Prof. Dr.-Ing. Ben Hermann

Professor for Secure Software Engineering at Technical University Dortmund



Research interests

I'm interested in everything related to the intersection of programming languages and security.

More specifically:

  • Vulnerability Detection using Static Analysis
  • Risk Assessment of Software Libraries
  • Security Guarantees in Type Systems
  • Language-based Security
  • Research Quality in Computer Science (esp. artifacts)

Short Biography

I was (interim) Professor for IT security at Paderborn University from October 2019 to September 2020. Before, I was a PostDoc in Eric Bodden's Software Technology Group at the Heinz Nixdorf Institute.

I received my doctoral degree from Technische Universität Darmstadt in 2016 while working in Mira Mezini's Software Technology Group on problems in the field of static analysis and security. In this time, I received the Software Campus grant for my research project PEAKS.The Software Campus initiative is a program for the development of Germany’s future senior IT executives.

Before this I worked for 5 years for a-tune software AG in Darmstadt as their Chief Architect. My team and I built enterprise software for highly-regulated environments based on a practical product line approach.

I studied at Technische Universität Darmstadt and received a Diploma (eq. to Master degree) in 2006.

Ongoing Activities

Program committee member for OOPSLA SPLASH 2024

Co-Chair of the Registered Reports Track for MSR 2024

Program committee member in the Doctoral Symposium Track for ICSE 2024

Program committee member in the Registered Reports Track for ICSME 2023

Program committee member in the Doctoral Symposium Track for ICSME 2023

Exam committee member for the German Chamber of Industry and Commerce (IHK) in the German apprentice model ”Fachinformatiker/-in Anwendungsentwicklung” (Software Engineer)

Past Activities

Program committee member and Reproduction Area Chair for ECOOP 2023

Program committee member for the FUZZING 2023 workshop co-located with ISSTA 2023

Chair of the Rewarding Open Science Replication and Reproduction in SE Track for ICSE 2023

Open-science chair for ICSE 2022

General Co-chair for ECOOP 2022

Program committee member for ECOOP 2022

Program Co-chair for IEEE SCAM 2021

Program committee member for ICSME 2021 (Registered Reports Track)

Program committee member for ECOOP 2020 Doctoral Symposium

Program committee member for MSR 2020 (Registered Reports Track)

Program committee member of the Entwicklertag Frankfurt 2020

Registration chair for ICSE 2020

Organizing Co-Chair for BenchWork 2019 (2nd edition)

Organizing Co-Chair for SOAP 2018

Artifact Evaluation Co-Chair for ISSTA 2018

Program committee member for BenchWorks 2018

External Review Committee Member for PLDI 2018

Local arrangements chair for ESEC/FSE 2017

Artifact Evaluation committee member of the SPLASH 2017 OOPSLA Artifacts Track

Competition committee member of the ESEC/FSE 2017 Student Research Competition

Program committee member of the ECOOP 2017 Doctorial Symposium

Program committee member of the Entwicklertag Frankfurt 2014-2019

Organizer of the Language-Based Security Reading Group at the Software Technology Group at TU Darmstadt

Coordinator for the Advisory Board of Study Affairs of CASED

Current Projects

Research Projects

Program Analysis Frameworks

Past Projects

Publications

Johannes Düsing, Ben Hermann
Persisting and Reusing Results of Static Program Analyses on a Large Scale
In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023) - to appear
[Preprint]

Tobias Litzenberger, Johannes Düsing, Ben Hermann
DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories
In Proceedings of 20th International Conference on Mining Software Repositories (MSR)
[Preprint]

Andreas Dann, Ben Hermann, and Eric Bodden
UpCy: Safely Updating Outdated Dependencies
In Proceedings of the 45th International Conference on Software Engineering (ICSE '23)
[Preprint]

Maria Teresa Baldassarre, Neil Ernst, Ben Hermann, Tim Menzies, and Rahul Yedida
(Re)Use of Research Results (Is Rampant)
In Communication of the ACM 66, 2 (February 2023), 75–81.

