Johannes Späth

Researcher of Program Analysis

Fraunhofer IEM, Paderborn

Biography

Johannes Späth is a PhD student in program analysis and advised by Eric Bodden and Karim Ali. His research interests include static data-flow analysis, pointer analysis and automated detection of security vulnerabilities. Johannes works at the research institute Fraunhofer IEM in Paderborn, Germany.

Interests

Program Analysis
Pointer and Data-Flow Analysis
Applied Cryptography and Security

Education

M.Sc. in Mathematics, 2013

Technical University of Darmstadt, Germany
B.Sc. in Mathematics, 2011

Johannes-Gutenberg University of Mainz, Germany

Skills

Mathematics

Software Development (Java)

Web Development (JavaScript, SQL)

Data Analytics (Python, R)

Photography

Piano

Experience

March 2017 – Present

Paderborn, Germany

Research Associate

Fraunhofer IEM

Projects:

CogniCrypt (Sponsored by an Oracle Collaborative Research Grant)
Implementation of Data-Flow Analysis
Threat-Analysis
Mathematical Risk-Analysis

August 2016 – January 2017

Brisbane, Australia

Research Intern

Oracle Labs

Project:

Modular Points-To Analysis implemented in Datalog (DOOP and souffle).

March 2014 – July 2016

Darmstadt, Germany

Research Associate

Fraunhofer SIT

Projects:

Pentesting of Web Applications
Teaching “Designing Static Code Analysis for Large Scale”
Security Audit TrueCrypt for the German Federal Office for Information Security (BSI)

Selected Publications

Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems

Johannes Späth, Karim Ali, Eric Bodden

46th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2019,January 16-18, 2019, Lisbon, Portugal, 2018

Publications

Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems

Johannes Späth, Karim Ali, Eric Bodden

CrySL: An Extensible Approach to Validating the Correct Usage of CryptographicAPIs

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini

IDEal: Efficient and Precise Alias-Aware Data-Flow Analysis

Johannes Späth, Karim Ali, Eric Bodden

PDF DOI

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysisfor Java

Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, Eric Bodden

DOI

Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysiswith Unbounded Access Paths

Johannes Lerch, Johannes Späth, Eric Bodden, Mira Mezini

PDF DOI

Recent & Upcoming Talks

Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems

Jan 17, 2019 POPL 2019

Johannes Späth

Project

You forgot to changeit - CogniCrypt knows it!

Jun 18, 2018 EclipseCon France 2018

Johannes Späth, Stefan Krüger

Video Code Project

IDEal: Efficient and Precise Alias-aware Data-Flow Analysis

Oct 27, 2017 OOPSLA 2017

Johannes Späth

PDF Video Code Project

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysisfor Java

Jul 22, 2016 ECOOP 2016

Johannes Späth

PDF Video Code Project

Projects

Synchronized Pushdown Systems

Efficient and precise data-flow analysis.

Data-Flow Framework IDEal

$IDE^{al}$ is an efficient and generic framework for pointer-tracking data-flow analysis.

CogniCrypt

Support for software developers to securely using cryptography

Pointer Analysis Boomerang

Boomerang is a demand-driven pointer analysis for Java.