{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T00:03:44Z","timestamp":1775261024733,"version":"3.50.1"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030036379","type":"print"},{"value":"9783030036386","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-03638-6_27","type":"book-chapter","created":{"date-parts":[[2018,11,1]],"date-time":"2018-11-01T03:12:53Z","timestamp":1541041973000},"page":"437-453","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A Uniform Information-Flow Security Benchmark Suite for Source Code and Bytecode"],"prefix":"10.1007","author":[{"given":"Tobias","family":"Hamann","sequence":"first","affiliation":[]},{"given":"Mihai","family":"Herda","sequence":"additional","affiliation":[]},{"given":"Heiko","family":"Mantel","sequence":"additional","affiliation":[]},{"given":"Martin","family":"Mohr","sequence":"additional","affiliation":[]},{"given":"David","family":"Schneider","sequence":"additional","affiliation":[]},{"given":"Markus","family":"Tasch","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,11,2]]},"reference":[{"key":"27_CR1","unstructured":"HPE Security Fortify Static Code Analyzer (SCA). https:\/\/saas.hpe.com\/en-us\/software\/sca. Accessed 8 Aug 2018"},{"key":"27_CR2","unstructured":"IBM Security AppScan. https:\/\/www.ibm.com\/developerworks\/downloads\/r\/appscan\/index.html . Accessed 8 Aug 2018"},{"key":"27_CR3","unstructured":"SDK Platform Release Notes. https:\/\/developer.android.com\/studio\/releases\/platforms.html . Accessed 8 Aug 2018"},{"key":"27_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-319-12154-3_4","volume-title":"Verified Software: Theories, Tools and Experiments","author":"W Ahrendt","year":"2014","unstructured":"Ahrendt, W., et al.: The KeY platform for verification and analysis of Java programs. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 55\u201371. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-12154-3_4"},{"key":"27_CR5","unstructured":"The Activity Lifecycle of Android. https:\/\/developer.android.com\/guide\/components\/activities\/activity-lifecycle.html . Accessed 8 Aug 2018"},{"issue":"6","key":"27_CR6","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"Steven Arzt","year":"2014","unstructured":"Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, pp. 259\u2013269 (2014)","journal-title":"ACM SIGPLAN Notices"},{"key":"27_CR7","doi-asserted-by":"crossref","unstructured":"Balyo, T., Heule, M.J., J\u00e4rvisalo, M.: SAT competition 2016: recent developments. In: AAAI 2017, pp. 5061\u20135063 (2017)","DOI":"10.1609\/aaai.v31i1.10641"},{"key":"27_CR8","unstructured":"Bauerei\u00df, T., et al.: RIFL 1.1: a common specification language for information-flow requirements. Technical report TUD-CS-2017-0225, TU Darmstadt (2017)"},{"key":"27_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-319-14125-1_2","volume-title":"Logic-Based Program Synthesis and Transformation","author":"B Beckert","year":"2014","unstructured":"Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Gupta, G., Pe\u00f1a, R. (eds.) LOPSTR 2013. LNCS, vol. 8901, pp. 19\u201337. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-14125-1_2"},{"key":"27_CR10","doi-asserted-by":"publisher","first-page":"335","DOI":"10.3233\/JCS-17984","volume":"26","author":"S Bischof","year":"2018","unstructured":"Bischof, S., Breitner, J., Graf, J., Hecker, M., Mohr, M., Snelting, G.: Low-deterministic security for low-deterministic programs. J. Comput. Secur. 26, 335\u2013336 (2018)","journal-title":"J. Comput. Secur."},{"key":"27_CR11","doi-asserted-by":"crossref","unstructured":"Blackburn, S.M., et al.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006, pp. 169\u2013190 (2006)","DOI":"10.1145\/1167473.1167488"},{"key":"27_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-662-49635-0_4","volume-title":"Principles of Security and Trust","author":"J Breitner","year":"2016","unstructured":"Breitner, J., Graf, J., Hecker, M., Mohr, M., Snelting, G.: On improvements of low-deterministic security. In: Piessens, F., Vigan\u00f2, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 68\u201388. