University of Passau
Department of Informatics and Mathematics
IT-SEC 
   University of Passau  >  FIM  >  IT-SEC  >  Members >  Former Members > Bastian Braun      SiteMapSitemap  Seitenende

Dipl.-Inform.  Bastian Braun

Bastian Braun

Contact Details

please copy manually into your email program
PGP-Key from Keyserver / Local Copy
Fingerprint: 5A79 2B62 A539 EE78 E176 94CC ECA2 83F8 9C54 0E8F
Tel.: +49-851-509-3215
Fax: +49-851-509-3212
Room: ITZ 135a

Office Address 

Universität Passau
Innstrasse 43
94032 Passau, Germany

This page is no longer actively maintained 

Last update: 01/01/2016

Research Interest 

  • Web Application Security
    • Control-Flow Integrity
    • Session Tracking
    • User Authentication
  • Additional Interest:
    • Software Security
    • Static Analysis
    • Fault Injection
    • Dependability
    • Fault Tolerance
    • Fuzzing

Publications

  • Bastian Braun. Web-based Secure Application Control. Ph.D. Thesis, University of Passau, Germany, 2015. PDF  Bibtex
  • Bastian Braun, Korbinian Pauli, Joachim Posegga, and Martin Johns. LogSec: Adaptive Protection for the Wild Wild Web. In the 2015 ACM Symposium on Applied Computing (SAC 2015) - to appear, 2015. Bibtex
  • Bastian Braun, Johannes Köstler, Joachim Posegga, and Martin Johns. A Trusted UI for the Mobile Web. In 29th IFIP International Information Security and Privacy Conference (IFIP SEC 2014), 2014.   PDF  Bibtex
  • Bastian Braun, Caspar Gries, Benedikt Petschkuhn, and Joachim Posegga. Ghostrail: Ad Hoc Control-Flow Integrity for Web Applications. In 29th IFIP International Information Security and Privacy Conference (IFIP SEC 2014), 2014.   PDF  Bibtex
  • Bastian Braun, Johannes Köstler, Martin Johns, and Joachim Posegga. PhishSafe: Leveraging Modern JavaScript API's for Transparent and Robust Protection. In Fourth ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2014), 2014.   PDF  Bibtex
  • Bastian Braun, Christian v. Pollak, and Joachim Posegga. A Survey on Control-Flow Integrity Means in Web Application Frameworks. In 18th Nordic Conference on Secure IT Systems (NordSec 2013), 2013.   PDF  Bibtex
  • Bastian Braun, Patrick Gemein, Hans P. Reiser, and Joachim Posegga. Control-Flow Integrity in Web Applications. In International Symposium on Engineering Secure Software and Systems (ESSoS 2013), Lecture Notes in Computer Science (LNCS), Springer, 2013.   PDF  Bibtex
  • Martin Johns, Sebastian Lekies, Bastian Braun, and Benjamin Flesch. BetterAuth: Web Authentication Revisited. In Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC 2012), 2012.   PDF  Bibtex
  • Bastian Braun, Stefan Kucher, Martin Johns, and Joachim Posegga. A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities. In Trust, Privacy and Security in Digital Business (TrustBus '12), pages 17-29, Lecture Notes in Computer Science (LNCS), Springer, 2012.   PDF  Bibtex
  • Bastian Braun, Patrick Gemein, Benedikt Höfling, Michael Marc Maisch, and Alexander Seidl. Angriffe auf OpenID und ihre strafrechtliche Bewertung. In Datenschutz und Datensicherheit - DuD, 36: 502-509, 2012.   PDF  Bibtex
  • Martin Johns, Bastian Braun, Michael Schrank, and Joachim Posegga. Reliable Protection Against Session Fixation Attacks. In Proceedings of the 2011 ACM Symposium on Applied Computing (SAC 2011), pages 1531-1537, ACM, 2011.   PDF  Bibtex
  • Michael Schrank, Bastian Braun, Martin Johns, and Joachim Posegga. Session Fixation  n the Forgotten Vulnerability?. In Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit, pages 341-352, Lecture Notes in Informatics (LNI), Springer, 2010.   PDF  Bibtex
  • Bastian Braun and Henrich C. Pöhls. Authenticity: The missing link in the social semantic web. In INFORMATIK 2008 Beherrschbare Systeme - dank Informatik, Digitale Soziale Netze 2008, Lecture Notes in Informatics (LNI), Springer, 2008.   PDF  Bibtex
  • Bastian Braun. SAVE: Static Analysis on Versioning Entities. In SESS '08: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, pages 25-32, ACM, 2008.   PDF  Bibtex
  • Bastian Braun. FCPre: Extending the Arora-Kulkarni Method of Automatic Addition of Fault-Tolerance. In Proceedings of The Second International Conference on Availability, Reliability and Security (ARES'07), pages 967-974, IEEE Computer Society, 2007.   PDF  Bibtex
  • Bastian Braun. FCPre: Extending the Arora-Kulkarni Method of Automatic Addition of Fault-Tolerance. Technical Report of University of Hamburg, Department of Informatics, Number B-275-06, 2006. PDF  Bibtex

