2) Securing the browser extension ecosystem
By design, browser extensions have access to security- and privacy-critical APIs to perform tasks that web pages cannot traditionally do. Our prior work focused on detecting vulnerable extensions. We developed a static analyzer to track and detect suspicious data flows between an attacker and sensitive APIs in extensions (DoubleX-CCS21). Besides vulnerable extensions, our ongoing projects include detecting fingerprintable extensions and adopting a more data-driven approach to fundamentally understand how browser extensions are designed, used, and could be exploited.
3) Understanding how to prioritize defense strategies through Web measurements
To effectively protect user security and privacy online, we first need to understand how people use the Web, as well as the types of websites they frequent and spend the most time on (IMC21).
I am looking for PhD candidates with research interests in Web Security & Privacy and Web Measurements, in line with the 3 directions discussed above. However, I also welcome new research directions, and it is a plus when a student brings their own ideas.
Note that the open positions are not project-bound and that you are free to choose your research projects.
I am looking for motivated students with solid programming skills in python and (at least) a basic background in Web security. Proficiency in spoken and written English is a must; German knowledge is not necessary. I expect students to be curious, creative, and have a strong willingness to learn & improve.
In return, we offer an excellent research environment in Sankt Ingbert, with close individual supervision, worldwide collaborations, competitive salary according to TVöD, and with significant funding for travel and equipment.
If you are interested, please apply through CISPA’s centralized application portal. Make sure that your cover letter mentions my research group and why you would be a good fit. If you have any questions, first read this page on how to contact me and then send me an email accordingly.
Bachelor / Master Theses
I offer theses in the areas discussed above, but I also welcome new research directions if you already have a specific idea for your thesis. I highly recommend you have good programming skills in python and (at least) a basic background in Web security. Having attended a seminar is a plus. Proficiency in spoken and written English is a must; German knowledge is not necessary. I expect students to be curious, creative, and have a strong willingness to learn. Note that theses in this group are typically high-effort / high-reward, meaning that good theses are meant to be submitted as papers to major security conferences.
If you are interested in doing your thesis with me, first read this page on how to contact me and then send me an email accordingly.