Publications
Since ArchSec is a research project, you can find several academic publications related to ArchSec here. Perhaps, these papers answer some questions you have.
2023
Bernhard J. Berger and Christina Plump. Automatic Security-Flaw Detection - Replication and Comparison. In Proceedings of the 26th International Conference on Model Driven Engineering Languages and Systems, 2023.
Bernhard J. Berger and Goerschwin Fey. Towards: Threat Modeling in System Design. GI/GMM/ITG-Workshop für Testmethoden und Zuverlässigkeit von Schaltungen und Systemen (TUZ), 2023 (workshop contribution).
2022
Bernhard J. Berger. Automatic detection of architectural security flaws. Doctoral Thesis, 2022.
2021
Rodrigue W. Nguempnang, Bernhard J. Berger and Karsten Sohr. eNYPD - Entry Points Detector - Jakarta Server Faces Use Case. In Proceedings of the 21th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE Computer Society Press, 2021.
2020
Bernhard J. Berger, Rodrigue W. Nguempnang, Karsten Sohr and Rainer Koschke. Static Extraction of Enforced Authorization Policies - SeeAuthz. In Proceedings of the 20th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE Computer Society Press, 2020.
2019
Bernhard J. Berger, Karsten Sohr, Rainer Koschke. The Architectural Security Tool Suite - ArchSec. In Proceedings of the 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Cleveland, Ohio, 2019. Best Engineering Paper Award.
2016
Bernhard J. Berger, Karsten Sohr and Rainer Koschke. Automatically Extracting Threats from Extended Data Flow Diagrams. In Proceedings of the 8th International Symposium on Engineering Secure Software and Systems (ESSoS), London, April 2016.
2015
Marc-Andre Laverdiere, Bernhard J. Berger and Ettore Merlot. Taint Analysis of Manual Service Compositions using Cross-Application Call Graphs. In 22nd International Conference on Software Analysis, Evolution and Reengineering (SANER), 2015, IEEE Computer Society Press, 2015.
2014
Bernhard J. Berger and Karsten Sohr and Udo H. Kalinna. Architekturelle Sicherheitsanalyse für Android. In D-A-CH Security 2014: Bestandsaufnahme - Konzepte - Anwendungen - Perspektiven, SysSec, 2014.
Steffen Bartsch, Bernhard J. Berger, Eric Bodden, Achim D. Brucker, Jens Heider, Mehmet Kus, Sönke Maseberg, Karsten Sohr and Melanie Volkamer. Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen. In GI Sicherheit 2014, Lecture Notes in Informatics, GI, 2014.
2013
Steffen Bartsch, Bernhard J. Berger, Michaela Bunke and Karsten Sohr. The Transitivity-of-Trust Problem in Android Application Interaction. In Proceedings of the 8th International Conference on Availability, Reliability and Security, 2013.
Bernhard J. Berger, Karsten Sohr and Rainer Koschke. Extracting and Analyzing the Implemented Security Architecture of Business Applications. In Proceedings of the 17th European Conference on Software Maintenance and Reengineering, IEEE Computer Society Press, 2013.
2012
Bernhard J. Berger and Karsten Sohr. An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling. In Information Security and Privacy Research - IFIP Advances in Information and Communication Technology, Volume 376/2012, Springer, 2012.
2011
Bernhard J. Berger, Michaela Bunke and Karsten Sohr. An Android Security Case Study with Bauhaus. In Proceedings of the 18th Working Conference on Reverse Engineering. IEEE Computer Society, 2011.
Bernhard J. Berger and Michaela Bunke. Software Security Comprehension. In WSR 2011 / Softwaretechnik-Trends, 31(2), 2011.
2010
Karsten Sohr and Bernhard J. Berger. Idea: Towards Architecture-Centric Security Analysis of Software. In Proceedings of the Second International Symposium on Engineering Secure Software and Systems (ESSoS). Springer, 2010.