Professional Summary

I am a security researcher focusing on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems. This interest has extended to object-capability systems and developing new confidential computing solutions. More recently, I also worked on the intersection of those topics with human-centered studies, authentication, and data science.

Since December 2021 I am a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and heading the Trusted Systems Group. Between July 2018 and December 2021 I headed the same group at CISPA as tenure-track faculty and between June 2016 and July 2018 as a Research Group Leader.

I earned my Dr.-Ing. from Saarland University in 2016 with my thesis on ‘Establishing Mandatory Access Control on Android OS,’ which I wrote under supervision of Prof. Michael Backes. I finished my Master of Science in Engineering, Security and Mobile Computing on the KTH/DTU track of the NordSecMob Erasmus Mundus programme with my thesis “Using TCG/DRTM for application-specific credential storage and usage” in cooperation with Nokia Research Center, Helsinki, Finland.

Education

Ph.D. in Security in Information Technology

Saarland University, Germany

Master of Science in Engineering, Security and Mobile Computing

Royal Institute of Technology (KTH), Stockholm, Sweden / Technical University of Denmark (DTU), Copenhagen, Denmark

Interests

Mobile Platform Security Trusted Computing Usable Security
Recent Publications
(2026). Poster: A Systematic Review of Migration-Relevant Software Idioms and Their Interactions with Capability Systems. 11th IEEE European Symposium on Security and Privacy (EuroS&P ‘26).
(2026). SoK: Capability Operating Systems: Is the Future Finally Here?. 36th USENIX Security Symposium (USENIX Security ‘26).
(2026). Trust Nothing: RTOS Security without Run-Time Software TCB. 36th USENIX Security Symposium (USENIX Security ‘26).
(2026). From Discovery to Decisions: Archetypal Journeys of Mobile App Users and Their Implications on Privacy. ACM International Conference on Human Factors in Computing Systems (CHI ‘26).
PDF
(2025). Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets. 34th USENIX Security Symposium (SEC ‘25) Honorable Mention Award.
Academic Service

Program (Co-)Chair

Program Committee Member

  • IEEE SP: 2027, 2026, 2025, 2024, 2022
  • USENIX Security: 2027, 2025, 2024, 2023, 2021, 2020, 2019
  • ACM CCS: 2019, 2018
  • ACM SAC: 2019
  • IEEE EuroSP: 2016

Workshops

  • FoPI (co-located with IEEE EuroSP): 2021
  • WAY (co-located with USENIX SOUPS): 2020
  • SysTEX (co-located with ACM CCS): 2016

External Reviewer

  • ACM CHI: 2024

Journal Reviewer

  • ACM TOPS: 2023
  • IEEE TDSC: 2021, 2016, 2014
  • IEEE TIFS: 2017
  • IEEE TDSCSI: 2014