Chair of Programming Languages and AI
print


Breadcrumb Navigation


Content

Publications

2023

[1] Lorenzo Cavallaro, Johannes Kinder, Feargus Pendlebury, and Fabio Pierazzi. Are Machine Learning Models for Malware Detection Ready for Prime Time? IEEE Secur. Priv., 21(2):53–56, 2023. URL

[2] James Patrick-Evans, Moritz Dannehl, and Johannes Kinder. XFL: Naming Functions in Binaries with Extreme Multi-label Learning. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 1677–1692, IEEE, 2023. to appear.

2022

[3] Hernán Ponce de León and Johannes Kinder. Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 1415–1428, IEEE, 2022.

[4] Hernán Ponce de León, Thomas Haas, and Roland Meyer. Dartagnan: SMT-based Violation Witness Validation (Competition Contribution). In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 418–423, Springer, 2022.

2021

[5] Hernán Ponce de León and Johannes Kinder. Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks. Tech. rep. arXiv:2108.13818, arXiv, 2021. URL

[6] Blake Loring and Johannes Kinder. Systematic Generation of Conformance Tests for JavaScript. Tech. rep. arXiv:2108.07075, arXiv, 2021. URL

[7] James Patrick-Evans, Moritz Dannehl, and Johannes Kinder. XFL: eXtreme Function Labeling. Tech. rep. arXiv:2107.13404, arXiv, 2021. URL

[8] Hernán Ponce de León, Thomas Hass, and Roland Meyer. Dartagnan: Leveraging Compiler Optimizations and the Price of Precision (Competition Contribution). In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 428–432, Springer, 2021.

2020

[9] James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder. Probabilistic Naming of Functions in Stripped Binaries. In Proc. 35th Annu. Computer Security Applications Conference (ACSAC), pp. 373–385, ACM, 2020.

[10] Daniel Lehmann, Johannes Kinder, and Michael Pradel. Everything Old is New Again: Binary Security of WebAssembly. In 29th USENIX Security Symposium (USENIX Security), pp. 217–234, USENIX Association, 2020.

[11] Hernán Ponce de León, Florian Furbach, Keijo Heljanko, and Roland Meyer. Dartagnan: Bounded Model Checking for Weak Memory Models (Competition Contribution). In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 378–382, Springer, 2020.

[12] Pierre Bouvier, Hubert Garavel, and Hernán Ponce de León. Automatic Decomposition of Petri Nets into Automata Networks - A Synthetic Account. In Proc. 41st Int. Conf. Application and Theory of Petri Nets and Concurrency (Petri Nets), pp. 3–23, Springer, 2020.

2019

[13] Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (eds). Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019. ACM, 2019. URL

[14] Duncan Mitchell and Johannes Kinder. A Formal Model for Checking Cryptographic API Usage in JavaScript. In Proc. European Symposium on Research in Computer Security (ESORICS), pp. 341–360, Springer, 2019.

[15] Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In 28th USENIX Security Symposium (USENIX Security), pp. 729–746, USENIX Association, 2019.

[16] Blake Loring, Duncan Mitchell, and Johannes Kinder. Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. In Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI), pp. 425–438, ACM, 2019.

2018

[17] Blake Loring, Duncan Mitchell, and Johannes Kinder. Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. Tech. rep. CoRR:abs/1810.05661, arXiv, 2018. URL

[18] Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. Tech. rep. CoRR:abs/1807.07838, arXiv, 2018. URL

[19] Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. Enabling Fair ML Evaluations for Security. In Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security (CCS), pp. 2264–2266, 2018.

[20] Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. In Int. Symp. Research in Attacks, Intrusions, and Defenses (RAID), 2018.

[21] Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder. Checking Cryptographic API Usage with Composable Annotations. In ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM), 2018.

2017

[22] Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder. BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews. Tech. rep. CoRR:abs/1709.05690, arXiv, 2017. URL

[23] Dusan Repel, Johannes Kinder, and Lorenzo Cavallaro. Modular Synthesis of Heap Exploits. In Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS), 2017.

[24] James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder. POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection. In 11th USENIX Workshop on Offensive Technologies (WOOT), 2017. Best Paper Award.

[25] Blake Loring, Duncan Mitchell, and Johannes Kinder. ExpoSE: Practical Symbolic Execution of Standalone JavaScript. In Proc. Int. SPIN Symp. Model Checking of Software (SPIN), pp. 196–199, ACM, 2017.

[26] Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY), pp. 309–320, ACM, 2017.

2016

[27] Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Barometer: Sizing Up Android Applications Through Statistical Evaluation. In 37th IEEE Symp. Security and Privacy (S&P), May 2016. Poster.

[28] Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? ACM Computing Surveys, 49(1):April 2016.

[29] Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST), pp. 252–261, 2016.

2015

[30] Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Set-based Classification of Android Malware from Behavioral Abstractions. In 24th USENIX Security Symp. (USENIX Security), August 2015. Poster.

[31] Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. High System-Code Security with Low Overhead. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 866–879, IEEE, 2015.

[32] Johannes Kinder. Hypertesting: The Case for Automated Testing of Hyperproperties. In 3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot), pp. 1–8, 2015.

