Die Suche ergab 425 Treffer

von Steven
29. Jul 2019 15:00
Forum: Jobs
Thema: Wissenschaftlicher Mitarbeiter Softwaresicherheit (m/w/d) am Fraunhofer SIT
Antworten: 0
Zugriffe: 93

Wissenschaftlicher Mitarbeiter Softwaresicherheit (m/w/d) am Fraunhofer SIT

Viele erfolgreiche Angriffe auf IT-Systeme beruhen auf dem Ausnutzen von Schwachstellen in Software. Diese Lücken systematisch zu finden und zu schließen, bevor ein Schaden entstehen kann, ist daher eine der großen Herausforderungen der IT-Sicherheit für die Zukunft. Wir forschen an automatisierten ...
von Steven
8. Dez 2014 18:23
Forum: Implementing code analyses for large software systems (ICA)
Thema: Grades for sheet 3 online
Antworten: 0
Zugriffe: 314

Grades for sheet 3 online

The grades for the third exercise sheet are now online. If you have questions, please contact me directly at Steven.Arzt@cased.de.
von Steven
5. Dez 2014 14:03
Forum: Implementing code analyses for large software systems (ICA)
Thema: Solution for sheet 3 online now
Antworten: 0
Zugriffe: 289

Solution for sheet 3 online now

The example solution for sheet 3 is now available in the SVN.
von Steven
26. Nov 2014 10:24
Forum: Implementing code analyses for large software systems (ICA)
Thema: Phase Option Configuration
Antworten: 1
Zugriffe: 597

Re: Phase Option Configuration

You can explicitly set the main class using the -main-class command-line parameter if nothing else helps as described in the Soot Command Line Options Documentation.
von Steven
26. Nov 2014 10:21
Forum: Implementing code analyses for large software systems (ICA)
Thema: [ICA-Sheet 3 - Help], Why Soot, Why?
Antworten: 6
Zugriffe: 886

Re: [ICA-Sheet 3 - Help], Why Soot, Why?

In total, for sheet 1, 94% of all students achieved more than 0 points. For sheet 2, 79% of all students achieved more than 0 points. The average number of points was 10.92 for sheet 1 and 7.43 for sheet 2. Both sheets had a maximum number of 15 points that could be achieved. For each sheet, one gro...
von Steven
24. Nov 2014 13:23
Forum: Implementing code analyses for large software systems (ICA)
Thema: [ICA-Sheet 3 - Help], Why Soot, Why?
Antworten: 6
Zugriffe: 886

Re: [ICA-Sheet 3 - Help], Why Soot, Why?

Please do not post solutions on the forum. The lab is graded based on the solutions the various groups submit for the exercise sheets and the final project. If you have concrete questions, please ask them here or e-mail us. Exchanging ideas is totally acceptable, posting complete code snippets or so...
von Steven
21. Nov 2014 09:48
Forum: Implementing code analyses for large software systems (ICA)
Thema: [ICA-Sheet 3 - Help], Why Soot, Why?
Antworten: 6
Zugriffe: 886

Re: [ICA-Sheet 3 - Help], Why Soot, Why?

I am not sure whether I understand your problem correctly, but let's try. And there we get the Method access$1. This is basically checks if d.field = $r2 is correct. The bytecode does not include any explicit access modifier checks, nor does Jimple. The compiler checks the access modifiers and does ...
von Steven
17. Nov 2014 13:42
Forum: Implementing code analyses for large software systems (ICA)
Thema: Sheet 3
Antworten: 4
Zugriffe: 844

Re: Sheet 3

This exercise sheet contains tasks for more than 15 points. This does not mean that the additional points are optional, you still need to solve everything to get the best possible score.
von Steven
21. Okt 2014 10:05
Forum: Implementing code analyses for large software systems (ICA)
Thema: SVN Access
Antworten: 0
Zugriffe: 314

SVN Access

Hi all, We're still working on the SVN access, sorry for the delay. I have received some questions on how to access the server. Note that the server hosting the SVN is behind the TU firewall, so you need to use the TU VPN to access it unless you are working on a TU machine or some other device which...
von Steven
21. Okt 2014 10:03
Forum: Designing code analyses for large software systems (DECA)
Thema: SVN Access
Antworten: 1
Zugriffe: 464

SVN Access

Hi all, We're still working on the SVN access, sorry for the delay. I have received some questions on how to access the server. Note that the server hosting the SVN is behind the TU firewall, so you need to use the TU VPN to access it unless you are working on a TU machine or some other device which...
von Steven
14. Okt 2014 17:19
Forum: Praktikum: Smartphone-Sicherheit für Android Applikationen
Thema: Introductory Slides Available
Antworten: 0
Zugriffe: 470

Introductory Slides Available

The slides we used in the introductory lecture today are now available in TuCaN (see "Material" on the site of our lecture).
von Steven
29. Sep 2014 14:06
Forum: Abschlussarbeiten
Thema: B. Sc.: Hybrid Data Flow Analysis For Java and Native Code
Antworten: 0
Zugriffe: 398

B. Sc.: Hybrid Data Flow Analysis For Java and Native Code

Many modern Android applications make heavy use of native code written in C or C++ to speed up computation-intensive operations such as scene rendering for games or photo/video processing. While such unmanaged code is helpful or even required for application development, it however also poses new se...
von Steven
16. Sep 2014 15:29
Forum: Abschlussarbeiten
Thema: B. Sc.: Program Analysis for the MS .net Framework
Antworten: 0
Zugriffe: 340

B. Sc.: Program Analysis for the MS .net Framework

The Soot framework has become a widely-used platform for static program analysis and dynamic instrumentation over the last decade. Researchers have used Soot for program optimization, compiler construction, and security. The FlowDroid data flow tracker for Android is, among other analysis and enforc...
von Steven
16. Sep 2014 15:27
Forum: Abschlussarbeiten
Thema: B. Sc.: Semantic Data Flow Aggregation for Security
Antworten: 0
Zugriffe: 429

B. Sc.: Semantic Data Flow Aggregation for Security

Scanning large Android apps or Java programs for data leaks or other security weaknesses usually results in hundreds, if not thousands, of findings. Existing tools display these findings in isolation even though many of them have a common cause such as a missing validation or a common vulnerable com...
von Steven
16. Sep 2014 15:25
Forum: Abschlussarbeiten
Thema: M. Sc.: A callgraph algorithm for large Java libraries
Antworten: 0
Zugriffe: 416

M. Sc.: A callgraph algorithm for large Java libraries

Java programs are built on large libraries like the JDK and a wealth of third-party components. Android are based on the Android SDK. All these libraries perform a multitude of tasks ranging from simple data type conversions to complex mathematical computations which must all be understood to correc...

Zur erweiterten Suche