Chair of Programming Languages and AI

Breadcrumb Navigation


Research & Current Projects

Our research revolves around the automatic auditing and hardening of applications and systems using program analysis and machine learning. We focus on detecting software vulnerabilities and malware, reverse engineering, and instrumenting software to prevent exploitation. We emphasize theoretically well-founded concepts, but target concrete problems in software systems.

  • DEMISEC: Detection of Malicious Implants in Source Code


    The goal of DEMISEC is to develop techniques for automatic vetting of open source repositories, in particular for detecting implants of malicious code in source code. We will use a mix of static and dynamic techniques to achieve this goal: fuzzing or symbolic execution for differential testing of program versions, and modeling of implant code to detect dangerous patterns in code repositories using static analysis. more

  • ForDaySec: Security for Everyday Digitization


    The ForDaySec research network employs an interdisciplinary approach towards protecting everyday digitization. Our subproject aims to reliably close vulnerabilities in firmware even without manufacturer support. Based on published vulnerabilities in certain versions of open source packages, patterns are to be generated so that they can then be found directly in a firmware binary. A tailor-made patch should then be created for these vulnerabilities and applied directly to the binary file in a minimally invasive manner. more

  • Formal Modeling of Transient Execution Attacks


    This project focuses on defining new types of semantics for speculative execution and related micro-architectural features, built on insights from formal methods for concurrency and weak memory models. We develop a new framework based on bounded model checking to validate attacks and defenses with respect to speculative semantics. more

  • Effective Representation Learning for Binary Code


    This project aims at gaining fundamental insights into representing high-level semantics of binary code in a way resembling human understanding of programs. Resulting models can be used to reconstruct source-level information in binaries and to find code that performs similar tasks on an abstract level. more