From 48fbb1b0c4526d135584102e59d65a189c3612a9 Mon Sep 17 00:00:00 2001
From: "Achim D. Brucker" <adbrucker@0x5f.org>
Date: Thu, 28 Jul 2016 23:51:21 +0100
Subject: [PATCH] Added ESSoS 2016 publication.

---
 CITATION  | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md | 10 ++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 CITATION

diff --git a/CITATION b/CITATION
new file mode 100644
index 0000000..0c280c1
--- /dev/null
+++ b/CITATION
@@ -0,0 +1,56 @@
+To cite the analysis of hybrid Android Applications (e.g., using Cordova
+or SAP Kapsel), please use
+
+  Achim D. Brucker and Michael Herzberg. On the Static Analysis of
+  Hybrid Mobile Apps: A Report on the State of Apache Cordova
+  Nation. In International Symposium on Engineering Secure Software
+  and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
+  72-88, Springer-Verlag, 2016.  doi: :10.1007/978-3-319-30806-7_5
+
+A BibTeX entry for LaTeX users is
+
+@InCollection{	  brucker.ea:cordova-security:2016,
+  author	= {Achim D. Brucker and Michael Herzberg},
+  booktitle	= {International Symposium on Engineering Secure Software and
+		  Systems (ESSoS)},
+  language	= {USenglish},
+  editor	= {Juan Caballero and Eric Bodden},
+  publisher	= {Springer-Verlag},
+  pages		= {72--88},
+  talk		= {talk:brucker.ea:cordova-security:2016},
+  address	= {Heidelberg},
+  series	= {Lecture Notes in Computer Science},
+  number	= {9639},
+  title		= {On the Static Analysis of Hybrid Mobile Apps: A Report on
+		  the State of Apache Cordova Nation},
+  year		= {2016},
+  isbn		= {978-3-642-11746-6},
+  classification= {conference},
+  areas		= {security, software},
+  public	= {yes},
+  doi		= {10.1007/978-3-319-30806-7_5},
+  pdf		= {https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf},
+  abstract	= {Developing mobile applications is a challenging business:
+		  developers need to support multiple platforms and, at the
+		  same time, need to cope with limited resources, as the
+		  revenue generated by an average app is rather small. This
+		  results in an increasing use of cross-platform development
+		  frameworks that allow developing an app once and offering
+		  it on multiple mobile platforms such as Android, iOS, or
+		  Windows.
+		  
+		  Apache Cordova is a popular framework for developing
+		  multi-platform apps. Cordova combines HTML5 and JavaScript
+		  with native application code. Combining web and native
+		  technologies creates new security challenges as, e.g., an
+		  XSS attacker becomes more powerful.
+		  
+		  In this paper, we present a novel approach for statically
+		  analysing the foreign language calls. We evaluate our
+		  approach by analysing the top Cordova apps from Google
+		  Play. Moreover, we report on the current state of the
+		  overall quality and security of Cordova apps. },
+  keywords	= {static program analysis, static application security
+		  testing, Android, Cordova, hybrid mobile apps},
+  url		= {https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016}
+}
diff --git a/README.md b/README.md
index 77784b7..c21d02d 100644
--- a/README.md
+++ b/README.md
@@ -52,3 +52,13 @@ Main contact: [Achim D. Brucker](http://www.brucker.ch/)
 * Thomas Deuster
 * Michael Herzberg
 * Tim Herres
+
+### Publications
+* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
+  Hybrid Mobile Apps: A Report on the State of Apache Cordova
+  Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
+  In International Symposium on Engineering Secure Software
+  and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
+  72-88, Springer-Verlag, 2016.
+  https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
+  doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)