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49635-0_4"},{"key":"27_CR13","doi-asserted-by":"crossref","unstructured":"Bull, J.M., Smith, L.A., Westhead, M.D., Henty, D.S., Davey, R.A.: A benchmark suite for high performance Java. In: JAVA 1999, pp. 81\u201388 (1999)","DOI":"10.1145\/304065.304103"},{"key":"27_CR14","unstructured":"Cohen, E.S.: Information transmission in sequential programs. In: Foundations of Secure Computation, pp. 297\u2013335 (1978)"},{"key":"27_CR15","first-page":"207","volume":"9","author":"DR Cok","year":"2016","unstructured":"Cok, D.R., D\u00e9harbe, D., Weber, T.: The 2014 SMT competition. J. Satisf. Boolean Model. Comput. 9, 207\u2013242 (2016)","journal-title":"J. Satisf. Boolean Model. Comput."},{"key":"27_CR16","unstructured":"S. P. E. Corporation. Spec CPU Benchmarks. https:\/\/www.spec.org\/benchmarks.html#cpu . Accessed Apr 8 Aug 2018"},{"issue":"5","key":"27_CR17","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1145\/360051.360056","volume":"19","author":"DE Denning","year":"1976","unstructured":"Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236\u2013243 (1976)","journal-title":"Commun. ACM"},{"key":"27_CR18","doi-asserted-by":"crossref","unstructured":"Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: SOSP 1977, pp. 57\u201365 (1977)","DOI":"10.1145\/800214.806547"},{"key":"27_CR19","unstructured":"Fritz, C., Arzt, S., Rasthofer, S.: DroidBench 2.0. https:\/\/github.com\/secure-software-engineering\/DroidBench . Accessed 8 Aug 2018"},{"key":"27_CR20","doi-asserted-by":"crossref","unstructured":"Goguen, J.A., Meseguer, J.: Security policies and security models. In: S&P 1982, pp. 11\u201320 (1982)","DOI":"10.1109\/SP.1982.10014"},{"key":"27_CR21","unstructured":"Graf, J., Hecker, M., Mohr, M.: Using JOANA for information flow control in Java programs - a practical guide. In: ATPS 2013, pp. 123\u2013138 (2013)"},{"issue":"6","key":"27_CR22","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/s10207-009-0086-1","volume":"8","author":"C Hammer","year":"2009","unstructured":"Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8(6), 399\u2013422 (2009)","journal-title":"Int. J. Inf. Secur."},{"key":"27_CR23","doi-asserted-by":"crossref","unstructured":"Hara, Y., Tomiyama, H., Honda, S., Takada, H., Ishii, K.: CHStone: a benchmark program suite for practical C-based high-level synthesis. In: ISCAS 2008, pp. 1192\u20131195 (2008)","DOI":"10.1109\/ISCAS.2008.4541637"},{"issue":"7","key":"27_CR24","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/2.869367","volume":"33","author":"JL Henning","year":"2000","unstructured":"Henning, J.L.: SPEC CPU2000: measuring CPU performance in the New Millennium. Computer 33(7), 28\u201335 (2000)","journal-title":"Computer"},{"key":"27_CR25","unstructured":"Hoos, H.H., St\u00fctzle, T.: SATLIB: an online resource for research on SAT. In: Sat 2000: highlights of satisfiability research in the year 2000, pp. 283\u2013292 (2000)"},{"key":"27_CR26","doi-asserted-by":"crossref","unstructured":"Ku, K., Hart, T.E., Chechik, M., Lie, D.: A buffer overflow benchmark for software model checkers. In: ASE 2007, pp. 389\u2013392 (2007)","DOI":"10.1145\/1321631.1321691"},{"key":"27_CR27","doi-asserted-by":"crossref","unstructured":"Lortz, S., Mantel, H., Starostin, A., B\u00e4hr, T., Schneider, D., Weber, A.: Cassandra: towards a certifying app store for Android. In: SPSM 2014, pp. 93\u2013104 (2014)","DOI":"10.1145\/2666620.2666631"},{"key":"27_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-04444-1_5","volume-title":"Computer Security \u2013 ESORICS 2009","author":"A Lux","year":"2009","unstructured":"Lux, A., Mantel, H.: Declassification with explicit reference points. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 69\u201385. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04444-1_5"},{"key":"27_CR29","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-01465-9_3","volume-title":"Formal Aspects in Security and Trust","author":"Alexander Lux","year":"2009","unstructured":"Lux, A., Mantel, H.: Who can declassify? In: FAST 2009, pp. 35\u201349 (2009)"},{"key":"27_CR30","doi-asserted-by":"crossref","unstructured":"Mantel, H.: Information flow and noninterference. