Dr. Abhishek Tiwari is an Associate Professor in the Software Engineering section at the University of Southern Denmark. His research lies at the intersection of programming languages and software engineering, with a focus on static program analysis, language-based security, automated program repair, and software testing. He has developed innovative techniques for detecting and repairing security vulnerabilities in mobile and multilingual software systems, with his work published in premier venues such as FSE, ISSTA, FM, TOSEM, and ISSRE. Dr. Tiwari has participated in several DFG- and BMBF-funded research initiatives, and currently leads and co-leads funded project proposals under the DIREC and Digital Lead initiatives.
🐦 News
- 2026 — Paper on ranking plausible patches by historic feature frequencies accepted in the Journal of Systems and Software (JSS).
- 2026 — Invited to serve on the Program Committee of ICSE 2027.
- 2026 — Invited to serve on the Program Committee of ASE 2026.
- 2026 — Four papers accepted across various SANER 2026 tracks.
- 2025 — Our project Beyond Patching: Empowering organizations to stay ahead of software security threats has been funded by Digital Leads.
- 2025 — Our project Privacy in the Realm of Multilingual Programs: Security in Hybrid Apps has been funded by DIREC↗.
Selected Publications
- [ESEC/FSE] Zhen Dong, Abhishek Tiwari, Xiao Liang Yu, and Abhik Roychoudhury. Flaky Test Detection in Android via Event Order Exploration. ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2021. PDF
- [FM] Abhishek Tiwari, Jyoti Prakash, Zhen Dong, and Carlo A. Furia. Automated Repair of Information Flow Security in Android Implicit Inter-App Communication. 26th International Symposium on Formal Methods (FM), 2024. PDF
- [ISSTA] Xiaobao Cai, Zhen Dong, Yongjiang Wang, Abhishek Tiwari, and Xin Peng. Reproducing Timing-dependent GUI Flaky Tests in Android Apps via A Single Event Delay. 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2024. PDF
- [TOSEM] Andreea Costea, Abhishek Tiwari, Sigmund Chianasta, Kishore R, Abhik Roychoudhury, and Ilya Sergey. HIPPODROME: Data Race Repair using Static Analysis Summaries. ACM Transactions on Software Engineering and Methodology (TOSEM), 2023. PDF
- [SCP] Jyoti Prakash, Abhishek Tiwari, and Christian Hammer. Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based Programs. Science of Computer Programming, Elsevier, 2025. DOI
- [ISSRE] Abhishek Tiwari, Jyoti Prakash, and Christian Hammer. Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps. 34th International Symposium on Software Reliability Engineering (ISSRE), 2023. PDF
- [ESORICS] Sascha Groß, Abhishek Tiwari, and Christian Hammer. PIAnalyzer: A Precise Approach to PendingIntent Vulnerability Analysis. Computer Security – ESORICS 2018, LNCS 11099, Springer, 2018. PDF
Research
My research lies at the intersection of programming languages and software engineering, with a unifying goal of making software more dependable, private, and secure. The common thread is building automated analysis tools grounded in formal methods yet practical enough to operate on real-world codebases.
🔬 Static Analysis
My research in static analysis focuses on developing scalable techniques to detect bugs and vulnerabilities in software systems. My primary contributions include APR for data races, modular pointer analysis across language boundaries, and APR of security properties in Android and web applications.
- HIPPODROME: Data Race Repair using Static Analysis Summaries — TOSEM, 2023
- Effects of Program Representation on Pointer Analyses — FASE, 2021
- Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based Programs — Science of Computer Programming, 2025
🔒 Language-Based Security & Information Flow
Program analysis provides a rigorous foundation for enforcing security and privacy guarantees. This line of research targets information-flow control — ensuring that sensitive data cannot leak across component or privilege boundaries — with applications to mobile platforms and multilingual systems.
- Automated Repair of Information Flow Security in Android Implicit Inter-App Communication — FM, 2024
- Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps — ISSRE, 2023
- IIFA: Modular Inter-App Intent Information Flow Analysis of Android Applications — SecureComm, 2019
📱 Android Privacy & Security
Android applications are inherently heterogeneous, combining native code, inter-app communication channels, and hybrid web APIs. This work develops analyses to surface privacy violations, unsafe intent patterns, and data misuse at the scale of real app markets, aiming for tools that remain tractable on production codebases.
