University of Passau
Department of Informatics and Mathematics
   University of Passau  >  FIM  >  IT-SEC  > Software Security      SiteMapSitemap  Seitenende

Software Security Research

This section presents an overview of research concerning software security:

Current activities

  • Static Analysis: A group of students is working on approaches towards advanced static analysis of C-code.
  • INNsects: An open study group practicing a practical approach towards security. Please attend our weekly meeting if you are interested.

Past activities

  • CISAT: A framework which enables the integration of security-related static analysis into automatic processes. For further information please refer to the CISAT webpage.


  • Martin Johns: Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level, Technical Report, number 279-07, University of Hamburg, May 2007 (paper).
  • Daniel Schreckling, Martin Johns, SVS Sectoolers: CISAT: Integration von sicherheitszentrierter statischer Analyse in den Enwicklungsprozess, 14. DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, Germany, February 2007 (paper)


  • Martin Johns: "Finding and Preventing Buffer Overflows - An overview of static and dynamic approaches", talk at the 22C3, 27.12.2005, Berlin, Germany


  • Diploma thesis: Using Compiler Intermediate Representations for security-related Static Analysis (by T. Mende)
  • Bachelor thesis: Automatische Verfolgung und Archivierung von Sicherheitsupdates eines freien Unix-Derivates (by S. Schirmer)

Opportunities for students

  • Diploma Theses:
    We offer diploma theses on the security of software systems concerning (but not limited to) the topics mentioned above (see current & past activities). Please contact Bastian Braun, or Daniel Schreckling if you are interested.
  Impressum Last modified: 24/02/2015 - 18:33:27 by mj  Seitenanfang