Siegfried Rasthofer

Siegfried Rasthofer

Research assistant – Secure Software Engineering Group

Rheinstraße 75

D-64293 Darmstadt

GERMANY

Room: B5/05

Tel: +49 6151 869177

Email: siegfried.rasthofer@remove-this.cased.de

Blog: http://sse-blog.ec-spride.de

PGP Key: download

9274 6279 9BCD 2024 01CD 1FA6 4A8C 5250 0215 322D

Founder of CodeInspect

Founder of TeamSIK

Vita

Since December 2012 I am a research assistant and PhD Student at the Center for Advanced Security Research Darmstadt (CASED) and Technische Universität Darmstadt, Germany

My research interest:

  • Applied Software Security on Android
  • Static-/Dynamic Code Analysis

since 2012

 

 

Jun 2014 - Sep 2014

Research Assistant and PhD Student
at Technische Universität Darmstadt and Fraunhofer SIT, Germany
Internship at Microsoft Research, Redmond, WA, USA in the group of Ben Livshits
2010 - 2012 Master of Science in IT-Security
Studies at University of Passau

2006 - 2010

 

Aug 2008 - Feb 2009

Bachelor (FH) of Science
Studies at University of Applied Sciences Landshut
Internship at Siemens Corporate Research, Princeton, NJ, USA

Projects

  • Ongoing:
    • - Finding and Demonstrating Undesired Program Behavior (TESTIFY), DFG 2015-2018
  • Finished 

Supervised Thesis

Offered:

  • Please have a look at the Open Thesis Topics 
  • If you do not find any interesting topic at the "Open Thesis Topics" site, but you are interested in Android Security and/or static-/dynamic code analysis, please !

Finished:

  • Android Malware Detection by Machine Learning (Bachelor thesis by Patrick Pauli). to appear
  • Statische Informationsflussanalyse mittels symbolischer Ausführung für Android (Bachelor thesis by Robert Hahn). to appear
  • Slicing-basierte String-Extraktion in Androidapplikationen (Bachelor thesis by Marc Miltenberger). to appear
  • Hybrid Inter-Component and Inter-Application Data Flow Analysis in Android (Master thesis by Dieter Hofmann). to appear
  • Dynamically Enforcing Usability and Security Properties of Android Advertisement Libraries (Bachelor thesis by Max Kolhagen). to appear

Talks

     

  • S. Huber, S. Rasthofer, (In-) Security of Smartphone AntiVirus and Security Apps. Talk at VirusBulletin 2016. October 2016 (slides)
  • S. Rasthofer, (In-) Security of Backend as a Service. Talk at MobileTechCon 2016. September 2016
  • S. Huber, S. Rasthofer, How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire. Talk at DEF CON 24. August 2016 (slides)
  • S. Rasthofer. Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. Talk at NDSS 2016. February 2016 (Slides)
  • S. Rasthofer. Improving Mobile Security with Static and Dynamic Code Analysis Techniques. Talk at Amazon Headquarters. January 2016
  • S. Rasthofer and S. Arzt. (In-)Security of Backend-As-A-Service Solutions. Talk at Black Hat Europe 2015. November 2015 (Slides)
  • S. Rasthofer, Carlos Castillo, Eric Bodden and Alex Hinchliffe. We know what you did this summer: Android banking trojan exposing its sins in the cloud. Talk at VirusBulletin 2015. September 2015 (Slides)
  • S. Rasthofer. How Current Android Malware Seeks to Evade Automated Code Analysis. Talk at WISTP 2015. August 2015 (Slides)
  • S. Rasthofer. Improving Mobile Security with Static and Dynamic Code Analysis Techniques. Talk at Siemens CERT. June 2015
  • S. Rasthofer. Dismantling droids for breakfast - The current state of app reverse engineering. Talk at DroidCon. June 2015 (Slides, Video)
  • S. Rasthofer. Analyzing Sophisticated Android Malware with CodeInspect. Talk at CARO (Computer Antivirus Research Organization) Workshop 2015. Mai 2015 (Slides, Live-Demo)
  • S. Rasthofer. Improving Mobile Security with Static and Dynamic Code Analysis Techniques. Talk at TU Munich (Prof. Dr. Alexander Pretschner). March 2015
  • S. Rasthofer. Inspecting These DROIDS in Detail. Talk at Google Headquarters Mountain View (Android Security Research). November 2014
  • S. Rasthofer. Inspecting These DROIDS in Detail. Talk at Corporate Headquarters McAfee Santa Clara (Operations and Mobile Malware Research Group). September 2014
  • S. Rasthofer. Harvester & DroidSearch say "Hello World". Talk at ZertApps Workshop. June 2014
  • S. Rasthofer. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks. Talk at NDSS 2014. February 2014 (Slides)
  • S. Arzt and S. Rasthofer. SuSi: Machine Learning for Classifying and Categorizing Android Sources and Sinks. Talk at the RS3 annual meeting 2013. October 2013
  • S. Rasthofer. CODANA – A new Policy Language for Securing Android Applications. Talk at the Hessian Workshop on Programming Languages. June 2013
  • S. Rasthofer. RUNSECURE – Making the Droids more Secure. Talk at the MAIS Graduate Seminar (Prof. Dr. Heiko Mantel). June 2013

