Christian Mainka

Tenured IT Security Researcher

prof_pic_wide.jpg

I am a tenured researcher at the faculty of computer science at Ruhr University Bochum. With over a decade of experience in web and data security research, my work has been presented at top-tier academic and industry conferences. I have published 30 peer-reviewed papers, including 11 at top-tier conferences in my field and 3 awarded papers.

I have filed numerous CVEs in widely used applications and libraries.  I am the originator of the penetration test tools WS-Attacker and the Single Sign-On Burpsuite Extension EsPReSSO, which have proven valuable in the industry. My PhD research focused on XML-based web services and Single Sign-On protocols, such as OAuth and OpenID Connect and SAML. Since then, I have expanded my research to explore the robustness of digital systems, with a particular focus on document security. My current work involves investigating cryptographic failures related to document signatures and encryption using fault injection. I am also engaged in researching browser security, with a specific focus on security and privacy issues resulting from SOP bypasses, including XS-Leaks. In 2018, I got a permanent research position at the Chair for Network and Datasecurity and continue to explore innovative solutions to the challenges of cybersecurity.

open position

I am looking for a PhD Candidate (100% TVL-E13) working on PDF Security. Contact me via mail.

research topics:

  • Web security
    • Browser security: Cross-Site Leaks, Same-Origin Policy
    • Web protocol security: Single Sign-On, OAuth, OpenID Connect, REST
  • Data security
    • Document security: PDF, ODF, OOXML
    • Data format security: JSON, XML

research highlights

  1. 2021_xsinator.png
    CCS
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%. Nov 2021
  2. 2019_csaw.jpg
    CCS
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka, Karsten Selhausen, Martin Grothe, and Jörg Schwenk
    ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%. Nov 2019
  3. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%. Aug 2022