Software manufacturer awards „Collaborative Research Award” again to the german research institute

Oracle honors IT security research at Fraunhofer IEM

Press Release /

From Paderborn to Silicon Valley: Detecting security vulnerabilities in software programs way before they cause damage. The Fraunhofer Institute for Mechatronic Systems Design IEM researches methods to detect and correct software vulnerabilities early in the software development process. The institute’s scientists work together with Oracle, one of the world's largest software manufacturers located in Silicon Valley. This is the second time that extensive funding, the "Oracle Collaborative Research Award", has been awarded to the Paderborn research institute.

Johannes Späth and Dr. Claudia Priesterjahn at Fraunhofer IEM are developing tools with Oracle that systematically find software errors.
© Fraunhofer IEM
Johannes Späth and Dr. Claudia Priesterjahn at Fraunhofer IEM are developing tools with Oracle that systematically find software errors.
© Fraunhofer IEM

Nowadays, software is protected against attacks and hackers with various techniques, such as complex encryption methods. With regard to the increasing networking of private devices as well as industrial machines, IT security is an essential aspect of every engineering project. In spite of that, even experienced engineers reach their limits when it comes to secure programming of software and its subsequent implementation. Studies reveal that correct and secure software implementation is not a matter of course. A major current problem here is the insecure use of cryptography. Recent studies also reveal that, for example, the vast majority of smartphone applications use cryptographic functions in an insecure manner.

“Grammar check“ for software

In order to support software engineers in the secure implementation of programs, Fraunhofer IEM is working on analysis tools that directly detect incorrect implementation. Similar to spelling and grammar checks in word processing programs, the software developer receives hints to vulnerable code. The analysis tools provide direct and precise feedback, ensuring, for example, the correct use of encryption algorithms in the software. "This way we detect software vulnerabilities long before they can cause damage. Companies benefit from faster and more efficient development and can offer their customers secure products from the very first version.", states senior expert Dr. Claudia Priesterjahn, explaining the method called Static Code Analysis.

Fraunhofer IEM's work is currently being applied in a concrete project with Oracle. Focal point is the security of the Java Runtime Library developed by Oracle, which is installed on several billion devices worldwide. In order to eliminate vulnerabilities from the Java Runtime, researchers are redesigning parts of the software architecture. With the help of the "grammar check", they then identify vulnerabilities here as well and develop automatic analyses that reveal other similar vulnerabilities. This way, they minimize the probability of attacks on this widely used software.

Fraunhofer IEM wins Oracle Collaborative Research Award a second time

The software and hardware manufacturer Oracle, based in the Silicon Valley, is supporting the work of Fraunhofer IEM since mid-2017. Now the scientists receive a second of the prestigious Oracle Collaborative Research Awards, again endowed with 100,000 US dollars. “Oracle allows us applied research and deep insights into the software development processes of a global player. It is a rewarding experience for us to work on the security of the Java Runtime. Millions of users will benefit from our results.", says Prof. Eric Bodden, Director of Software Engineering at Fraunhofer IEM and head of the Software Engineering Chair at the Heinz Nixdorf Institute of the University of Paderborn.

Static Code Analyse at Fraunhofer IEM

Fraunhofer IEM supports companies with the following services:

  • Protection of IT systems against cyber attacks
  • Support for adequate encryption methods
  • Tools for software developers to verify secure software implementations
  • Customized secure software solutions

Find further information on static code analysis: