Professor for Secure Software Engineering at Technical University Dortmund
I'm interested in everything related to the intersection of programming languages and security.
More specifically:
I was (interim) Professor for IT security at Paderborn University from October 2019 to September 2020. Before, I was a PostDoc in Eric Bodden's Software Technology Group at the Heinz Nixdorf Institute.
I received my doctoral degree from Technische Universität Darmstadt in 2016 while working in Mira Mezini's Software Technology Group on problems in the field of static analysis and security. In this time, I received the Software Campus grant for my research project PEAKS.The Software Campus initiative is a program for the development of Germany’s future senior IT executives.
Before this I worked for 5 years for a-tune software AG in Darmstadt as their Chief Architect. My team and I built enterprise software for highly-regulated environments based on a practical product line approach.
I studied at Technische Universität Darmstadt and received a Diploma (eq. to Master degree) in 2006.
Program committee member in the Doctoral Symposium Track for ICSE 2025
Program committee member for OOPSLA SPLASH 2024
Program committee member in the Registered Reports Track for ICSME 2024
Program committee member in the Doctoral Symposium Track for ICSME 2024
Exam committee member for the German Chamber of Industry and Commerce (IHK) in the German apprentice model ”Fachinformatiker/-in Anwendungsentwicklung” (Software Engineer)
Program committee member for EASE 2024
Co-Chair of the Registered Reports Track for MSR 2024
Program committee member in the Doctoral Symposium Track for ICSE 2024
Program committee member in the Registered Reports Track for ICSME 2023
Program committee member in the Doctoral Symposium Track for ICSME 2023
Program committee member and Reproduction Area Chair for ECOOP 2023
Program committee member for the FUZZING 2023 workshop co-located with ISSTA 2023
Chair of the Rewarding Open Science Replication and Reproduction in SE Track for ICSE 2023
Open-science chair for ICSE 2022
General Co-chair for ECOOP 2022
Program committee member for ECOOP 2022
Program Co-chair for IEEE SCAM 2021
Program committee member for ICSME 2021 (Registered Reports Track)
Program committee member for ECOOP 2020 Doctoral Symposium
Program committee member for MSR 2020 (Registered Reports Track)
Program committee member of the Entwicklertag Frankfurt 2020
Registration chair for ICSE 2020
Organizing Co-Chair for BenchWork 2019 (2nd edition)
Organizing Co-Chair for SOAP 2018
Artifact Evaluation Co-Chair for ISSTA 2018
Program committee member for BenchWorks 2018
External Review Committee Member for PLDI 2018
Local arrangements chair for ESEC/FSE 2017
Artifact Evaluation committee member of the SPLASH 2017 OOPSLA Artifacts Track
Competition committee member of the ESEC/FSE 2017 Student Research Competition
Program committee member of the ECOOP 2017 Doctorial Symposium
Program committee member of the Entwicklertag Frankfurt 2014-2019
Organizer of the Language-Based Security Reading Group at the Software Technology Group at TU Darmstadt
Coordinator for the Advisory Board of Study Affairs of CASED
OPAL is an OPen, extensible Analysis Library for Java bytecode which is written in Scala. It supports various analyses and has support for abstract interpretation and bytecode manipulation/instrumentation.
PhASAR is a flexible framework to analyze LLVM IR bitcode enabling complex data-flow analysis for programs written in C/C++.
Soot is currently rewritten from scratch allowing it to be adapted to modern software engineering techniques and preparing it for the future of program analysis.