Stefan Winter, Christopher S. Timperley, Ben Hermann, Jürgen Cito, Jonathan Bell, Michael Hilton, and Dirk Beyer
A Retrospective Study of One Decade of Artifact Evaluations
In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022).
[Preprint]

Ben Hermann
What Has Artifact Evaluation Ever Done for Us?
in IEEE Security & Privacy, vol. 20, no. 5, pp. 96-99, Sept.-Oct. 2022

Philipp Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden
Static Data-Flow Analysis for Software Product Lines: Revoking the preprocessor’s special role
in Automated Software Engineering Volume 29, Article 35 (2022).

Philipp Dominik Schubert, Ben Hermann, Eric Bodden, and Richard Leer
Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
[Preprint]

Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, and Eric Bodden
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
[Preprint]

An­dre­as Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
In IEEE Transactions on Software Engineering
[Preprint]

Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
In Empirical Software Engineering, Springer Heidelberg

[Preprint]

Johannes Düsing and Ben Hermann
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
In Digital Threats: Research and Practice - Special Issue on Vulnerabilities (2021)
[Preprint]

Philipp Schubert, Ben Hermann, and Eric Bodden
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
In ECOOP 2021
[Preprint]

Ben Hermann, Stefan Winter, and Janet Siegmund
Community Expectations for Research Artifacts and Evaluation Processes
In ESEC/FSE 2020

[Preprint]

Charles Weir, Ben Hermann, and Sascha Fahl
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
In USENIX Security Symposium 2020

[Preprint]

Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
TACAI: an intermediate representation based on abstract interpretation
In SOAP 2020

[Preprint]

Andreas Dann, Ben Hermann, and Eric Bodden
ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
In IEEE Transactions on Software Engineering, vol. 47, no. 8, pp. 1656-1667, 1 Aug. 2021

[Preprint]

Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
Know Your Analysis: How Instrumentation Aids Understanding Static Analysis
In SOAP 2019

[Preprint]

Andreas Dann, Ben Hermann, and Eric Bodden
SootDiff: Bytecode Comparison across different Java Compilers
In SOAP 2019

[Preprint]

Stefan Krüger and Ben Hermann
Can an Online Service Predict Gender? - On the State-of-the-Art in Gender Identification from Texts
In Second Workshop on Gender Equality in Software Engineering

[Preprint]

Philipp D. Schubert, Ben Hermann, and Eric Bodden
PhASAR: An Inter-Procedural Static Analysis Framework for C/C++
In TACAS 2019

[Preprint]

Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App
In ESEC/FSE 2017

[Preprint]

Florian Kübler, Patrick Müller, and Ben Hermann
SootKeeper: Runtime Reusability for Modular Static Analysis
In SOAP 2017

[Preprint]

Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
Hermes: Assessment and Creation of Effective Test Corpora
In SOAP 2017

[Preprint]

Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
In IEEE S&P 2017

[Preprint]

Ben Hermann
Full-Stack Static Security Analysis for the Java Platform
Doctoral Thesis

Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
Call Graph Construction for Java Libraries
In FSE 2016

[Preprint]

Ben Hermann, Michael Reif, Michael Eichberg and Mira Mezini
Getting to Know You: Towards a Capability Model for Java
In ESEC/FSE 2015

[Preprint]

Michael Eichberg, Ben Hermann, Mira Mezini and Leonid Glanz
Hidden Truths in Dead Software Paths
In ESEC/FSE 2015

[Preprint]

Johannes Lerch and Ben Hermann
Design your Analysis: A Case Study on Implementation Reusability of Data-Flow Functions
In SOAP 2015

[Preprint]

Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
FlowTwist: Efficient Context-Sensitive Inside-Out Taint Analysis for Large Codebases
In FSE 2014

[Preprint]

Michael Eichberg, and Ben Hermann
A Software Product Line for Static Analyses
In SOAP 2014

[Preprint]

Eric Bodden, Ben Hermann, Johannes Lerch, and Mira Mezini
Reducing Human Factors in Software Security Architectures
In FUTURE SECURITY 2013

Contact

Electronic

Email: ben.hermann@cs.tu-dortmund.de
Download and check S/MIME certificate
Skype: benhermann

Postal

Technische Universität Dortmund
Otto-Hahn-Straße 14
44227 Dortmund
GERMANY