Univ.-Prof. Dr. Stefan Brunthaler

Univ.-Prof. Dr. Stefan Brunthaler
INF 6 Institut für Systemsicherheit
Gebäude Carl-Wery-Str. 18, Zimmer 1722
+49 89 6004 7330

Univ.-Prof. Dr. Stefan Brunthaler

Short bio and research interests

In February 2011, I received a Dr. techn. degree in computer science from the Vienna University of Technology under the supervision of Prof. Jens Knoop. For the following couple of years I was a postdoctoral scholar at the University of California, Irvine, working with Prof. Michael Franz. After a brief stint with SBA Research in Vienna, I joined Paderborn University's computer science department in 2016. In 2017 I received a call to join the newly established national cyber security research center (CODE) in Munich as a full professor holding the chair of secure software engineering.

My research focuses on software systems: I build new systems that solve challenging and important problems in the intersection of computer security and programming language implementation. Specifically, I have been working in language-based security, focusing on automated software diversity and information-flow tracking for JavaScript. At present, I am actively working on browser security and privacy.

I also have extensive experience in implementing and optimizing dynamic programming languages — in particular Python: my most recent advances lead to performance improvements of up to more than five-fold when compared to standard Python. Recently, I have been making inroads towards verifying semantic preservation of my interpreter optimizations using Coq and Isabelle.


At present, my efforts focus on building up the Munich Computer Systems Research Laboratory, μCSRL for short. μCSRL's primary focus is to substantially advance the state-of-the-art in language-based security.

Our research currently centers on the following items:

  • thwarting advanced attacks (e.g., RowHammer, Address Oblivious Code Reuse, Transient Execution Attacks, BlindSide),
  • investigating new, sophisticated attack vectors,
  • automated vulnerability analysis with fuzzing,
  • exploring different methodologies to create safe programming languages (with a particular focus on Racket's language-oriented programming),
  • studying the principles underlying language-based security in general, and software diversity in particular,
  • improving our understanding of browsers: simplifying their implementation, improving performance, security & privacy,
  • examining alternatives to creating large-scale, real-world software that is both, fast & secure.


I am looking for qualified and motivated students to join μCSRL. Send me an email if all of the following hold true:

  • getting a PhD sounds interesting and you've read Matt Might's illustrated guide to a PhD,
  • you have read a couple of my papers and are excited by this type of work,
  • you are excited with μCSRL's research agenda (see itemization above),
  • you speak German (to interact with MSc and BSc students).


In case you are looking for Master's thesis topic, please stop by my office. (I have several topics that I am not advertising publicly.)





You may find a more current list of publications on either DBLP, ACM portal, or Google Scholar.

Copyright notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be re-posted without the explicit permission of the copyright holder.


Last change: 20210101/1239/sbr