D120.de/forum

Viele erfolgreiche Angriffe auf IT-Systeme beruhen auf dem Ausnutzen von Schwachstellen in Software. Diese Lücken systematisch zu finden und zu schließen, bevor ein Schaden entstehen kann, ist daher eine der großen Herausforderungen der IT-Sicherheit für die Zukunft. Wir forschen an automatisierten ...

The grades for the third exercise sheet are now online. If you have questions, please contact me directly at Steven.Arzt@cased.de.

The example solution for sheet 3 is now available in the SVN.

You can explicitly set the main class using the -main-class command-line parameter if nothing else helps as described in the Soot Command Line Options Documentation.

In total, for sheet 1, 94% of all students achieved more than 0 points. For sheet 2, 79% of all students achieved more than 0 points. The average number of points was 10.92 for sheet 1 and 7.43 for sheet 2. Both sheets had a maximum number of 15 points that could be achieved. For each sheet, one gro...

Please do not post solutions on the forum. The lab is graded based on the solutions the various groups submit for the exercise sheets and the final project. If you have concrete questions, please ask them here or e-mail us. Exchanging ideas is totally acceptable, posting complete code snippets or so...

I am not sure whether I understand your problem correctly, but let's try. And there we get the Method access$1. This is basically checks if d.field = $r2 is correct. The bytecode does not include any explicit access modifier checks, nor does Jimple. The compiler checks the access modifiers and does ...

This exercise sheet contains tasks for more than 15 points. This does not mean that the additional points are optional, you still need to solve everything to get the best possible score.

Hi all, We're still working on the SVN access, sorry for the delay. I have received some questions on how to access the server. Note that the server hosting the SVN is behind the TU firewall, so you need to use the TU VPN to access it unless you are working on a TU machine or some other device which...

Hi all, We're still working on the SVN access, sorry for the delay. I have received some questions on how to access the server. Note that the server hosting the SVN is behind the TU firewall, so you need to use the TU VPN to access it unless you are working on a TU machine or some other device which...

The slides we used in the introductory lecture today are now available in TuCaN (see "Material" on the site of our lecture).

Many modern Android applications make heavy use of native code written in C or C++ to speed up computation-intensive operations such as scene rendering for games or photo/video processing. While such unmanaged code is helpful or even required for application development, it however also poses new se...

The Soot framework has become a widely-used platform for static program analysis and dynamic instrumentation over the last decade. Researchers have used Soot for program optimization, compiler construction, and security. The FlowDroid data flow tracker for Android is, among other analysis and enforc...

Scanning large Android apps or Java programs for data leaks or other security weaknesses usually results in hundreds, if not thousands, of findings. Existing tools display these findings in isolation even though many of them have a common cause such as a missing validation or a common vulnerable com...

Java programs are built on large libraries like the JDK and a wealth of third-party components. Android are based on the Android SDK. All these libraries perform a multitude of tasks ranging from simple data type conversions to complex mathematical computations which must all be understood to correc...