For 2015 and 2016, Eric Bodden has been invited to participate, and accepted membership in the Program Committees for the following top conferences:
- ICSE 2016
- OOPSLA 2016
- ECOOP 2015
- ISSTA 2015
- MODULARITY/AOSD 2015
- ONWARD 2015
- PLDI 2015
- RV 2015
SPLlift awarded the IT-Sicherheitspreis (2nd place)
On Thursday, SPLlift, our approach for Analyzing Software Product Lines in Minutes instead of Years, was awarded the second price at the German IT-Sicherheitspreis. This was joint work with Mira Mezini (to the right), Claus Brabrand, Marcio Ribeiro, Paulo Borba and Tarsis 
Toledo. Many thanks for the fruitful collaboration! And Many thanks to Horst Görtz and his Foundation for donating this award!
1st place went to Kastel’s project on Blurry-Box Cryptography, the first provably secure software-protection dongle. Congrats!
We have moved! You now find us in the new shiny Fraunhofer building at Rheinstraße 75!
CAST Workshop Sicherheit im Lebenszyklus von Open Source
Am 16.10. veranstalten Eric Bodden und Thomas Schreck (Siemens CERT) zusammen mit CAST einen Workshop zum Thema Sicherheit im Lebenszyklus von Open Source. Dies ist der erste CAST Workshop im Neubau des Fraunhofer SIT. Es erwartet Sie ein spannendes Programm mit hochkarätigen Vortragenden.
Register now for FSE
FSE 2014 has now opened its registration portal. Register by October 5th to benefit from early-bird rates!
Panel discussion at ISSE’14
Together with Gerold Hübner, Chief Product Security Officer (CPSO), SAP, Germany, and with Frances Paulisch, Head of the Software Initiative/Vice Chairman, Siemens AG/SAFECode, Germany, Eric Bodden will be participating in the opening panel of ISSE’14 at Brussels, on the topic of Secure Software – we need it more than ever: SAFECODE and more.
Denial-of-App Attack on Android will be presented at SPSM 2014
On 7th November, we are presenting our “Denial-of-App Attack” at the SPSM 2014 workshop in Scottsdale, Arizona (USA).
New Course Secure Software Development (SecDev)
Next Semester, the Secure Software Engineering Group will offer a new seminar course “Secure Software Development (SecDev)”. The goal of the course is to provide software developers with the knowledge and first experience they need for developing secure software. Additionally, they will learn how to develop knowledge and share it and how to investigate a research problem on secure software development.The main topics are:
- Secure software development life-cycle
- Threat modeling
- Risk assessment
- Security requirements
- Security architecture
- Secure coding standards
- Security code analysis
- Security testing
- Security code review
- Empirical analysis for secure software development
More information can be found on the course website.
Wanted: Research Assistant on the Secure Integration of Cryptographic Software
UPDATE: THE POSITION HAS BEEN FILLED!
Is this for you?
The following code uses the symmetric encryption scheme AES, for instance to store some application data encrypted on disk. The code contains at least four different severe API-usage mistakes that may cause the code to crash or to be insecure:
String secretKey = "x$&78_;:$%$ä0$%=$%4352";
byte[] keyBytes = secretKey.getBytes();
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES");
Can you spot these mistakes? The more you can find, and the more you enjoy finding them, the more likely the position might be the right one for you. Continue reading
Android Security Acknowledgements
Stephan, Steven and Me have been added to the list of Android Security Acknowledgements:
http://source.android.com/devices/tech/security/acknowledgements.html
Thanks Android Security Team!