Andreas Dann

Andreas Dann

Co-Founder @ CodeShield

CodeShield GmbH

Biography

I’m co-founder of CodeShield. Prior to that, I worked as a research associate in the Secure Software Engineering Group advised by Prof. Dr. Eric Bodden and Prof. Dr. Ben Hermann at Paderborn University starting in 2017. I received the MSc In Computer Science from Paderborn University in 2016.

My research interests include program analysis with a security focus, empirical software engineering, and the detection of vulnerabilities in open-source software. I’m an advocate of open-source software and an AWS community builder. I’m also one of the main contributors of the static analysis framework Soot.

Interests
  • Static Code Analysis
  • Open-Source Software Security
  • Software Architecture
Education

  • PhD Student in Computer Science, 2017

    Paderborn University

  • MSc in Computer Science, 2016

    Paderborn University

  • BSc in Computer Science, 2013

    Paderborn University

Skills

Backend

Java, Python, Neo4j, PostgresSQL

Frontend

HTML, CSS, SASS, Bootstrap

DevOps

AWS, Docker, Gitlab CI, Jenkins

DataScience & ML

Jupyter, Pandas

Static Code Analysis

Soot, WALA, JavaParser, Steady

Projects

Log4shell Checker
Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-2021-44228.
Log4shell Checker
Eclipse Steady

Eclipse Steady analyses Java and Python applications to identify, assess and mitigate the use of open-source dependencies with known vulnerabilities.

During my internship at SAP, Security research in France, I added support for Soot to Eclipse Steady and worked on the Maven plugin.

FutureSoot

Future-proofing the Soot Framework for Program Analysis and Transformation. The goal of this DFG project is to develop a brand-new version of Soot. This new version will enable people to use Soot in a much more flexible manner. I am a main contributor to this project.

Together with my colleagues I kick-started the design and development of the new Soot framework.

Soot

Soot is static analysis framework used by researchers and practitioners from around the world to analyze, instrument, optimize and visualize Java and Android applications.

Besides several bug fixes, I adapted Soot to support Java’s module systems and Java version newer then 9.

Soot
MechatronicUML

MechatronicUML is a Model-Driven Software Development tool-chain for cyber-physical systems.

As a student I worked on MechatronicUML’s metamodels, its C codegenerator, and several Eclipse plugins.

MechatronicUML

Recent Publications

Quickly discover relevant content by filtering publications.
Andreas Dann, Ben Hermann, Eric Bodden (2023). UpCy: Safely Updating Outdated Dependencies (to be published). IEEE/ACM 45th International Conference on Software Engineering (ICSE 2023).

Cite

Johannes Späth, Andreas Dann, Manuel Benz (2022). Blinder Alarm: Kontext als Schlüssel zur sicheren Cloud. Heise Online.

URL

Andreas Dann, Henrik Plate, Ben Hermann, Serena Elisa Ponta, Eric Bodden (2021). Identifying Challenges for OSS Vulnerability Scanners - A Study amp; Test Suite. IEEE Transactions on Software Engineering.

Cite DOI

Andreas Dann, Ben Hermann, Eric Bodden (2021). ModGuard : Identifying Integrity amp; Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering.

Cite DOI

Andreas Dann, Ben Hermann, Eric Bodden (2021). Presentation - ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules. Software Engineering 2021.

Cite

Andreas Dann, Ben Hermann, Eric Bodden (2019). SootDiff: Bytecode Comparison across Different Java Compilers. Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis.

Cite DOI URL

Andreas Peter Dann, Uwe Pohlmann (2014). The MechatronicUML Hardware Platform Description Method – Process and Language.

Cite

Andreas Dann (2014). Modellierung von Hardwareplattformen für die modellgetriebene Softwareentwicklung. Informatiktage 2014 - Big (Data) is beautiful.

Cite

Uwe Pohlmann, Matthias Meyer, Andreas Dann, Christopher Brink (2014). Viewpoints and Views in Hardware Platform Modeling for Safe Deployment. Proceedings of the 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling.

Cite DOI URL

Academic Services

  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.

  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2021.

  • Student Volunteer, Joint Meeting of the European Software Engineering Conference and the ACM Sigsoft Symposium on the Foundations of Software Engineering (ESEC/FSE), 2017.

Contact