Leonid Glanz

Leonid Glanz M.Sc.

My research interests target reverse engineering for various kinds of detections, including malware, repackages (CodeMatch), and libraries (LibDetect).

A common threat for all these detections is obfuscation, because it hides control and data structures by transforming them to unreadable bits and bytes.

My work reverses and restructures the obfuscated code into a machine and human readable form.

Thereby I use different techniques, such as string analysis, static analysis, machine learning, and abstract interpretation.


Term Courses
Summer 2018
  • Topic Instructor for Foundations of Static Analyses
Winter 2017/18
  • Contracting entity for IBM projects in 'Open Digital Lab'
  • Advisor for the team Medical Book-in Implementation in 'Software Engineering Project'
  • Coordinator for clients in 'Software Engineering Project'
  • Instructor for quality assurance in 'Software Engineering Project'
  • Instructor for project management in 'Software Engineering Project'
Winter 2016/17
  • Advisor for the team Medical Programming Group in 'Software Engineering Project'
  • Advisor for the team Pipeline MAUS in 'Software Engineering Project'
  • Instructor for quality assurance in 'Software Engineering Project'
Summer 2016
  • Instructor for quality assurance in 'Software Engineering Project'
Winter 2015/16
  • Teaching Assistant 'Software Engineering'
  • Instructor for quality assurance in 'Software Engineering Project'
Summer 2015
  • Teaching Assistant 'Software Engineering Design & Construction'
Winter 2014/15
  • Instructor for quality assurance in 'Software Engineering Project'
  • Advisor for the team RubberDuck in 'Software Engineering Project'


I am a member of CRISP. The core focus of CRISP is the topic “Security at Large”.

Through this, CRISP is pursuing an entirely new objective and redefining the focus of research conducted at Darmstadt, taking developments in diverse fields of application into account.

Cybersecurity research to date has generally only considered isolated characteristics and moderately sized systems. CRISP sets out to research security for large systems – from their individual components all the way up to their interaction within comprehensive security solutions.

The research areas “Secure Internet Infrastructure” and “Secure Web Applications” are both flagship projects at CRISP.

Smartphone users generally expect that apps, which they download from big app stores, are safe to use. That is, the apps are not used for criminal activities, do not pose security issues and do not violate their privacy. Theses expectations are even heightened if the apps are marketed as apps for families or specifically children.

However, past research has shown that these expectations are often violated. Current approaches to detect violating apps, which use techniques such as code signatures and monitoring of the internet communication while the app is monkey tested, have shown to be insufficient to reliably detect such apps. In general, the analysis of apps is complicated by the prevalent obfuscation of the code of apps.

The goal of this research is to develop a tool that will help – in the presence of obfuscated code – to identify apps which pose security or privacy issues or which may use the phone for other criminal activities.

I am a member of the team that implements the tool to identify apps with security and privacy issues.

At the Open Digital Lab students, scientists and even companies can learn how to develop and at the same time secure, innovative applications and solutions in the areas of cybersecurity, big data analytics, and artificial intelligence. Because the threat of potential cyber attacks is becoming increasingly important, the protection of individual devices, enterprise networks, and critical infrastructures is a far-reaching concern that can only be implemented with specialized knowledge and methods.

For this endeavor, IBM will provide a platform for exchanging security information (X-Force Exchange) in addition to a variety of cloud services, which enables it to detect even complex threat scenarios.

Under the terms of the agreement, both partners plan to create an open facility with the lab that will give industry, students, and researchers in the region the opportunity to work together to deliver innovative ideas, while meeting growing security needs.

I am a member of PEAKS. PEAKS is an acronym for “Platform for the Efficient Analysis and Secure Composition of Software Components”

A fundamental building block in making software engineering more efficient is the reuse of existing components and libraries. Applications are composed of a stack of libraries in conjunction with the respective business code. But as the code of the libraries becomes a part of the control flow of the application, it will run in the same process and thus in the same security context as the main application regardless of the actual need for such a privilege. We aim to build a tool to detect these unnecessary permissions in software libraries and to recommend procedures to limit these privileges or their impact.

I am a member of the ACCEPT Project. The overall goal of ACCEPT is the development of a new approaches for security related anomaly detection, -analysis and -treatment in virtual computer systems. The detection of anomalies are performed to identify previously known and unknown security problems and especially suited for virtual computer system risks.


Group by: Date | Item type | No grouping
Jump to: 2018 | 2017 | 2015
Number of items: 4.


Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Mezini, Mira
Tichy, Matthias ; Bodden, Eric ; Kuhrmann, Marco ; Wagner, Stefan ; Steghöfer, Jan-Philipp (eds.) :

CodeMatch: Obfuscation Won't Conceal Your Repackaged App.
In: Software Engineering und Software Management 2018. Gesellschaft für Informatik , pp. 117-118.
[Book section], (2018)


Glanz, Leonid ; Amann, Sven ; Eichberg, Michael ; Reif, Michael ; Hermann, Ben ; Lerch, Johannes ; Mezini, Mira :
CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.
[Online-Edition: http://dl.acm.org/citation.cfm?id=3106305]
In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering Paderborn, Germany
[Conference or workshop item], (2017)


Eichberg, Michael ; Hermann, Ben ; Mezini, Mira ; Glanz, Leonid :
Hidden Truths in Dead Software Paths.
[Online-Edition: http://doi.acm.org/10.1145/2786805.2786865]
In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, New York, NY, USA. In: ESEC/FSE 2015 . ACM , New York, NY, USA
[Conference or workshop item], (2015)

Glanz, Leonid ; Schmidt, Sebastian ; Wollny, Sebastian ; Hermann, Ben :
A Vulnerability's Lifetime: Enhancing Version Information in CVE Databases.
[Online-Edition: http://doi.acm.org/10.1145/2809563.2809612]
In: Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business, New York, NY, USA. In: i-KNOW '15 . ACM , New York, NY, USA
[Conference or workshop item], (2015)

This list was generated on Fri Sep 21 05:23:47 2018 CEST.