Prof. Dr.-Ing. Ben Hermann

Professor for Secure Software Engineering at Technical University Dortmund

Research interests

I'm interested in everything related to the intersection of programming languages and security.

More specifically:

  • Vulnerability Detection using Static Analysis
  • Risk Assessment of Software Libraries
  • Security Guarantees in Type Systems
  • Language-based Security
  • Research Quality in Computer Science (esp. artifacts)

Short Biography

I was (interim) Professor for IT security at Paderborn University from October 2019 to September 2020. Before, I was a PostDoc in Eric Bodden's Software Technology Group at the Heinz Nixdorf Institute.

I received my doctoral degree from Technische Universität Darmstadt in 2016 while working in Mira Mezini's Software Technology Group on problems in the field of static analysis and security. In this time, I received the Software Campus grant for my research project PEAKS.The Software Campus initiative is a program for the development of Germany’s future senior IT executives.

Before this I worked for 5 years for a-tune software AG in Darmstadt as their Chief Architect. My team and I built enterprise software for highly-regulated environments based on a practical product line approach.

I studied at Technische Universität Darmstadt and received a Diploma (eq. to Master degree) in 2006.

Ongoing Activities

Registration chair for ICSE 2020

Program committee member for ECOOP 2020 Doctoral Symposium

Program committee member for MSR 2020 (Registered Reports Track)

Program committee member of the Entwicklertag Frankfurt 2020

Exam committee member for the German Chamber of Industry and Commerce (IHK) in the German apprentice model ”Fachinformatiker/-in Anwendungsentwicklung” (Software Engineer)

Past Activities

Organizing Co-Chair for BenchWork 2019 (2nd edition)

Organizing Co-Chair for SOAP 2018

Artifact Evaluation Co-Chair for ISSTA 2018

Program committee member for BenchWorks 2018

External Review Committee Member for PLDI 2018

Local arrangements chair for ESEC/FSE 2017

Artifact Evaluation committee member of the SPLASH 2017 OOPSLA Artifacts Track

Competition committee member of the ESEC/FSE 2017 Student Research Competition

Program committee member of the ECOOP 2017 Doctorial Symposium

Program committee member of the Entwicklertag Frankfurt 2014-2019

Organizer of the Language-Based Security Reading Group at the Software Technology Group at TU Darmstadt

Coordinator for the Advisory Board of Study Affairs of CASED

Current Projects

Research Projects

Program Analysis Frameworks

Past Projects


Philipp Schubert, Ben Hermann, and Eric Bodden
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
In ECOOP 2021

Ben Hermann, Stefan Winter, and Janet Siegmund
Community Expectations for Research Artifacts and Evaluation Processes
In ESEC/FSE 2020


Charles Weir, Ben Hermann, and Sascha Fahl
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
In USENIX Security Symposium 2020


Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
TACAI: an intermediate representation based on abstract interpretation
In SOAP 2020


Andreas Dann, Ben Hermann, and Eric Bodden
ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
In IEEE TSE Journal

Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
Know Your Analysis: How Instrumentation Aids Understanding Static Analysis
In SOAP 2019


Andreas Dann, Ben Hermann, and Eric Bodden
SootDiff: Bytecode Comparison across different Java Compilers
In SOAP 2019


Stefan Krüger and Ben Hermann
Can an Online Service Predict Gender? - On the State-of-the-Art in Gender Identification from Texts
In Second Workshop on Gender Equality in Software Engineering


Philipp D. Schubert, Ben Hermann, and Eric Bodden
PhASAR: An Inter-Procedural Static Analysis Framework for C/C++
In TACAS 2019


Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App
In ESEC/FSE 2017


Florian Kübler, Patrick Müller, and Ben Hermann
SootKeeper: Runtime Reusability for Modular Static Analysis
In SOAP 2017


Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
Hermes: Assessment and Creation of Effective Test Corpora
In SOAP 2017


Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
In IEEE S&P 2017


Ben Hermann
Full-Stack Static Security Analysis for the Java Platform
Doctoral Thesis

Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
Call Graph Construction for Java Libraries
In FSE 2016


Ben Hermann, Michael Reif, Michael Eichberg and Mira Mezini
Getting to Know You: Towards a Capability Model for Java
In ESEC/FSE 2015


Michael Eichberg, Ben Hermann, Mira Mezini and Leonid Glanz
Hidden Truths in Dead Software Paths
In ESEC/FSE 2015


Johannes Lerch and Ben Hermann
Design your Analysis: A Case Study on Implementation Reusability of Data-Flow Functions
In SOAP 2015


Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
FlowTwist: Efficient Context-Sensitive Inside-Out Taint Analysis for Large Codebases
In FSE 2014


Michael Eichberg, and Ben Hermann
A Software Product Line for Static Analyses
In SOAP 2014


Eric Bodden, Ben Hermann, Johannes Lerch, and Mira Mezini
Reducing Human Factors in Software Security Architectures



Download and check S/MIME certificate
Skype: benhermann


Technische Universität Dortmund
Otto-Hahn-Straße 14
44227 Dortmund