Aurore Fass

I am a postdoctoral researcher at CISPA Helmholtz Center for Information Security. Prior to that, I was a PhD student in the Secure Web Applications Group at CISPA, jointly supervised by Ben Stock and Michael Backes.

Before joining CISPA, I was a master student at the French Grande Ecole TELECOM Nancy, where I had the honor to give the valedictorian speech (2017). In particular, I wrote my master thesis at the German Federal Office for Information Security (BSI) under the supervision of Isabelle Chrisment and Robert Krawczyk.

My PhD thesis revolves around studying JavaScript security through static analysis. In particular, my research interests include static code analysis, malware & vulnerability detection, machine learning, and adversarial attacks. I presented my research work at several academic and non-academic venues like CCS, ACSAC, DSN, DIMVA, RuhrSec, MADWeb, and Blackhoodie.
I am also a regular external reviewer at top academic venues such as USENIX Security, NDSS, CCS, Euro S&P, and ACSAC.
Finally, I am happy to supervise bachelor and master students in the scope of research projects and of our yearly web security seminar.

What’s New?

  • 26-may-21: Thrilled to have defended my dissertation!
  • 22-oct-20: Thrilled to have handed in my dissertation “Studying JavaScript Security Through Static Analysis”!
  • 28-may-20: Interested in HideNoSeek? Check out the recording of my talk at RuhrSec 2020 #StayAtHome Edition!
  • 30-mar-20: Just released the clone detector part of HideNoSeek on GitHub. Have fun!
  • 6-feb-20: HideNoSeek ACM CCS recording is now available for download!
  • 2-feb-20: Just released an update of JStap on GitHub. Have fun!
  • 6-dec-19: Very excited to be part of RuhrSec 2020 to present HideNoSeek! See you in May in Bochum.
  • 8-nov-19: The source code of HideNoSeek is now partially online. Have fun and see you on 14-nov-19 in London!
    In the meantime, have a look at our 1 minute video, also available in French and German.
  • 6-nov-19: Delighted to be part of Saarland University’s program of excellence! Looking forward to networking, coaching, and mentoring.
  • 25-sep-19: The source code of JStap is now online with the ACSAC “Artifacts Evaluated – Reusable” badge. Have fun!
  • 23-aug-19: Our paper “JStap: A Static Pre-Filter for Malicious JavaScript Detection” got accepted at ACSAC 2019! See you in December in San Juan.
  • 23-jun-19: Our paper “HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs” got accepted at CCS 2019! See you in November in London.