2022

• Omotosho, A.; Welearegai, G. and Hammer C. Detecting Return-Oriented Programming on Firmware-Only Embedded Devices Using Hardware Performance Counters. Accepted for publication at SAC 2022, pp 510–519, ACM, April 2022. [PDF]

2021

• Bichhawat, A; Rajani, V.; Garg, D. and Hammer, C. Permissive Runtime Information Flow  Control in the Presence of Exceptions. Journal of Computer Security 29(4), pp. 361–401, IOS Press, Jun 2021.
• Prakash, J.; Tiwari, A . and Hammer, C. Effects of Program Representation on Pointer Analyses — An Empirical Study. In Proc. 24th International Conference on Fundamental Approaches to Software Engineering (FASE), LNCS 12649, pp. 240–261, Springer, 2021.

2020

• Tiwari, A.; Prakash, J.; Groß, S. and Hammer, C. A Large Scale Analysis of Android - Web Hybridization. Journal of Systems and Software 170: 110775. (Preprint version).
• Hough, K.; Welearegai, G.; Hammer, C. and Bell, J. Revealing Injection Vulnerabilities by Leveraging Existing Tests. In Proc. International Conference of Software Engineering (ICSE 2020) pp. 284–296, ACM, 2020.

2019

• Tiwari, A .; Prakash, J .; Gross, S. and Hammer, C. LUDroid: A Large Scale Analysis of Android - Web Hybridization. In Proc. 19th International Working Conference on Source Code Analysis and Manipulation (SCAM 2019) pp. 256-267, IEEE, 2019. PDF
• Tiwari, A .; Gross, S. and Hammer, C. IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications. In S. Chen et al. (Eds.): Security and Privacy in Communication Networks, Springer LNICST 305, pp. 335–349, 2019. PDF Extended version: PDF
• Chakraborty, D .; Hammer, C. and Bugiel, S.  Secure multi-execution in Android . In Proceedings of the 34th ACM / SIGAPP Symposium on Applied Computing (Sec @ SAC'19), pp. 1934-1943, ACM, 2019.
• Welearegai, G .; Schlüter, M. and Hammer, C.  Static Security Evaluation of an Industrial Web Application . In Proceedings of the 34th ACM / SIGAPP Symposium on Applied Computing (Sec @ SAC'19), pp. 1952-1961, ACM, 2019.

2018

• Groß, S .; Tiwari, A. and Hammer, C. PIAnalyzer: A Precise Approach to PendingIntent vulnerability analysis. In Computer Security. ESORICS 2018 , pp 41-59, Springer LNCS 11099, 2018. PDF
• Tiwari, A .; Bendun, F. and Hammer, C. A Formal Logic Framework for the Automation of the Right to Be Forgotten. In  Security and Privacy in Communication Networks , pp 95-111, Springer,  LNICST 254 , 2018.
• Groß, S.; Tiwari, A. and Hammer, C. ThiefTrap – An Anti-Theft Framework for Android. In Security and Privacy in Communication Networks, pp 167-184, Springer, LNICST 238, 2018.

2017

• Bichhawat, A.; Rajani, V.; Jain, J.; Garg, D. and Hammer, C. WebPol: Fine-grained Information Flow Policies for Web Browsers. In ESORICS 2017, pp 242-259, Springer , LNCS 10492, 2017.
• Welearegai, G. and Hammer, C. Optimized Automatic Sanitizer Placement.  In Engineering Secure Software and Systems, pages 87-96, Springer, LNCS 10379, 2017.

2016

• Backes, M.; Bugiel, S.; Derr, E.; Gerling, S. and Hammer, C. R-Droid: Leveraging Android App Analysis with Static Slice Optimization.  In 11th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'16), 2016.
• Backes, M.; Hammer, C.; Pfaff, D. and Skoruppa, M. Implementation-level Analysis of the JavaScript Helios Voting Client.  In 31st ACM Symposium on Applied Computing (SAC'16), 2016.

2015

• Backes, M.; Bugiel, S.; Hammer, C.; Schranz, O. and Styp-Rekowsky, P. v. Boxify: Full-fledged App Sandboxing for Stock Android. In 24th USENIX Security Symposium (USENIX Security 15), USENIX Association, Washington, D.C., 2015.
• Rajani, V.; Bichhawat, A.; Garg, D. and Hammer, C. Information Flow Control for Event Handling and the DOM in Web Browsers.  In 28th IEEE Computer Security Foundations Symposium, IEEE Computer Society, 2015.
• Pfaff, D.; Hack, S. and Hammer, C. Learning How to Prevent Return-Oriented Programming Efficiently.  In Engineering Secure Software and Systems, pages 68-85, Springer, LNCS 8978, 2015. PDF

