Andreas Dann

Andreas Dann

Security Researcher

Biography

I received my doctoral degree from Paderborn University in 2024 as an external research associate in the Secure Software Engineering Group, advised by Prof. Dr. Eric Bodden and Prof. Dr. Ben Hermann. I received an MSc in Computer Science from Paderborn University in 2016.

My research comprises the detection of vulnerable open-source libraries, evaluating their usage, and providing automated approaches for updating them by applying static code analysis and empirical software engineering methods.

While pursuing my PhD, I’ve been Co-Founder at CodeShield GmbH and an AWS community builder.

Interests
  • Static Code Analysis
  • Open-Source Software Security
  • Software Supply Chain Security
Education
  • PhD in Computer Science, 2024

    Paderborn University

  • MSc in Computer Science, 2016

    Paderborn University

  • BSc in Computer Science, 2013

    Paderborn University

Skills

Languages: Java, Python (beginner), Neo4j, PostgresSQL

Frontend: HTML, Bootstrap

CI/CD: AWS, Docker, Gitlab CI, Jenkins

DataScience: Jupyter, Pandas

Static Code Analysis: Soot, WALA, JavaParser, Eclipse Steady

Projects

Log4shell Checker
Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-2021-44228.
Log4shell Checker
Eclipse Steady

Eclipse Steady analyses Java and Python applications to identify, assess and mitigate the use of open-source dependencies with known vulnerabilities.

During my internship at SAP, Security research in France, I added support for Soot to Eclipse Steady and worked on the Maven plugin.

Eclipse Steady
SootUp

Future-proofing the Soot Framework for Program Analysis and Transformation. The goal of this DFG project is to develop a brand-new version of Soot. This new version will enable people to use Soot in a much more flexible manner. I am a main contributor to this project.

Together with my colleagues I kick-started the design and development of the new SootUP framework.

SootUp
Soot

Soot is static analysis framework used by researchers and practitioners from around the world to analyze, instrument, optimize and visualize Java and Android applications.

Besides several bug fixes, I adapted Soot to support Java’s module systems and Java version newer then 9.

Soot
MechatronicUML

MechatronicUML is a Model-Driven Software Development tool-chain for cyber-physical systems.

As a student I worked on MechatronicUML’s metamodels, its C codegenerator, and several Eclipse plugins.

MechatronicUML

Recent Publications

Quickly discover relevant content by filtering publications.
(2023). UpCy: Safely Updating Outdated Dependencies. Proceedings of the 45th IEEE/ACM International Conference on Software Engineering.

Cite

(2022). Blinder Alarm: Kontext als Schlüssel zur sicheren Cloud. Heise Developer.

Cite URL

(2022). Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite. IEEE Transactions on Software Engineering.

Cite DOI

(2021). ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering.

Cite DOI

(2021). ModGuard: Identifying Integrity & Confidentiality Violations in Java Modules. Software Engineering 2021.

Cite DOI

Academic Services

  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.
  • Reviewer, ACM Transactions on Software Engineering and Methodology (TOSEM), 2021.
  • Student Volunteer, Joint Meeting of the European Software Engineering Conference and the ACM Sigsoft Symposium on the Foundations of Software Engineering (ESEC/FSE), 2017.

Contact

Feel free to contact me.