Aurore Fass

I am a Ph.D. student in the Secure Web Applications Group at CISPA Helmholtz Center for Information Security, jointly supervised by Ben Stock and Michael Backes.

Prior to that, I was a master student at the French Grande Ecole TELECOM Nancy, where I had the honor to give the valedictorian speech (2017). In particular, I wrote my master thesis at the German Federal Office for Information Security (BSI) under the supervision of Isabelle Chrisment and Robert Krawczyk.

In 2020, I submitted my Ph.D. thesis, which revolves around studying JavaScript security through static analysis. In particular, my research interests include static code analysis, malware & vulnerability detection, machine learning, and adversarial attacks. I presented my research work at several academic and non-academic venues like CCS, ACSAC, DIMVA, RuhrSec, MADWeb, and Blackhoodie.
I am also a regular external reviewer at top academic venues such as USENIX Security, NDSS, CCS, Euro S&P, and ACSAC.
Finally, I am happy to supervise bachelor and master students in the scope of research projects and of our yearly web security seminar.

What’s New?

  • 22-oct-20: Thrilled to have handed in my dissertation “Studying JavaScript Security Through Static Analysis”!
  • 28-may-20: Interested in HideNoSeek? Check out the recording of my talk at RuhrSec 2020 #StayAtHome Edition!
  • 30-mar-20: Just released the clone detector part of HideNoSeek on GitHub. Have fun!
  • 6-feb-20: HideNoSeek ACM CCS recording is now available for download!
  • 2-feb-20: Just released an update of JStap on GitHub. Have fun!
  • 6-dec-19: Very excited to be part of RuhrSec 2020 to present HideNoSeek! See you in May in Bochum.
  • 8-nov-19: The source code of HideNoSeek is now partially online. Have fun and see you on 14-nov-19 in London!
    In the meantime, have a look at our 1 minute video, also available in French and German.
  • 6-nov-19: Delighted to be part of Saarland University’s program of excellence! Looking forward to networking, coaching, and mentoring.
  • 25-sep-19: The source code of JStap is now online with the ACSAC “Artifacts Evaluated – Reusable” badge. Have fun!
  • 23-aug-19: Our paper “JStap: A Static Pre-Filter for Malicious JavaScript Detection” got accepted at ACSAC 2019! See you in December in San Juan.
  • 23-jun-19: Our paper “HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs” got accepted at CCS 2019! See you in November in London.