[33] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Advantageous State Merging During Symbolic Analysis. Pat. US 9,141,354 B2, September 2015. Issued.

2014

[34] Jonas Wagner, Volodymyr Kuznetsov, Johannes Kinder, Azqa Nadeem, and George Candea. ASAP: High Security at Low Overhead. In 11th USENIX Symp. Operating Systems Design and Implementation (OSDI), October 2014. Poster.

[35] Stefan Bucur, Johannes Kinder, and George Candea. Prototyping Symbolic Execution Engines for Interpreted Languages. In Proc. 19th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 239–254, ACM, 2014.

[36] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient State Merging in Symbolic Execution (Extended Abstract). In Software Engineering 2014, Fachtagung des GI-Fachbereichs Softwaretechnik (SE), pp. 45–46, GI, 2014.

[37] Patrice Godefroid and Johannes Kinder. Memory Safety of Floating-Point Computations. Pat. US 8,782,625 B2, July 2014. Issued.

2013

[38] Stefan Bucur, Johannes Kinder, and George Candea. Making Automated Testing of Cloud Applications an Integral Component of PaaS. In Proc. 4th Asia-Pacific Workshop on Systems (APSYS), pp. 18:1–18:7, ACM, 2013.

[39] Cristian Zamfir, Baris Kasikci, Johannes Kinder, Edouard Bugnion, and George Candea. Automated Debugging for Arbitrarily Long Executions. In Proc. 14th Workshop on Hot Topics in Operating Systems (HotOS), USENIX, 2013.

2012

[40] Stefan Bucur, Johannes Kinder, and George Candea. C3A: Client/Server Co-Verification for Cloud Applications. In 10th USENIX Symp. Operating Systems Design and Implementation (OSDI), October 2012. Poster.

[41] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient state merging in symbolic execution. In Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI), pp. 193–204, ACM, 2012.

[42] Johannes Kinder. Towards Static Analysis of Virtualization-Obfuscated Binaries. In Proc. 19th Working Conf. Reverse Engineering (WCRE), pp. 61–70, IEEE, 2012.

[43] Johannes Kinder and Dmitry Kravchenko. Alternating Control Flow Reconstruction. In Proc. 13th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 267–282, Springer, 2012.

2011

[44] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. In 26th IEEE/ACM Int. Conf. Automated Software Engineering (ASE), pp. 113–122, IEEE, 2011.

[45] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. In Proc. 2011 IEEE/IFIP Int. Conf. Dependable Systems and Networks (DSN), pp. 73–84, IEEE, 2011.

[46] Stefan Katzenbeisser, Johannes Kinder, and Helmut Veith. Malware Detection. In Henk C. A. van Tilborg and Sushil Jajodia, eds., Encyclopedia of Cryptography and Security (2nd Ed.), pp. 752–755, Springer, 2011.

[47] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. Tech. rep. TR-TUD-DEEDS-07-01-2011, Technische Universität Darmstadt, 2011.

[48] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. Tech. rep. TR-TUD-DEEDS-01-01-2011, Technische Universität Darmstadt, 2011.

2010

[49] Johannes Kinder. Static Analysis of x86 Executables. Ph.D. Thesis, Technische Universität Darmstadt, 2010.

[50] Johannes Kinder and Helmut Veith. Precise Static Analysis of Untrusted Driver Binaries. In Proc. 10th Int. Conf. Formal Methods in Computer-Aided Design (FMCAD), pp. 43–50, 2010.

[51] Patrice Godefroid and Johannes Kinder. Proving memory safety of floating-point computations by combining static and dynamic program analysis. In Proc. 19th Int. Symp. Software Testing and Analysis (ISSTA), pp. 1–12, ACM, 2010.

[52] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Proactive Detection of Computer Worms Using Model Checking. IEEE Trans. Dependable Sec. Comput., 7(4):424–438, October 2010.

[53] Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. System for Malware Normalization and Detection. Pat. US 2010/0011441 A1, January 2010. Published.

2009

[54] Patrice Godefroid and Johannes Kinder. Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis. Tech. rep. MSR-TR-2009-167, Microsoft Research, November 2009.

[55] Johannes Kinder, Helmut Veith, and Florian Zuleger. An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries. In Proc. 10th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 214–228, Springer, 2009.

2008

[56] Johannes Kinder and Helmut Veith. Jakstab: A Static Analysis Platform for Binaries. In Proc. 20th Int. Conf. Computer Aided Verification (CAV), pp. 423–427, Springer, 2008.

2007

[57] Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, and Helmut Veith. Software transformations to improve malware detection. J. Comput. Virol., 3(4):253–265, November 2007.

[58] Andreas Holzer, Johannes Kinder, and Helmut Veith. Using Verification Technology to Specify and Detect Malware. In Proc. 11th Int. Conf. Computer Aided Systems Theory (EUROCAST), pp. 497–504, Springer, 2007.

2005

[59] Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. Malware Normalization. Tech. rep. 1539, University of Wisconsin, November 2005.

[60] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Detecting Malicious Code by Model Checking. In Second Int. Conf. Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), pp. 174–187, Springer, 2005.

[61] Johannes Kinder. Model Checking Malicious Code. M.Sc. Thesis, Technische Universität München, 2005.