March 2019 – March 2023
Dr.-Ing. (with summa cum laude) @ Saarland University / CISPA
Thesis: "How to Deploy Security Mechanisms Online (Consistently)"
Supervised by: Dr.-Ing. Ben Stock
I am a post-doctoral researcher at the Security and Privacy Research Unit at TU Wien.
In 2023 I received my doctoral degree (Dr.-Ing.) with summa cum laude from Saarland University/CISPA.
My research is focused on system security as well as usable security for developers and is regularly published at top-tier venues (IEEE S&P, USENIX Security, ACM CCS, NDSS).
You can find my papers on Google Scholar,
in the ACM Digital Library, and in DBLP.
To keep in touch with developers and security experts from the industry, I also regularly give talks about my research at industry conferences such as OWASP AppSec or RuhrSec.
In addition to that, I have taught other students as a tutor, teaching assistant, and lecturer in several different lectures,
supervised topics in different seminars, and advised students in the process of their bachelor or master thesis or for study-related projects.
During leisure time, I regularly organize and participate in information security competitions
called Capture the Flag (CTF)
together with our team saarsec
(saarsec|steg1) located at Saarland University.
Education:
March 2017 – March 2019
Master Computer Science @ Saarland University
Thesis: "Content Security Policy – A Shapeshifter’s Tale"
Supervised by: Dr.-Ing. Ben Stock
October 2013 – March 2017
Bachelor Cybersecurity @ Saarland University
Thesis: "A Platform to Recruit GitHub Users for Developer Studies"
Supervised by: Prof. Dr. Sascha Fahl
August 2010 – June 2013
High School
Intensive Courses: Computer Science, Electrical Engineering, English
Balthasar Neumann Technical College Trier
August 2004 – June 2010
Secondary School
Erich Kästner Realschule Hermeskeil
Work Experience:
since April 2023
Post-Doctoral Researcher @ TU Wien
Hosted by: Prof. Dr. Matteo Maffei
March 2019 - March 2023
Researcher @ CISPA Helmholtz Center for Information Security
Supervised by: Dr.-Ing. Ben Stock
Summer 2020
Internship @ Hardenize Limited
Supervised by: Ivan Ristić
October 2015 – March 2019
Research Assistant @ CISPA Helmholtz Center for Information Security
Supervised by: Dr.-Ing. Ben Stock (Dec. 2017 – Mar. 2019)
Supervised by: Prof. Dr. Sascha Fahl (Oct. 2015 – Dec. 2017)
Teaching:
Thesis/Project Advisor:
Honey, I Cached our Security Tokens – Re-usage of Security Tokens in the Wild
Research Immersion Lab by L. Trampert (2022)
Note: Resulted in a RAID 2023 Publication
Do you Trust your Types? A Qualitative Study on the Usability of Trusted Types to Mitigate Client-Side XSS Vulnerabilities
Bachelor Thesis by P. Baus (2022)
Note: 2nd CAST Bachelor Thesis Award 2023
To hash or not to hash: A security assessment of the CSP directive unsafe-hashes
Bachelor Thesis by P. Stolz (2021)
Note: Resulted in a SecWeb 2022 Publication
RetroCSP: Retrofitting Web Security on the Client Side by Reinforcing Widespread CSP Support
Bachelor Thesis by M. Wilhelm (2021)
Note: Won CAST Bachelor Thesis Award 2021
Examining the Security of Embedded Browsers
Bachelor Thesis by B. Hollinger (2020)
CIDeR: Automatically Implementing Nonce-Based Content Security Policies
Master Thesis by A. Rassier (2020)
Bytewarden & SaarsecVV Service for the 2022 SaarCTF
Cybersecurity Project by P. Decker & L. Seyler
Program Committee:
> The Web Conference 2024 (WWW '24)
> IEEE Symposium on Security & Privacy 2024 (S&P '24)
> SecWeb Workshop co-located with IEEE S&P 2024 (SecWeb '24)
> SecWeb Workshop co-located with IEEE S&P 2023 (SecWeb '23)
> SecWeb Workshop co-located with IEEE S&P 2022 (SecWeb '22)
> SecWeb Workshop co-located with IEEE Euro S&P 2021 (SecWeb '21)
Artifact Evaluation Committee:
> Annual Computer Security Applications Conference 2020 (ACSAC '20)
Subreviewer:
> The Web Conference 2022 (WWW '22)
> Network and Distributed System Security Symposium 2021 (NDSS '21)
> Annual Computer Security Applications Conference 2019 (ACSAC '19)
Others:
> Member of the CISPA Hiring Comitee 2022
> Member of the CISPA Works Council 2019-2023
> Member in the CISPA CoronaWarnApp Team 2019-2020
> The Web Conference 2024 (WWW '24)
> IEEE Symposium on Security & Privacy 2024 (S&P '24)
> SecWeb Workshop co-located with IEEE S&P 2024 (SecWeb '24)
> SecWeb Workshop co-located with IEEE S&P 2023 (SecWeb '23)
> SecWeb Workshop co-located with IEEE S&P 2022 (SecWeb '22)
> SecWeb Workshop co-located with IEEE Euro S&P 2021 (SecWeb '21)
Artifact Evaluation Committee:
> Annual Computer Security Applications Conference 2020 (ACSAC '20)
Subreviewer:
> The Web Conference 2022 (WWW '22)
> Network and Distributed System Security Symposium 2021 (NDSS '21)
> Annual Computer Security Applications Conference 2019 (ACSAC '19)
Others:
> Member of the CISPA Hiring Comitee 2022
> Member of the CISPA Works Council 2019-2023
> Member in the CISPA CoronaWarnApp Team 2019-2020