As the digitalization of our everyday lives continues, the risk to our data and privacy also increases.

All data is valuable, whether it is corporate or private data, accumulates on the web, resides in the cloud or is stored on personal devices. Such data is constantly under attacks from Malware and spyware to trackers and ad networks. We cover a broad range of both analytic and constructive methods towards enabling secure and privacy-preserving software systems.

In this area, automatic analyses have a major impact on the quality and security of software systems because even systems that appear secure at first glance may contain insecure code hidden from even the most trained eye. And to improve new developments, we focus on privacy-by-design using high-level specification languages. In combination, we have developed an assortment of modular tools.

  • A general-purpose platform for static analysis of programs that enables quick, reliable, and loosely-coupled analysis.
  • Analyses that scan either the whole application or individual libraries for their potential dangerousness.
  • Novel methods to comprehend software systems by slicing them into clear modules.
  • Machine learning to further enhance the detection capabilities of many analyses.
  • Specification systems used by domain experts to guide and customize the analysis system.
  • A specification language for domain-specific usage rules of software components – from which correct code is synthesized – simple enough for non-programmers to use.
  • Query language for data-intensive applications that automatically generates and deploys sub-computations to optimize performance while protecting the processed data from unauthorized access.

Recent Papers:

  • Securing your crypto-api usage through tool support – A usability study S Krüger, M Reif, AK Wickert, S Nadi, K Ali, E Bodden, Y Acar, M Mezini, S Fahi.
  • To fix or not to fix: a critical study of crypto-misuses in the wild. AK Wickert, L Baumgärtner, M Schlichtig, K Narasimhan, M Mezini.
  • Python crypto misuses in the wild. AK Wickert, L Baumgärtner, F Breitfelder, M Mezini.
  • Hidden in plain sight: Obfuscated strings threatening your privacy. L Glanz, P Müller, L Baumgärtner, M Reif, S Amann, P Anthonysamy, M Mezini.
  • Language-integrated privacy-aware distributed queries. G Salvaneschi, M Köhler, D Sokolowski, P Haller, S Erdweg, M Mezini.
  • NerdBug: automated bug detection in neural networks. F Jafarinejad, K Narasimhan, M Mezini.