Search

Your search keyword '"Bodden, Eric"' showing total 39 results
Start Over Author "Bodden, Eric" Search Limiters Peer Reviewed
39 results on '"Bodden, Eric"'

2. Ernst Denert Award for Software Engineering 2022

Author

Bodden, Eric, Felderer, Michael, Hasselbring, Wilhelm, Herber, Paula, Koziolek, Heiko, Lilienthal, Carola, Matthes, Florian, Prechelt, Lutz, Rumpe, Bernhard, and Schaefer, Ina

Subjects
Software Engineering, Requirements Engineering, Best Thesis Award, Model-Driven Software Development, Software Development, thema EDItEUR::U Computing and Information Technology::UM Computer programming / software engineering::UMZ Software Engineering
Abstract

This open access book provides an overview of the dissertations of the five nominees for the Ernst Denert Award for Software Engineering in 2022. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains five papers that describe the works by Jannik Fischbach (Netlight Consulting GmbH and fortiss GmbH), who won the award, entitled Conditional Statements in Requirements Artifacts: Logical Interpretation, Use Cases for Automated Software Engineering, and Fine-Grained Extraction, Christian Kirchhof's (RWTH Aachen University) From Design to Reality: An Overview of the MontiThings Ecosystem for Model-Driven IoT Applications, Sven Peldszus's (Ruhr University Bochum) research about Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants, Florian Rademacher's (RWTH Aachen University) work on Model-Driven Engineering of Microservice Architectures, and Alexander Trautsch's (University of Passau) Usefulness of Automatic Static Analysis Tools: Evidence from Four Case Studies. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work.

Published
2024
Full Text
View/download PDF

13. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities .

Author

SAYAR, IMEN, BARTEL, ALEXANDRE, BODDEN, ERIC, and TRAON, YVES LE

Subjects
WEB-based user interfaces
Abstract

Nowadays, an increasing number of applications use deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) if the data to deserialize is originating from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by faults in the development process of applications and by flaws in their dependencies, i.e., flaws in the libraries used by these applications. No previous work has studied deserialization attacks in-depth: How are they performed? How are weaknesses introduced and patched? And for how long are vulnerabilities present in the codebase? To yield a deeper understanding of this important kind of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable pieces of code, present in Java libraries, and one on vulnerabilities present in Java applications. For the first analysis, we conduct an exploratory large-scale study by running 256 515 experiments in which we vary the versions of libraries for each of the 19 publicly available exploits. Such attacks rely on a combination of gadgets present in one or multiple Java libraries. A gadget is a method which is using objects or fields that can be attackercontrolled. Our goal is to precisely identify library versions containing gadgets and to understand how gadgets have been introduced and how they have been patched. We observe that the modification of one innocentlooking detail in a class – such as making it public – can already introduce a gadget. Furthermore, we noticed that among the studied libraries, 37.5% are not patched, leaving gadgets available for future attacks. For the second analysis, we manually analyze 104 deserialization vulnerabilities CVEs to understand how vulnerabilities are introduced and patched in real-life Java applications. Results indicate that the vulnerabilities are not always completely patched or that a workaround solution is proposed. With a workaround solution, applications are still vulnerable since the code itself is unchanged. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

14. Trust Me, I’m a Liar.

Author

Hebert, Cedric, Massacci, Fabio, Bodden, Eric, and Sabetta, Antonino

Abstract

Cyberattacks will continue to thrive as long as their benefits exceed their cost. A successful cyberattack requires a vulnerability, but also and foremost the attacker's willingness to exploit. Can we reduce this willingness, can we even the attack/defense asymmetry? [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

17. “Free” as in Freedom to Protest?

Author

Massacci, Fabio, Sabetta, Antonino, Mirkovic, Jelena, Murray, Toby, Okhravi, Hamed, Mannan, Mohammad, Rocha, Anderson, Bodden, Eric, and Geer, Daniel E.

Abstract

To kick-start the discussion, let's first review some of the recent attacks. In the node-ipc case1 a developer pushed an update that deliberately but stealthily included code that sabotaged the computer of the users who installed the updated component. Such an attack was selective: a DarkSide in reverse. If the computer Internet Protocol (IP) was geolocated in Russia, the attack would be launched. Several days and a few million downloads later, the "spurious code" was actually noticed and investigated. Linus's law on the many eyes eventually made the bug shallow,2 and the developer pulled back the changes. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

18. What Has Artifact Evaluation Ever Done for Us?

Author

Hermann, Ben, Massacci, Fabio, Bodden, Eric, and Sabetta, Antonino

Abstract

Artifact evaluation is an established peer review practice in several fields of computer science research. In the security field it only has been introduced recently. The author highlights several benefits of artifact sharing for and beyond the research community, inspects the specifics of the security field, and derives suggestions to foster artifact sharing in the security field. Embracing artifact sharing will help to strengthen and mature the field. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

20. Computation on Encrypted Data Using Dataflow Authentication.

Author

FISCHER, ANDREAS, FUHRY, BENNY, KUßMAUL, JÖRN, JANNECK, JONAS, KERSCHBAUM, FLORIAN, and BODDEN, ERIC

Subjects
DATA encryption, NEURAL computers, MEDICAL databases, JAVA programming language, OBJECT-oriented programming languages
Abstract

