysis Framework for C/C++
Philipp Dominik Schubert, Ben Hermann, Eric Bodden
In: Vojnar T., Zhang L. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2019.
Lecture Notes in Computer Science, vol 11428. Springer, Cham.
DOI: https://doi.org/10.1007/978-3-030-17465-1_22

2017

CodeMatch: Obfuscation won't Conceal Your Repackaged App
Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017)
Association for Computing Machinery, New York, NY, USA, 638–648
DOI:https://doi.org/10.1145/3106237.3106305

SootKeeper: Runtime Reusability for Modular Static Analysis
Florian Kübler, Patrick Müller, and Ben Hermann
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017).
Association for Computing Machinery, New York, NY, USA, 19–24.
DOI: https://doi.org/10.1145/3088515.3088518

Hermes: Assessment and Creation of Effective Test Corpora
Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017).
Association for Computing Machinery, New York, NY, USA, 43–48.
DOI:https://doi.org/10.1145/3088515.3088523

Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
In 2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 1027-1040
DOI: https://doi.org/10.1109/SP.2017.16

2016

Call Graph Construction for Java Libraries
Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016).
Association for Computing Machinery, New York, NY, USA, 474–486.
DOI: https://doi.org/10.1145/2950290.2950312

2015

A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases
Leonid Glanz, Sebastian Schmidt, Sebastian Wollny, and Ben Hermann
In Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business (i-KNOW '15)
Association for Computing Machinery, New York, NY, USA, Article 28, 1–4.
DOI: https://doi.org/10.1145/2809563.2809612

Getting to Know You: Towards a Capability Model for Java
Ben Hermann, Michael Reif, Michael Eichberg, and Mira Mezini
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015).
Association for Computing Machinery, New York, NY, USA, 758–769.
DOI: https://doi.org/10.1145/2786805.2786829

Hidden Truths in Dead Software Paths
Michael Eichberg, Ben Hermann, Mira Mezini, and Leonid Glanz
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015)
Association for Computing Machinery, New York, NY, USA, 474–484.
DOI: https://doi.org/10.1145/2786805.2786865

Design your Analysis: A Case Study on Implementation Reusability of Data-flow Functions
Johannes Lerch and Ben Hermann
In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2015).
Association for Computing Machinery, New York, NY, USA, 26–30.
DOI: https://doi.org/10.1145/2771284.2771289

2014

FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases
Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014).
Association for Computing Machinery, New York, NY, USA, 98–108.
DOI: https://doi.org/10.1145/2635868.2635878

A Software Product Line for Static Analyses: The OPAL Framework
Michael Eichberg and Ben Hermann. 2014.
In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP '14).
Association for Computing Machinery, New York, NY, USA, 1–6.
DOI: https://doi.org/10.1145/2614628.2614630