I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. Before that I was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. I got my PhD at Eurecom in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I was a researcher associate in the Security and Trust group at the SAP research labs.
Research
I research on multiple aspects of the security of modern application software, in particular on web-based application. While my core research goal is to advance the state of the art of automated vulnerability detection and analysis, I also study the security properties of emerging technologies/trends in application software.
Current interests:
-
Vulnerability Detection and Analysis:
- Web application scanners (jAEk [RAID 2015], Black Widow [IEEE SP 2021])
- Server-side requests [NDSS 2020, RAID 2016]
- Backdoors and hidden features [IEEE SP 2020]
- Web API security [NDSS 2019]
- Cross-site request forgery (Deemon [ACM CSS 2017])
- Logic vulnerabilities [NDSS 2014]
-
Web Platform Security:
- Web enclaves and trusted user I/O path (Fidelius [IEEE SP 2019])
- Internet core services security (Who controls the Internet [WWW 2017], the great cannon [WOOT 2015])
-
Security of Deep Learning Systems:
- Attacking perceptual ad-blocking [CCS'19]
- Detection of adversarial physical attacks [Arxiv'18]
Services
- PC member at Usenix Security (2021, 2020, 2019), IEEE S&P (2021), ACM CCS (2021, 2020, 2018), IEEE EURO S&P (2020), ACM ASIA CCS (2021, 2020, 2019), ACSAC (2020, 2019, 2018, 2017), The Web Conference WWW (2021, 2020), DIMVA (2021, 2020), EuroSec (2021, 2020, 2019), ISC (2019), CARDS (2019), Usenix WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015), WTMC (2016), STAST (2014), NBiS (2014)
- General co-chair for IEEE Euro S&P (2020)
- Publication chair for EuroSec (2021)
- PC co-chair for SECTEST2015
- Usenix Security Invited Talks Committee (2019), Publicity chair for ACM CCS (2017)
- Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)