66386 St. Ingbert (Germany)
I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. Before that I was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity. I got my PhD at Eurecom in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I was a researcher associate in the Security and Trust group at the SAP research labs.
40th IEEE Symposium on Security and Privacy (SP '19)S&P 2019
Annual Network and Distributed System Security symposium, February 2019 (NDSS 2019)NDSS Symposium 2019
Proceedings of the 25th Annual Symposium on Network and Distributed System Security (NDSS '18).
Extended Version of EuroS&P 2018 Paper
2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24-26, 2018
39th IEEE Symposium on Security and Privacy (SP '18)
Proc. of the 26rd International Conference on World Wide Web (WWW 2017)
Proceedings of the 24th ACM Conference on Computer and Communication Security (CCS'17)
Proceedings of the 25th USENIX Security Symposium (USENIX Security '16)
Research in Attacks, Intrusions, and Defenses - 18th International Symposium, RAID 2016
Joint Advances in Web Security
For registration, please apply for this seminar through the central seminar assignment system.
In this seminar, students will learn to present, discuss, and summarize papers in different areas of Web security. The seminar is taught as a combination of a reading group with weekly meetings and a regular seminar, where you have to write a seminar paper. Specifically, each student will get a single topic assigned to them, consisting of two papers (a lead and follow-up paper).
For the weekly meetings, all students have to have read the lead paper and must state at least three questions before the meeting. In the meeting, the assigned student will present the follow-up paper (20 minute presentation + 10 minute Q/A). Afterward, the entire group will discuss both papers.
Moreover, each student will write a seminar paper on the topic assigned to them, for which the two papers on the topic serve as the starting point.
Each seminar paper is meant to provide a summary/categorization of research papers in the associated area. Depending on the topic, the paper should be structured in a logical fashion. For example, assume the topic of Service Workers. One might classify the seminar paper based on security considerations for Service Workers, attacks against Service Workers, and attacks enabled through Service Workers. Each section should demonstrate the state of the art in the area. Finally, the paper should, where possible, discuss limitations and open issues given the previously conducted work.
All seminar papers are due on February 11, 2022. Based on your submission, you will receive feedback within one week and have until March 4, 2022 to improve your paper. The paper grading will be on the final version. Note that the first submission must already be sufficient to pass. If you submit a half-baked version of the paper, you will flunk the course.
Each paper must use the provided template. It must not be longer than 8 pages, not counting references and appendices. Note that appendices are not meant to provide information that is absolutely necessary to understand the paper, but rather to provide auxiliary material. Papers can be shorter, but in general the provided page limit is a good indicator of how long a paper should be.
The list of topics, papers, and dates for the respective meetings can be found here.
Perspectives of Cyber Security
In this lecture series, we give insights into the founders' activities in the vicinity of cybersecurity. We put a focus on marketable and innovative ideas and trends.
Please note that the goal of this course is to provide first-hand insights into how to create successful startups in cybersecurity. While it is aimed at the students of the Entrepreneurial Cybersecurity Masters Program for grading and achieving the CP, we invite everyone interested to attend the talks also when not participating to get CP!
This lecture takes place every Thursday, 14:15 to 16:00 on Zoom. Instructions to access the lecture will be provided soon.
Note: To allow invited guests from the US to join POSER, we will use two exceptional slots at 18:15 - 20:00 (marked in yellow)
Every event is composed of a new topic presented by an invited founder or VC who presents their story.
|Date||Time||Presenter||URL / Topic|
|Oct 21||14:15 – 14:45||Sven Bugiel and Giancarlo Pellegrino||
|Oct 28||14:15 – 15:00||
Marc Schickhaus (CISPA)
|Nov 04||14:15 – 16:00||TBA|
|Nov 11||14:15 – 16:00||
|Nov 18||14:15 – 16:00||
|Nov 25||14:15 – 16:00||Lukas Bieringer (QuantPi)|
|Dec 02||14:15 – 16:00||
|Dec 09||14:15 – 16:00||
Fabian Yamaguchi (ShiftLeft)
|Dec 16||18:15 – 20:00||
Pedram Amini (InQuest)
|No presentations between Dec 23 and Jan 06|
|Jan 13||14:15 – 16:00||Christian Arndt (HTGF)|
|Jan 20||18:15 – 20:00||
Zakir Durumeric (Stanford University and Censys)
|Jan 27||14:15 – 16:00||
Stefan Nürnberger (Elexir)
|Feb 03||14:15 – 16:00||
Roughly every week will be a presentation by a founder of a security/privacy-related startup (or a company that sees an urgent need for a security/privacy product in its domain). This talk is followed by a Q&A (or interview) with the presenter. This should give you insights into the experiences of creating a startup.
The following only applies for participants that want to get CP.
Students task (mandatory): In preparation for the Q&A session, every student has to prepare by checking the startup and supplemental material (URLs are in the schedule) and submit via the CMS 2-3 questions they would ask in the Q&A. Questions could be related to the niche in the market that the company occupies, the target group they aim at, pitfalls and challenges etc.
At the end of the semester (tentative date: TBA) we will have a joint 1-day event where every student/team pitches its own idea for a product in a short presentation with subsequent feedback/discussion. The idea of this event is to make students go once through the process of developing an idea, doing the necessary background research, and then pitching it in front of an audience.
To this end, the CISPA faculty will provide a short list of recent research results with potential for tech transfer into a product, and students/teams should derive their product idea and pitch from this list. This avoids the need to reveal any real business idea that students already have in mind and at the same time this day also provides an opportunity to exchange ideas and thoughts with the CISPA faculty.
To prepare for this event, in the introduction, you'll get to know
The final grade is based on your pitch at the joint event. We base this grade on:
General presentation (e.g., rhetoric)
To pass the course, you need:
You have to register for the course in LSF until Nov 11 in order to receive a grade.
Block Course: Secure Web Development
In this lecture you will learn: the architecture of modern web applications, basics on secure software engineering, the art of secure software assessment and code review techniques, how to build securely an HTTP message processing pipeline (web authentication, authorization, session, logic, data, and more), advanced threats, vulnerabilities, secure coding, and design patterns.
Proseminar: Influential papers in Web Security
This proseminar is meant to provide students an overview over influential papers in the area of Web security. As a proseminar’s primary purpose is to learn presentation skills, the seminar will feature two presentations from each student.
Seminar: Joint Advances in Web Security
In this seminar, students will learn to present, discuss, and summarize papers in different areas of Web security.