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn., pp. 605\u2013607. Springer, New York (2011)","DOI":"10.1007\/978-1-4419-5906-5_874"},{"key":"27_CR31","doi-asserted-by":"crossref","unstructured":"Millen, J.K.: Information flow analysis of formal specifications. In: S&P 1981, pp. 3\u20138 (1981)","DOI":"10.1109\/SP.1981.10008"},{"key":"27_CR32","unstructured":"Mohr, M., Graf, J., Hecker, M.: JoDroid: adding android support to a static information flow control tool. In: SE 2015, pp. 140\u2013145 (2015)"},{"key":"27_CR33","doi-asserted-by":"crossref","unstructured":"Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: CSFW 2004, pp. 172\u2013186 (2004)","DOI":"10.1109\/CSFW.2004.1310740"},{"key":"27_CR34","unstructured":"Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif 3.0: Java Information Flow. http:\/\/www.cs.cornell.edu\/jif . Accessed 8 Aug 2018"},{"key":"27_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-540-73370-6_17","volume-title":"Model Checking Software","author":"R Pel\u00e1nek","year":"2007","unstructured":"Pel\u00e1nek, R.: BEEM: benchmarks for explicit model checkers. In: Bo\u0161na\u010dki, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 263\u2013267. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73370-6_17"},{"key":"27_CR36","doi-asserted-by":"crossref","unstructured":"Rushby, J.M.: Design and verification of secure systems. In: Proceedings of the Eighth ACM Symposium on Operating System Principles, pp. 12\u201321 (1981)","DOI":"10.1145\/800216.806586"},{"key":"27_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/978-3-540-37621-7_9","volume-title":"Software Security - Theories and Systems","author":"A Sabelfeld","year":"2004","unstructured":"Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174\u2013191. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-37621-7_9"},{"key":"27_CR38","doi-asserted-by":"crossref","unstructured":"Sim, S.E., Easterbrook, S., Holt, R.C.: Using benchmarking to advance research: a challenge to software engineering. In: ICSE 2003, pp. 74\u201383 (2003)","DOI":"10.1109\/ICSE.2003.1201189"},{"key":"27_CR39","doi-asserted-by":"crossref","unstructured":"Smith, L.A., Bull, J.M., Obdrizalek, J.: A parallel Java grande benchmark suite. In: SC 2001, p. 8 (2001)","DOI":"10.1145\/582034.582042"},{"key":"27_CR40","unstructured":"Stanford SecuriBench. http:\/\/suif.stanford.edu\/~livshits\/work\/securibench\/intro.html . Accessed 8 Aug 2018"},{"key":"27_CR41","unstructured":"SecuriBench Micro. https:\/\/github.com\/too4words\/securibench-micro . Accessed 8 Aug 2018"},{"issue":"4","key":"27_CR42","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/s10817-009-9143-8","volume":"43","author":"G Sutcliffe","year":"2009","unstructured":"Sutcliffe, G.: The TPTP problem library and associated infrastructure. J. Autom. Reason. 43(4), 337\u2013361 (2009)","journal-title":"J. Autom. Reason."},{"key":"27_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/11814771_7","volume-title":"Automated Reasoning","author":"G Sutcliffe","year":"2006","unstructured":"Sutcliffe, G., Schulz, S., Claessen, K., Van Gelder, A.: Using the TPTP language for writing derivations and finite interpretations. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS, vol. 4130, pp. 67\u201381. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11814771_7"},{"key":"27_CR44","unstructured":"Wasserrab, D., Lohner, D.: Proving information flow noninterference by reusing a machine-checked correctness proof for slicing. In: VERIFY 2010"},{"key":"27_CR45","doi-asserted-by":"crossref","unstructured":"Zanioli, M., Ferrara, P., Cortesi, A.: SAILS: static analysis of information leakage with sample. In: SAC 2012, pp. 1308\u20131313 (2012)","DOI":"10.1145\/2245276.2231983"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-03638-6_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T22:48:54Z","timestamp":1775256534000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-03638-6_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030036379","9783030036386"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-03638-6_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securitylab.no\/nordsec18\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"81","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}