Queryella is a project to extend the current state of data flow analysis for apps. To be able to combine the different types of analytics, we are building a platform that allows arbitrary compositions of such analyses. The platform will support the development of static, dynamic and hybrid analyses to evaluate apps' handling of sensitive data against current security and privacy criteria. Not only Android or iOS apps should be analyzed, but we should be able to evaluate any application or web interface in the future.
In the context of this project, we are always in search of students who have a strong interest in data flow analysis. Potential topics may include the identification of sources and sinks for sensitive data, the development of pre-analyses to reduce the runtime of the actual data flow analysis, the development of evaluation criteria for security or privacy issues, or the extraction and categorization of analysis results.
If you are looking for a topic that will have an impact on the future handling of sensitive data, do not hesitate to contact Leonid Glanz.
- Glanz, L., Müller, P., Baumgärtner, L., Reif, M., Amann, S., Anthonysamy, P., & Mezini, M: Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy.. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (pp. 694-707).
- Glanz, L., Amann, S., Eichberg, M., Reif, M., Hermann, B., Lerch, J., Mezini, M. : CodeMatch: Obfuscation Won’t Conceal Your Repackaged App.. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (pp. 638--648)