Sebastian Roth



I am a PhD student at Saarland University, working as a PhD Candidate at the CISPA Helmholtz Center for Information Security. My research interest is focused on client-side Web security as well as usable security for developers. In addition to that I have taught other students as a tutor and teaching assistant in several different lectures.
During leisure time, I regularly organize and participate in information security competitions called Capture the Flag (CTF) together with our team saarsec (saarsec|steg1) located at Saarland University. Moreover, I am also interested in sports, in particular Jugger. Currently I am playing for our university team Keulen Eulen.

Educational Curriculum Vitae

PhD Student @ CISPA / Saarland University

Thesis: <Work In Progress>
Supervised by: Dr.-Ing. Ben Stock
March 2019 - today

Master Computer Science @ Saarland University

Thesis: "Content Security Policy – A Shapeshifter’s Tale"
Subervised by: Dr.-Ing. Ben Stock
March 2017 – March 2019

Bachelor Cybersecurity @ Saarland University

Thesis: "A Platform to Recruit GitHub Users for Developer Studies"
Supervised by: Prof. Dr. Sascha Fahl
October 2013 – March 2017

High School

Intensive Courses: Computer Science, Electrical Engineering, English
Balthasar Neumann Technical College Trier
August 2010 – June 2013

Secondary School

Erich Kästner Realschule Hermeskeil
August 2004 – June 2010

Working Curriculum Vitae

Researcher @ CISPA Helmholtz Center for Information Security

Supervised by: Prof. Dr. Dr. h.c. Michael Backes (Mar. 2019 – Oct. 2020)
Supervised by: Dr.-Ing. Ben Stock (Oct. 2020 – today)
March 2019 – today

Internship @ Hardenize Limited

Supervised by: Ivan Ristić
July 2021 – October 2021

Research Assistant @ CISPA Helmholtz Center for Information Security

Supervised by: Prof. Dr. Sascha Fahl (Oct. 2015 – Dec. 2017)
Supervised by: Dr.-Ing. Ben Stock (Dec. 2017 – Mar. 2019)
October 2015 – March 2019

Scientific Publications

12 Angry Developers – A Qualitative Study on Developers’ Struggles with CSP

Sebastian Roth, Lea Gröber, Michael Backes, Katharina Krombholz, and Ben Stock
Conference on Computer and Communications Security (CCS '21)

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web

Stefano Calzavara, Sebastian Roth, Alvise Rabitti, Michael Backes, and Ben Stock
USENIX Security Symposium (USENIX '20)

Assessing the Impact of Script Gadgets on CSP at Scale

Sebastian Roth, Michael Backes and Ben Stock
Asia Conference on Computer and Communications Security (AsiaCCS '20)

Complex Security Policy? – A Longitudinal Analysis of Deployed Content Security Policies

Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, and Ben Stock
Network and Distributed System Security Symposium (NDSS '20)

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices

Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns
Asia Conference on Computer and Communications Security (AsiaCCS '19)

Talks

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web

USENIX Security Symposium 2020 (USENIX '20)

Restricting The Scripts, You're To Blame, You Give CSP A Bad Name

RuhrSec - IT Security Conference 2020 (RuhrSec '20)
OWASP - Global AppSec 2019 (AppSec '19)

Complex Security Policy? – A Longitudinal Analysis of Deployed Content Security Policies

Network and Distributed System Security Symposium 2020 (NDSS '20)