Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Jan Haltermann, Manuel Töws, Felix Pauck, Cedric Richter, Heike Wehrheim, Jürgen König, Arnab Sharma, Steffen Beringer, Oleksandra Koslova, Elisabeth Schlatt (left to right) Show image information

Jan Haltermann, Manuel Töws, Felix Pauck, Cedric Richter, Heike Wehrheim, Jürgen König, Arnab Sharma, Steffen Beringer, Oleksandra Koslova, Elisabeth Schlatt (left to right)

Felix Pauck, M.Sc.

Address: Felix Pauck
Paderborn University
Faculty of Electrical Engineering, Computer Science and Mathematics
Warburger Str. 100
D-33098 Paderborn, Germany
Office: O4.128

Availability (Working hours):
Monday - Friday
07:00 am until ~03:30 pm
Phone: +49 (0) 5251-60-1765
Fax:  +49 (0) 5251-60-3993 
Email: fpauck(at)mail.uni-paderborn.de
Secretary: Elisabeth Schlatt
Phone: +49 (0) 5251-60-3764
Email: schlatt(at)mail.upb.de
Office: O4.125

Teaching

WS 2019/20 Software Analysis (in English) Laboratory
SS 2019 PG: BANANA Organization
WS 2018/19 Modellierung Organization, Tutorial
SS 2018 Proseminar: Android App Analyse Organization
WS 2017/18 Software Analysis (in English) Tutorial, Laboratory

Publications


Open list in Research Information System

2019

Together Strong: Cooperative Android App Analysis

F. Pauck, H. Wehrheim, in: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2019, pp. 374-384

Recent years have seen the development of numerous tools for the analysis of taint flows in Android apps. Taint analyses aim at detecting data leaks, accidentally or by purpose programmed into apps. Often, such tools specialize in the treatment of specific features impeding precise taint analysis (like reflection or inter-app communication). This multitude of tools, their specific applicability and their various combination options complicate the selection of a tool (or multiple tools) when faced with an analysis instance, even for knowledgeable users, and hence hinders the successful adoption of taint analyses. In this work, we thus present CoDiDroid, a framework for cooperative Android app analysis. CoDiDroid (1) allows users to ask questions about flows in apps in varying degrees of detail, (2) automatically generates subtasks for answering such questions, (3) distributes tasks onto analysis tools (currently DroidRA, FlowDroid, HornDroid, IC3 and two novel tools) and (4) at the end merges tool answers on subtasks into an overall answer. Thereby, users are freed from having to learn about the use and functionality of all these tools while still being able to leverage their capabilities. Moreover, we experimentally show that cooperation among tools pays off with respect to effectiveness, precision and scalability.


When Are Software Verification Results Valid for Approximate Hardware?

T. Isenberg, M. Jakobs, F. Pauck, H. Wehrheim, in: Tests and Proofs - 13th International Conference, {TAP} 2019, Held as Part of the Third World Congress on Formal Methods 2019, Porto, Portugal, October 9-11, 2019, Proceedings, 2019, pp. 3-20

DOI


2018

Do Android taint analysis tools keep their promises?

F. Pauck, E. Bodden, H. Wehrheim, in: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018, ACM Press, 2018

DOI


Validity of Software Verification Results on Approximate Hardware

T. Isenberg, M. Jakobs, F. Pauck, H. Wehrheim, IEEE Embedded Systems Letters (2018), pp. 22-25

Approximate computing (AC) is an emerging paradigm for energy-efficient computation. The basic idea of AC is to sacrifice high precision for low energy by allowing hardware to carry out “approximately correct” calculations. This provides a major challenge for software quality assurance: programs successfully verified to be correct might be erroneous on approximate hardware. In this letter, we present a novel approach for determining under what conditions a software verification result is valid for approximate hardware. To this end, we compute the allowed tolerances for AC hardware from successful verification runs. More precisely, we derive a set of constraints which—when met by the AC hardware—guarantees the verification result to carry over to AC. On the practical side, we furthermore: 1) show how to extract tolerances from verification runs employing predicate abstraction as verification technology and 2) show how to check such constraints on hardware designs. We have implemented all techniques, and exemplify them on example C programs and a number of recently proposed approximate adders.


Do Android Taint Analysis Tools Keep their Promises?

F. Pauck, E. Bodden, H. Wehrheim, in: arXiv:1804.02903, 2018

In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.


2017

Cooperative static analysis of Android applications

F. Pauck, Master's thesis, Universität Paderborn, 2017


2016

PAndA 2 : Analyzing Permission Use and Interplay in Android Apps (Tool Paper)

M. Jakobs, M. Töws, F. Pauck, in: Workshop on Formal and Model-Driven Techniques for Developing Trustworthy Systems, 2016

We present PAndA2, an extendable, static analysis tool for Android apps which examines permission related security threats like overprivilege, existence of permission redelegation and permission flows. PAndA2 comes along with a textual and graphical visualization of the analysis result and even supports the comparison of analysis results for different android app versions.


2014


Open list in Research Information System

Research Interest

Cooperative Android App Analysis

Possibilities

You are interested in Android & Software Analysis and looking for a

  • Bachelor's Thesis,
  • Master's Thesis,
  • Student Assistant Job (SHK/WHB)?

Then send me an E-Mail or stop by at my office and we will find a topic that fits your flavor. However, any topic will deal with the Android App Analysis Query Language (AQL) and usually all my topics include implementation parts.

 

The University for the Information Society