Tutorials

  • S. Arzt and S. Rasthofer, Instrumenting Android and Java Applications as Easy as abc, Runtime Verification Conference 2013 (Tutorial)

Teaching

Academic Activities

(Sub-)Reviewer for

  • Security Boards: IFIP SEC 2016, CODASPY 2016, SPSM 2015, USENIX Security 2014, NDSS 2014, CAST-Förderpreis IT-Sicherheit 2014 
  • Programming Language Boards: ASE 2016, FSE 2016, ICSE 2016, FASE 2014, OOPSLA 2013, ESEC/FSE 2013

Session Chair for: SPSM 2014

Security Acknowledgements and Rewards

Publications

2016

(In-) Security of Smartphone AntiVirus and Security Apps
Stephan Huber, Siegfried Rasthofer, Steven Arzt
In: VirusBulletin 2016, October 2016 (pdf, slides, video), (to appear)

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire
Stephan Huber, Siegfried Rasthofer, Steven Arzt
In: DEF CON 24, August 2016 (slides, video), (to appear)

Static Analysis of Android Apps: A Systematic Literature Review
Li Li, Tegawendé François D Assise Bissyande, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, Yves Le Traon
Technical Report, April 2016 (pdf, bib)

Reverse Engineering Android Apps With CodeInspect
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden
In: Innovations in Mobile Privacy and Security, April 2016. (invited paper), (pdf)

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden
In: 23rd Annual Network & Distributed System Security Symposium (NDSS), February 2016. (15,4%). (pdf, slides, bib)

Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment
Nicole Eling, Siegfried Rasthofer, Max Kolhagen, Eric Bodden and Peter Buxmann
In: Hawaii International Conference on System Sciences (HICSS), January 2016. (pdf, bib)

2015

We know what you did this Summer: Android Banking Trojan Exposing its Sins in the Cloud
Siegfried Rasthofer, Carlos Castillo, Eric Bodden, Alex Hichliffe
In: 18th Association of Anti-virus Asia Researchers International Conference (AVAR) 2015, December 2015. (pdfslides)

(In-)Security of Backend-As-A-Service Solutions
Siegfried Rasthofer and Steven Arzt
In: Black Hat Europe 2015, November 2015. (pdf, bibslides)

How Current Android Malware Seeks to Evade Automated Code Analysis
Siegfried Rasthofer, Irfan Asrar, Stephan Huber and Eric Bodden
In: 9th International Conference on Information Security Theory and Practice (WISTP'2015), August 2015. (pdf, bib)

Using Targeted Symbolic Execution for Reducing False-Positives in Dataflow Analysis
Steven Arzt, Siegfried Rasthofer, Robert Hahn and Eric Bodden
In: 4th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2015), June 2015. (pdf, bib)

An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack
Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden
Technical Report, April 2015. (pdf, bib)

Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden
Technical Report, February 2015. (pdf, bib)

