Univ.-Prof. Dr. Stefan Brunthaler

INF 6 Institut für Systemsicherheit
Gebäude Carl-Wery-Str. 18, Zimmer 1722
+49 89 6004 7330

Univ.-Prof. Dr. Stefan Brunthaler

Stefan Brunthaler holds the chair in Secure Software Engineering at the National Cyber Defense Research Institute CODE. Before, Stefan was a tenured associate professor at Paderborn University for compilers & programming languages. Stefan obtained his Dr.techn. from TU Wien under the supervision of Prof. Dr. Jens Knoop in 2011, and spent the following four years as a postdoctoral scholar at the University of California, Irvine, working with Prof. Dr. Michael Franz.


Research interests:

  • Language-based security: Primarily working on novel techniques in software diversity. I am also interested in information-flow tracking in JavaScript and control-flow integrity.
  • Efficient implementation and optimization of programming languages. I am primarily interested in dynamic execution methods and systems, i.e., interpreters and just-in-time compilers.
    Recently, I have also begun investigating the efficiency of the implementation itself, which I examine through the lens of the Racket programming language, specifically its support for meta-linguistic abstraction.
  • Browser implementation and optimization, as well as warehouse-scale computing required to operate search engines. I have been interested in these systems for the past ten years and intend to do important work in both areas over the next decade.


Current students:

  • Martin Desharnais (PhD, at CODE)
  • Manuel Wiesinger (PhD, at TU Wien)
  • Felix Berlakovich (MSc, at TU Wien)
  • Matthias Bernad (MSc, at TU Wien)



I regularly teach the following courses:

  • language-based security (TU Wien, TU Munich, and CODE/UniBwM);
  • compilers (UniBwM);
  • several seminars and labs.



I am looking for motivated PhD students to join the SPHERE Lab. Send me an email about concrete openings and options at the CODE Nat'l Cyber Defense Research Institute. The working language in my lab is English, but German is required to teach courses at the undergraduate level. PhD students are almost exclusively civilians with no military background or conscription requirements.

Students in my lab get full salary compensation with minimum teaching requirements and are expected to spend their time exclusively on research.

SPHERE's research program currently centers on the following items:

  • thwarting advanced attacks (e.g., RowHammer, Spectre, Meltdown, COOP, JIT-ROP),
  • investigating new, sophisticated attack vectors,
  • exploring different methodologies to create safe programming languages (with a particular focus on Racket's language-oriented programming),
  • studying the principles underlying language-based security in general, and software diversity in particular,
  • improving our understanding of browsers: simplifying their implementation, improving performance, security & privacy,
  • examining alternatives to creating large-scale, real-world software that is both, fast & safe.


I am looking for qualified and motivated students to join the SPHERE lab. Send me an email if all of the following hold true:

  • getting a PhD sounds interesting and you've read Matt Might's illustrated guide to a PhD,
  • you have read a couple of my papers and are excited by this type of work,
  • you are excited with SPHERE's research agenda (see itemization above),
  • you speak German (to interact with MSc and BSc students).


In case you are looking for Master's thesis topic, please stop by my office. (I have several topics that I am not advertising publicly.)