Home · Topics · Link Farm
Picture of
            Stephan Neuhaus


I work in computer security, using experimental methods to analyze security incidents and analyzing version archives to find and predict vulnerabilities.


Stephan Neuhaus
Lehrstuhl Prof. Zeller
Gebäude E1.3
Postfach 15 11 50
66041 Saarbrücken
Phone: +49 681 302-64018
Fax: +49 681 302-64012
Office: Building E1.3, Room 302


Working in computer security is working at the limits of computer science. Blackhats, unlike ordinary users, are constantly and actively seeking to undermine the assumptions that we make when we design or deploy systems, and are actively trying to provoke bugs. I am fascinated by the possibilities of experimental incident analysis, because it seems to be one way of analyzing and predicting the behaviour of complex systems of programs. I have recently also started to work on statistical software vulnerability analysis and prediction.

Experimental incident analysis is still a new field. The basic assumption is that software systems today are now so complex that their behaviour cannot be analyzed or predicted from first principles any more. Instead we use experimental techniques borrowed from the natural sciences in order to find out causes of break-ins. These experiments are not designed, carried out or evaluated manually (as would be common practice today), but rather automatically. The ongoing work on this topic is a project called Malfor.

Statistical software vulnerability analysis and prediction is the art of looking at version archives to analyze software for vulnerabilities and to predict which components are likely to have more (as yet undetected) vulnerabilities. The project name for this work is Vulture; it has resulted in a paper that has been accepted for publication at ACM CCS 2007. Vulture's main result is that it is possible to predict which components will have more vulnerabilities than others: We correctly identify two thirds of all vulnerable components and about half of our predictions identify components that have had past vulnerabilities. We can also predict the ranking of components: the top 30 predicted vulnerable components contain on average 85% of the vulnerabilities of the real to 30 vulnerable components. That means that if you fix the top 30 predicted components, you will have fixed 85% of all vulnerabilities that you could have fixed at all.





International University in Bruchsal

Projects and Theses

If you find the topics on this page interesting and if you want to work with me, doing a thesis or a lab, mail me or pay me a visit in my office in E1.3/302.

Take a look at the Thesis Checklist.

About Me

Take a look at my CV.

I play the guitar.

My Erdös Number is 6.

Look at my (regularly updated) reading list.

Valid XHTML 1.0 Strict Valid CSS!