Platform for the Efficient Analysis and Secure Composition of Software Components
Collecting illustrating examples for past exploits of Java and the JCL
Inside-out data-flow analysis for integrity and confidentiality problems
Johannes Düsing, Ben Hermann
Persisting and Reusing Results of Static Program Analyses on a Large Scale
In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023) - to appear
[Preprint]
Tobias Litzenberger, Johannes Düsing, Ben Hermann
DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories
In Proceedings of 20th International Conference on Mining Software Repositories (MSR)
[Preprint]
Andreas Dann, Ben Hermann, and Eric Bodden
UpCy: Safely Updating Outdated Dependencies
In Proceedings of the 45th International Conference on Software Engineering (ICSE '23)
[Preprint]
Stefan Winter, Christopher S. Timperley, Ben Hermann, Jürgen Cito, Jonathan Bell, Michael Hilton, and Dirk Beyer
A Retrospective Study of One Decade of Artifact Evaluations
In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022).
[Preprint]
Philipp Dominik Schubert, Ben Hermann, Eric Bodden, and Richard Leer
Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
[Preprint]
Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, and Eric Bodden
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
[Preprint]
Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
In IEEE Transactions on Software Engineering
[Preprint]
Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
In Empirical Software Engineering, Springer Heidelberg
[Preprint]
Johannes Düsing and Ben Hermann
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
In Digital Threats: Research and Practice - Special Issue on Vulnerabilities (2021)
[Preprint]
Philipp Schubert, Ben Hermann, and Eric Bodden
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
In ECOOP 2021
[Preprint]
Ben Hermann, Stefan Winter, and Janet Siegmund
Community Expectations for Research Artifacts and Evaluation Processes
In ESEC/FSE 2020
[Preprint]
Charles Weir, Ben Hermann, and Sascha Fahl
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
In USENIX Security Symposium 2020
[Preprint]
Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
TACAI: an intermediate representation based on abstract interpretation
In SOAP 2020
[Preprint]
Andreas Dann, Ben Hermann, and Eric Bodden
ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
In IEEE Transactions on Software Engineering, vol. 47, no. 8, pp. 1656-1667, 1 Aug. 2021
[Preprint]
Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
Know Your Analysis: How Instrumentation Aids Understanding Static Analysis
In SOAP 2019
[Preprint]
Andreas Dann, Ben Hermann, and Eric Bodden
SootDiff: Bytecode Comparison across different Java Compilers
In SOAP 2019
[Preprint]
Stefan Krüger and Ben Hermann
Can an Online Service Predict Gender? - On the State-of-the-Art in Gender Identification from Texts
In Second Workshop on Gender Equality in Software Engineering
[Preprint]
Philipp D. Schubert, Ben Hermann, and Eric Bodden
PhASAR: An Inter-Procedural Static Analysis Framework for C/C++
In TACAS 2019
[Preprint]
Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App
In ESEC/FSE 2017
[Preprint]
Florian Kübler, Patrick Müller, and Ben Hermann
SootKeeper: Runtime Reusability for Modular Static Analysis
In SOAP 2017
[Preprint]
Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
Hermes: Assessment and Creation of Effective Test Corpora
In SOAP 2017
[Preprint]
Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
In IEEE S&P 2017
[Preprint]
Ben Hermann
Full-Stack Static Security Analysis for the Java Platform
Doctoral Thesis
Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
Call Graph Construction for Java Libraries
In FSE 2016
[Preprint]
Ben Hermann, Michael Reif, Michael Eichberg and Mira Mezini
Getting to Know You: Towards a Capability Model for Java
In ESEC/FSE 2015
[Preprint]
Michael Eichberg, Ben Hermann, Mira Mezini and Leonid Glanz
Hidden Truths in Dead Software Paths
In ESEC/FSE 2015
[Preprint]
Johannes Lerch and Ben Hermann
Design your Analysis: A Case Study on Implementation Reusability of Data-Flow Functions
In SOAP 2015
[Preprint]
Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
FlowTwist: Efficient Context-Sensitive Inside-Out Taint Analysis for Large Codebases
In FSE 2014
[Preprint]
Michael Eichberg, and Ben Hermann
A Software Product Line for Static Analyses
In SOAP 2014
[Preprint]
Email: ben.hermann@cs.tu-dortmund.de
Technische Universität Dortmund
Otto-Hahn-Straße 14
44227 Dortmund
GERMANY