Software Security Research

This section presents an overview of research concerning the software security at SVS:

Current activities

• Static Analysis: A group of students is working on approaches towards advanced static analysis of C-code within the project Software Security.
• Cinsects: An open study group practicing a practical approach towards security. Proceed here for Informations and advisories.

Past activities

• CISAT: A framework which enables the integration of security-related static analysis into automatic processes. For further information please refer to the CISAT webpage.

Publications

• Martin Johns: Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level, Technical Report, number 279-07, University of Hamburg, May 2007 (paper).
• Daniel Schreckling, Martin Johns, SVS Sectoolers: CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess, 14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2007 (paper)

Presentations

• Martin Johns: "Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches", talk at the 22C3, 27.12.2005, Berlin, Germany (slides, video)

Theses

• Diploma thesis: Using Compiler Intermediate Representations for security-related Static Analysis (by T. Mende)
• Bachelor thesis: Automatische Verfolgung und Archivierung von Sicherheitsupdates eines freien Unix-Derivates (by S. Schirmer)

Opportunities for students

• Diploma Theses:
  We offer diploma theses on the security of software systems concerning (but not limited to) the topics mentioned above (see current & past activities). Please contact Bastian Braun, Daniel Schreckling, or Martin Johns if you are interested.