Encrypting data before sending it to the cloud ensures data confidentiality but requires the cloud to compute on encrypted data. Trusted execution environments, such as Intel SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program give attackers ample opportunities to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side channels. Fully homomorphic encryption would be an alternative to compute on encrypted data without data leaks. However, due to its high computational complexity, its applicability to general-purpose computing remains limited. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data. We introduce the concept of dataflow authentication (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described previously. We implemented two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave running a small and program-independent trusted code base. We applied DFAuth to a neural network performing machine learning on sensitive medical data and a smart charging scheduler for electric vehicles. Our transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in 12.55 ms. Our protected scheduler is capable of updating the encrypted charging plan in approximately 1.06 seconds. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

21. 25 Years in Application Security: Looking Back, Looking Forward.

Author

Shostack, Adam, Massacci, Fabio, Bodden, Eric, and Sabetta, Antonino

Abstract

The author looks at 25 years of industrial application security through a lens of a code review document released in 1996, examines the progress that's been made and what those trends imply for the future. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

32. Likelihoods of Threats to Connected Vehicles.

Author

OTHMANE, LOTFI BEN, FERNANDO, RUCHITH, RANCHAL, ROHIT, BHARGAVA, BHARAT, and BODDEN, ERIC

Subjects
MOBILE communication systems, AUTOMOTIVE electronics, INTERNETWORKING, CYBERTERRORISM, COMPUTER network security
Abstract

Connected vehicles communicate with neighboring vehicles, road side units, personal devices, and service centers; and have their electronic control units communicate through their in-vehicle networks. This provides cyber-attackers with the opportunity to communicate with the vehicles and to stage attacks. This paper reports about a case study for estimating the likelihoods of threats for connected vehicles; it provides the results of a survey that we conducted to estimate the likelihoods of 7 threats to connected vehicles. The experts rated 6 threats as "very unlikely" and one as "almost impossible" The survey shows that attacks on connected vehicles needs to be fast (before being discovered or the attack context changes) and be staged by experts who have deep knowledge about the targets. It also shows that developing such attacks does not require long time, neither expensive equipment and tools. Thus, cyber-attacks on connected vehicles are not lab experiments anymore; they are real threats for the society. [ABSTRACT FROM AUTHOR]

Published
2014

33. FlowDroid.

Author

Arzt, Steven, Rasthofer, Siegfried, Fritz, Christian, Bodden, Eric, Bartel, Alexandre, Klein, Jacques, Le Traon, Yves, Octeau, Damien, and McDaniel, Patrick

Published
2014
Full Text
View/download PDF

34. Join Point Interfaces for Safe and Flexible Decoupling of Aspects.

Author

BODDEN, ERIC, TANTER, ÉRIC, and INOSTROZA, MILTON

Subjects
ASPECT-oriented programming, MATHEMATICAL decoupling, PREDICATE calculus, MODULAR design, OPEN source software, SEMANTICS
Abstract

In current aspect-oriented systems, aspects usually carry, through their pointcuts, explicit references to the base code. Those references are fragile and hinder important software engineering properties such as modular reasoning and independent evolution of aspects and base code. In this work, we introduce a novel abstraction called Join Point Interface, which, by design, aids modular reasoning and independent evolution by decoupling aspects from base code and by providing a modular type-checking algorithm. Join point interfaces can be used both with implicit announcement through pointcuts, and with explicit announcement, using closure join points. Join point interfaces further offer polymorphic dispatch on join points, with an advice-dispatch semantics akin to multimethods. To support flexible join point matching, we incorporate into our language an earlier proposal for generic advice, and introduce a mechanism for controlled global quantification. We motivate each language feature in detail, showing that it is necessary to obtain a language design that is both type safe and flexible enough to support typical aspect-oriented programming idioms. We have implemented join point interfaces as an open-source extension to AspectJ. A case study on existing aspect-oriented programs supports our design, and in particular shows the necessity of both generic interfaces and some mechanism for global quantification. [ABSTRACT FROM AUTHOR]

Published
2014
Full Text
View/download PDF

36. Automated API Property Inference Techniques.

Author

Robillard, Martin P., Bodden, Eric, Kawrykow, David, Mezini, Mira, and Ratchford, Tristan

Subjects
*INFERENCE (Logic), *APPLICATION software, *USER interfaces, *DATA libraries, *PATTERN recognition systems, *SOFTWARE engineering, *DATA mining
Abstract

Frameworks and libraries offer reusable and customizable functionality through Application Programming Interfaces (APIs). Correctly using large and sophisticated APIs can represent a challenge due to hidden assumptions and requirements. Numerous approaches have been developed to infer properties of APIs, intended to guide their use by developers. With each approach come new definitions of API properties, new techniques for inferring these properties, and new ways to assess their correctness and usefulness. This paper provides a comprehensive survey of over a decade of research on automated property inference for APIs. Our survey provides a synthesis of this complex technical field along different dimensions of analysis: properties inferred, mining techniques, and empirical results. In particular, we derive a classification and organization of over 60 techniques into five different categories based on the type of API property inferred: unordered usage patterns, sequential usage patterns, behavioral specifications, migration mappings, and general information. [ABSTRACT FROM PUBLISHER]

