Christian Hammer
Prof. |

  • Building August-Bebel-Str. 89
  • +49 331 977-3041
  • +49 331 977-3042
  • hammer(aeht)
  • Personal Webpage

Curriculum Vitae

since Okt. 2016 Professor at Potsdam University
2012-2016 Juniorprofessor at CISPA of Saarland University

Jul-Dec 2011 Assistant professor at Utah State University

2009–2011 Post-Doc at Purdue University in the Secure Software Systems group
2009 Dr.-Ing. Universität Karlsruhe
Thesis title: Information Flow Control for Java – A Comprehensive Approach based on Path Conditions in Dependence Graphs.


Information Flow Control for JavaScript

This project is partially funded by DFG grant HA 6869/1-1 as part of the Priorty Programme 1496 \"Reliably Secure Software Systems – RS3\". The grant was awarded together with Deepak Garg of MPI-SWS.

Android Security

Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. Its security concept based on app isolation and access control however is unsatisfactory. This projects researches program analyses that ameliorate this situation. For example our system AppGuard enforces security policies at runtime without requiring root permissions.



R-Droid: Leveraging Android App Analysis with Static Slice Optimization

Implementation-level Analysis of the JavaScript Helios Voting Client


Boxify: Full-fledged App Sandboxing for Stock Android

Learning How to Prevent Return-Oriented Programming Efficiently


Information Flow Control in WebKit's JavaScript Bytecode

Generalizing Permissive-Upgrade in Dynamic Information Flow Analysis


AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications

Efficient Algorithms for Control Closures

Detecting Deadlock in Programs with Data-Centric Synchronization

AppGuard - Enforcing User Requirements on Android Apps

Entwicklung sicherer Software durch Security by Design

Flexible Access Control for JavaScript

Advances in Mobile Security

Callee-site Rewriting of Sealed System Libraries


A data-centric approach to synchronization

Marathon: Detecting Atomic-Set Serializability Violations with Conflict Graphs

Proceedings of the Workshop on JavaScript Tools


Information flow analysis for JavaScript

The Eval that Men Do -- A Large-scale Study of the Use of Eval in JavaScript Applications


A Type System for Data-Centric Synchronization

Experiences with PDG-based IFC


Information Flow Control for Java - A Comprehensive Approach based on Path Conditions in Dependence Graphs

Flow-Sensitive, Context-Sensitive, and Object-sensitive Information Flow Control Based on Program Dependence Graphs

Precise Slicing of Concurrent Programs -- An Evaluation of Precise Slicing Algorithms for Concurrent Programs


Dynamic detection of atomic-set-serializability violations

Precise Analysis of Java Programs using JOANA (Tool Demonstration)

Static path conditions for Java


An Evaluation of Precise Slicing Algorithms for Concurrent Programs


Intransitive Noninterference in Dependence Graphs

Dynamic path conditions in dependence graphs

Information Flow Control for Java Based on Path Conditions in Dependence Graphs


An improved slicer for Java