Publications

Refereed Journal Publications

Maria Teresa Baldassarre, Neil Ernst, Ben Hermann, Tim Menzies, and Rahul Yedida
(Re)Use of Research Results (Is Rampant)
In Communication of the ACM 66, 2 (February 2023), 75–81.
DOI | HTML Format | BibTeX | Summary Video

Johannes Düsing and Ben Hermann
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
In Digital Threats: Research and Practice - Special Issue on Vulnerabilities (2021)
DOI | Artifact | BibTeX | Preprint

Ben Hermann
What Has Artifact Evaluation Ever Done for Us?
in IEEE Security & Privacy, vol. 20, no. 5, pp. 96-99, Sept.-Oct. 2022
DOI | BibTeX

Philipp Schubert, Paul Gazzillo, Zach Patterson, Julian Braha, Fabian Schiebel, Ben Hermann, Shiyi Wei, Eric Bodden
Static Data-Flow Analysis for Software Product Lines: Revoking the preprocessor’s special role
in Automated Software Engineering Volume 29, Article 35 (2022).
DOI | BibTeX

Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, and Eric Bodden
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
In IEEE Transactions on Software Engineering
DOI | BibTeX | Artifact | Preprint

Andreas Dann, Ben Hermann, and Eric Bodden
ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules
In IEEE Transactions on Software Engineering, vol. 47, no. 8, pp. 1656-1667, 1 Aug. 2021
DOI | BibTeX | Preprint | Talk Video (ICSE 2020)

Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, and Fabio Massacci
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
In Empirical Software Engineering, Springer Heidelberg
DOI | BibTeX | Artifact | Preprint | Talk Video (ICSE 2022)

Refereed Conference Publications

Dominik Helm, Sven Keidel, Anemone Kampkötter, Johannes Düsing, Tobias Roth, Ben Hermann, Mira Mezini
Total Recall? How Good are Static Call Graphs Really?
In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024)
DOI | Artifact | Preprint

Andreas Dann, Ben Hermann, and Eric Bodden
UpCy: Safely Updating Outdated Dependencies
In Proceedings of the 45th International Conference on Software Engineering (ICSE '23)
DOI | BibTeX | Artifact | Preprint

Johannes Düsing, Ben Hermann
Persisting and Reusing Results of Static Program Analyses on a Large Scale
In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023).
DOI | BibTeX | Artifact | Preprint

Tobias Litzenberger, Johannes Düsing, Ben Hermann
DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories
In Proceedings of 20th International Conference on Mining Software Repositories (MSR)
DOI | BibTeX | Artifact | Preprint

Stefan Winter, Christopher S. Timperley, Ben Hermann, Jürgen Cito, Jonathan Bell, Michael Hilton, and Dirk Beyer
A Retrospective Study of One Decade of Artifact Evaluations
In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022).
DOI | BibTeX | Artifact | Preprint

Philipp Schubert, Ben Hermann, and Eric Bodden
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
In 35th European Conference on Object-Oriented Programming (ECOOP 2021)
🏆 ECOOP Distinguished Paper Award
DOI | BibTeX | Preprint | Talk Video

Philipp Dominik Schubert, Ben Hermann, Eric Bodden, and Richard Leer
Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI | BibTeX | Preprint | Talk Video

Philipp Dominik Schubert, Florian Sattler, Fabian Schiebel, Ben Hermann, and Eric Bodden
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++
In 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) - Engineering Track
DOI | BibTeX | Preprint | Talk Video

Ben Hermann, Stefan Winter, and Janet Siegmund
Community Expectations for Research Artifacts and Evaluation Processes
In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020)
🏆 ACM SIGSOFT Distinguished Paper Award
DOI | BibTeX | Artifact | Preprint | Summary Video | Talk Video

Charles Weir, Ben Hermann, and Sascha Fahl
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
In 29th USENIX Security Symposium (USENIX Security 20)
URL | BibTeX | Artifact | Preprint

Philipp D. Schubert, Ben Hermann, and Eric Bodden
PhASAR: An Inter-Procedural Static Analysis Framework for C/C++
In Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019)
DOI | BibTeX | Preprint

Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App
In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017)
DOI | BibTeX | Preprint

Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
In IEEE Symposium on Security and Privacy (S&P) 2017
DOI | BibTeX | Preprint | Talk Video

Michael Reif, Michael Eichberg, Ben Hermann, Johannes Lerch, and Mira Mezini
Call Graph Construction for Java Libraries
In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016)
DOI | BibTeX | Preprint

Michael Eichberg, Ben Hermann, Mira Mezini and Leonid Glanz
Hidden Truths in Dead Software Paths
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015)
DOI | BibTeX | Preprint

Leonid Glanz, Sebastian Schmidt, Sebastian Wollny, and Ben Hermann
A Vulnerability’s Lifetime: Enhancing Version Information in CVE Databases
In Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business (i-KNOW ‘15)
DOI | BibTeX | Preprint

Ben Hermann, Michael Reif, Michael Eichberg and Mira Mezini
Getting to Know You: Towards a Capability Model for Java
In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015)
DOI | BibTeX | Preprint

Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini
FlowTwist: Efficient Context-Sensitive Inside-Out Taint Analysis for Large Codebases
In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014)
DOI | BibTeX | Preprint

Refereed Workshop Publications

Michael Reif, Florian Kübler, Dominik Helm, Ben Hermann, Michael Eichberg, and Mira Mezini
TACAI: An Intermediate Representation Based on Abstract Interpretation
In Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2020))
DOI | BibTeX | Artifact | Preprint | Talk Video

Andreas Dann, Ben Hermann, and Eric Bodden
SootDiff: Bytecode Comparison across different Java Compilers
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019)
DOI | BibTeX | Preprint

Stefan Krüger and Ben Hermann
Can an Online Service Predict Gender? - On the State-of-the-Art in Gender Identification from Texts
In Proceedings of the 2nd International Workshop on Gender Equality in Software Engineering (GE ‘19)
DOI | BibTeX | Preprint

Philipp Dominik Schubert, Richard Leer, Ben Hermann, and Eric Bodden
Know Your Analysis: How Instrumentation Aids Understanding Static Analysis
In Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2019)
DOI | BibTeX | Preprint

Florian Kübler, Patrick Müller, and Ben Hermann
SootKeeper: Runtime Reusability for Modular Static Analysis
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017)
DOI | BibTeX | Preprint

Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini
Hermes: Assessment and Creation of Effective Test Corpora
In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017)
DOI | BibTeX | Preprint

Johannes Lerch and Ben Hermann
Design your Analysis: A Case Study on Implementation Reusability of Data-Flow Functions
In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2015)
DOI | BibTeX | Preprint

Michael Eichberg, and Ben Hermann
A Software Product Line for Static Analyses
In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP ‘14)
DOI | BibTeX | Preprint

Ben Hermann, Conrad Müller, Thorsten Schäfer, and Mira Mezini
SearchBrowser: An efficient index based search feature for the Eclipse IDE
In Eclipse Technology eXchange workshop (eTX) at ECOOP 2006

Theses

Ben Hermann
Full-Stack Static Security Analysis for the Java Platform
Doctoral Thesis
URL

Other

Eric Bodden, Ben Hermann, Johannes Lerch, and Mira Mezini
Reducing Human Factors in Software Security Architectures
In FUTURE SECURITY 2013
URL