Talks

  • Bastian Braun. Doing It the Web Way - Web-based Secure Application Control. Talk at the DistriNet Seminar, KU Leuven, Belgium, 2014.
  • Bastian Braun. A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks. Talk at the OWASP AppSec EU 2013, Hamburg, Germany, 2013. Link... 
  • Bastian Braun. LogSec - A Smart Browser for Secure Web Sessions. Talk at the First European Workshop on Web Application Security Research (WASR'13), Hamburg, Germany, 2013. Link... 
  • Bastian Braun. Web-based Secure Application Control. Talk at the Colloquium of the Department of Informatics and Mathematics, Passau, Germany, 2013. Link... 
  • Bastian Braun. Der Weg ist das Ziel  n Kontrollfluss-Integrität in Web-Applikationen sichern. Talk at the German OWASP Day 2012, Munich, Germany, 2012. Link... 
  • Bastian Braun. Control-Flow Integrity in Web Applications. Talk at the Dagstuhl Seminar on Web Application Security (Seminar No 12401), Dagstuhl, Germany, 2012. Link... 
  • Bastian Braun. The Journey Is The Destination. Talk at the MyPhD Workshop 2012, Bochum, Germany, 2012. Link... 
  • Bastian Braun. WebSand  n Server-driven Outbound Web-application Sandboxing. Talk at the Trust, Privacy and Security in Digital Business (TrustBus '12), Vienna, Austria, 2012. Link... 
  • Bastian Braun. Users and Web Applications: the Good, the Bad and the Ugly. Talk at the MyPhD Workshop 2011, Erlangen, Germany, 2011.
  • Bastian Braun. A Survey of Session Fixation Vulnerabilities and a Thorough Solution. Talk at the 1st WebSand Workshop, Gothenburg, Sweden, 2011.
  • Bastian Braun. Towards a Browser Feedback for Multiple TLS Certificate Verifications. Talk at the 1st WebSand Workshop, Gothenburg, Sweden, 2011.
  • Bastian Braun. Ich weiss, was du letzten Sommer (nicht) tun durftest. Talk at the MyPhD Workshop 2010, Aachen, Germany, 2010.
  • Bastian Braun. Herausforderungen an Sicherheitsmodelle in neuartigen Anwendungsszenarien. Talk at the MyPhD Workshop 2009, Passau, Germany, 2009.