Published
2013
Full Text
View/download PDF

37. Partially Evaluating Finite-State Runtime Monitors Ahead of Time.

Author

Bodden, Eric, Lam, Patrick, and Hendren, Laurie

Subjects
*SOFTWARE engineering, *RUN time systems (Computer science), *ALGORITHMS, *EXPERIMENTS, *JAVA programming language, *SOFTWARE verification
Abstract

Finite-state properties account for an important class of program properties, typically related to the order of operations invoked on objects. Many library implementations therefore include manually written finitestate monitors to detect violations of finite-state properties at runtime. Researchers have recently proposed the explicit specification of finite-state properties and automatic generation of monitors from the specification. However, runtime monitoring only shows the presence of violations, and typically cannot prove their absence. Moreover, inserting a runtime monitor into a program under test can slow down the program by several orders of magnitude. In this work, we therefore present a set of four static whole-program analyses that partially evaluate runtime monitors at compile time, with increasing cost and precision. As we show, ahead-of-time evaluation can often evaluate the monitor completely statically. This may prove that the program cannot violate the property on any execution or may prove that violations do exist. In the remaining cases, the partial evaluation converts the runtime monitor into a residual monitor. This monitor only receives events from program locations that the analyses failed to prove irrelevant. This makes the residual monitor much more efficient than a full monitor, while still capturing all property violations at runtime. We implemented the analyses in CLARA, a novel framework for the partial evaluation of AspectJ-based runtime monitors, and validated our approach by applying CLARA to finite-state properties over several large-scale Java programs. CLARA proved that most of the programs never violate our example properties. Some programs required monitoring, but in those cases CLARA could often reduce the monitoring overhead to below 10%. We observed that several programs did violate the stated properties. [ABSTRACT FROM AUTHOR]

Published
2012
Full Text
View/download PDF

38. Aspect-Oriented Race Detection in Java.

Author

Bodden, Eric and Havelund, Klaus

Subjects
*JAVA programming language, *ALGORITHMS, *COMPUTER software, *ERROR analysis in mathematics, *COMPUTER system failures
Abstract

In the past, researchers have developed specialized programs to aid programmers in detecting concurrent programming errors such as deadlocks, livelocks, starvation, and data races. In this work, we propose a language extension to the aspect-oriented programming language AspectJ, in the form of three new pointcuts, lock(), unlock(), and maybeShared(). These pointcuts allow programmers to monitor program events where locks are granted or handed back, and where values are accessed that may be shared among multiple Java threads. We decide thread locality using a static thread-local-objects analysis developed by others. Using the three new primitive pointcuts, researchers can directly implement efficient monitoring algorithms to detect concurrent-programming errors online. As an example, we describe a new algorithm which we call RACER, an adaption of the well-known ERASER algorithm to the memory model of Java. We implemented the new pointcuts as an extension to the AspectBench Compiler, implemented the RACER algorithm using this language extension, and then applied the algorithm to the NASA K9 Rover Executive and two smaller programs. Our experiments demonstrate that our implementation is effective in finding subtle data races. In the Rover Executive, RACER finds 12 data races, with no false warnings. Only one of these races was previously known. [ABSTRACT FROM AUTHOR]

Published
2010
Full Text
View/download PDF

39. Collaborative Runtime Verification with Tracematches.

Author

BODDEN, ERIC, HENDREN, LAURIE, LAM, PATRICK, LHOTÁK, ONDŘEJ, and NAEEM, NOMAIR A.

Subjects
CONFIRMATION (Logic), ASPECT-oriented programming, COMPUTER software, DEBUGGING, STATISTICS
Abstract

Perfect pre-deployment test coverage is notoriously difficult to achieve for large applications. Given enough end users, however, many more test cases will be encountered during an application's deployment than during testing. The use of runtime verification after deployment would enable developers to detect unexpected situations. Unfortunately, the prohibitive performance cost of runtime monitors prevents their use in deployed code. In this work, we study the feasibility of collaborative runtime verification, a verification approach which can distribute the burden of runtime verification among multiple users and over multiple runs. Each user executes a partially instrumented program and therefore suffers only a fraction of the instrumentation overhead. We focus on runtime verification using tracematches. Tracematches are a specification formalism that allows users to specify runtime verification properties via regular expressions with free variables over the dynamic execution trace. We propose two techniques for soundly partitioning the instrumentation required for tracematches: spatial partitioning, where different copies of a program monitor different program points for violations, and temporal partitioning, where monitoring is switched on and off over time. We evaluate the relative impact of partitioning on a user's runtime overhead by applying each partitioning technique to a collection of benchmarks that would otherwise incur significant instrumentation overhead. Our results show that spatial partitioning almost completely eliminates runtime overhead (for any particular benchmark copy) on many of our test cases, and that temporal partitioning scales well and provides runtime verification on a ‘pay as you go’ basis. [ABSTRACT FROM PUBLISHER]

Published
2010
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results