Software Security Research
This section presents an overview of research concerning software security:
- Static Analysis:
A group of students is working on approaches towards advanced static analysis
- INNsects: An open study group practicing a practical approach towards security. Please attend our weekly meeting if you are interested.
- CISAT: A framework which enables the integration of security-related static analysis into
automatic processes. For further information please refer to the CISAT webpage.
Martin Johns: Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level, Technical Report, number 279-07, University of Hamburg, May 2007 (paper).
- Daniel Schreckling, Martin Johns, SVS Sectoolers: CISAT: Integration von sicherheitszentrierter
statischer Analyse in den Enwicklungsprozess, 14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2007 (paper)
Martin Johns: "Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches", talk at the 22C3,
27.12.2005, Berlin, Germany
- Diploma thesis: Using Compiler Intermediate Representations for security-related Static Analysis (by T. Mende)
- Bachelor thesis: Automatische Verfolgung und Archivierung von Sicherheitsupdates eines freien Unix-Derivates (by S. Schirmer)
Opportunities for students
- Diploma Theses:
We offer diploma theses on the security of software systems
concerning (but not limited to) the topics mentioned above (see
current & past activities).
or Daniel Schreckling if you are interested.