I am a doctoral researcher in the Software Technology Group. My research interests are focusd on static code analysis, API-misuses and software security. Currently, I focus on security problems caused by API-misuses, e.g., for cryptographic APIs.
A well-known problem of cryptography in software is that cryptographic APIs are used in an insecure way. An example is that developers use ECB as a block mode for encryption which is known to be insecure. Within my research we want to support developers to write secure code.
As part of my research within CROSSING, I am a contributor to the official which supports developers in using cryptographic APIs securely. Further, I contributed to the Eclipse Plugin CogniCrypt explainer video about CogniCrypt.
- 2017 – now: TU Darmstadt, PhD student, advised by Mira Mezini
- 2016: University of Uslo, exchange student
- 2014 – 2017: TU Darmstadt, master's degree
- 2011 – 2014: Technische Hochschule Bingen, bachelor's degree
Projects
Open Theses
2021/09/15
Bachelor Thesis, Master Thesis
Quantum key distribution provides a means for cryptographic applications to exchange a symmetric key between different parties in a provably secure manner. The security of this method is based on the errors generated during information exchange by an eavesdropping attack – based on principles of quantum mechanics – which are noticeable by the involved parties. Therefore, it is important that the keys are post-processed before they are used. Post-processing consists of error correction of the key and subsequent privacy enhancement.
Examiner: Prof. Dr.-Ing. Mira Mezini
Supervisor: Anna-Katharina Wickert, M.Sc.
2018/04/12
Bachelor Thesis, Master Thesis
Today, many applications use cryptographic components to provide a secure implementation. For a secure implementation, it is essential that a developer is aware of the correct and secure usage of cryptographic components. Recent studies have shown that developers struggle with this. Therefore, applications which are intended to be trustworthy, become insecure.
Within our research project “Secure Integration of Cryptographic Software” of the SFB CROSSING, we want to support developers when they integrate cryptographic components in an application. To achieve this aim, we have developed an Eclipse plugin which can generate secure cryptographic code and a static analysis which identifies insecure usages. Currently, we have created all rules checked by the analyis by hand. One of our next steps is to determine how we can automatically generate rules for correct and secure usages.
Examiner: Prof. Dr.-Ing. Mira Mezini
Supervisor: Anna-Katharina Wickert, M.Sc.
Ongoing Theses
Bachelor Thesis
Currently, CogniCryptSAST can handle subsequent crypto misuses due to the expressiveness of the used rules set. For example, an insecurely generated initialization vector can cause several misuse reports: a) the insecure call to generate random numbers which will be used as IV b) passing the IV to the cipher object. While the second information is valuable, a developer or security auditor is more interested in the places where they have to fix a misuse.This thesis should investigate if the current architecture of CogniCrypt can report subsequent errors to the users, and implement a potential prototype. Further, we plan to evaluate if the implementation improves the usability, e.g., by an expert interview.
Examiner: Prof. Dr.-Ing. Mira Mezini
Supervisors: Anna-Katharina Wickert, M.Sc., Michael Schlichtig
Publications

Error on loading data
An error has occured when loading publications data from TUbiblio. Please try again later.
-
{{ year }}
-
; {{ creator.name.family }}, {{ creator.name.given }}{{ publication.title }}. ({{ labels[publication.doc_status] }})
; {{ editor.name.family }}, {{ editor.name.given }} (eds.); ; {{ creator }} (Corporate Creator) ({{ publication.date.toString().substring(0,4) }}):
In: {{ publication.series }}, {{ publication.volume }}, In: {{ publication.book_title }}, In: {{ publication.publication }}, {{ publication.journal_volume}} ({{ publication.number }}), ppp. {{ publication.pagerange }}, {{ publication.place_of_pub }}, {{ publication.publisher }}, {{ publication.institution }}, {{ publication.event_title }}, {{ publication.event_location }}, {{ publication.event_dates }}, ISSN {{ publication.issn }}, e-ISSN {{ publication.eissn }}, ISBN {{ publication.isbn }}, DOI: {{ publication.doi.toString().replace('http://','').replace('https://','').replace('dx.doi.org/','').replace('doi.org/','').replace('doi.org','').replace("DOI: ", "").replace("doi:", "") }}, Official URL, [{{ labels[publication.type]?labels[publication.type]:publication.type }}] - […]
-
Number of items in this list: >{{ publicationsList.length }}
Only the {{publicationsList.length}} latest publications are displayed here.