To content

Research Team Finds Security Gaps in Soft­ware Systems

  • Top News
  • Research
Light blue figures and letters on a black background. © Sergey Nivens​/​Adobe Stock
Prof. Falk Howar and his team conduct re­search on the analysis and protection of autonomous and safety-critical software systems.

Since 2015, Amazon has been promoting re­search projects from all over the world – in areas such as machine learning and IT security – with its Research Award. This year, Prof. Falk Howar from the Department of Com­pu­ter Science at TU Dort­mund Uni­ver­sity is receiving the award and the associated funding of 45,000 US dollars for his proj­ect titled “Scaling Dynamic Symbolic Execution for Java”. A total of 26 researchers from eleven coun­tries were awarded in the most recent round of funding.

Prof. Howar, what is your award-winning proj­ect about?

The focus of the re­search I conduct with my team at TU Dort­mund Uni­ver­sity is on the analysis and protection of autonomous and safety-critical software systems. We are particularly interested in the use of learning and formal methods of analyzing the behavior of these systems. The aim of our work is to test software systems for potential security gaps. In the funded proj­ect, we use automated reasoning – in other words, symbolic reasoning based on logic – which is a branch of ​artificial intelligence. A re­search tool called “JDart” – a frame­work for the dynamic, symbolic execution of Java bytecode that we’ve been developing for quite some time – forms the basis of this new proj­ect. We are now scaling the tool so that we can use it to test the security of industrial web applications.

What are your analysis tools capable of?

The tools we develop bring formal logic and software systems together. In the case of a web application, for example, we can specify that users are not permitted to write dangerous entries in certain places of the database, as that would be a security breach. So we record logical conditions, then examine the behavior of the programs and generate new test cases. In the end, our tools provide formal evidence that there are no security gaps in the software – or that there are. Unlike machine learning, for example, our tools have to come to definitive conclusions. They do not provide approximations or probabilities. If the tool cannot obtain formal evidence, it will also output this failure as a result. Incidentally, we make our tools freely available so that other groups can continue to work on them.

Portrait photo of Falk Howar. © Felix Schmale​/​TU Dort­mund
Prof. Falk Howar is Professor of Soft­ware Engineering at the Department of Com­pu­ter Science.

Is your re­search also of interest to industry?

So far, industry has mainly relied on human experts who have years of experience and cost a lot of money to find such security gaps in their software. Companies would ben­efit greatly from automating and professionalizing the analysis and protection of their software. This is something we are researching – our tools are designed to use automatic processes to ensure that software components are free of any errors. This is extremely re­le­vant because companies in the United States already have to pay for significant damages caused by these kinds of security breaches – such as identity theft.

Another focus of our work that is re­le­vant to industry is the security of autonomous systems, such as autonomous driving. We previously collaborated with Volkswagen, researching in­no­va­ti­ve approaches to safeguarding autonomous driving functions, which we then tested on the prototype of an autonomous lane change assistant.


Link to the tools

Link to the working group


Contact for further in­for­mation:

Cafeteria menus

Location & approach

The campus of TU Dort­mund Uni­ver­sity is located close to interstate junction Dort­mund West, where the Sauerlandlinie A 45 (Frankfurt-Dort­mund) crosses the Ruhrschnellweg B 1 / A 40. The best interstate exit to take from A 45 is “Dort­mund-Eichlinghofen” (closer to South Cam­pus), and from B 1 / A 40 “Dort­mund-Dorstfeld” (closer to North Cam­pus). Signs for the uni­ver­si­ty are located at both exits. Also, there is a new exit before you pass over the B 1-bridge leading into Dort­mund.

To get from North Cam­pus to South Cam­pus by car, there is the connection via Vo­gel­pothsweg/Baroper Straße. We recommend you leave your car on one of the parking lots at North Cam­pus and use the H-Bahn (suspended monorail system), which conveniently connects the two campuses.

TU Dort­mund Uni­ver­sity has its own train station (“Dort­mund Uni­ver­si­tät”). From there, suburban trains (S-Bahn) leave for Dort­mund main station (“Dort­mund Hauptbahnhof”) and Düsseldorf main station via the “Düsseldorf Airport Train Station” (take S-Bahn number 1, which leaves every 15 or 30 minutes). The uni­ver­si­ty is easily reached from Bochum, Essen, Mülheim an der Ruhr and Duis­burg.

You can also take the bus or subway train from Dort­mund city to the uni­ver­si­ty: From Dort­mund main station, you can take any train bound for the Station “Stadtgarten”, usually lines U41, U45, U 47 and U49. At “Stadtgarten” you switch trains and get on line U42 towards “Hombruch”. Look out for the Station “An der Palmweide”. From the bus stop just across the road, busses bound for TU Dort­mund Uni­ver­sity leave every ten minutes (445, 447 and 462). Another option is to take the subway routes U41, U45, U47 and U49 from Dort­mund main station to the stop “Dort­mund Kampstraße”. From there, take U43 or U44 to the stop “Dort­mund Wittener Straße”. Switch to bus line 447 and get off at “Dort­mund Uni­ver­si­tät S”.

The AirportExpress is a fast and convenient means of transport from Dort­mund Airport (DTM) to Dort­mund Central Station, taking you there in little more than 20 minutes. From Dort­mund Central Station, you can continue to the uni­ver­si­ty campus by interurban railway (S-Bahn). A larger range of in­ter­na­tio­nal flight connections is offered at Düsseldorf Airport (DUS), which is about 60 kilometres away and can be directly reached by S-Bahn from the uni­ver­si­ty station.

The H-Bahn is one of the hallmarks of TU Dort­mund Uni­ver­sity. There are two stations on North Cam­pus. One (“Dort­mund Uni­ver­si­tät S”) is directly located at the suburban train stop, which connects the uni­ver­si­ty directly with the city of Dort­mund and the rest of the Ruhr Area. Also from this station, there are connections to the “Technologiepark” and (via South Cam­pus) Eichlinghofen. The other station is located at the dining hall at North Cam­pus and offers a direct connection to South Cam­pus every five minutes.

The facilities of TU Dort­mund Uni­ver­sity are spread over two campuses, the larger Cam­pus North and the smaller Cam­pus South. Additionally, some areas of the uni­ver­si­ty are located in the adjacent “Technologiepark”.

Site Map of TU Dort­mund Uni­ver­sity (Second Page in English).