Dr. Christoph
Kerschbaumer
Christoph Kerschbaumer picture I am the Firefox Security Infrastructure Engineering Manager at Mozilla with over a decade of experience in Secure Systems Development. My work ranges from designing systems with fail safe defaults to fighting cross site scripting as well as preventing man-in-the-middle attacks.

I received my PhD in Computer Science from the University of California, Irvine where I based my research on information flow tracking techniques within web browsers.

Prior to being a graduate research scholar, I received a M.Sc. and B.Sc. in Computer Science from the Technical University Graz, Austria.
Publications
Peer Reviewed
Hardening Firefox against Injection Attacks; Christoph Kerschbaumer, Tom Ritter, Frederik Braun; SecWeb - Designing Security for the Web; Genova, Italy, September 2020 [Download PDF]

Extending the Same Origin Policy with Origin Attributes; Tanvi Vyas, Andrea Marchesini, Christoph Kerschbaumer; International Conference on Information Systems Security and Privacy; Porto, Portugal, February 2017

Enforcing Content Security by Default within Web Browsers; Christoph Kerschbaumer; International Conference on Cybersecurity Development; Boston, Massachusetts, November 2016

Injecting CSP for Fun and Security; Christoph Kerschbaumer, Sid Stamm, Stefan Brunthaler; International Conference on Information Systems Security and Privacy; Rome, Italy, February 2016 (Best Paper Award)

Information Flow Tracking meets Just-In-Time Compilation; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; ACM Transactions on Architecture and Code Optimization, Volume 10, Issue 4, December 2013. Invited to present at the International Conference on High-Performance and Embedded Architectures and Compilers; Vienna, Austria; January 2014

CrowdFlow: Efficient Information Flow Security; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; Information Security Conference; Dallas, Texas; November 2013

Towards Precise and Efficient Information Flow Control in Web Browsers; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

First-Class Labels: Using Information Flow to Debug Security Holes; Eric Hennigan, Christoph Kerschbaumer, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Christoph Kerschbaumer, Gregor Wagner, Christian Wimmer, Andreas Gal, Christian Steger, Michael Franz; Conference on the Principles and Practice of Programming in Java; Calgary, Alberta, Canada; August 2009
Magazines
Can we build a Privacy-Preserving Web Browser we all deserve?; Christoph Kerschbaumer, Luke Crouch, Tom Ritter, Tanvi Vyas; ACM XRDS Magazine, Summer 2018, Volume 24, No. 4
Theses
Probabilistic Information Flow Control in Modern Web Browsers; PhD Thesis, Secure Systems and Software Laboratory, Donald Bren School of Information & Computer Sciences, University of Califorina, Irvine, 2014 (Advisor: Prof. Michael Franz)

SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Masters Thesis, Institute for Technical Informatics, Technical University Graz, Austria, 2009
Invited Talks, Workshops, Seminars
Hardening the Content Security Landscape of Firefox; Keynote @ German OWASP Day; Karlsruhe, Germany; December 2019

Hardening the Content Security Landscape of Firefox; Mozilla Security Research Summit; Vienna, Austria; November 2019

Preventing Data Exfiltration in the Browser; Mozilla Security Research Summit; San Francisco, California; May 2019

Preventing Data Exfiltration Attempts in the Browser; Mozilla Security Research Summit; London, United Kingdom; November 2018

Enforcing Content Security by Default in Firefox; INRIA; Sophia Antipolis, France; October 2018

Could we use Information Flow Tracking to generate more sophisticated blacklists?; Web Application Security Seminar, Schloss Dagstuhl; Germany; August 2018

Enforcing Security in Firefox; SBA Research; Vienna, Austria; May 2017

Are We Secure Yet? Adversarial thinking to build Secure Systems; Linux Days Graz; Graz, Austria; April 2017

Probabilistic Information Flow Control in Modern Web Browsers; Microsoft Research; Redmond, Washington; January 2015

Information Flow Control in Modern Web Browsers; University of Stanford; California; December 2014

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, Santa Barbara, May 2013

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, San Diego, December 2011

Bytecode-Based Security for JavaScript; International Conference on Architectural Support for Programming Languages and Operating Systems; Newport Beach, California, March 2011

Bytecode-Based Security for JavaScript; The SoCal Programing Languages and Systems Workshop; University of California, Los Angeles, December 2010
Professional
  • Mozilla - Firefox Security Infrastracture Engineering Manager, since 2020
  • Mozilla - Content Security Tech Lead, since 2017
  • Mozilla - Security and Privacy Engineer, since 2013
  • Mozilla - Graduate Program Firefox OS, 2012
  • Qualcomm - Graduate Research Program, 2011
  • UC Irvine - Graduate Research Assistant, 2010
  • Bravestone - Software Engineer, 2009
  • TU Graz - Software Engineer, 2005
Teaching
Guest Lecture (video) in the class of Language-Based Security at Chalmers University of Technology, Gothenburg, Sweden, May 2020

Guest Lecture in the class of Applied Programming at my former High School Commercial & Digitial Business Academy, Liezen, Austria, February 2020

Introduction to Computer Science II, Teaching Assistant, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Winter 2012

Compilers and Interpreters, Teaching Assistant/Reader, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Fall 2011

Compilers and Interpreters, Teaching Assistant/Reader, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Spring 2011

Awards and Honors
Best Paper Award International Conference on Information Systems Security and Privacy, 2016

Roberto Padovani Scholarship Award, Qualcomm, Inc. ($5.000), 2011

Graduate Student Fellowship, Donald Bren School of Information and Computer Science ($90,000+), 2010

Fellowship for Excellent Students Abroad, Rudolf Chaudoire Foundation ($5,000), 2008

Scholarship for Short Time Academic Research and Expert Courses Abroad, TU Graz ($1,000), 2008

Fellowship for Excellent Students, Julius Raab Foundation ($5,000), 2003

Study Grant, Austrian Federal Ministry of Education, Science and Research($50,000+), 2002-2009
Contact
contact (at) firstname lastname (dot) com