Selected Publications

ACM Conference on Computer and Communications Security (CCS), 2016

Dissertation, 2015

IEEE Symposium on Security and Privacy (S&P), 2015

IEEE Symposium on Security and Privacy (S&P), 2014

Annual Computer Security Applications Conference (ACSAC), 2012

Projects

Joern - The Bug Hunter’s Workbench

Joern

I am the initiator and main developer of the open-source code analysis platform Joern, a tool for interactive vulnerability discovery with via graph database queries, first presented along with the underlying code property graph representation at the IEEE Symposium on Security and Privacy in 2014. Work on the platform became a corner stone of my PhD thesis for which I received the CAST/GI Dissertation Award 2016. The work also provided the basis for the commercial offering of ShiftLeft Inc.

All Publications

. When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.. Network and Distributed System Security Symposium (NDSS), 2018.

PDF

. Static Program Analysis as a Fuzzing Aid. Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2017.

PDF

. Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks. ACM Asia Conference on Computer and Communications Security (ASIACCS), 2017.

PDF

. Efficient and Flexible Discovery of PHP Application Vulnerabilities. IEEE European Symposium on Security and Privacy (EuroS&P), 2017.

PDF

. Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-bit Platforms. ACM Conference on Computer and Communications Security (CCS), 2016.

PDF

. Comprehensive Analysis and Detection of Flash-based Malware. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Towards Vulnerability Discovery Using Staged Program Analysis. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Pattern-Based Vulnerability Discovery. Dissertation, 2015.

PDF

. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2015.

PDF

. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. ACM Conference on Computer and Communications Security (CCS), 2015.

PDF

. De-anonymizing Programmers via Code Stylometry. USENIX Security Symposium (SEC), 2015.

PDF

. Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. IEEE Symposium on Security and Privacy (S&P), 2015.

PDF

. Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.

PDF

. Modeling and Discovering Vulnerabilities with Code Property Graphs. IEEE Symposium on Security and Privacy (S&P), 2014.

PDF

. Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery. ACM Conference on Computer and Communications Security (CCS), 2013.

PDF

. Structural Detection of Android Malware using Embedded Call Graphs. Workshop on Artificial Intelligence and Security (AISEC), 2013.

PDF

. Generalized Vulnerability Extrapolation using Abstract Syntax Trees. Annual Computer Security Applications Conference (ACSAC), 2012.

PDF

. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning. USENIX Workshop on Offensive Technologies (WOOT), 2011.

PDF

Awards

  • 2016: CAST/GI Dissertation Award
  • 2016: German Prize for IT Security 2016 (2nd place)
  • 2016: Best Paper Award at DIMVA
  • 2012: Outstanding Paper Award at ACSAC
  • 2001: Ars Digita Prize

Services

  • 2021: PC Member - ACSAC
  • 2020: PC Member - ACSAC
  • 2019: PC Member - ACSAC
  • 2018: PC Member - ACSAC, GreHack, ICIMP
  • 2017: PC Member - ACSAC, ROOTS
  • 2016: PC Member - ARES, IMPS, STM
  • 2015: PC Member - ARES, ECTCM
  • 2015: Publicity Co-Chair: SECURECOMM
  • 2014: PC Member - WOOT, ECTCM

Contact