- Understanding the Impact of Fingerprinting in Android Hybrid Apps — MOBILESoft, 2023
- IWANDROID: Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps — ISSRE, 2023
- PIAnalyzer: Precise PendingIntent Vulnerability Analysis — ESORICS, 2018
🌐 Multilingual Program Analysis
Contemporary software systems increasingly span multiple programming languages and runtime environments. This research constructs unified abstract models of memory, pointers, and control flow that enable sound, modular reasoning across language boundaries and foreign-function interfaces, allowing heterogeneous codebases to be analysed as a single coherent system.
- Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based Programs — Science of Computer Programming, 2025
- Challenges of Multilingual Program Specification and Analysis — Lecture Notes / Symposium, 2024
- Demand-driven Information Flow Analysis of WebView in Android Hybrid Apps — ISSRE, 2023
🧪 Software Testing
Flaky tests quietly erode developer confidence and slow continuous-integration pipelines. This thread of work investigates timing-sensitive failures in GUI-driven mobile applications, developing techniques to reproduce and diagnose flaky behaviour through controlled event-order exploration and targeted event delays.
- Reproducing Timing-dependent GUI Flaky Tests in Android Apps via A Single Event Delay — ISSTA, 2024
- Flaky Test Detection in Android via Event Order Exploration — ESEC/FSE, 2021
Funded Projects
Privacy in the Realm of Multilingual Programs: Security in Hybrid Apps
Project ManagerObjectives
- Build a multilingual analysis tool for hybrid Android apps.
- Combine static and dynamic analysis to detect sensitive cross-language data flows.
- Identify privacy and security issues across native, JavaScript, and FFI boundaries.
- Validate the tool with the industrial partner AiroFit in real development workflows.
Programming Principles and Abstraction for Privacy
ParticipantObjectives
- Build programming language abstractions that allow developers to enforce privacy by design.
- Develop a system where app developers can structure code into modules with defined permissions.
SmartPriv
ParticipantObjectives
- Make the technical description of Android permissions clearer.
- Show how apps access and share personal information.
- Allow users to revoke or grant permissions at runtime while preserving app functionality.
SMAPPER
ParticipantObjectives
- Provide reliable third-party evaluation of mobile app security levels.
- Enable early detection of risky or unusual permissions before installation.
Publications
No publications match your search.
These publications collectively explore advanced topics in programming languages and software engineering, with a particular emphasis on static program analysis, information-flow security, automated program repair, and software testing. The works present novel techniques for detecting, diagnosing, and repairing software vulnerabilities and reliability issues in mobile, multilingual, and concurrent systems. Through the integration of language-aware analysis, demand-driven reasoning, and empirical validation, these studies contribute to improving the robustness, security, and maintainability of modern software systems.
2026
-
Ranking Plausible Patches by Historic Feature FrequenciesJournal of Systems and Software, Elsevier, 2026 (accepted)A technique for ranking plausible patches produced by automated program repair tools using feature similarity with historic programmer-written fixes.
-
Towards Analyzing N-language Polyglot ProgramsSANER 2026, Early Research Achievement TrackA research vision on the analysis of three-language (and beyond) polyglot syste.
-
A Measurement Study on the Adoption of Pledges and Unveils in the OpenBSD Operating SystemSANER 2026, Short Paper TrackA longitudinal empirical study of the adoption of pledge and unveil in OpenBSD, covering 19 releases.
-
Modular unification of unilingual pointer analyses to multilingual FFI-based programsSANER 2026, Journal First TrackIntroduces a unified pointer analysis approach across multilingual or FFI-based systems.
-
Empirical Derivations from an Evolving Test SuiteVST 2026, SANER 2026 WorkshopsA longitudinal empirical analysis of the NetBSD automated test suite, spanning from its early introduction to late 2025.
-
From Commits to Corrections: Toward Lightweight Mining of Python Bug-Fix Patterns from GitHub.ISEC 2026A lightweight pipeline for mining and analyzing GitHub repositories data containing Python code to infer semantic patterns between bug types and patch fixes.
