I am the Firefox Security Infrastructure Engineering Manager at Mozilla with over a decade of experience in Secure Systems Development. My work ranges from designing systems with fail safe defaults to fighting cross site scripting as well as preventing man-in-the-middle attacks.

I received my PhD in Computer Science from the University of California, Irvine where I based my research on information flow tracking techniques within web browsers.

Prior to being a graduate research scholar, I received a M.Sc. and B.Sc. in Computer Science from the Technical University Graz, Austria.

Hardening Firefox against Injection Attacks; Christoph Kerschbaumer, Tom Ritter, Frederik Braun; SecWeb - Designing Security for the Web; Genova, Italy, September 2020 [Download PDF]

Extending the Same Origin Policy with Origin Attributes; Tanvi Vyas, Andrea Marchesini, Christoph Kerschbaumer; International Conference on Information Systems Security and Privacy; Porto, Portugal, February 2017

Enforcing Content Security by Default within Web Browsers; Christoph Kerschbaumer; International Conference on Cybersecurity Development; Boston, Massachusetts, November 2016

Injecting CSP for Fun and Security; Christoph Kerschbaumer, Sid Stamm, Stefan Brunthaler; International Conference on Information Systems Security and Privacy; Rome, Italy, February 2016 (Best Paper Award)

Information Flow Tracking meets Just-In-Time Compilation; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; ACM Transactions on Architecture and Code Optimization, Volume 10, Issue 4, December 2013. Invited to present at the International Conference on High-Performance and Embedded Architectures and Compilers; Vienna, Austria; January 2014

CrowdFlow: Efficient Information Flow Security; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; Information Security Conference; Dallas, Texas; November 2013

Towards Precise and Efficient Information Flow Control in Web Browsers; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

First-Class Labels: Using Information Flow to Debug Security Holes; Eric Hennigan, Christoph Kerschbaumer, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Christoph Kerschbaumer, Gregor Wagner, Christian Wimmer, Andreas Gal, Christian Steger, Michael Franz; Conference on the Principles and Practice of Programming in Java; Calgary, Alberta, Canada; August 2009

Can we build a Privacy-Preserving Web Browser we all deserve?; Christoph Kerschbaumer, Luke Crouch, Tom Ritter, Tanvi Vyas; ACM XRDS Magazine, Summer 2018, Volume 24, No. 4

Probabilistic Information Flow Control in Modern Web Browsers; PhD Thesis, Secure Systems and Software Laboratory, Donald Bren School of Information & Computer Sciences, University of Califorina, Irvine, 2014 (Advisor: Prof. Michael Franz)

SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Masters Thesis, Institute for Technical Informatics, Technical University Graz, Austria, 2009

Hardening the Content Security Landscape of Firefox; Keynote @ German OWASP Day; Karlsruhe, Germany; December 2019

Hardening the Content Security Landscape of Firefox; Mozilla Security Research Summit; Vienna, Austria; November 2019

Preventing Data Exfiltration in the Browser; Mozilla Security Research Summit; San Francisco, California; May 2019

Preventing Data Exfiltration Attempts in the Browser; Mozilla Security Research Summit; London, United Kingdom; November 2018

Enforcing Content Security by Default in Firefox; INRIA; Sophia Antipolis, France; October 2018

Could we use Information Flow Tracking to generate more sophisticated blacklists?; Web Application Security Seminar, Schloss Dagstuhl; Germany; August 2018

Enforcing Security in Firefox; SBA Research; Vienna, Austria; May 2017

Are We Secure Yet? Adversarial thinking to build Secure Systems; Linux Days Graz; Graz, Austria; April 2017

Probabilistic Information Flow Control in Modern Web Browsers; Microsoft Research; Redmond, Washington; January 2015

Information Flow Control in Modern Web Browsers; University of Stanford; California; December 2014

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, Santa Barbara, May 2013

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, San Diego, December 2011

Bytecode-Based Security for JavaScript; International Conference on Architectural Support for Programming Languages and Operating Systems; Newport Beach, California, March 2011

Bytecode-Based Security for JavaScript; The SoCal Programing Languages and Systems Workshop; University of California, Los Angeles, December 2010

• Understanding Web Security Checks in Firefox (Part 1)
• Firefox 75 will respect ‘nosniff’ for Page Loads
• Hardening Firefox against Injection Attacks
• Supporting Referrer Policy for CSS in Firefox 64
• Blocking FTP subresource loads within non-FTP documents in Firefox 61
• Supporting Same-Site Cookies in Firefox 60
• Blocking Top-Level Navigations to data URLs for Firefox 58
• Treating data URLs as unique origins for Firefox 57
• Enforcing Content Security By Default within Firefox
• Mitigating MIME Confusion Attacks in Firefox
• A Faster Content Security Policy (CSP)

• Mozilla - Firefox Security Infrastracture Engineering Manager, since 2020
• Mozilla - Content Security Tech Lead, since 2017
• Mozilla - Security and Privacy Engineer, since 2013
• Mozilla - Graduate Program Firefox OS, 2012
• Qualcomm - Graduate Research Program, 2011
• UC Irvine - Graduate Research Assistant, 2010
• Bravestone - Software Engineer, 2009
• TU Graz - Software Engineer, 2005

Guest Lecture (video) in the class of Language-Based Security at Chalmers University of Technology, Gothenburg, Sweden, May 2020

Guest Lecture in the class of Applied Programming at my former High School Commercial & Digitial Business Academy, Liezen, Austria, February 2020

Introduction to Computer Science II, Teaching Assistant, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Winter 2012

Compilers and Interpreters, Teaching Assistant/Reader, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Fall 2011

Compilers and Interpreters, Teaching Assistant/Reader, Donald Bren School of Information & Computer Sciences, University of California, Irvine, Spring 2011

Best Paper Award International Conference on Information Systems Security and Privacy, 2016

Roberto Padovani Scholarship Award, Qualcomm, Inc. ($5.000), 2011

Graduate Student Fellowship, Donald Bren School of Information and Computer Science ($90,000+), 2010

Fellowship for Excellent Students Abroad, Rudolf Chaudoire Foundation ($5,000), 2008

Scholarship for Short Time Academic Research and Expert Courses Abroad, TU Graz ($1,000), 2008

Fellowship for Excellent Students, Julius Raab Foundation ($5,000), 2003

Study Grant, Austrian Federal Ministry of Education, Science and Research($50,000+), 2002-2009

SecWeb, Designing Security for the Web, 2020
International Conference on Information Systems Security and Privacy, 2020
International Conference on Information Systems Security and Privacy, 2019
International Conference on Information Systems Security and Privacy, 2018

• Mozilla - SecEng University Relationship Framework (SURF)
• Mozilla - Security Engineering
• Secure Systems and Software Laboratory at UC Irvine
• University of California, Irvine
• Technical University Graz, Austria

contact (at) firstname lastname (dot) com