Univ.-Prof. Dr. Stefan Brunthaler

CODE
Gebäude Carl-Wery-Str. 18, Zimmer 1722
+49 89 6004 7330
brunthaler@unibw.de

Univ.-Prof. Dr. Stefan Brunthaler

Short bio and research interests

In February 2011, I received a Dr. techn. degree in computer science from the Vienna University of Technology under the supervision of Prof. Jens Knoop. For the following couple of years I was a postdoctoral scholar at the University of California, Irvine, working with Prof. Michael Franz. After a brief stint with SBA Research in Vienna, I joined Paderborn University's computer science department.

My research focuses on software systems: I build new systems that solve challenging and important problems in the intersection of computer security and programming language implementation. Specifically, I have been working in language-based security, focusing on automated software diversity and information-flow tracking for JavaScript.

I also have extensive experience in implementing and optimizing dynamic programming languages — in particular Python: my most recent advances lead to performance improvements of up to more than five-fold when compared to standard Python. Recently, I have been making inroads towards verifying semantic preservation of my interpreter optimizations using Coq.

At the moment, I am working tirelessly to build a new research group and am looking for qualified and motivated students. Send me an email if all of the following hold true:

  • getting a PhD sounds interesting
  • you have read a couple of my papers and are excited by this type of work
  • you speak German (funded positions typically come with a light teaching load)

 

In case you are looking for Master's thesis topic, please stop by my office. (I have several topics that I am not advertising publicly.)

 

Publications

You may find a more current list of publications on either DBLP, ACM portal, or Google Scholar.

 

Copyright Notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

 

Refereed Journals

 J8.

Nathan Burow, Scott Carr, Joseph Nash, Per Larsen, Michael Franz, SB, Mathias Payer. Control-Flow Integrity: Protection, Security, and Performance. In ACM Computing Surveys, 2017. To appear.

J7.

Sebastian Neuner, Artemios Voyiatzis, Martin Schmiedecker, SB, Stefan Katzenbeisser, Edgar Weippl. Time is on my side: Steganography in filesystem metadata. In Digital Investigation, pages S76–S86, 2016 

J6.

Gregor Wagner, Per Larsen, SB, Michael Franz. Thinking Inside the Box. In ACM Transactions on Programming Languages and Systems, volume 38(3) pages 1–37, 2016 

J5.

Andrei Homescu, Todd Jackson, Stephen Crane, SB, Per Larsen, Michael Franz. Large-scale Automated Software Diversity--Program Evolution Redux. In IEEE Transactions on Dependable and Secure Computing, volume PP(99) pages 1–1, 2015 (

J4.

Per Larsen, SB, Michael Franz. Security through Diversity: Are We There Yet?. In IEEE Security & Privacy, volume 12(2) pages 28–35, Institute of Electrical and Electronics Engineers Inc., 2014 

J3.

Gülfem Savrun-Yeniçeri, Wei Zhang, Huahan Zhang, Eric Seckler, Chen Li, SB, Per Larsen, Michael Franz. Efficient hosted interpreters on the JVM. In ACM Transactions on Architecture and Code Optimization, volume 11(1) pages 1–24, 2014 

J2.

Christoph Kerschbaumer, Eric Hennigan, Per Larsen, SB, Michael Franz. Information flow tracking meets just-in-time compilation. In ACM Transactions on Architecture and Code Optimization, volume 10(4) pages 1–25, 2013. Presented at HiPEAC'14 in Vienna, Austria 

J1.

SB. Virtual-Machine Abstraction and Optimization Techniques. In Electronic Notes in Theoretical Computer Science, volume 253(5) pages 3–14, 2009 

 

Refereed Conferences
C22.

Christoph Kerschbaumer, Sid Stamm, SB. Injecting CSP for Fun and Security. In Proceedings of the 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, 2016. Best Paper Award. 

C21.

Codru\u0163 Stancu, Christian Wimmer, SB, Per Larsen, Michael Franz. Safe and efficient hybrid memory management for Java. In Proceedings of the 2015 ACM SIGPLAN International Symposium on Memory Management - ISMM 2015, pages 81–92, ACM Press, New York, New York, USA, 2015. 

C20.

Gülfem Savrun-Yeniçeri, Michael {Van de Vanter}, Per Larsen, SB, Michael Franz. An Efficient and Generic Event-based Profiler Framework for Dynamic Languages. In Proceedings of the Principles and Practices of Programming on The Java Platform - PPPJ '15, pages 102–112, ACM Press, New York, New York, USA, 2015. 

C19.

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, SB, Michael Franz. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In 2015 IEEE Symposium on Security and Privacy, pages 763–780, IEEE, 2015. 

