Sebastian Roth

I am a PhD student at Saarland University, working as a PhD Candidate at the CISPA Helmholtz Center for Information Security. My research interest is focused on client-side Web security as well as usable security for developers. In addition to that I have taught other students as a tutor and teaching assistant in several different lectures.
During leisure time, I regularly participate in information security competitions called Capture the Flag (CTF) together with our team saarsec. Moreover, I am also interested in sports, in particular Jugger. Currently I am playing for our university team Keulen Eulen.

Educational Curriculum Vitae

PhD Student

Saarland University
March 2019 - today

Master Computer Science

Saarland University
March 2017 - March 2019

Bachelor Cybersecurity

Saarland University
October 2013 - March 2017

High School

Balthasar Neumann Technical College Trier
August 2010 - June 2013

Working Curriculum Vitae

PhD Candidate @ Information Security & Cryptography Group

CISPA Helmholtz Center for Information Security
March 2019 - today

Research Assistant @ Secure Web Applications Group

CISPA Helmholtz Center for Information Security
January 2019 - March 2019

Research Assistant @ Secure Web Applications Group

Center for IT Security, Privacy and Accountability
December 2017 - December 2018

Research Assistant @ Usable Security & Privacy Group

Center for IT Security, Privacy and Accountability
October 2015 - December 2017

Scientific Publications

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web

Stefano Calzavara, Sebastian Roth, Alvise Rabitti, Michael Backes and Ben Stock
USENIX Security Symposium (USENIX '20)
[PDF]

Assessing the Impact of Script Gadgets on CSP at Scale

Sebastian Roth, Michael Backes and Ben Stock
ASIA Conference on Computer and Communications Security (AsiaCCS '20)
[PDF]

Complex Security Policy? – A Longitudinal Analysis of Deployed Content Security Policies

Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis and Ben Stock
Network and Distributed System Security Symposium (NDSS '20)
[PDF]

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices

Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock and Martin Johns
ASIA Conference on Computer and Communications Security (AsiaCCS '19)
[PDF]

Talks

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web

USENIX Security Symposium 2020 (USENIX '20)
[Slides] [Video]

Restricting The Scripts, You're To Blame, You Give CSP A Bad Name

RuhrSec - IT Security Conference 2020 (RuhrSec '20)
[Slides] [Video]

OWASP - Global AppSec 2019 (AppSec '19)
[Slides] [Video]

Complex Security Policy? – A Longitudinal Analysis of Deployed Content Security Policies

Network and Distributed System Security Symposium 2020 (NDSS '20)
[Slides] [Video]