I am a security researcher focusing on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems. This interest has extended to object-capability systems and developing new confidential computing solutions. More recently, I also worked on the intersection of those topics with human-centered studies, authentication, and data science.

Since December 2021 I am a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and heading the Trusted Systems Group. Between July 2018 and December 2021 I headed the same group at CISPA as tenure-track faculty and between June 2016 and July 2018 as a Research Group Leader.

I earned my Dr.-Ing. from Saarland University in 2016 with my thesis on ‘Establishing Mandatory Access Control on Android OS,’ which I wrote under supervision of Prof. Michael Backes. I finished my Master of Science in Engineering, Security and Mobile Computing on the KTH/DTU track of the NordSecMob Erasmus Mundus programme with my thesis “Using TCG/DRTM for application-specific credential storage and usage” in cooperation with Nokia Research Center, Helsinki, Finland.

Download CV
Interests
  • Mobile Platform Security
  • Trusted Computing
  • Usable Security
Education
  • Ph.D. in Security in Information Technology

    Saarland University, Germany

  • Master of Science in Engineering, Security and Mobile Computing

    Royal Institute of Technology (KTH), Stockholm, Sweden / Technical University of Denmark (DTU), Copenhagen, Denmark

Recent Publications
(2025). The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions. 32nd Annual Network & Distributed System Security Symposium (NDSS ‘25).
(2024). Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing. IEEE European Symposium on Security and Privacy Workshops.
(2024). Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security. 45th IEEE Symposium on Security and Privacy (SP'24).
(2023). A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. 30th Annual Network & Distributed System Security Symposium (NDSS'23).
(2023). TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors. Financial Cryptography and Data Security (FC'23).
Academic Service

Program (Co-)Chair

  • Symposium on Usable Security and Privacy (USEC'25) together with Sanchari Das
  • Who Are You?! Adventures in Authentication Workshop 2021 (WAY'21) together with Sarah Pearman

Program Committee Member

  • IEEE SP: 2025, 2024, 2022
  • USENIX Security: 2025,2024, 2023, 2021, 2020, 2019
  • ACM CCS: 2019, 2018
  • ACM SAC: 2019
  • IEEE EuroSP: 2016

Workshops

  • PasswordCon: 2025
  • FoPI (co-located with IEEE EuroSP): 2021
  • WAY (co-located with USENIX SOUPS): 2020
  • SysTEX (co-located with ACM CCS): 2016

External Reviewer

  • ACM CHI: 2024

Journal Reviewer

  • ACM TOPS: 2023
  • IEEE TDSC: 2021, 2016, 2014
  • IEEE TIFS: 2017
  • IEEE TDSCSI: 2014