2014 

• Snelting, G.; Giffhorn, D.; Graf, J.; Hammer, C.; Hecker, M.; Mohr, M. and Wasserrab, D. Checking Probabilistic Noninterference Using JOANA.  In it - Information Technology, 56 (6): 280-287, 2014. doi 
• Bichhawat, A.; Rajani, V.; Garg, D. and Hammer, C. Generalizing Permissive-Upgrade in Dynamic Information Flow Analysis.  In Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security, pages 15:15-15:24, ACM, New York, NY, USA, PLAS'14 , 2014.
• Bichhawat, A.; Rajani, V.; Garg, D. and Hammer, C. Information Flow Control in WebKit's JavaScript Bytecode.  In Proc. 3rd Conference on Principles of Security and Trust (POST 2014), pages 159-178, Springer, LNCS 8414, 2014.
• Bichhawat, A. Exception Handling for Dynamic Information Flow Control.  In Companion Proceedings of the 36th International Conference on Software Engineering (Student Research Competition), pages 718-720, ACM, New York, NY, USA, ICSE Companion 2014 , 2014.
• Backes, M.; Gerling, S.; Hammer, C.; Maffei, M. and Styp-Rekowsky, P. v. AppGuard -- Fine-grained Policy Enforcement for Untrusted Android Applications.  In 8th International Workshop on Data Privacy Management (DPM'13), pages 1-19, LNCS 8247, 2014.

2013

• Richards, G.; Hammer, C.; Zappa Nardelli, F.; Jagannathan, S. and Vitek, J. Flexible Access Control for JavaScript.  In Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages and applications, pages 305-322, ACM, New York, NY, USA, OOPSLA '13 , 2013.
• Bugiel, S.; Derr, E.; Gerling, S. and Hammer, C. Advances in Mobile Security.  In 8th Future Security - Security Research Conference, pages 286-295, Fraunhofer Verlag, 2013.
• Marino, D.; Hammer, C.; Dolby, J.; Vaziri, M.; Tip, F. and Vitek, J. Detecting Deadlock in Programs with Data-Centric Synchronization.  In ICSE '13: Proceedings of the 35th International Conference on Software Engineering, pages 322-311, 2013.
• Backes, M.; Gerling, S.; Hammer, C.; Maffei, M. and Styp-Rekowsky, P. v. AppGuard - Enforcing User Requirements on Android Apps.  In 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 545-550, Springer, LNCS 7795, 2013.
• Styp-Rekowsky, P. v.; Gerling, S.; Backes, M. and Hammer, C. Callee-site Rewriting of Sealed System Libraries.  In International Symposium on Engineering Secure Software and Systems (ESSoS'13), pages 33-41, Springer, LNCS 7781, 2013.
• Hammer, C. Efficient Algorithms for Control Closures.  In 1st International Workshop on Interference and Dependence, 2013.

2012

• Dolby, J.; Hammer, C.; Marino, D.; Tip, F.; Vaziri, M. and Vitek, J. A data-centric approach to synchronization.  In ACM Trans. Program. Lang. Syst., 34 (1): 4:1-4:48, 2012.
• Sumner, W. N.; Hammer, C. and Dolby, J. Marathon: Detecting Atomic-Set Serializability Violations with Conflict Graphs.  In RV'11: Proc. 2nd International Conference on Runtime Verification, pages 161-176, Springer, LNCS 7186, 2012.

2011

• Just, S.; Cleary, A.; Shirley, B. and Hammer, C. Information flow analysis for JavaScript.  In Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients, pages 9-18, ACM, New York, NY, USA, PLASTIC '11 , 2011.
• Richards, G.; Hammer, C.; Burg, B. and Vitek, J. The Eval that Men Do -- A Large-scale Study of the Use of Eval in JavaScript Applications.  In ECOOP'11: Proceedings of the 25th European Conference on Object-Oriented Programming, pages 52-78, Springer, LNCS 6813, 2011.

2010

• Vaziri, M.; Tip, F.; Dolby, J.; Hammer, C. and Vitek, J. A Type System for Data-Centric Synchronization.  In ECOOP '10: Proceedings of the 24th European Conference on Object-Oriented Programming, pages 304-328, Springer, LNCS 6183, 2010.
• Hammer, C. Experiences with PDG-based IFC.  In International Symposium on Engineering Secure Software and Systems (ESSoS'10), pages 44-60, Springer, LNCS 5965, 2010.

