@article {631, title = {Automatic Detection and Demonstrator Generation for Information Flow Leaks in Object-Oriented Programs}, journal = {Computers \& Security}, volume = {67}, year = {2017}, author = {Quoc Huy Do and Richard Bubel and Reiner H{\"a}hnle} } @conference {626, title = {CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees}, booktitle = {Proceedings of the 38th IEEE Symposium on Security and Privacy (S\&P)}, year = {2017}, author = {Thomas Bauerei{\ss} and Armando Pesenti Gritti and Andrei Popescu and Franco Raimondi} } @conference {624, title = {Modular Verification of Information-Flow Security in Component-Based Systems}, booktitle = {Proceedings of the 15th International Conference on Software Engineering and Formal Methods (SEFM)}, year = {2017}, author = {Simon Greiner and Martin Mohr and Bernhard Beckert} } @article {630, title = {Type Systems for Information Flow Control: The Question of Granularity}, journal = {ACM SIGLOG News}, volume = {4}, year = {2017}, author = {Vineet Rajani and Iulia Bastys and Willard Rafnsson and Deepak Garg} } @conference {625, title = {WebPol: Fine-grained Information Flow Policies for Web Browsers}, booktitle = {Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS)}, year = {2017}, author = {Abhishek Bichhawat and Vineet Rajani and Jinank Jain and Deepak Garg and Christian Hammer} } @conference {615, title = {Asymmetric Secure Multi-execution with Declassification}, booktitle = {Proceedings of the 5th International Conference on Principles of Security and Trust (POST)}, year = {2016}, author = {Iulia Bolosteanu and Deepak Garg} } @conference {614, title = {Combining Static Analysis with Probabilistic Models to Enable Market-Scale Android Inter-component Analysis}, booktitle = {Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL)}, year = {2016}, author = {Damien Octeau and Somesh Jha and Matthew Dering and Patrick McDaniel and Alexandre Bartel and Li Li and Jacques Klein and Yves Le Traon} } @conference {621, title = {Computing Specification-Sensitive Abstractions for Program Verification}, booktitle = {Proceedings of the 2nd International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA)}, year = {2016}, author = {Tianhai Liu and Shmuel Tyszberowicz and Mihai Herda and Bernhard Beckert and Daniel Grahl and Mana Taghdiri} } @conference {609, title = {CoSMed: A Confidentiality-Verified Social Media Platform}, booktitle = {Proceedings of the 7th International Conference on Interactive Theorem Proving (ITP)}, year = {2016}, author = {Thomas Bauerei{\ss} and Armando Pesenti Gritti and Andrei Popescu and Franco Raimondi} } @conference {613, title = {On Improvements Of Low-Deterministic Security}, booktitle = {Proceedings of the 5th International Conference on Principles of Security and Trust (POST)}, year = {2016}, author = {Joachim Breitner and J{\"u}rgen Graf and Martin Hecker and Martin Mohr and Gregor Snelling} } @conference {632, title = {Exploit Generation for Information Flow Leaks in Object-Oriented Programs}, booktitle = {Proceedings of the 30th International Information Security and Privacy Conference (IFIP SEC)}, year = {2015}, author = {Quoc Huy Do and Richard Bubel and Reiner H{\"a}hnle} } @conference {593, title = {A Hybrid Approach for Proving Noninterference of Java Programs}, booktitle = {Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF)}, year = {2015}, author = {Ralf K{\"u}sters and Tomasz Truderung and Bernhard Beckert and Daniel Bruns and Michael Kirsten and Martin Mohr} } @conference {602, title = {IccTA: Detecting Inter-Component Privacy Leaks in Android Apps}, booktitle = {Proceedings of the 37th International Conference on Software Engineering (ICSE)}, year = {2015}, author = {Li Li and Alexandre Bartel and Tegawend{\'e} F. Bissyand{\'e} and Jacques Klein and Yves Le Traon and Steven Arzt and Siegfried Rasthofer and Eric Bodden and Damien Octeau and Patrick McDaniel} } @conference {592, title = {Information Flow Control for Event Handling and the DOM in Web Browsers}, booktitle = {Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF)}, year = {2015}, author = {Vineet Rajani and Abhishek Bichhawat and Deepak Gark and Christian Hammer} } @booklet {588, title = {Security in E-Voting}, journal = {Poster at the IEEE Symposium on Security and Privacy (S\&P)}, year = {2015}, author = {Daniel Bruns and Huy Quoc Do and Simon Greiner and Mihai Herda and Martin Mohr and Enrico Scapin and Tomasz Truderung and Bernhard Beckert and Ralf K{\"u}sters and Heiko Mantel and Richard Gay} } @booklet {587, title = {Security in Web-Based Workflows}, journal = {Poster at the IEEE Symposium on Security and Privacy (S\&P)}, year = {2015}, author = {Thomas Bauereiss and Abhishek Bichhawat and Iulia Bolosteanu and Peter Faymonville and Bernd Finkbeiner and Deepak Garg and Richard Gay and Sergey Grebenshchikov and Christian Hammer and Dieter Hutter and Ond{\v r}ej Kun{\v c}ar and Peter Lammich and Heiko Mantel and Christian M{\"u}ller and Andrei Popescu and Markus Rabe and Vineet Rajani and Helmut Seidl and Markus Tasch and Leander Tentrup} } @booklet {586, title = {Software Security for Mobile Devices}, journal = {Poster at the IEEE Symposium on Security and Privacy (S\&P)}, year = {2015}, author = {Steven Arzt and Alexandre Bartel and Richard Gay and Steffen Lortz and Enrico Lovat and Heiko Mantel and Martin Mohr and Benedikt Nordhoff and Matthias Perner and Siegfried Rasthofer and David Schneider and Gregor Snelting and Artem Starostin and Alexandra Weber} } @conference {inp:BauereissHutter2014a, title = {Compatibility of Safety Properties and Possibilistic Information Flow Security in {MAKS}}, booktitle = {Proceedings of the 29th International Information Security and Privacy Conference (IFIP SEC 2014)}, year = {2014}, author = {T. Bauereiss and D. Hutter} } @conference {inp:RasthoferArztLovatBodden2014, title = {DROIDFORCE: Enforcing Complex, Data-Centric, System-Wide Policies in Android}, booktitle = {Proceedings of the 9th International IEEE Conference on Availability, Reliability and Security (ARES 2014)}, year = {2014}, note = {To appear.}, author = {S. Rasthofer and S. Arzt and E. Lovat and E. Bodden} } @conference {inp:ArztRasthoferFritzBoddenBarteKleinTraonOctreauMcDaniel2013, title = {FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps}, booktitle = {Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2014)}, year = {2014}, author = {S. Arzt and S. Rasthofer and C. Fritz and E. Bodden and A. Barte and J. Klein and Y. Le Traon and D. Octeau and P. McDaniel} } @conference {inp:StenzelKatkalovBorekReif2014, title = {Formalizing Information Flow Control in a Model-Driven Approach}, booktitle = {Proceedings of the Information Communication Technology-EurAsia (ICT-EurAsia 2014)}, year = {2014}, author = {K. Stenzel and K. Katkalov and M. Borek and W. Reif} } @conference {inp:BichhawatRajaniGargHammer2014b, title = {Generalizing Permissive-Upgrade in Dynamic Information Flow Analysis}, booktitle = {Proceedings of the 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2014)}, year = {2014}, author = {A. Bichhawat and V. Rajani and D. Garg and C. Hammer} } @article {ar:BrunsMostowskiUlbrich2014, title = {Implementation-level Verification of Algorithms with {Ke{\k e}rn-.1emY}}, journal = {Software Tools for Technology Transfer}, year = {2014}, note = {To appear.}, publisher = {Springer}, author = {D. Bruns and W. Mostowski and M. Ulbrich} } @conference {inp:BichhawatRajaniGargHammer2014a, title = {Information Flow Control in WebKit{\textquoteright}s JavaScript Bytecode}, booktitle = {Proceedings of the 3rd conference on Principles of Security and Trust (POST 2014)}, year = {2014}, author = {A. Bichhawat and V. Rajani and D. Garg and C. Hammer} } @conference {598, title = {Information Flow in Object-Oriented Software}, booktitle = {Proceedings of the 24th International Symposium on Logic Based Program Synthesis and Transformation (LOPSTR)}, year = {2014}, author = {Bernhard Beckert and Daniel Bruns and Vladimir Klebanov and Christoph Scheben and Peter H. Schmitt and Matthias Ulbrich} } @conference {599, title = {The KeY Platform for Verification and Analysis of Java Programs}, booktitle = {Proceedings of the 6th Working Conference on Verified Software: Theories, Tools, and Experiments}, year = {2014}, author = {Wolfgang Ahrendt and Bernhard Beckert and Daniel Bruns and Richard Bubel and Christoph Gladisch and Sarah Grebing and Reiner H{\"a}hnle and Martin Henschel and Mihai Herda and Vladimir Klebanov and Wojciech Mostowski and Christoph Scheben and Peter~H. Schmitt and Mattias Ulbrich} } @article {ar:RasthoferArztBodden2014, title = {A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks}, journal = {Proceedings of the Network and Distributed System Security Symposium (NDSS 2014)}, year = {2014}, author = {S. Rasthofer and S. Arzt and E. Bodden} } @conference {inp:BauereissHutter2014b, title = {Possibilistic information flow security of workflow management systems}, booktitle = {Proceedings of the 1st International Workshop on Graphical Models for Security at ETAPS 2014 (GraMSec 2014)}, year = {2014}, author = {T. Bauereiss and D. Hutter} } @conference {inp:ArztBodden2014, title = {Reviser: Efficiently Updating IDE-/IFDS-Based Data-Flow Analyses in Response to Incremental Program Changes}, booktitle = {Proceedings of the 36th International Conference on Software Engineering (ICSE 2014)}, year = {2014}, note = {To appear.}, author = {S. Arzt and E. Bodden} } @conference {inp:BauereissHutter2014c, title = {Security (hyper-)properties in workflow systems: From specification to verification}, booktitle = {Electronic Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2014)}, year = {2014}, note = {To appear.}, author = {T. Bauereiss and D. Hutter} } @conference {inp:BlasumHavleLangensteinNemouchiSchmaltzStephanTverdyshevVerbeekWolff2014, title = {Using Isabelle/HOL to Develop and Maintain Separation Invariants for an Operating System}, booktitle = {Isabelle 2014 workshop at FloC 2014}, year = {2014}, author = {H. Blasum and O. Havle and B. Langenstein and Y. Nemouchi and J. Schmaltz and W. Stephan and S. Tverdyshew and F. Verbeek and B. Wolf} } @conference {inp:BeckertBruns2013, title = {Dynamic Logic with Trace Semantics}, booktitle = {Proceedings of the 24th International Conference on Automated Deduction (CADE-24)}, year = {2013}, author = {B. Beckert and D. Bruns} } @conference {inp:BlanchetteBoehmePopescuSmallbone2013, title = {Encoding Monomorphic and Polymorphic Types}, booktitle = {Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2013)}, year = {2013}, author = {J. C. Blanchette and S. B{\"o}hme and A. Popescu and N. Smallbone} } @conference {inp:KuestersTruderung2013, title = {A Hybrid Approach for Proving Noninterference and Applications to the Cryptographic Verification of {Java} Programs}, booktitle = {Grande Region Security and Reliability Day 2013}, year = {2013}, note = {Extended Abstract}, author = {R. K{\"u}sters and T. Truderung and B. Beckert and D. Bruns and J. Graf and C. Scheben} } @conference {inp:BlanchettePopescu2013, title = {Mechanizing the Metatheory of Sledgehammer}, booktitle = {Proceedings of the 9th International Symposium on Frontiers of Combining Systems (FroCos 2013)}, year = {2013}, author = {J. C. Blanchette and A. Popescu} } @conference {inp:StenzelKatkalovBorekReif2013a, title = {Model-Driven Development of Information Flow-Secure Systems with IFlow}, booktitle = {Proceedings of 5th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2013)}, year = {2013}, author = {K. Katkalov and K. Stenzel and M. Borek and W. Reif} } @article {inp:StenzelKatkalovBorekReif2013b, title = {Model-Driven Development of Information Flow-Secure Systems with IFlow}, journal = {ASE Science Journal}, volume = {2}, number = {2}, year = {2013}, author = {K. Katkalov and K. Stenzel and M. Borek and W. Reif} } @conference {inp:BeckertBruns2012a, title = {Formal Semantics of Model Fields in Annotation-based Specifications}, booktitle = {{KI 2012}: Advances in Artificial Intelligence}, year = {2012}, author = {B. Beckert and D. Bruns} } @conference {inp:BeckertBruns2012b, title = {Mind the Gap: Formal Verification and the {Common} {Criteria}}, booktitle = {Proceedings of the 6th International Verification Workshop (VERIFY 2010)}, year = {2012}, author = {B. Beckert and D. Bruns and S. Grebing} } @conference {inp:BlanchettePopescuWandWeidenbach2012, title = {More SPASS with Isabelle - Superposition with Hard Sorts and Configurable Simplification}, booktitle = {Proceedings of the 3rd Conference on Interactive Theorem Proving (ITP 2012)}, year = {2012}, author = {J. C. Blanchette and A. Popescu and D. Wand and C. Weidenbach} } @conference {inp:PretschnerLovatBuechler2011, title = {{Representation-Independent Data Usage Control}}, booktitle = {6th International Workshop on Data Privacy Management (DPM 2011)}, year = {2011}, author = {A. Pretschner and E. Lovat and M. Buechler} }