In our new publication SPLlift – Statically Analyzing Software Product Lines in Minutes Instead of Years (to appear at PLDI’13) we show how to efficiently conduct inter-procedural, flow-sensitive, context-sensitive data-flow analysis for software product lines. Previously, such analyses would have taken years, due to the many software configurations a product line encodes. Our approach SPLlift processes the entire product line at once, and typically within minutes, without any loss of precision. It works for any IFDS-based data-flow analysis. SPLlift is available as an open-source extension to our IFDS/IDE solver Heros. To access our benchmark data, click here. This is joint work with Mira Mezini, Claus Brabrand, Társis Tolêdo, Márcio Ribeiro and Paulo Borba. go
Paper on Join Point Interfaces gets accepted at ACM TOSEM
At EC SPRIDE we worry a lot about what the future of secure software engineering is going to look like, and we are trying to shape that future for the better by developing tools, methods and programming languages that support a secure software design and implementation. One thing we have noticed over the past years is that many current applications and frameworks suffer from the fact that their security-related code is scattered throughout the program, and tangled with other code that is not at all related to security. From all the talk about AOP, we know that scattering and tangling can have detrimental effects, but this is especially true when talking about security. The repeated news reports about zero-day vulnerabilities in the JDK, for example, are just one instance of that problem. go
A recap on our research progress in 2012
The year is coming to an end, and in fact some believe so may the world, so I thought I would give everyone a recap of what we have worked on and accomplished in 2012. What an exciting year this was! Through funding by EC SPRIDE and my new Emmy Noether Group RUNSECURE, my group grew from a single PhD student to five! This was obviously quite an exciting but also challenging shift for me, coordinating such a large and new group is not an easy task – but at the end of the year I have to say that I think I am getting the hang of it.
June 17-21 2013, Budapest, Hungary
The International Conference on Software Composition (SC) is the leading venue that addresses challenges of how composition of software parts may be used to build and maintain large software systems. Software Composition 2013 will be the 12th edition in the series, and we invite researchers and practitioners to submit high-quality papers. Submissions that relate theory and practice of software composition are particularly welcome. Software Composition 2013 is co-located with the TOOLS 2013 Federated Conferences, taking place in Budapest between June 17th and 21st 2013. go
Novel approach speeds up analyses by several orders of magnitude
We are happy to announce the availability of a new Tech Report on Transparent and Efficient Reuse of IFDS-based Static Program Analyses for Software Product Lines. This is joint work with Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba and Mira Mezini. In the paper, we show how an important class of program analyses designed for traditional programs can be transparently reused for software product lines. go
Eric Bodden ist Program Chair für die International Conference on Software Composition (SC)
Eric Bodden wird das Programmkomitee der 2013 International Conference on Software Composition zusammen mit Walter Binder von der University of Lugano leiten.
Interview mit Dr. Eric Bodden vom European Center for Security and Privacy for Design (EC SPRIDE)
New research assistant in the Secure Software Engineering Group
Andreas Follner started working as a Research Assistant in the Secure Software Engineering Group at EC-SPRIDE in July. He graduated from the Technikum Wien with a master’s degree in IT security and information management with his thesis concerning stack buffer overflow exploits on Windows x86. He previously earned his bachelor’s degree from the same institution in computer science, having written theses about security-relevant traffic monitoring in LANs as well as secure programming guidelines for C#. go
Taming Reflection in Refactorings – Free tool for program transformation in Eclipse IDE
Minneapolis/Darmstadt, July 19, 2012 – The paper RefaFlex: Safer Refactorings for Reflective Java Programs by Eric Bodden from TU Darmstadt and Andreas Thies from Fernuni Hagen have won an ACM SIGSOFT Distinguished Paper Award at the renowned International Symposium on Software Testing and Analysis (ISSTA)". go