List of publications on DBLP and Google Scholar.

Refereed Conference and Workshop Publications

[1] Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder. Checking Cryptographic API Usage with Composable Annotations. In ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM), 2018. To appear. PDF
@inproceedings{pepm18-security-annotations,
  author = {Duncan Mitchell and L. Thomas van Binsbergen and Blake Loring and Johannes Kinder},
  title = {Checking Cryptographic API Usage with Composable Annotations},
  booktitle = {ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM)},
  note = {To appear},
  year = 2018,
}
[2] Dusan Repel, Johannes Kinder, and Lorenzo Cavallaro. Modular Synthesis of Heap Exploits. In Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS), 2017. PDF
@inproceedings{plas17,
  author = {Dusan Repel and Johannes Kinder and Lorenzo Cavallaro},
  title = {Modular Synthesis of Heap Exploits},
  booktitle = {Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS)},
  year = 2017,
}
[3] James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder. POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection. In 11th USENIX Workshop on Offensive Technologies (WOOT), 2017. Best Paper Award. PDF
@inproceedings{woot17-potus,
  author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
  title = {{POTUS}: Probing Off-The-Shelf {USB} Drivers with Symbolic Fault
             Injection},
  booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT)},
  note = {Best Paper Award},
  year = 2017,
}
[4] Blake Loring, Duncan Mitchell, and Johannes Kinder. ExpoSE: Practical Symbolic Execution of Standalone JavaScript. In Proc. Int. SPIN Symp. Model Checking of Software (SPIN), pp. 196–199, ACM, 2017. PDF
@inproceedings{spin17-expose,
  author = {Blake Loring and Duncan Mitchell and Johannes Kinder},
  title = {{ExpoSE}: Practical Symbolic Execution of Standalone {JavaScript}},
  booktitle = {Proc. Int. SPIN Symp. Model Checking of Software (SPIN)},
  pages = {196-199},
  publisher = {ACM},
  year = 2017,
}
[5] Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proc. 7th ACM Conf. Data and Application Security and Privacy (CODASPY), pp. 309–320, ACM, 2017. PDF
@inproceedings{codaspy17-droidsieve,
  author = {Guillermo Suarez-Tangil and Santanu Kumar Dash and Mansour Ahmadi and Johannes Kinder and Giorgio Giacinto and Lorenzo Cavallaro},
  title = {{DroidSieve}: Fast and Accurate Classification of Obfuscated Android Malware},
  booktitle = {Proc. 7th ACM Conf. Data and Application Security
               and Privacy (CODASPY)},
  pages = {309-320},
  publisher = {ACM},
  year = 2017,
}
[6] Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. DroidScribe: Classifying Android Malware Based on Runtime Behavior. In Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST), pp. 252–261, 2016. PDF
@inproceedings{most16-droidscribe,
  author = {Santanu Kumar Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and
            Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro},
  title = {{DroidScribe}: Classifying Android Malware Based on Runtime Behavior},
  booktitle = {Proc. IEEE Symp. Security and Privacy Workshops (SPW), Mobile Security Technologies (MoST)},
  year = 2016,
  pages = {252-261},
}
[7] Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. High System-Code Security with Low Overhead. In Proc. IEEE Symp. Security and Privacy (S&P), pp. 866–879, IEEE, 2015. PDF
@inproceedings{oakland15,
  author = {Jonas Wagner and Volodymyr Kuznetsov and George Candea and Johannes Kinder},
  title = {High System-Code Security with Low Overhead},
  booktitle = {Proc. IEEE Symp. Security and Privacy (S\&P)},
  pages     = {866-879},
  publisher = {IEEE},
  year      = 2015,
}
[8] Johannes Kinder. Hypertesting: The Case for Automated Testing of Hyperproperties. In 3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot), pp. 1–8, 2015. PDF
@inproceedings{hotspot15,
  author    = {Johannes Kinder},
  title     = {Hypertesting: The Case for Automated Testing of Hyperproperties},
  booktitle = {3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot)},
  year      = 2015,
  pages     = {1-8},
}
[9] Stefan Bucur, Johannes Kinder, and George Candea. Prototyping Symbolic Execution Engines for Interpreted Languages. In Proc. 19th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 239–254, ACM, 2014. PDF
@inproceedings{asplos14,