2009

• Hammer, C. and Snelting, G. Flow-Sensitive, Context-Sensitive, and Object-sensitive Information Flow Control Based on Program Dependence Graphs.  In International Journal of Information Security, 8 (6): 399-422, 2009.
• Giffhorn, D. and Hammer, C. Precise Slicing of Concurrent Programs -- An Evaluation of Precise Slicing Algorithms for Concurrent Programs.  In Journal of Automated Software Engineering, 16 (2): 197-234, 2009.

2008

• Giffhorn, D. and Hammer, C. Precise Analysis of Java Programs using JOANA (Tool Demonstration).  In Proc. 8th IEEE International Working Conference on Source Code Analysis and Manipulation, pages 267-268, 2008.
• Hammer, C.; Schaade, R. and Snelting, G. Static path conditions for Java.  In PLAS '08: Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, pages 57-66, ACM, New York, NY, USA, 2008.
• Hammer, C.; Dolby, J.; Vaziri, M. and Tip, F. Dynamic detection of atomic-set-serializability violations.  In ICSE '08: Proceedings of the 30th international conference on Software engineering, pages 231-240, ACM, New York, NY, USA, 2008.

2007

• Giffhorn, D. and Hammer, C. An Evaluation of Precise Slicing Algorithms for Concurrent Programs.  In SCAM'07: Seventh IEEE International Working Conference on Source Code Analysis and Manipulation, pages 17-26, Paris, France, 2007.

2006

• Hammer, C.; Krinke, J. and Snelting, G. Information Flow Control for Java Based on Path Conditions in Dependence Graphs.  In Proc. IEEE International Symposium on Secure Software Engineering (ISSSE'06), pages 87-96, 2006.
• Hammer, C.; Krinke, J. and Nodes, F. Intransitive Noninterference in Dependence Graphs.  In Proc. Second International Symposium on Leveraging Application of Formal Methods, Verification and Validation (ISoLA 2006), pages 119-128, IEEE Computer Society, Washington, DC, USA, 2006.
• Hammer, C.; Grimme, M. and Krinke, J. Dynamic path conditions in dependence graphs.  In PEPM '06: Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, pages 58-67, ACM Press, New York, NY, USA, 2006.

2004

• Hammer, C. and Snelting, G. An improved slicer for Java.  In PASTE '04: Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 17-22, ACM Press, New York, NY, USA, 2004.

Dissertations

2019

• Groß, S. Detecting and mitigating information flow threats in Android OS. PhD Thesis. University of Potsdam. 2019.
• Tiwari, A. Enhancing Users’ Privacy: Static Resolution of the Dynamic Properties of Android. PhD Thesis. University of Potsdam. 2019.

2017

• Bichhawat, A. Practical Dynamic Information Flow Control. PhD Thesis. Saarland University. 2017.

2009

• Hammer, C. Information Flow Control for Java - A Comprehensive Approach based on Path Conditions in Dependence Graphs. Ph.D. Thesis, Universität Karlsruhe (TH), Fak. f. Informatik, 2009.

Conference Proceedings

2012

• Hammer, C.; Dolby, J. and Gowri, M., ed. Proceedings of the Workshop on JavaScript Tools.  ACM, 2012. www 

Technical Reports

2013 

• Bodden, E.; Schneider, M.; Kreutzer, M.; Mezini, M.; Hammer, C.; Zeller, A.; Achenbach, D.; Huber, M. and Kraschewski, D. Entwicklung sicherer Software durch Security by Design.  In SIT-TR-2013-01, Fraunhofer SIT, 2013.
• Backes, M.; Gerling, S.; Hammer, C.; Maffei, M. and Styp-Rekowsky, P. v. AppGuard -- Fine-grained Policy Enforcement for Untrusted Android Applications. Technical Report A/02/2013, Saarland University, Computer Science, 2013.

2012

• Marino, D.; Hammer, C.; Dolby, J.; Vaziri, M.; Tip, F. and Vitek, J. Detecting Deadlock in Programs with Data-Centric Synchronization. Technical Report RC25300, IBM Research Report, 2012.
• Backes, M .; Gerling, S .; Hammer, C .; Maffei, M. and Styp-Rekowsky, P.v. AppGuard - Real-time Policy Enforcement for Third-Party Applications. Technical Report A / 02/2012,  Saarland University, Computer Science , 2012.

2011

• Dolby, J .; Hammer, C .; Marino, D .; Tip, F .; Vaziri, M. and Vitek, J. A data-centric approach to synchronization. Technical Report RC25106,  IBM Research Report , 2011.

2008

• Hammer, C. and Snelting, G. Flow-Sensitive, Context-Sensitive, and Object-Sensitive Flow Information Based on Program Dependence Graphs. Technical Report 2008-16,  Faculty of Computer Science, University of Karlsruhe (TH), Germany , 2008.