Simon Koch is a PhD candidate since Mai 2018. His research area is web security focusing on automated and model based vulnerability detection and verification.
Room 211
simon.koch[at]tu-braunschweig.de
0531/391-3251
SSRF vs Developers: A Study of SSRF-Defenses in PHP Applications
Malte Wessels*, Simon Koch*, Giancarlo Pellegrino, Martin Johns
To appear at 33rd USENIX Security Symposium (USENIX Security'24), 2024 [BIB]
A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing
Robin Kirchner, Simon Koch, Noah Kamangar, David Klein, and Martin Johns
To appear at the 24th Privacy Enhancing Technologies Symposium (PETS), 2024 [BIB]
The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
Simon Koch, David Klein, and Martin Johns
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), 2024 [BIB]
Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications
Simon Koch, Malte Wessels, David Klein, Martin Johns
ACM Conference on Computer and Communications Security (CCS), 2023
The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications
Simon Koch, Benjamin Altpeter, Martin Johns
USENIX Security Symposium, 2023 [PDF/BibTex][Artifacts]
FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns
Network and Distributed System Security (NDSS) Symposium, 2023 [PDF]
Keeping Privacy Labels Honest: Developer conformity to self declared data collection via Apple Privacy Labels
Simon Koch, Malte Wessels, Benjamin Altpeter, Madita Olvermann, and Martin Johns
Privacy Enhancing Technologies Symposium (PETS), 2022 [pdf][Artefacts]
Raccoon: Automated Verification of Guarded Race Conditions in Web Applications
Simon Koch, Tim Sauer, Martin Johns, Giancarlo Pellegrino
35th ACM/SIGAPP Symposium on Applied Computing (SAC), 2020 [pdf][video][slides]
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, and Christian Rossow
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017 [pdf]
GDPR, Privacy Labels, and a Touch of Consent
ASU's CTF Colloquium Series, 28.07, Tempe (AZ), USA
Dark Patterns in Smartphone App Datenschutzdialogen
German OWASP Day'23, 30.-31.5.2023, Frankfurt am Main, Germany
I am interested in being a thesis advisor for both Bachelor and Master thesis and usually have available topics. If you are in search of a thesis please drop me an email containing your skills and interests and we can work out a topic.
As my work is focused in the area of model based vulnerability detection as well as mobile privacy. The following skills are a nice to have and you are going to have to master some of them during your thesis :
| Year | Venue |
|---|---|
| 2024 | CCS, MADWeb, SecWeb |
| Year | Journal |
|---|---|
| 2023 | International Journal of Information Security |
| 2021 | Software Testing, Verification and Reliability |
| Year | Conference |
|---|---|
| 2023 | PETS |
| Year | Conferences |
|---|---|
| 2023 | ACSAC, ARES, IEEE S&P, CODASPY, WWW |
| 2022 | IEEE S&P, SAC, WWW, CODASPY, IEEE Euro S&P |
| 2021 | ACSAC, ARES, CODASPY, SAC |
| 2020 | CODASPY, SAC, Euro S&P, ARES, ACSAC |
| 2019 | CODASPY, SAC, ACSAC, WWW |
| 2018 | Euro S&P, ACSAC |