ESSoS still accepting paper submissions

While the paper submission deadline (October 2) for ESSOS 2016 will not be extended, due to several requests, paper submissions for which no abstract has been received yet are still allowed. Authors are encouraged to submit an abstract as soon as possible, but a paper can be submitted until the paper submission deadline even if no abstract was submitted first.

Moving on to new adventures

Yesterday I have informed the people involved that effective January 1st I will be starting a new job as a full professor for “Softwaretechnik” at the University of Paderborn. In this position I plan to continue the research my group and I have been pursuing in the area of software security, but also want to broaden my research into the direction of the secure design of cyber-physical systems. In my new function I will be able to do so nicely, as at the same time I will be a member of the leadership team of the Fraunhofer-Group for Design-Methodologies of Mechatronic systems. In addition, I will be contributing to the collaborative research center On-the-fly Computing and the Software Innovation Campus Paderborn. I am very much looking forward to my new responsibilities and colleagues.

At the same time, I plan to continue the close collaborations with my dear colleagues at Darmstadt. I wish to thank everyone in Darmstadt who has contributed to making my past six years there as happy and successful as they were!

What provokes Android users into revealing private information? – Paper accepted at HICCS



In a joined work together with Nicole Eling and Prof. Buxmann from TU Darmstadt, we published a very interesting market experiment on users’ reaction to fine-grained permission requests. This work thus explores the following research questions using a self-developed mobile application:


  1. How does the precision of an information request influence users’ disclosure of personal information?
  2. Is this effect different for users with different security backgrounds?

Continue reading

Static Analysis Seminar (SAS) – Winter Semester

We are happy to announce that we are organizing a Static Analysis Seminar (SAS) during the Winter Semester. Interested to know more about various topics related to static analysis such as: pointer analysis, call graphs, theory behind data-flow analysis, usability of static analysis tools, and much more? Then do not hesitate to register yourself in the seminar (TUCaN ID: 20-00-0942).

More information about the seminar and the tentative schedule are available here

ESSOS final call for papers

ESSOS is accepting submissions of abstracts until the 25th and of research papers until October 2nd. We are happy to announce that both David Basin and Karsten Nohl will be presenting as invited speakers! Also, for the first time in the security community, ESSOS this year will offer a voluntary artifact evaluation! Read more in the full CFP below.

Continue reading

SSE Group together with Intel Security are presenting at VirusBulletin 2015 conference

A joint project together with McAfee (Intel Security) revealed very interesting insights into current Android Malware, in particular into Command and Control communications. We will be presenting our results at the VirusBulletin 2015 conference. We are also planning to publish a blog post with more concrete information, but if you are at VirusBulletin conference, feel free to join our talk on Thursday 1 October 09:00 – 09:30.

Title: We know what you did this summer: Android banking trojan exposing its sins in the cloud

Continue reading