C18.

Vishwath Mohan, Per Larsen, SB, Kevin Hamlen, Michael Franz. Opaque Control-Flow Integrity. In 22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 8-11, 2015 (NDSS '15), 2015. 

C17.

Stephen Crane, Andrei Homescu, SB, Per Larsen, Michael Franz. Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. In 22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 8-11 (NDSS '15), Internet Society, 2015. 

C16.

Mark Murphy, Per Larsen, SB, Michael Franz. Software Profiling Options and Their Effects on Security Based Diversification. In Proceedings of the First ACM Workshop on Moving Target Defense - MTD '14, pages 87–96, ACM Press, New York, New York, USA, 2014. 

C15.

Wei Zhang, Per Larsen, SB, Michael Franz. Accelerating iterators in optimizing AST interpreters. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications - OOPSLA '14, pages 727–743, ACM Press, New York, New York, USA, 2014. 

C14.

Codru\u0163 Stancu, Christian Wimmer, SB, Per Larsen, Michael Franz. Comparing points-to static analysis with runtime recorded profiling data. In Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java platform Virtual machines, Languages, and Tools - PPPJ '14, pages 157–168, ACM Press, New York, New York, USA, 2014. 

C13.

Per Larsen, Andrei Homescu, SB, Michael Franz. SoK: Automated Software Diversity. In 2014 IEEE Symposium on Security and Privacy, pages 276–291, IEEE, 2014. 

C12.

Andrei Homescu, SB, Per Larsen, Michael Franz. librando: Transparent Code Randomization for Just-in-Time Compilers. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications security - CCS '13, pages 993–1004, ACM Press, New York, New York, USA, 2013. 

C11.

Christoph Kerschbaumer, Eric Hennigan, Per Larsen, SB, Michael Franz. CrowdFlow: Efficient Information Flow Security. In Proceedings of the 16th Information Security Conference, Dallas, TX, USA, November 13-15, 2013 (ISC 13), Springer-Verlag, 2013. 

C10.

Stephen Crane, Per Larsen, SB, Michael Franz. Booby trapping software. In Proceedings of the 2013 workshop on New security paradigms workshop - NSPW '13, pages 95–106, ACM Press, New York, New York, USA, 2013. 

C09.

Christoph Kerschbaumer, Eric Hennigan, Per Larsen, SB, Michael Franz. Towards Precise and Efficient Information Flow Control in Web Browsers. In Proceedings of the 6th International Conference on Trust & Trustworthy Computing, London, United Kingdom, June 17-19, 2013 (TRUST '13), pages 187–195, 2013. 

C08.

Eric Hennigan, Christoph Kerschbaumer, SB, Per Larsen, Michael Franz. First-Class Labels: Using Information Flow to Debug Security Holes. In Proceedings of the 6th International Conference on Trust & Trustworthy Computing, London, United Kingdom, June 17-19, 2013 (TRUST '13), pages 151–168, 2013. 

C07.

Gülfem Savrun-Yeniçeri, Wei Zhang, Huahan Zhang, Chen Li, SB, Per Larsen, Michael Franz. Efficient interpreter optimizations for the JVM. In Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform Virtual Machines, Languages, and Tools (PPPJ '13), pages 113–123, ACM Press, 2013. 

C06.

Andrei Homescu, Steven Neisius, Per Larsen, SB, Michael Franz. Profile-guided automated software diversity. In Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), pages 1–11, IEEE, 2013. 

C05.

Andrei Homescu, Michael Stewart, Per Larsen, SB, Michael Franz. Microgadgets: Size Does Matter in Turing-Complete Return-Oriented Programming. In Proceedings of the 6th Workshop on offensive technologies (WOOT 12), pages 64–76, 2012. 

C04.

Christian Wimmer, SB, Per Larsen, Michael Franz. Fine-grained modularity and reuse of virtual machine components. In Proceedings of the 11th annual international conference on Aspect-oriented Software Development - AOSD '12, pages 203, ACM Press, New York, New York, USA, 2012. 

C03.

SB. Interpreter instruction scheduling. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pages 164–178, 2011. 

C02.

SB. Inline caching meets quickening. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pages 429–451, 2010. 

C01.

SB. Efficient inline caching without dynamic translation. In Proceedings of the 2010 ACM Symposium on Applied Computing - SAC '10, pages 2155, ACM Press, New York, New York, USA, 2010. 

 

Thesis
T1.

SB. Purely Interpretative Optimizations. PhD thesis, Vienna University of Technology, February 2011 

 

Essays

 Why interpreters matter (at least for high level programming languages)