Chair of Programming Languages and AI

Breadcrumb Navigation


Completed Projects

  • EASTEND: Efficient Automatic Security Testing for Dynamic Languages


    EASTEND focuses on the idea that an inherently dynamic language is best served by a dynamic approach to verification. We therefore chose to use test generation by dynamic symbolic execution (DSE) to systematically cover paths through programs and check security properties along those paths. The two main lines of work were to improve DSE for real-world JavaScript code and to develop a flexible specification methodology for security properties. more

  • MobSec: Malware and Security in the Mobile Age


    The MobSec project explores research questions around the automatic, comprehensive, and faithful reconstruction of Android app behaviors, the reliable identification of behaviors triggered by malware embedded in benign applications, event-behavior attributions, and the simulation of complex UI interactions. more

  • Automated Security Testing of Webview Interfaces


    The goal of this project is to develop methods for assessing the impact of insecure JavaScript interfaces in Webviews: while many functions exposed through such interfaces are harmless, some can allow an attacker to obtain or manipulate sensitive information, or even to load additional privilege escalation exploits. more