2025
-
Modular unification of unilingual pointer analyses to multilingual FFI-based programsScience of Computer Programming, Elsevier, vol. 243, 2025Introduces a unified pointer analysis approach across multilingual or FFI-based systems.
-
Vulnerability Patching Across Software Products and Software Components: A Case Study of Red Hat's Product PortfolioarXiv:2509.13117, 2025Empirical case study on vulnerability patching across product portfolios.
-
Towards Systematic Specification and Verification of Fairness Requirements: A Position PaperIEEE REW 2025, pp. 405–411Position paper proposing systematic fairness specification and verification directions.
-
Empirical Derivations from an Evolving Test SuitearXiv:2511.00915, 2025Empirical analysis of trends from an evolving test suite.
2024
-
Challenges of Multilingual Program Specification and AnalysisISoLA 2024 (LNCS 15224), Springer, pp. 124–143Surveys the open challenges of specifying and analysing programs written in multiple languages, covering FFI boundaries and cross-language analysis.
-
Automated Repair of Information Flow Security in Android Implicit Inter-App CommunicationFM 2024 (LNCS 14933), Springer, pp. 285–303Automated repair techniques for information flow vulnerabilities in Android implicit inter-app communication.
-
Ranking Plausible Patches by Historic Feature FrequenciesarXiv:2407.17240, 2024Ranking plausible program patches using historical feature frequencies.
-
Reproducing Timing-Dependent GUI Flaky Tests in Android Apps via a Single Event DelayISSTA 2024, pp. 1504–1515Technique for reproducing timing-dependent GUI flaky tests using a single event delay.
2023
-
Hippodrome: Data Race Repair Using Static Analysis SummariesACM TOSEM, vol. 32, no. 2, pp. 41:1–41:33, 2023Data race repair approach employing static analysis summaries to propose fixes.
-
Demand-driven Information Flow Analysis of WebView in Android Hybrid AppsISSRE 2023, pp. 415–426Demand-driven information flow analysis tailored for WebView in hybrid Android apps.
-
IWANDROID: Demand-driven Information Flow Analysis of WebView in Android Hybrid AppsZenodo Artifact, 2023Artifact for demand-driven information flow analysis for WebView.
2021
-
Flaky Test Detection in Android via Event Order ExplorationESEC/FSE 2021, pp. 367–378Detection of flaky tests in Android via exploration of event order.
2020
-
A Large Scale Analysis of Android–Web HybridizationJournal of Systems and Software, Elsevier, vol. 170, 2020Large-scale analysis of Android–web hybridization in applications.
2019
-
Enhancing Users’ Privacy: Static Resolution of the Dynamic Properties of AndroidPhD Thesis, University of Potsdam, 2019, pp. 1–111Static techniques to reason about dynamic Android properties for privacy.
-
IIFA: Modular Inter-App Intent Information Flow Analysis of Android ApplicationsSecureComm 2019 (LNICST 305), Springer, pp. 335–349Modular inter-app intent information flow analysis for Android apps.
-
LUDroid: A Large Scale Analysis of Android – Web HybridizationSCAM 2019, pp. 256–267Large-scale static analysis of Android–web hybridization, examining how apps integrate web content via WebView and related APIs.
2018
-
PIAnalyzer: A Precise Approach to PendingIntent Vulnerability AnalysisESORICS 2018 (LNCS 11099), Springer, pp. 41–59PIAnalyzer: precise analysis for PendingIntent vulnerabilities.
-
A Formal Logic Framework for the Automation of the Right to Be ForgottenSecureComm 2018 (LNICST 254), Springer, pp. 95–111Formal logic framework for automating right-to-be-forgotten requirements.
2017
-
ThiefTrap: An Anti-theft Framework for AndroidSecureComm 2017 (LNICST 238), Springer, pp. 167–184Anti-theft framework design and evaluation for Android devices.
Teaching
Teaching Philosophy
My teaching philosophy is based on the experience that each class contains students with diverse backgrounds, prior knowledge, and unique ways of understanding the world. Over time, I have come to appreciate that students absorb knowledge differently; consequently, no single teaching approach fits all. Finding a balance between various teaching methods is essential to effectively transmit information to students. To find a better balance, my teaching philosophy includes getting to know students, learning by example, and active engagement with group work.
