member image

I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. With my group, we research on multiple aspects of the security of modern web applications.

Areas of interest:

  • Web security
  • Security testing
  • Automated vulnerability analysis

We are hiring!

PhD student positions

Looking for PhD students to work on:

  • Security testing for web vulnerability detection and analysis
  • Machine learning and artificial intelligence for security testing

Instructions to apply are here.

Research

Current interests

Vulnerability Detection and Analysis:

  • Web application scanners (Black Widow [IEEE SP 2021], jAEk [RAID 2015])
  • Server-side requests [NDSS 2020, RAID 2016]
  • Backdoors and hidden features [IEEE SP 2020]
  • Web API security [NDSS 2019]
  • Cross-site request forgery (JAW [Usenix 2021], Deemon [ACM CSS 2017])
  • Logic vulnerabilities [NDSS 2014]

Web Platform Security:

  • Web enclaves and trusted user I/O path (Fidelius [IEEE SP 2019])
  • Internet core services security (Who controls the Internet [WWW 2017], the great cannon [WOOT 2015])

Security of ML-based Systems:

  • Attacking perceptual ad-blocking [CCS 2019]
  • Detection of adversarial physical attacks [IEEE DLS 2020]

Service

  • PC member at Usenix Security (2021, 2020, 2019), IEEE S&P (2021), ACM CCS (2021, 2020, 2018), IEEE EURO S&P (2020), ACM ASIA CCS (2021, 2020, 2019), ACSAC (2021, 2020, 2019, 2018, 2017), The Web Conference WWW (2021, 2020), DIMVA (2021, 2020), EuroSec (2021, 2020, 2019), ISC (2019), CARDS (2019), Usenix WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015), WTMC (2016), STAST (2014), NBiS (2014)
  • General co-chair for IEEE Euro S&P (2020)
  • Publication chair for DIMVA (2021)
  • PC co-chair for SECTEST2015
  • Usenix Security Invited Talks Committee (2019), Publicity chair for ACM CCS (2017)
  • Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)

Contact