Research Assistant


After working on Android application analysis during the SCG seminar and master’s thesis, I now continue to contribute within this field during my PhD research.

My interest includes large Android app collections that are mined for security issues. These issues are evaluated based on different feature sets and thus contain a valuable source for later software assessments.

Supervisors: Dr. Mohammad Ghafari, Prof. Dr. Oscar Nierstrasz

Project Proposals

Seminar

• Individual projects available on request

BSc

• Individual projects available on request

MSc

• Individual projects available on request

Previous Proposals

• MSc: Android: Improvement of Security Smell detections and evaluation on practitioners
• MSc: String with Behavior
• MSc: Predicting insecure code in answers of Q&A web sites
• MSc: Real time classification of, and adaptation to programmer tasks in IDEs
• MSc: Android: Targeted attacks supported by recovered data structures of web API’s
• MSc: Android: Scrutinizing web APIs used in mobile apps

• BSc: Interactive visualizations for debugging
• BSc: Investigating password policies of web services
• BSc: Learning from nature: How nature resolves security issues
• BSc: Dynamic Phishing
• BSc: The life of a bug report
• BSc: Migration from insecure to secure API uses

• Seminar: Exploring Platform Independent Code Linting
• Seminar: Phishing: Improving dynamic phishing
• Seminar: Android: HTTPS to HTTP downgrade
• Seminar: Android: Investigating the quantity and quality of localizations
• Seminar: Android: Understanding the use of code comments
• Seminar: Android: Investigation of apps’ AIDL use
• Seminar: Android: Investigating password policies found in Android apps
• Seminar: Android: Bypassing HTTPS certificate pinning
• Seminar: Purpose of different programming languages in Android projects
• Seminar: Privacy concerns in public web APIs
• Seminar: Android Studio plug-in for code reviews

Contact

Publications

2021

1. Pascal Gadient, Marc-Andrea Tarnutzer, Oscar Nierstrasz, and Mohammad Ghafari. Security Smells Pervade Mobile App Servers. In ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), October 2021. DOI PDF →
2. Pascal Gadient, Pascal Gerig, Oscar Nierstrasz, and Mohammad Ghafari. Phish What You Wish. In 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS), December 2021. DOI PDF →
3. Pascal Gadient, Oscar Nierstrasz, and Mohammad Ghafari. Security Header Fields in HTTP Clients. In 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS), December 2021. DOI PDF →

2020

1. Pascal Gadient, Mohammad Ghafari, Marc-Andrea Tarnutzer, and Oscar Nierstrasz. Web APIs in Android through the Lens of Security. In 27th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 2020. DOI PDF →

2019

1. Pascal Gadient, Mohammad Ghafari, Patrick Frischknecht, and Oscar Nierstrasz. Security Code Smells in Android ICC. In Empirical Software Engineering 24 p. 3046—3076, 2019. DOI PDF →
2. Nitish Patkar, Pascal Gadient, Mohammad Ghafari, and Oscar Nierstrasz. Towards a Catalogue of Mobile Elicitation Techniques. In 25th International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ), 2019. DOI PDF →

2017

1. Pascal Gadient. Security in Android Applications. Masters thesis, University of Bern, August 2017. PDF →
2. Mohammad Ghafari, Pascal Gadient, and Oscar Nierstrasz. Security Smells in Android. In 17th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), p. 121-130, September 2017. DOI PDF →