Teachers’ assumptions about students’ backgrounds can hinder the learning process, so I believe that getting to know each student is essential. I conduct a brief get-to-know-you survey at the beginning of the course. The survey asks students what they expect to learn, what they find particularly interesting, and what challenges they anticipate. This helps me assess their prior knowledge and expectations, allowing me to create a more inclusive and responsive learning environment from the outset.
Motivating a topic effectively ignites students’ zeal to learn. I try to include examples that students can relate to personally. For instance, in the summer semester of 2022, I taught the mobile security lecture, where I began with various malicious applications as examples. To my surprise, some students had these apps installed, and they were immediately engaged.
I always promote group work in my classroom. In a typical setting, students often focus solely on the lecturer with limited peer interaction, but peer-based learning is a vital matrix in computer science. It fosters teamwork and helps develop leadership skills—qualities that are highly valued in software industry careers. Since discussions with the lecturer are not always possible, group-based learning gives students the opportunity to share, explore, and debate ideas more frequently and freely.
Courses Taught
| Course | Role | Period | Institution | Students / Level |
|---|---|---|---|---|
| Engineering Research in Software | Supervisor & Coordinator | 2025 | University of Southern Denmark | 67 / Masters |
| Advanced Software Engineering Methodologies | Lecturer | Autumn 2024 | University of Southern Denmark | 148 / Masters |
| Programming Paradigms | Lecturer | Summer 2023 | University of Passau | 40 / Bachelor & Master |
| Automated Program Repair | Lecturer | Summer 2022 & 2023 | University of Passau | 25 & 13 / Masters |
| Mobile Security | Lecturer | Summer 2022 | University of Passau | 45 / Masters |
| Android Security | Lecturer / Teaching Assistant | Summer 2019 | University of Potsdam | 28 / Masters |
| Research Seminar in Software Engineering | Teaching Assistant | Summer 2018–19 | University of Potsdam | — |
| Secure Information Flow | Teaching Assistant | Winter 2018–19 | University of Potsdam | — |
Supervision
- Master’s projects — University of Southern Denmark (19 students).
- Bachelor’s theses — Università della Svizzera italiana (1 student).
- Master’s theses — University of Passau (5 students).
- Bachelor’s theses — University of Potsdam (4 students).
Pedagogical Training
- Lecture Training Program, University of Southern Denmark.
- PhD Supervision.
- Students as Learners.
- Research-based Teaching.
- Tools for e-learning activities in your teaching.
- Evaluation and data collection.
Academic Service
Program Committees
- ICSE 2027 — Research Track
- ASE 2026 — Research Track
- ISEC 2026 — Research Track
- ASE 2025 — Research Track
- ISEC 2025 — Research Track
- ICSE 2025 — SRC (ACM Student Research Competition)
- ASE 2024 — Research Track
- TACAS 2024 — AEC Track
- PLDI 2023 — AEC Track
- ISSTA 2023 — AEC Track
- VMCAI 2023 — AEC Track
- ISSTA 2022 — AEC Track
- SCAM 2021 — NIER Track
Other Conference Roles
- Social Media & Web Chair — ICSA 2025
- Social Media & Web Chair — FormaliSE 2024
Journal Reviewing
- Journal of Computer Security
- ACM Transactions on Software Engineering and Methodology (TOSEM)
- IEEE Transactions on Dependable and Secure Computing (TDSC)
- Empirical Software Engineering (EMSE)
Junior PCs & Reviewing Activities
- Junior PC — MSR 2023
- Sub-reviewer — ISSTA 2021
- Sub-reviewer — MSR 2020
- Shadow PC — IEEE Security & Privacy (S&P) 2021
Accreditation & Expert Panels
- Expert Panel Member for the reaccreditation of doctoral programs:
- University of Zagreb
- University of Zadar
Contact
- Email: abti@mmmi.sdu.dk
- LinkedIn: linkedin.com/in/abhishek-tiwari-secure
- DBLP: dblp.org/pid/91/1861-1
- Twitter / X: @mig40000
- Google Scholar: scholar.google.de/citations?user=TLSBnagAAAAJ