Context. Configurable software systems are finding their way into more and more domains and are almost omnipresent today. Such systems (such as the Linux kernel) allow the software to be tailored to different application contexts through a selection of features (i.e., increments in functionality). This offers many advantages (cost reduction, shorter time-to-market, etc.), but poses a major challenge for the static analysis of the system for security vulnerabilities. This is because such a system allows the derivation of an exponentially large number of different software variants, a quantity that can no longer be analyzed in a practical manner.
To address this problem, we have developed the Vari-Joern analysis platform, which has already won a Best Artifact Award at the Systems and Software Product Line Conference (SPLC). Its goal is to enable effective and efficient detection of security vulnerabilities for configurable software, and it achieves this by implementing two typical analysis approaches for configurable software.

Tasks

- Further development and maintenance of our static analysis platform Vari-Joern

- Involvement in the scientific publication process, if interested

Benefits

- Flexible working hours

- Close supervision

- Free access to an air-conditioned workspace with an external monitor at the chair

- Networking at the chair and opportunities for other courses (seminars, internships, theses)

Requirements

- Programming experience in Java and/or Python

- Basic knowledge of programming in C and conditional compilation with the C preprocessor

- Experience with configurable software may be an advantage, but is not strictly required