Christoph Kerschbaumer picture

PUBLICATIONS | THESES | INVITED TALKS | BLOGPOSTS | PROFESSIONAL | TEACHING | AWARDS | PATENTS | AFFILIATIONS | CONTACT

BIOGRAPHY

I am a Web Platform Security and Privacy Engineer at Mozilla with over 10 years of experience in Secure Systems Development. My work focuses on all types of content security ranging from providing safe defaults to fighting cross site scripting as well as preventing man-in-the-middle attacks.

I received my PhD in Computer Science from the University of California, Irvine where I based my research on information flow tracking techniques within web browsers.

Prior to being a graduate research scholar, I received a M.Sc. and B.Sc. in Computer Science from the Technical University Graz, Austria.



PUBLICATIONS (PEER REVIEWED)

Extending the Same Origin Policy with Origin Attributes; Tanvi Vyas, Andrea Marchesini, Christoph Kerschbaumer; International Conference on Information Systems Security and Privacy; Porto, Portugal, February 2017

Enforcing Content Security by Default within Web Browsers; Christoph Kerschbaumer; International Conference on Cybersecurity Development; Boston, Massachusetts, November 2016

Injecting CSP for Fun and Security; Christoph Kerschbaumer, Sid Stamm, Stefan Brunthaler; International Conference on Information Systems Security and Privacy; Rome, Italy, February 2016 (Best Paper Award)

Information Flow Tracking meets Just-In-Time Compilation; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; ACM Transactions on Architecture and Code Optimization, Volume 10, Issue 4, December 2013. Invited to present at the International Conference on High-Performance and Embedded Architectures and Compilers; Vienna, Austria; January 2014

CrowdFlow: Efficient Information Flow Security; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; Information Security Conference; Dallas, Texas; November 2013

Towards Precise and Efficient Information Flow Control in Web Browsers; Christoph Kerschbaumer, Eric Hennigan, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

First-Class Labels: Using Information Flow to Debug Security Holes; Eric Hennigan, Christoph Kerschbaumer, Per Larsen, Stefan Brunthaler, Michael Franz; International Conference on Trust & Trustworthy Computing; London, United Kingdom; June 2013

SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Christoph Kerschbaumer, Gregor Wagner, Christian Wimmer, Andreas Gal, Christian Steger, Michael Franz; Conference on the Principles and Practice of Programming in Java; Calgary, Alberta, Canada; August 2009



THESES

Probabilistic Information Flow Control in Modern Web Browsers; PhD Thesis, Secure Systems and Software Laboratory, Donald Bren School of Information & Computer Sciences, University of Califorina, Irvine, 2014 (Advisor: Prof. Michael Franz)
➡ [PDF]


SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems; Masters Thesis, Institute for Technical Informatics, Technical University Graz, Austria, 2009
➡ [PDF]



INVITED TALKS, WORKSHOPS, OTHER PUBLICATIONS

Enforcing Security in Firefox; SBA Research; Vienna, Austria; May 2017

Are We Secure Yet? Adversarial thinking to build Secure Systems; Linux Days Graz; Graz, Austria; April 2017

Probabilistic Information Flow Control in Modern Web Browsers; Microsoft Research; Redmond, Washington; January 2015

Information Flow Control in Modern Web Browsers; University of Stanford; California; December 2014

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, Santa Barbara, May 2013

ConDOM: Containing the DOM for Safe Browsing; Christoph Kerschbaumer, Eric Hennigan, Stephan Brunthaler, Per Larsen, Michael Franz; Technical Report 12-01, Department of Information and Computer Science, University of California Irvine, October 2012

Quality Over Quantity: Developer Selected Information Flow; Eric Hennigan, Christoph Kerschbaumer, Stephan Brunthaler, Per Larsen, Michael Franz; Technical Report 12-02, Department of Information and Computer Science, University of California Irvine, October 2012

Implementation Details of Dynamic Information Flow Security Type Systems; Eric Hennigan, Christoph Kerschbaumer, Stephan Brunthaler, Michael Franz; Technical Report 11-03, Department of Information and Computer Science, University of California Irvine, July 2011

Tracking Information Flow for Dynamically Typed Programming Languages by Instruction Set Extension; Eric Hennigan, Christoph Kerschbaumer, Stefan Brunthaler, Michael Franz; Technical Report 11-01; Department of Information and Computer Science, University of California Irvine, June 2011

Information Flow in Web Browsers; The SoCal Programing Languages and Systems Workshop; University of California, San Diego, December 2011

Bytecode-Based Security for JavaScript; International Conference on Architectural Support for Programming Languages and Operating Systems; Newport Beach, California, March 2011

Bytecode-Based Security for JavaScript; The SoCal Programing Languages and Systems Workshop; University of California, Los Angeles, December 2010



BLOGPOSTS, PRESS AND MEDIA

➡ Enforcing Content Security By Default within Firefox
➡ Mitigating MIME Confusion Attacks in Firefox
➡ A Faster Content Security Policy (CSP)



PROFESSIONAL

Mozilla - Security and Privacy Engineer, since 2013
Mozilla - Graduate Program Firefox OS, 2012
Qualcomm - Graduate Research Program, 2011
UC Irvine - Graduate Research Assistant, 2010
Bravestone - Software Engineer, 2009
TU Graz - Software Engineer, 2005



TEACHING

Introduction to Computer Science II, Teaching Assistant in Winter 2012
Abstract behavior of classic data structures (stacks, queues, sorted and unsorted maps), alternative implementations. Recursion. Mathematical analysis of time and space efficiency, program analysis and correctness, system design techniques, programming paradigms.

Compilers and Interpreters, Teaching Assistant and Reader in Spring 2011 and Fall 2011
Introduction to the theory of programming language processors covering lexical analysis, syntax analysis, semantic analysis, intermediate representations, code generation, optimization, interpretation, and run-time support.



AWARDS AND HONORS

Best Paper Award, International Conference on Information Systems Security and Privacy, 2016
Roberto Padovani Scholarship Award, Qualcomm, Inc. ($5.000), 2011
Graduate Student Fellowship, Donald Bren School of Information and Computer Science ($90,000+), 2010
Fellowship for Excellent Students Abroad, Rudolf Chaudoire Foundation ($5,000), 2008
Scholarship for Short Time Academic Research and Expert Courses Abroad, TU Graz ($1,000), 2008
Fellowship for Excellent Students, Julius Raab Foundation ($5,000), 2003
Scholarship for Students, Austrian Federal Ministry of Science and Research ($50,000+), 2002



PROGRAM COMMITTEE MEMBERSHIPS

International Conference on Information Systems Security and Privacy, 2018



PATENTS

Encoding Labels in Values to capture Information Flows; Publication No.: WO/2013/070334; International Application No.: PCT/US2012/057682; Publication Date: 16.05.2013;



AFFILIATIONS

➡ Mozilla - Security Engineering 
➡ Secure Systems and Software Laboratory at UC Irvine 
➡ University of California, Irvine 
➡ Technical University Graz, Austria 



CONTACT

contact (at) firstname lastname (dot) com