Andreas Dann

Andreas Dann

Security Researcher

Biography

I’m currently finishing my Ph.D. as an external research associate in the Secure Software Engineering Group, advised by Prof. Dr. Eric Bodden and Prof. Dr. Ben Hermann at Paderborn. I received an MSc in Computer Science from Paderborn University in 2016.

My research comprises the detection of vulnerable open-source libraries, evaluating their usage, and providing automated approaches for updating them by applying static code analysis and empirical software engineering methods.

While persuing my Ph.D., I’ve been Co-Founder at CodeShield GmbH and an AWS community builder.

Interests
  • Static Code Analysis
  • Open-Source Software Security
  • Software Supply Chain Security
Education

  • PhD Student in Computer Science, 2016

    Paderborn University

  • MSc in Computer Science, 2016

    Paderborn University

  • BSc in Computer Science, 2013

    Paderborn University

Skills

Languages: Java, Python (beginner), Neo4j, PostgresSQL
Frontend: HTML, Bootstrap
CI/CD: AWS, Docker, Gitlab CI, Jenkins
DataScience: Jupyter, Pandas
Static Code Analysis: Soot, WALA, JavaParser, Eclipse Steady

Projects

Log4shell Checker
Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-2021-44228.
Log4shell Checker
Eclipse Steady

Eclipse Steady analyses Java and Python applications to identify, assess and mitigate the use of open-source dependencies with known vulnerabilities.

During my internship at SAP, Security research in France, I added support for Soot to Eclipse Steady and worked on the Maven plugin.

FutureSoot

Future-proofing the Soot Framework for Program Analysis and Transformation. The goal of this DFG project is to develop a brand-new version of Soot. This new version will enable people to use Soot in a much more flexible manner. I am a main contributor to this project.

Together with my colleagues I kick-started the design and development of the new Soot framework.

Soot

Soot is static analysis framework used by researchers and practitioners from around the world to analyze, instrument, optimize and visualize Java and Android applications.

Besides several bug fixes, I adapted Soot to support Java’s module systems and Java version newer then 9.

Soot
MechatronicUML

MechatronicUML is a Model-Driven Software Development tool-chain for cyber-physical systems.

As a student I worked on MechatronicUML’s metamodels, its C codegenerator, and several Eclipse plugins.

MechatronicUML

Recent Publications

Quickly discover relevant content by filtering publications.
Andreas Dann, Ben Hermann, Eric Bodden (2023). UpCy: Safely Updating Outdated Dependencies. 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE).

Cite DOI

Johannes Späth, Andreas Dann, Manuel Benz (2022). Blinder Alarm: Kontext als Schlüssel zur sicheren Cloud. Heise Online.

URL

Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, Eric Bodden (2021). Identifying Challenges for OSS Vulnerability Scanners - A Study amp; Test Suite. IEEE Transactions on Software Engineering.

Cite DOI

Andreas Dann, Ben Hermann, Eric Bodden (2021). ModGuard : Identifying Integrity amp; Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering.

Cite DOI

Andreas Dann, Ben Hermann, Eric Bodden (2021). Presentation - ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules. Software Engineering 2021.

Cite

Andreas Dann, Ben Hermann, Eric Bodden (2019). SootDiff: Bytecode Comparison across Different Java Compilers. Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis.

Cite DOI URL

Andreas Peter Dann, Uwe Pohlmann (2014). The MechatronicUML Hardware Platform Description Method – Process and Language.

Cite

Andreas Dann (2014). Modellierung von Hardwareplattformen für die modellgetriebene Softwareentwicklung. Informatiktage 2014 - Big (Data) is beautiful.

Cite

Uwe Pohlmann, Matthias Meyer, Andreas Dann, Christopher Brink (2014). Viewpoints and Views in Hardware Platform Modeling for Safe Deployment. Proceedings of the 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling.

Cite DOI URL

Academic Services

  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.

  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2021.

  • Student Volunteer, Joint Meeting of the European Software Engineering Conference and the ACM Sigsoft Symposium on the Foundations of Software Engineering (ESEC/FSE), 2017.

Contact