Quicklinks
The CISPA Building

The vast growth in the complexity of modern applications and the multitude of available software technologies have created the need for engineering techniques that not only improve security, but also scale to the complexity of modern IT infrastructures. The abundance of information publicly available, the increasing reliance on third-party software components, the proliferation of apps and other software often produced by inexperienced programmers, the lack of security considerations in many industrial programming frameworks and languages, and the difficulty of updating existing installations, have all contributed to a general uncertainty and loss of control about an individual's privacy and the security of the deployed software systems. An engineering process that copes with this uncertainty cannot rely on traditional principles of systematic software development alone, but must, by necessity, incorporate empirical methods and emphasize usability. This research area aims to devise an engineering process that significantly improves the security and privacy of today's real-world software, that keep pace with the continuing growth in complexity for future IT systems, and that is conveniently usable even by layman users and developers. It moreover provides empirical methods and tools for dealing with unstructured, heterogeneous datasets at scale. In the last years, this research area in particular focused on the development of methods and tools for the dynamic analysis and testing of software; techniques for ensuring the security of web applications and services; as well as usable and effective solutions for application development and maintenance.

Members

Most Recent Publications

Title Date Authors Meta
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse  2018  2018   Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel,  27th USENIX Security Symposium (USENIX Security 18)
Detecting Information Flow by Mutating Input data  2018  2018   Björn Mathis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, Andreas Zeller,  Software Engineering (SE) 2018
Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications  2018  2018   Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes, Christian Rossow,  Proceedings of the 25th Annual Symposium on Network and Distributed System Security (NDSS '18).
Efficient GUI Test Generation by Learning from Tests of Other Apps  2018  2018   Andreas Rau, Jenny Hotzkow, Andreas Zeller,  Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings
Investigating System Operators' Perspective on Security Misconfigurations  2018  2018   Constanze Dietrich, Katharina Krombholz, Kevin Borgolte, Tobias Fiebig,  25th ACM Conference on Computer and Communications Security