Forschungsbericht 2023

Software Security E-22

Leitung: Scandariato, Riccardo

Institut auf TORE
Institutswebsite

Publikationen

• DockerCleaner: Automatic repair of security smells in dockerfiles - Conference Paper
  Bui, Quang Cuong; Laukotter, Malte; Scandariato, Riccardo
  39th IEEE International Conference on Software Maintenance and Evolution (ICSME 2023)
  Publisher DOI
  
  
• Automatic extraction of security-rich dataflow diagrams for microservice applications written in Java - Journal Article
  Schneider, Simon; Scandariato, Riccardo
  Journal of Systems and Software 202: 111722 (2023-08)
  Publisher DOI
  
  
• Simple stupid insecure practices and GitHub's code search: A looming threat? - Journal Article
  Go, Ken Russel; Soundarapandian, Sruthi; Mitra, Aparupa; Vidoni, Melina; Díaz Ferreyra, Nicolás
  Journal of Systems and Software 202: 111698 (2023-08)
  Publisher DOI
  
  
• Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms - Conference Paper
  Díaz Ferreyra, Nicolás; Imine, Abdessamad; Vidoni, Melina; Scandariato, Riccardo
  16th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering (CHASE 2023)
  Publisher DOI
  
  
• Regret, Delete, (Do Not) Repeat: An Analysis of Self-Cleaning Practices on Twitter After the Outbreak of the COVID-19 Pandemic - Conference Paper
  Díaz Ferreyra, Nicolás; Shahi, Gautam Kishore; Tony, Catherine; Stieglitz, Stefan; Scandariato, Riccardo
  Conference on Human Factors in Computing Systems (CHI 2023)
  Publisher DOI
  
  
• CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems - Journal Article
  Mohamad, Mazen; Jolak, Rodi; Askerdal, Örjan; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  ACM Transactions on Cyber-Physical Systems 7 (1): 3 (2023-02-20)
  Publisher DOI
  
  
• Microservice Security Metrics for Secure Communication, Identity Management, and Observability - Journal Article
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  ACM Transactions on Software Engineering and Methodology 32 (1): 3532183 (2023-02-13)
  Publisher DOI
  
  
• Checking security compliance between models and code - Journal Article
  Tuma, Katja; Peldszus, Sven; Strüber, Daniel; Scandariato, Riccardo; Jürjens, Jan
  Software and Systems Modeling 22 (1): 273-296 (2023-02)
  Open Access | Publisher DOI
  
  
• LLMSecEval: a dataset of natural language prompts for security evaluations - Conference Paper
  Tony, Catherine; Mutas, Markus; Ferreyra, Nicolas E. Diaz; Scandariato, Riccardo
  20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
  Publisher DOI
  
  
• microSecEnD: A dataset of security-enriched dataflow diagrams for microservice applications - Conference Paper
  Schneider, Simon; Ozen, Tufan; Chen, Michael; Scandariato, Riccardo
  20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
  Publisher DOI
  
  
• Detection strategies for microservice security tactics - Journal Article
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  IEEE Transactions on Dependable and Secure Computing (in Press): (2023)
  Publisher DOI
  
  

Projekte

• Sec4AI4Sec - Cybersecurity for AI-Augmented Systems
  European Commission; Laufzeit 2023-2026
  Projektleitung: Scandariato, Riccardo
  
  
• AssureMOSS - Assurance and certification in secure Multi-party Open Software and Services
  European Commission; Laufzeit 2020-2023
  Projektleitung: Scandariato, Riccardo