I am a Tenure-Track Faculty at CISPA Helmholtz Center for Information Security My research broadly focuses on Web security and privacy, Web measurements, and machine learning. Specifically, I design practical approaches to protect the security and privacy of Web users. I build systems to proactively detect malicious JavaScript code and suspicious browser extensions. I analyze data to understand how people spend time on the Web, and I want to use the resulting perspective to prioritize defense strategies.

Before that, I was a Visiting Assistant Professor of Computer Science at Stanford University (2021–2023), in the Empirical Security Research Group, led by Zakir Durumeric. Prior to that, I was a PhD student at CISPA (2018-2021), in the Secure Web Applications Group, jointly supervised by Ben Stock and Michael Backes. My PhD thesis revolves around studying JavaScript security through static analysis.

Before joining CISPA, I was a master student at the French Grande Ecole TELECOM Nancy, where I had the honor to give the valedictorian speech (2017). In particular, I wrote my master thesis at the German Federal Office for Information Security (BSI) under the supervision of Isabelle Chrisment and Robert Krawczyk.

What’s New?

• May 2023: Incredibly excited to join CISPA as a Tenure-Track Faculty in August! In the meantime, I am already looking for PhD students in areas related to Web Security & Privacy.
• Nov 2022: Stoked and grateful to have received a Top Reviewer Award at ACM CCS 2022!
• Sep 2022: The Web is going MAD again! Super excited to co-chair the 5th MADWeb workshop (co-located with NDSS 2023) with Zubair Shafiq!
• Aug 2022: Our paper “A World Wide View of Browsing the World Wide Web” got accepted at IMC 2022!
• Oct 2021: Starting as a Visiting Assistant Professor at Stanford University today! Excited to join the lab of Zakir Durumeric!
• Sep 2021: Our paper DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale got accepted at CCS 2021! Wanna check extensions for vulnerable data flows? Our source code is online.
• May 2021: Thrilled to have defended my dissertation!
• Oct 2020: Thrilled to have handed in my dissertation Studying JavaScript Security Through Static Analysis!
• May 2020: Interested in HideNoSeek? Check out the recording of my talk at RuhrSec 2020 #StayAtHome Edition!
• Mar 2020: Just released the clone detector part of HideNoSeek on GitHub. Have fun!
• Feb 2020: HideNoSeek ACM CCS recording is now available for download!
• Feb 2020: Just released an update of JStap on GitHub. Have fun!
• Dec 2019: Very excited to be part of RuhrSec 2020 to present HideNoSeek! See you in May in Bochum.
• Nov 2019: The source code of HideNoSeek is now partially online. Have fun and see you on 14-nov-19 in London!
  In the meantime, have a look at our 1 minute video, also available in French and German.
• Nov 2019: Delighted to be part of Saarland University’s program of excellence! Looking forward to networking, coaching, and mentoring.
• Sep 2019: The source code of JStap is now online with the ACSAC “Artifacts Evaluated – Reusable” badge. Have fun!
• Aug 2019: Our paper “JStap: A Static Pre-Filter for Malicious JavaScript Detection” got accepted at ACSAC 2019! See you in December in San Juan.
• Jun 2019: Our paper “HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs” got accepted at CCS 2019! See you in November in London.