I am a visiting Assistant Professor at Stanford University and Research Group Leader at CISPA Helmholtz Center for IT Security. Before that I was postdoc in the System Security group at CISPA and during my doctoral studies I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I worked as researcher associate in the Security and Trust group at the SAP research labs.
I research on multiple aspects of the security of modern application software, in particular on web-based application.
While my core research goal is to advance the state of the art of automated vulnerability detection and analysis, I
also study the security properties of emerging technologies/trends in application software.
Vulnerability Detection and Analysis:
- Cross-site request forgery (Deemon [CSS'17])
- Logic vulnerabilities [NDSS'14]
- Server-side requests [RAID '16]
- Web API security (Data leak in ride-hailing services [NDSS'19])
Web Platform Security:
- Web enclaves and trusted user I/O path (Fidelius [IEEESSP'19])
- Internet core services security (Who controls the Internet [WWW'17], the great cannon [WOOT'15])
Deep Learning Systems Security:
- Attacking perceptual ad-blocking [Arxiv'18]
- Detection of adversarial physical attacks [Arxiv'18]
- PC member at Usenix Security (2020, 2019), ACSAC (2019, 2018, 2017), ASIA CCS (2019), EuroSec (2019), ISC (2019),
CARDS (2019), ACM CCS (2018), Usenix WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015),
WTMC (2016), STAST (2014), NBiS (2014)
- General chair for IEEE Euro S&P 2020
- PC (co-)chair at SECTEST2015
- Usenix Security Invited Talks Committee (2019), Publicity chair for ACM CCS (2017)
- Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and
Secure Computing (TDSC)