Publications

2 minute read

Since ArchSec is a research project, you can find several academic publications related to ArchSec here. Perhaps, these papers answer some questions you have.

2023

Bernhard J. Berger and Goerschwin Fey. Towards: Threat Modeling in System Design. GI/GMM/ITG-Workshop für Testmethoden und Zuverlässigkeit von Schaltungen und Systemen (TUZ), 2023 (accepted for publication).

2022

Bernhard J. Berger. Automatic detection of architectural security flaws. Doctoral Thesis, 2022.

2021

Rodrigue W. Nguempnang, Bernhard J. Berger and Karsten Sohr. eNYPD - Entry Points Detector - Jakarta Server Faces Use Case. In Proceedings of the 21th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE Computer Society Press, 2021.

2020

Bernhard J. Berger, Rodrigue W. Nguempnang, Karsten Sohr and Rainer Koschke. Static Extraction of Enforced Authorization Policies - SeeAuthz. In Proceedings of the 20th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE Computer Society Press, 2020.

2019

Bernhard J. Berger, Karsten Sohr, Rainer Koschke. The Architectural Security Tool Suite - ArchSec. In Proceedings of the 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Cleveland, Ohio, 2019. Best Engineering Paper Award.

2016

Bernhard J. Berger, Karsten Sohr and Rainer Koschke. Automatically Extracting Threats from Extended Data Flow Diagrams. In Proceedings of the 8th International Symposium on Engineering Secure Software and Systems (ESSoS), London, April 2016.

2015

Marc-Andre Laverdiere, Bernhard J. Berger and Ettore Merlot. Taint Analysis of Manual Service Compositions using Cross-Application Call Graphs. In 22nd International Conference on Software Analysis, Evolution and Reengineering (SANER), 2015, IEEE Computer Society Press, 2015.

2014

Bernhard J. Berger and Karsten Sohr and Udo H. Kalinna. Architekturelle Sicherheitsanalyse für Android. In D-A-CH Security 2014: Bestandsaufnahme - Konzepte - Anwendungen - Perspektiven, SysSec, 2014.

Steffen Bartsch, Bernhard J. Berger, Eric Bodden, Achim D. Brucker, Jens Heider, Mehmet Kus, Sönke Maseberg, Karsten Sohr and Melanie Volkamer. Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen. In GI Sicherheit 2014, Lecture Notes in Informatics, GI, 2014.

2013

Steffen Bartsch, Bernhard J. Berger, Michaela Bunke and Karsten Sohr. The Transitivity-of-Trust Problem in Android Application Interaction. In Proceedings of the 8th International Conference on Availability, Reliability and Security, 2013.

Bernhard J. Berger, Karsten Sohr and Rainer Koschke. Extracting and Analyzing the Implemented Security Architecture of Business Applications. In Proceedings of the 17th European Conference on Software Maintenance and Reengineering, IEEE Computer Society Press, 2013.

2012

Bernhard J. Berger and Karsten Sohr. An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling. In Information Security and Privacy Research - IFIP Advances in Information and Communication Technology, Volume 376/2012, Springer, 2012.

2011

Bernhard J. Berger, Michaela Bunke and Karsten Sohr. An Android Security Case Study with Bauhaus. In Proceedings of the 18th Working Conference on Reverse Engineering. IEEE Computer Society, 2011.

Bernhard J. Berger and Michaela Bunke. Software Security Comprehension. In WSR 2011 / Softwaretechnik-Trends, 31(2), 2011.

2010

Karsten Sohr and Bernhard J. Berger. Idea: Towards Architecture-Centric Security Analysis of Software. In Proceedings of the Second International Symposium on Engineering Secure Software and Systems (ESSoS). Springer, 2010.

Updated: