I am a Tenure-Track Faculty at CISPA Helmholtz Center for Information Security My research broadly focuses on Web security and privacy, Web measurements, and machine learning. Specifically, I design practical approaches to protect the security and privacy of Web users. I build systems to proactively detect malicious JavaScript code and suspicious browser extensions. I analyze data to understand how people spend time on the Web, and I want to use the resulting perspective to prioritize defense strategies.

Before that, I was a Visiting Assistant Professor of Computer Science at Stanford University (2021–2023), in the Empirical Security Research Group, led by Zakir Durumeric. Prior to that, I was a PhD student at CISPA (2018-2021), in the Secure Web Applications Group, jointly supervised by Ben Stock and Michael Backes. My PhD thesis revolves around studying JavaScript security through static analysis.

Before joining CISPA, I was a master student at the French Grande Ecole TELECOM Nancy, where I had the honor to give the valedictorian speech (2017). In particular, I wrote my master thesis at the German Federal Office for Information Security (BSI) under the supervision of Isabelle Chrisment and Robert Krawczyk.

What’s New?

• Aug 2024: Our paper “Typed and Confused: Studying the Unexpected Dangers of Gradual Typing” got accepted at IEEE/ACM ASE 2024, and it has been awarded the “Available” and “Reusable” badges!
• Aug 2024: Our paper “When Adversarial Perturbations meet Concept Drift: an Exploratory Analysis on ML-NIDS” got accepted at ACM AISec 2024!
• Jul 2024: Happy to have gotten (yet another :)) Reviewer Recognition: Noteworthy Reviewer at EuroS&P 2024!
• Jun 2024: Our AsiaCCS 2024 paper “What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions” got a lot of media coverage! Forbes, The Register, AdGuard, Techspot, and dozens more.
• Jun 2024: Excited to be USENIX Security 2025 Artifact Evaluation Committee Co-Chair with Phani Vadrevu. We are looking forward to your artifact submissions!
• May 2024: Our paper “Peeking through the window: Fingerprinting Browser Extensions through Page-Visible Execution Traces and Interactions” was accepted at ACM CCS 2024!
• May 2024: Happy to join as an Associate Editor of the ACM Transactions on Security and Privacy (TOPS). Consider accepting my review request!
• Dec 2023: Our paper “What is in the Chrome Web Store?” was accepted at AsiaCCS 2024!
• Dec 2023: Thrilled and grateful to have received a Top Reviewer Award for the second time in one week! This time at ACSAC 2023.
• Nov 2023: Extremely happy to have received a Top Reviewer Award at ACM CCS 2023, 2 years in a row!
• Oct 2023: Thrilled to be ACM CCS 2024 Workshop Chair with Christophe Hauser. We are looking forward to your workshop proposals!
• Sep 2023: The Web is going MAD again! Super excited to co-chair the 6th MADWeb workshop (co-located with NDSS 2024) with Yinzhi Cao!
• May 2023: Incredibly excited to join CISPA as a Tenure-Track Faculty in August! In the meantime, I am already looking for PhD students in areas related to Web Security & Privacy.
• Nov 2022: Stoked and grateful to have received a Top Reviewer Award at ACM CCS 2022!
• Sep 2022: The Web is going MAD again! Super excited to co-chair the 5th MADWeb workshop (co-located with NDSS 2023) with Zubair Shafiq!
• Aug 2022: Our paper “A World Wide View of Browsing the World Wide Web” got accepted at IMC 2022!
• Oct 2021: Starting as a Visiting Assistant Professor at Stanford University today! Excited to join the lab of Zakir Durumeric!
• Sep 2021: Our paper DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale got accepted at CCS 2021! Wanna check extensions for vulnerable data flows? Our source code is online.
• May 2021: Thrilled to have defended my dissertation!
• Oct 2020: Thrilled to have handed in my dissertation Studying JavaScript Security Through Static Analysis!
• May 2020: Interested in HideNoSeek? Check out the recording of my talk at RuhrSec 2020 #StayAtHome Edition!
• Mar 2020: Just released the clone detector part of HideNoSeek on GitHub. Have fun!
• Feb 2020: HideNoSeek ACM CCS recording is now available for download!
• Feb 2020: Just released an update of JStap on GitHub. Have fun!
• Dec 2019: Very excited to be part of RuhrSec 2020 to present HideNoSeek! See you in May in Bochum.
• Nov 2019: The source code of HideNoSeek is now partially online. Have fun and see you on 14-nov-19 in London!
  In the meantime, have a look at our 1 minute video, also available in French and German.
• Nov 2019: Delighted to be part of Saarland University’s program of excellence! Looking forward to networking, coaching, and mentoring.
• Sep 2019: The source code of JStap is now online with the ACSAC “Artifacts Evaluated – Reusable” badge. Have fun!
• Aug 2019: Our paper “JStap: A Static Pre-Filter for Malicious JavaScript Detection” got accepted at ACSAC 2019! See you in December in San Juan.
• Jun 2019: Our paper “HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs” got accepted at CCS 2019! See you in November in London.