  author    = {Stefan Bucur and
               Johannes Kinder and
               George Candea},
  title     = {Prototyping Symbolic Execution Engines for Interpreted Languages},
  booktitle = {Proc. 19th Int. Conf. Architectural Support for Programming 
               Languages and Operating Systems (ASPLOS)},
  pages     = {239-254},
  ee        = {http://doi.acm.org/10.1145/2541940.2541977},
  publisher = {ACM},
  year      = 2014,
}
[10] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient State Merging in Symbolic Execution (Extended Abstract). In Software Engineering 2014, Fachtagung des GI-Fachbereichs Softwaretechnik (SE), pp. 45–46, GI, 2014.
@inproceedings{se14,
  author    = {Volodymyr Kuznetsov and
               Johannes Kinder and
               Stefan Bucur and
               George Candea},
  title     = {Efficient State Merging in Symbolic Execution (Extended Abstract)},
  booktitle = {Software Engineering 2014, Fachtagung des GI-Fachbereichs
               Softwaretechnik (SE)},
  year      = {2014},
  pages     = {45-46},
  publisher = {GI},
  series    = {LNI},
  volume    = {227},
}
[11] Stefan Bucur, Johannes Kinder, and George Candea. Making Automated Testing of Cloud Applications an Integral Component of PaaS. In Proc. 4th Asia-Pacific Workshop on Systems (APSYS), pp. 18:1–18:7, ACM, 2013. PDF
@inproceedings{apsys13,
  author    = {Stefan Bucur and Johannes Kinder and George Candea},
  title     = {Making Automated Testing of Cloud Applications 
               an Integral Component of {PaaS}},
  booktitle = {Proc. 4th Asia-Pacific Workshop on Systems (APSYS)},
  publisher = {ACM},
  pages     = {18:1-18:7},
  ee        = {http://doi.acm.org/10.1145/2500727.2500730},
  year      = 2013,
}
[12] Cristian Zamfir, Baris Kasikci, Johannes Kinder, Edouard Bugnion, and George Candea. Automated Debugging for Arbitrarily Long Executions. In Proc. 14th Workshop on Hot Topics in Operating Systems (HotOS), USENIX, 2013. PDF
@inproceedings{hotos13,
  author     = {Cristian Zamfir and Baris Kasikci and Johannes Kinder and
                Edouard Bugnion and George Candea},
  title     = {Automated Debugging for Arbitrarily Long Executions},
  booktitle = {Proc. 14th Workshop on Hot Topics in Operating Systems
                  (HotOS)},
  publisher = {USENIX},
  ee        = {https://www.usenix.org/conference/hotos13/session/zamfir},
  year      = 2013,
}
[13] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Efficient state merging in symbolic execution. In Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI), pp. 193–204, ACM, 2012. PDF
@inproceedings{pldi12,
  author    = {Volodymyr Kuznetsov and
               Johannes Kinder and
               Stefan Bucur and
               George Candea},
  title     = {Efficient state merging in symbolic execution},
  pages     = {193-204},
  booktitle = {Proc. ACM SIGPLAN Conf. Programming Language Design and
               Implementation (PLDI)},
  publisher = {ACM},
  year      = 2012,
}
[14] Johannes Kinder. Towards Static Analysis of Virtualization-Obfuscated Binaries. In Proc. 19th Working Conf. Reverse Engineering (WCRE), pp. 61–70, IEEE, 2012. PDF
@inproceedings{wcre12,
  author    = {Johannes Kinder},
  title     = {Towards Static Analysis of Virtualization-Obfuscated Binaries},
  booktitle = {Proc. 19th Working Conf. Reverse Engineering (WCRE)},
  pages     = {61-70},
  publisher = {IEEE},
  year      = 2012,
} 
[15] Johannes Kinder and Dmitry Kravchenko. Alternating Control Flow Reconstruction. In Proc. 13th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 267–282, Springer, 2012. PDF
@inproceedings{vmcai12,
  author    = {Johannes Kinder and
               Dmitry Kravchenko},
  title     = {Alternating Control Flow Reconstruction},
  booktitle = {Proc. 13th Int. Conf. Verification,
               Model Checking, and Abstract Interpretation (VMCAI)},
  series    = {LNCS},
  volume    = {7148},
  publisher = {Springer},
  pages     = {267-282},
  year      = 2012,
}
[16] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. In 26th IEEE/ACM Int. Conf. Automated Software Engineering (ASE), pp. 113–122, IEEE, 2011. PDF
@inproceedings{ase11,
  author    = {P{\'e}ter Bokor and
               Johannes Kinder and
               Marco Serafini and
               Neeraj Suri},
  title     = {Supporting domain-specific state space reductions through
               local partial-order reduction},
  pages     = {113-122},
  booktitle = {26th IEEE/ACM Int. Conf. Automated Software
               Engineering (ASE)},
  publisher = {IEEE},
  year      = 2011,
}
[17] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. In Proc. 2011 IEEE/IFIP Int. Conf. Dependable Systems and Networks (DSN), pp. 73–84, IEEE, 2011. PDF
@inproceedings{dsn11,
  author    = {P{\'e}ter Bokor and
               Johannes Kinder and
               Marco Serafini and
               Neeraj Suri},
  title     = {Efficient model checking of fault-tolerant distributed protocols},
  pages     = {73-84},
  booktitle = {Proc. 2011 IEEE/IFIP Int. Conf. Dependable Systems and 
               Networks (DSN)},
  publisher = {IEEE},
  year      = 2011,
}
[18] Johannes Kinder and Helmut Veith. Precise Static Analysis of Untrusted Driver Binaries. In Proc. 10th Int. Conf. Formal Methods in Computer-Aided Design (FMCAD), pp. 43–50, 2010. PDF
@inproceedings{fmcad10,
  author    = {Johannes Kinder and Helmut Veith},
  title     = {Precise Static Analysis of Untrusted Driver Binaries},
  booktitle = {Proc. 10th Int. Conf. Formal Methods in Computer-Aided 
               Design (FMCAD)},
  pages     = {43-50},
  year      = 2010,
}
[19] Patrice Godefroid and Johannes Kinder. Proving memory safety of floating-point computations by combining static and dynamic program analysis. In Proc. 19th Int. Symp. Software Testing and Analysis (ISSTA), pp. 1–12, ACM, 2010. PDF
@inproceedings{issta10,
  author    = {Patrice Godefroid and
               Johannes Kinder},
  title     = {Proving memory safety of floating-point computations by
               combining static and dynamic program analysis},
  pages     = {1-12},
  ee        = {http://doi.acm.org/10.1145/1831708.1831710},
  booktitle = {Proc. 19th Int. Symp. Software Testing and 
               Analysis (ISSTA)},
  publisher = {ACM},
  year      = 2010,
}
[20] Johannes Kinder, Helmut Veith, and Florian Zuleger. An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries. In Proc. 10th Int. Conf. Verification, Model Checking, and Abstract Interpretation (VMCAI), pp. 214–228, Springer, 2009. PDF
@inproceedings{vmcai09,
  author    = {Johannes Kinder and Helmut Veith and Florian Zuleger},
  title     = {An Abstract Interpretation-Based Framework for Control Flow 
               Reconstruction from Binaries},
  booktitle = {Proc. 10th Int. Conf. Verification,
               Model Checking, and Abstract Interpretation (VMCAI)},
  pages     = {214-228},
  series    = {LNCS},
  volume    = {5403},
  publisher = {Springer},
  year      = 2009,
}
[21] Johannes Kinder and Helmut Veith. Jakstab: A Static Analysis Platform for Binaries. In Proc. 20th Int. Conf. Computer Aided Verification (CAV), pp. 423–427, Springer, 2008. PDF
@inproceedings{cav08,
  author    = {Johannes Kinder and Helmut Veith},
  title     = {Jakstab: A Static Analysis Platform for Binaries},
  year      = 2008,
  booktitleshort = {CAV},
  booktitle = {Proc. 20th Int. Conf. Computer Aided Verification (CAV)},
  pages     = {423--427},
  publisher = {Springer},
  series    = {LNCS},
  volume    = {5123},
}
[22] Andreas Holzer, Johannes Kinder, and Helmut Veith. Using Verification Technology to Specify and Detect Malware. In Proc. 11th Int. Conf. Computer Aided Systems Theory (EUROCAST), pp. 497–504, Springer, 2007. PDF
@inproceedings{eurocast07,
  author    = {Andreas Holzer and Johannes Kinder and Helmut Veith},
  title     = {Using Verification Technology to Specify and Detect Malware},
  year      = 2007,
  booktitle = {Proc. 11th Int. Conf. Computer Aided Systems Theory (EUROCAST)},
  pages     = {497--504},
  publisher = {Springer},
  series    = {LNCS},
  volume    = {4739},
}
[23] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Detecting Malicious Code by Model Checking. In Second Int. Conf. Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), pp. 174–187, Springer, 2005. PDF
@inproceedings{dimva05,
  author        = {Johannes Kinder and Stefan Katzenbeisser and
                   Christian Schallhart and Helmut Veith},
  title		= {Detecting Malicious Code by Model Checking},
  booktitle	= {Second Int. Conf. Detection of Intrusions and
                   Malware \& Vulnerability Assessment (DIMVA)},
  year		= 2005,
  pages		= {174--187},
  volume	= {3548},
  series	= {LNCS},
  publisher	= {Springer},
}