Supervised Theses

  • Feel free to contact me if you are interested in a thesis on any web security related topic.
  • Ongoing
  • Finished
    • Bachelor thesis: Session Fixation Vulnerability in Common Web Frameworks (by Arne Bilzhause)
    • Bachelor thesis: Dissemination Analysis and Empirical Security Investigation of Web Single Sign-On Systems for End Users (by Manuel Feifel)
    • Bachelor thesis: Manipulationsschutz von Onlineumfragen (by Tobias Friedl)
    • Bachelor thesis: Implementierung einer Java Bibliothek zur eingeschränkten statischen Kontrollfluss- und Datenflussanalyse von Java Bytecode (by Stephan Huber)
    • Bachelor thesis: Session Imagination - A new way of authenticating security-critical operations (by Stefan Kucher)
    • Bachelor thesis: Implementierung einer Firefox-Extension zum clientseitigen Schutz gegen Webangriffe auf OpenID-basierte Authentifizierung (by Christoph Oblinger)
    • Bachelor thesis: Implementing a Browser Extension for Intelligent Browser Behaviour Based on Authentication State Recognition (by Korbinian Pauli)
    • Bachelor thesis: Gewährleistung der Kontrollflussintegrität dynamischer Webanwendungen durch serverseitige Reproduktion von Nutzerinteraktion (by Benedikt Petschkuhn)
    • Bachelor thesis: Analyse verschiedener Web-Frameworks bezüglich Definition und Durchsetzung von Kontrollflusseigenschaften (by Christian v. Pollak)
    • Bachelor thesis: Die Erweiterungsschnittstelle von Mozilla Firefox und Google Chrome (by Johannes Rückert)
    • Bachelor thesis: Analysing DNS Resolvers’ Trustworthiness and Finding Typosquatting Domains (by Benedikt Strobl)
    • Diploma thesis: Techniken zur Isolierung und partiellen Deaktivierung von JavaScript in Browsern (by Mathias Wagner)
    • Master thesis: Identitätsdiebstahl im Internet - Angriffsvektoren und Gegenmaßnahmen (by Wolfgang Frankenberger)
    • Master thesis: Sicherheitsanalyse von Authentifizierungen im WWW (by Tobias Friedl)
    • Master thesis: Implementierung eines Kontrollfluss-Integritäts-Monitors zur Integration in existierende Web-Applikationen (by Patrick Gemein)
    • Master thesis: Guardrail: A Stateful HTTP Reverse Proxy for Control-Flow Enforcement (by Caspar Gries)
    • Master thesis: Mitigating Impersonation Attacks on Web Authentication Using Device Pinning and Authorized Actions (by Johannes Köstler)
    • Master thesis: Implementing a Browser Extension for Client-side Protection of Web Applications Against Clickjacking Attacks on Temporal Integrity (by Korbinian Pauli)

Professional Activities

  • Reviewer for program committees: OWASP AppSecEU 2013, OWASP AppSecEU 2015, Security and Communication Networks (Journal, Wiley)

  • Sub-Reviewer for program committees: IFIP SEC 2007, WISTP 2007, WOSIS 2007, SECRYPT 2007, STM 07, Sicherheit 2008, CARDIS 2008, SPCC 2010, SEC 2010, SECRYPT 2010, TrustBus 2010, SECRYPT 2011, WOSIS 2011, TrustBus 2011, SecureComm 2011, NTMS 2012, WISTP 2012, SECRYPT 2012, CRISIS 2012, SPACE 2012, MEMICS 2012, HCI 2013, ESSoS DS 2013, WISTP 2013, TrustBus 2013

Teaching

  • Winter term 2013/14
    • Hauptseminar: IT Security Unleashed
    • Hauptseminar: Cloud Computing

  • Summer term 2013
    • Hauptseminar: Real Life Security

  • Summer term 2012
    • Hauptseminar: Real Life Security

  • Winter term 2011/12
    • Hauptseminar: Real Life Security

  • Summer term 2011
    • Hauptseminar: Real Life Security

  • Summer term 2010
    • Hauptseminar: IT Security unleashed 2.0
    • Arbeitskurs: IT-Sicherheit
    • Praktikum: Software-Sicherheit

  • Winter term 2009/10
    • Exercises: IT-Sicherheit
    • Arbeitskurs: IT-Sicherheit
    • Praktikum: Sicherheits-Infrastrukturen

  • Summer term 2009
    • Hauptseminar: IT-Security unleashed
    • Arbeitskurs: IT-Sicherheit
    • Praktikum: Software-Sicherheit

  • Winter term 2008/09
    • Exercises: IT-Sicherheit
    • Hauptseminar: IT-Sicherheit
    • Arbeitskurs: IT-Sicherheit
    • Praktikum: Sicherheits-Infrastrukturen

  • Summer term 2008 (University of Hamburg)
    • Exercises: Grundlagen der Systemsoftware (GSS)
    • Project: Software Security (Part II)
    • Oberseminar: Fortgeschrittene IT-Sicherheit

  • Winter term 2007/08 (University of Hamburg)
    • Seminar: Sicherheit in mobilen und ubiquitären Systemen
    • Project: Software Security (Part I)
    • Datenschutz in der Informationsgesellschaft (Lecturer Peter Schaar)

  • Summer term 2007 (University of Hamburg)
    • Exercises: Grundlagen der Systemsoftware (GSS)
    • Project: Software Security (Part II)
    • Seminar: IT-Security
    • Oberseminar: Fortgeschrittene IT-Sicherheit

  • Winter term 2006/07 (University of Hamburg)
    • Seminar: Sicherheit in mobilen und ubiquitären Systemen
    • Project: Software Security (Part I)
    • Exercises: Informatik für Nebenfachstudierende II
  Impressum Last modified: 06/06/2016 - 12:51:38 by bb  Seitenanfang