DroidSearch: A Tool for Scaling Android App Triage to Real-World App Stores
Siegfried Rasthofer, Steven Arzt, Stephan Huber, Max Kohlhagen, Brian Pfretschner, Eric Bodden, Philipp Richter
In: Proceedings of the IEEE Technically Co-Sponsored Science and Information Conference 2015 (SAI), July 2015. (pdf, bib)

Mining Apps for Abnormal Usage of Sensitive Data
Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, Eric Bodden
In: Proceedings of the 37th International Conference on Software Engineering (ICSE), Mai 2015. (18,5%), (pdf, bib, html)

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li Li, Alexandre Bartel, Tegawendé Bissyande, Jacques, Yves Klein, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau and Patrick McDaniel
In: Proceedings of the 37th International Conference on Software Engineering (ICSE), Mai 2015. (18,5%), (pdf, bib)

2014

Mining Apps for Abnormal Usage of Sensitive Data
Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, Eric Bodden
Technical Report, November 2014 (pdf, bib, html).

Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock Phones
Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden
In: Proceedings of the Fourth ACM Workshop on Security and Privacy in Smartphones, November 2014. (PDF, BIB, WEB)

DroidForce: Enforcing Complex, Data-Centric, System-Wide Policies in Android
Siegfried Rasthofer, Steven Arzt, Enrico Lovat, Eric Bodden
In: Proceedings of the 9th International Conference on Availability, Reliability and Security (ARES), September 2014. (16%), (PDF, BIB)

I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, Patrick McDaniel
Technical Report, Mai 2014 (PDF, BIB)

FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau and Patrick McDaniel
In: Proceedings of the 35th ACM SIGPLAN conference on Programming language design and implementation (PLDI), June 2014, (PDF, BIB
Artifact Evaluation Award

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks
Siegfried Rasthofer, Steven Arzt, Eric Bodden
In: 21th Annual Network & Distributed System Security Symposium (NDSS), February 2014. (18,6%) (SlidesPDF, BIB)

 

2013

Schutzmaßnahmen gegen datenschutzunfreundliche Smartphone-Apps – Technische Möglichkeiten und rechtliche Zulässigkeit des Selbstdatenschutzes bei Apps
Eric Bodden, Siegfried Rasthofer, Philipp Richter, Alexander Roßnagel
In: In Datenschutz und Datensicherheit – DuD, Nov. 2013 (HTML, BIB)

Instrumenting Android and Java Applications as Easy as abc
Steven Arzt, Siegfried Rasthofer, Eric Bodden
In: Runtime Verification 2013 (RV'13) pp. 364-381, 2013 (PDF, BIB)

Highly Precise Taint Analysis for Android Applications
Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau, Patrick McDaniel
no. TUD-CS-2013-0113, Technical Report, Mai 2013 (PDF, BIB)

Susi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks
Steven Arzt, Siegfried Rasthofer, Eric Bodden
no. TUD-CS-2013-0114, Technical Report, Mai 2013 (PDF, BIB)

How useful are existing monitoring languages for securing Android apps?
Steven Arzt, Kevin Falzon, Andreas Follner, Siegfried Rasthofer, Eric Bodden, Voker Stolz
In: 6. Arbeitstagung Programmiersprachen (ATPS 2013). In: GI Lecture Notes in Informatics . Gesellschaft für Informatik, 2013 (PDF, BIB)

 

2012

Challenges in defining a programming language for provably correct dynamic analyses
Eric Bodden, Andreas Follner, Siegfried Rasthofer
In: 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, ISOLA 2012 (PDF, BIB)

Model Checking of Android Applications to Derive Strongest Preconditions for Secure Data Flows
Siegfried Rasthofer
Master Thesis

 

2010

Reconstruction of user traces in computer forensic investigations
Siegfried Rasthofer
Bachelor Thesis (joined work with Siemens CERT Munich)

Poster

2015

Software Security for Mobile Devices
Steven Arzt, Alexandre Bartel, Richard Gay, Steffen Lortz, Enrico Lovat, Heiko Mantel, Martin Mohr, Benedikt Nordhoff, Matthias Perner, Siegfried Rasthofer, David Schneider, Gregor Snelting, Artem Starostin and Alexandra Weber
Poster at Security & Privacy 2015, Mai 2015. (pdf)