E-mail senden E-Mail Adresse kopieren
© Tobias Ebelshäuser


Dr. Cristian Staicu ist Tenure-Track Faculty am CISPA. Er hat in der Software Lab Gruppe der TU Darmstadt, unter Betreuung von Michael Pradel promoviert. Davor hat Christian seinen Master vom EIT Digital, einem europäischen Masterstudiengang mit Doppelabschluss, erhalten. Zudem hat er ein Jahr an der Universität von Twente den Niederlanden und ein Jahr an der Universität von Trento in Italien studiert. Seinen Bachelorabschluss in Computer Engineering hat Cristian von der Politehnica Universität in Timișoara, Rumänien, erhalten. Sein Hauptforschungsinteressen sind Systemsicherheit an der Schnittstelle von Software-und Web-Sicherheit, Softwaretechnik und Programmiersprachen. Eines der zentralen Ziele seiner Forschungsgruppe ist direkt zum Open-Source-Ökosystem beizutragen: Entweder durch die Entwicklung von Werkzeugen, die von Anwendern verwendet werden können oder durch die Aufdeckung von Sicherheitsschwachstellen in realen Systemen/Projekten.

CV: Letzte vier Stationen

Seit Okt. 2020
Tenure-Track Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit
Okt. 2014 - March 2020
Wissenschaftlicher Mitarbeiter / PhD Student TU Darmstadt
Mai 2018 - Aug. 2018
Forschungspraktikant Semmle Inc Oxford (jetzt GitHub), GB
Sept. 2012 - Aug. 2014
Masterstudent an der EIT Digital Master School; Universität von Trento, Italien / Universität von Twente, Niederlande

Veröffentlichungen von Cristian-Alexandru Staicu

Jahr 2023

Konferenz / Medium

USENIX Security Symposium 2023USENIX Security Symposium 2023

Konferenz / Medium

USENIX Security Symposium 2023USENIX Security Symposium 2023

Konferenz / Medium

USENIX Security Symposium 2023USENIX Security Symposium 2023

Konferenz / Medium

International Conference on Software Engineering (ICSE)ICSE 2023

Jahr 2021

Konferenz / Medium

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security28th ACM Conference on Computer and Communications Security (CCS 2021)

Konferenz / Medium

Proceedings of the 1st International Workshop on Machine Learning in Software EngineeringInternational Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD

Konferenz / Medium

SampleFix: Learning to Generate Functionally Diverse Fixes1st International Workshop on Machine Learning in Software Engineering

Lehre von Cristian-Alexandru Staicu

Winter 2021/22

Program Analysis for Vulnerability Detection


For registration, please apply for this seminar through the central seminar assignment system.

Program analysis is a mature research area at the intersection of programming languages, formal methods, and software engineering. One of its main applications is automatic vulnerability detection. However, the complexity of modern systems is overwhelming and the vulnerabilities to be detected are increasingly sophisticated. To account for these particularities, many recent approaches advocate for lightweight program analysis techniques or hybrid methods, i.e., static and dynamic analysis. This seminar explores the trade-offs involved in designing a program analysis that scales to analyzing the security of real systems. In this seminar, we will discuss recent research papers in the area in a reading group format. Each week, one student will present papers covering a given topic, followed by a discussion. All participants are expected to actively participate in the discussion by asking questions.


Instructor: Cristian-Alexandru Staicu

Time: To be decided

Location: Zoom (Disclaimer).

Semester Plan

To be decided.

Grading system

The final grade is an aggregate of the following parts, both presentation and final report are mandatory:

  • 40% the final report,
  • 40% the presentation,
  • 20% for being active in class,
  • bonus: up to 15% for the hands-on exercise. 

Supporting Materials

Please find below a set of useful materials for the seminar:

  • The kick-off presentation's slides contain useful information about the structure and goals of this seminar, but also some required background for the assigned papers.
  • Sample presentation 1 - you should aim for this much content when presenting each of the assigned papers (approx. 10 minutes). See the kick-off presentation for the recommended presentation's structure.
  • Sample presentation 2 - a slightly longer presentation (approx. 15 minutes).
  • Consider using the following template for the report and its associated sources.


  1. Vulnerabilities in web applications
  2. Vulnerabilities in software components and dependencies
  3. Vulnerabilities in mobile apps
  4. Detect misuses of crypto APIs
  5. Vulnerabilities in low-level programs
  6. Fuzzing low-level programs
  7. Fuzzing compilers and engines
  8. Machine learning-aided vulnerability detection
  9. Availability vulnerabilities
  10. Automatic patching of vulnerabilities
  11. Removing vulnerabilities through debloating
  12. Vulnerability prediction
Winter 2021/22

Joint Advances in Web Security

For registration, please apply for this seminar through the central seminar assignment system.


In this seminar, students will learn to present, discuss, and summarize papers in different areas of Web security. The seminar is taught as a combination of a reading group with weekly meetings and a regular seminar, where you have to write a seminar paper. Specifically, each student will get a single topic assigned to them, consisting of two papers (a lead and follow-up paper).

For the weekly meetings, all students have to have read the lead paper and must state at least three questions before the meeting. In the meeting, the assigned student will present the follow-up paper (20 minute presentation + 10 minute Q/A). Afterward, the entire group will discuss both papers.

Moreover, each student will write a seminar paper on the topic assigned to them, for which the two papers on the topic serve as the starting point.

Important Dates

  • Kickoff: Monday, October 25, 10am, in person in CISPA 0.02
  • Regular seminar starts Monday, November 8, ends Monday, February 7
  • By Sunday night, 23:59, submit three questions (if you are not presenting the follow-up paper)
  • Mandatory feedback round/practice talk on Thursday before the presentation (arrange exact time with supervisor)
  • Attendance in all meetings and submission of three questions for each topic is mandatory. For exceptional cases, contact the teaching staff.

Seminar Paper Details

Each seminar paper is meant to provide a summary/categorization of research papers in the associated area. Depending on the topic, the paper should be structured in a logical fashion. For example, assume the topic of Service Workers. One might classify the seminar paper based on security considerations for Service Workers, attacks against Service Workers, and attacks enabled through Service Workers. Each section should demonstrate the state of the art in the area. Finally, the paper should, where possible, discuss limitations and open issues given the previously conducted work.

All seminar papers are due on February 11, 2022. Based on your submission, you will receive feedback within one week and have until March 4, 2022 to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will flunk the course.

Each paper must use the provided template. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.

List of Topics and Papers

The list of topics, papers, and dates for the respective meetings can be found here.