Journal Articles

[24] Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? ACM Computing Surveys, 49(1):April 2016. PDF
@article{csur16-obfuscation,
  author = {Sebastian Schrittwieser and Stefan Katzenbeisser and Johannes Kinder and Georg Merzdovnik and Edgar Weippl},
  title = {Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?},
  journal = {ACM Computing Surveys},
  volume = {49},
  number = {1},
  year = 2016,
  month = apr,
}
[25] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Proactive Detection of Computer Worms Using Model Checking. IEEE Trans. Dependable Sec. Comput., 7(4):424–438, October 2010. PDF
@article{tdsc10,
  author    = {Johannes Kinder and Stefan Katzenbeisser and 
               Christian Schallhart and Helmut Veith},
  title     = {Proactive Detection of Computer Worms Using Model Checking},
  journal   = {IEEE Trans. Dependable Sec. Comput.},
  volume    = {7},
  number    = {4},
  pages     = {424-438},
  month     = oct,
  year      = 2010,
}
[26] Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, and Helmut Veith. Software transformations to improve malware detection. J. Comput. Virol., 3(4):253–265, November 2007. PDF
@article{jicv07,
  author    = {Mihai Christodorescu and
               Somesh Jha and
               Johannes Kinder and
               Stefan Katzenbeisser and
               Helmut Veith},
  title     = {Software transformations to improve malware detection},
  journal   = {J. Comput. Virol.},
  volume    = {3},
  number    = {4},
  year      = 2007,
  month     = nov,
  pages     = {253-265},
  ee        = {http://dx.doi.org/10.1007/s11416-007-0059-8},
}

Encyclopedia Articles

[27] Stefan Katzenbeisser, Johannes Kinder, and Helmut Veith. Malware Detection. In Henk C. A. van Tilborg and Sushil Jajodia, eds., Encyclopedia of Cryptography and Security (2nd Ed.), pp. 752–755, Springer, 2011.
@incollection{cryptosec11,
  author    = {Stefan Katzenbeisser and
               Johannes Kinder and
               Helmut Veith},
  title     = {Malware Detection},
  booktitle = {Encyclopedia of Cryptography and Security (2nd Ed.)},
  pages     = {752-755},
  editor    = {Henk C. A. van Tilborg and
               Sushil Jajodia},
  publisher = {Springer},
  year      = 2011,
}

Patents

[28] Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, and George Candea. Advantageous State Merging During Symbolic Analysis. Pat. US 9, 141, 354 B2, September 2015. Issued.
@patent{statemerging-patent,
  author   = {Volodymyr Kuznetsov and
              Johannes Kinder and
              Stefan Bucur and
              George Candea},
  title    = {Advantageous State Merging During Symbolic Analysis},
  number   = {US 9,141,354 B2},
  pubstate = {Issued},
  month    = sep,
  year     = 2015,
}
[29] Patrice Godefroid and Johannes Kinder. Memory Safety of Floating-Point Computations. Pat. US 8, 782, 625 B2, July 2014. Issued.
@patent{fpsafety-patent,
  author =   {Patrice Godefroid and Johannes Kinder},
  title  =   {Memory Safety of Floating-Point Computations},
  number =   {US 8,782,625 B2},
  pubstate = {Issued},
  month = jul,
  year   =   2014,
}
[30] Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. System for Malware Normalization and Detection. Pat. US 2010/0011441 A1, January 2010. Published.
@patent{malwarenorm-patent,
  author =   {Mihai Christodorescu and Johannes Kinder and Somesh Jha and Stefan Katzenbeisser and Helmut Veith},
  title  =   {System for Malware Normalization and Detection},
  year   =   2010,
  number =   {US 2010/0011441 A1},
  pubstate = {Published},
  month = jan,
}

Posters

[31] Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Barometer: Sizing Up Android Applications Through Statistical Evaluation. In 37th IEEE Symp. Security and Privacy (S&P), May 2016. Poster.
@conference{sp16poster,
  author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
  title = {Barometer: Sizing Up {Android} Applications Through Statistical Evaluation},
  booktitle = {37th IEEE Symp. Security and Privacy (S\&P)},
  note      = {Poster},
  month     = may,
  year      = 2016,
} 
[32] Santanu Kumar Dash, Kimberly Tam, Johannes Kinder, and Lorenzo Cavallaro. Set-based Classification of Android Malware from Behavioral Abstractions. In 24th USENIX Security Symp. (USENIX Security), August 2015. Poster.
@conference{usenix15poster,
  author = {Santanu Kumar Dash and Kimberly Tam and Johannes Kinder and Lorenzo Cavallaro},
  title = {Set-based Classification of Android Malware from Behavioral Abstractions},
  booktitle = {24th USENIX Security Symp. (USENIX Security)},
  note      = {Poster},
  month     = aug,
  year      = 2015,
} 
[33] Jonas Wagner, Volodymyr Kuznetsov, Johannes Kinder, Azqa Nadeem, and George Candea. ASAP: High Security at Low Overhead. In 11th USENIX Symp. Operating Systems Design and Implementation (OSDI), October 2014. Poster.
@conference{osdi14poster,
  author    = {Jonas Wagner and Volodymyr Kuznetsov and Johannes Kinder and Azqa
                  Nadeem and George Candea},
  title     = {ASAP: High Security at Low Overhead},
  booktitle = {11th USENIX Symp. Operating Systems Design and Implementation (OSDI)},
  note      = {Poster},
  month     = oct,
  year      = 2014,
} 
[34] Stefan Bucur, Johannes Kinder, and George Candea. C3A: Client/Server Co-Verification for Cloud Applications. In 10th USENIX Symp. Operating Systems Design and Implementation (OSDI), October 2012. Poster.
@conference{osdi12poster,
  author    = {Stefan Bucur and Johannes Kinder and George Candea},
  title     = {C3A: Client/Server Co-Verification for Cloud Applications},
  booktitle = {10th USENIX Symp. Operating Systems Design and Implementation (OSDI)},
  note      = {Poster},
  month     = oct,
  year      = 2012,
} 

Theses

[35] Johannes Kinder. Static analysis of x86 executables. Ph.D. Thesis, Technische Universität Darmstadt, 2010. PDF
@phdthesis{phdthesis,
  author    = {Johannes Kinder},
  title     = {Static analysis of x86 executables},
  school    = {Technische Universit{\"a}t Darmstadt},
  year      = 2010,
}
[36] Johannes Kinder. Model Checking Malicious Code. M.Sc. Thesis, Technische Universität München, 2005. PDF
@thesis{da-kinder,
  author = {Johannes Kinder},
  title  = {Model Checking Malicious Code},
  type   = {MSc thesis},
  school = {Technische Universit{\"a}t M{\"u}nchen},
  year   = 2005,
}

Technical Reports

[37] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Supporting domain-specific state space reductions through local partial-order reduction. Tech. rep. TR-TUD-DEEDS-07-01-2011, Technische Universität Darmstadt, 2011.
@techreport{lpor-tr,
  author      = {P{\'e}ter Bokor and
                Johannes Kinder and
                Marco Serafini and
                Neeraj Suri},
  title       = {Supporting domain-specific state space reductions through
                local partial-order reduction},
  institution = {Technische Universit{\"a}t Darmstadt},
  number      = {TR-TUD-DEEDS-07-01-2011},
  year        = 2011,
}
[38] Péter Bokor, Johannes Kinder, Marco Serafini, and Neeraj Suri. Efficient model checking of fault-tolerant distributed protocols. Tech. rep. TR-TUD-DEEDS-01-01-2011, Technische Universität Darmstadt, 2011.
@techreport{mpbasset-tr,
  author      = {P{\'e}ter Bokor and
                 Johannes Kinder and
                 Marco Serafini and
                 Neeraj Suri},
  title       = {Efficient model checking of fault-tolerant distributed protocols},
  institution = {Technische Universit{\"a}t Darmstadt},
  number      = {TR-TUD-DEEDS-01-01-2011},
  year        = 2011,
}
[39] Patrice Godefroid and Johannes Kinder. Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis. Tech. rep. MSR-TR-2009-167, Microsoft Research, November 2009.
@techreport{fpsafety-tr,
  author =       {Patrice Godefroid and Johannes Kinder},
  title =        {Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis},
  institution =  {Microsoft Research},
  year =         2009,
  number =       {MSR-TR-2009-167},
  month =        nov,
}
[40] Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, and Helmut Veith. Malware Normalization. Tech. rep. 1539, University of Wisconsin, November 2005. PDF
@techreport{malwarenorm,
  author =       {Mihai Christodorescu and Johannes Kinder and Somesh Jha 
                  and Stefan Katzenbeisser and Helmut Veith},
  title =        {Malware Normalization},
  institution =  {University of Wisconsin},
  year =         2005,
  number =       1539,
  address =      {Madison, WI, USA},
  month =        nov,
}