Floragasse 7 – 5th floor, 1040 Vienna

Stefan Brunthaler

Stefan Brunthaler

is key researcher at SBA Research and professor at the University of Federal Armed Forces Munich.

Research Interests

Stefan’s research focuses on software systems: He builds new systems that solve challenging and important problems in the intersection of computer security and programming language implementation. Specifically, he has been working in language-based security, focusing on automated software diversity, and information-flow tracking for JavaScript. Stefan also has extensive experience in implementing and optimizing dynamic programming languages — in particular Python: his most recent advances lead to performance improvements of up to more than five-fold when compared to standard Python. Recently, Stefan has been making inroads towards verifying semantic preservation of his interpreter optimizations using Coq.

 


Bio

In February 2011, Stefan received a Dr. techn. degree in computer science from TU Wien under the supervision of Prof. Jens Knoop. He has been a postdoctoral scholar at the research group of Prof. Michael Franz, University of California, Irvine from April 2011 until June 2015, before joining Paderborn University’s computer science department.

 


Publications

Full list of publications:

Top Publications:

  • Virtual-Machine Abstraction and Optimization Techniques (2009)
    • ARTICLE--
    • Stefan Brunthaler
    • Electronic Notes in Theoretical Computer Science
    @ARTICLE{Brunthaler2009VirtualMachine,
       author = {Stefan Brunthaler},
       title = {Virtual-Machine Abstraction and Optimization Techniques},
       journal = {Electronic Notes in Theoretical Computer Science},
       year = {2009},
       pdf = {bytecode09.pdf},
       volume = {253/5},
    }
  • Efficient interpretation using quickening (2010)
    • INPROCEEDINGS--
    • Stefan Brunthaler
    • Dynamic Languages Symposium 2010 (ACM SIGPLAN Notices)
    @INPROCEEDINGS{Brunthaler2010Efficient,
       author = {Stefan Brunthaler},
       title = {Efficient interpretation using quickening},
       booktitle = {Dynamic Languages Symposium 2010 (ACM SIGPLAN Notices)},
       year = {2010},
       month = {10},
       pdf = {dls10.pdf},
    }
  • Inline caching meets quickening (2010)
    • INPROCEEDINGS--
    • Stefan Brunthaler
    • 24th European Conference on Object-Oriented Programming (Lecture Notes in Computer Science)
    @INPROCEEDINGS{Brunthaler2010Inline,
       author = {Stefan Brunthaler},
       title = {Inline caching meets quickening},
       booktitle = {24th European Conference on Object-Oriented Programming (Lecture Notes in Computer Science)},
       year = {2010},
       month = {6},
       pdf = {ecoop10.pdf},
    }
  • Efficient inline caching without dynamic translation (2010)
    • INPROCEEDINGS--
    • Stefan Brunthaler
    • 2010 ACM Symposium on Applied Computing(SAC 2010)
    @INPROCEEDINGS{Brunthaler2010SAC,
       author = {Stefan Brunthaler},
       title = {Efficient inline caching without dynamic translation},
       booktitle = {2010 ACM Symposium on Applied Computing(SAC 2010)},
       year = {2010},
       month = {3},
       pdf = {sac10.pdf},
       publisher = {ACM Press},
    }
  • Interpreter instruction scheduling (2011)
    • INPROCEEDINGS--
    • Stefan Brunthaler
    • 20th International Conference on Compiler Construction (Lecture Notes in Computer Science)
    @INPROCEEDINGS{Brunthaler2011Interpreter,
       author = {Stefan Brunthaler},
       title = {Interpreter instruction scheduling},
       booktitle = {20th International Conference on Compiler Construction (Lecture Notes in Computer Science)},
       year = {2011},
       month = {4},
       pdf = {cc11.pdf},
       publisher = {Springer},
    }
  • Control-Flow Integrity: Precision, Security, and Performance (2017)
    • ARTICLEtruetrue
    • Nathan Burow and Scott A. Carr and Joseph Nash and Per Larsen and Michael Franz and Stefan Brunthaler and Mathias Payer
    • ACM Computing Surveys (CSUR)
    @ARTICLE{Burow2017ControlFlow,
       author = {Nathan Burow and Scott A. Carr and Joseph Nash and Per Larsen and Michael Franz and Stefan Brunthaler and Mathias Payer},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {Control-Flow Integrity: Precision,
       Security,
       and Performance},
       journal = {ACM Computing Surveys (CSUR)},
       year = {2017},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/CFI_brunthaler.pdf},
       volume = {50},
    }
  • Booby trapping software (2013)
    • INPROCEEDINGS--
    • Stephen Crane and Per Larsen and Stefan Brunthaler and Michael Franz
    • 2013 New security paradigms Workshop (NSPW 2013)
    @INPROCEEDINGS{Crane2013Booby,
       author = {Stephen Crane and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Booby trapping software},
       booktitle = {2013 New security paradigms Workshop (NSPW 2013)},
       year = {2013},
       month = {9},
       pdf = {nspw13.pdf},
    }
  • Readactor: Practical Code Randomization Resilient to Memory Disclosure (2015)
    • INPROCEEDINGS-true
    • Stephen Crane and Christopher Liebchen and Andrei Homescu and Lucas Davi and Per Larsen and Ahmad-Reza Sadeghi and Stefan Brunthaler and Michael Franz
    • 2015 IEEE Symposium on Security and Privacy
    @INPROCEEDINGS{Crane2015Readactor,
       author = {Stephen Crane and Christopher Liebchen and Andrei Homescu and Lucas Davi and Per Larsen and Ahmad-Reza Sadeghi and Stefan Brunthaler and Michael Franz},
       authorhotlist = {true},
       title = {Readactor: Practical Code Randomization Resilient to Memory Disclosure},
       booktitle = {2015 IEEE Symposium on Security and Privacy},
       year = {2015},
       month = {5},
       pdf = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7163059},
    }
  • Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity (2015)
    • INPROCEEDINGS-true
    • Stephen Crane and Andrei Homescu and Stefan Brunthaler and Per Larsen and Michael Franz
    • 22nd Annual Network and Distributed System Security Symposium (NDSS 2015)
    @INPROCEEDINGS{Crane2015Thwarting,
       author = {Stephen Crane and Andrei Homescu and Stefan Brunthaler and Per Larsen and Michael Franz},
       authorhotlist = {true},
       title = {Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity},
       booktitle = {22nd Annual Network and Distributed System Security Symposium (NDSS 2015)},
       year = {2015},
       month = {2},
       pdf = {ndss15b.pdf},
    }
  • Microgadgets: Size Does Matter in Turing-Complete Return-Oriented Programming (2012)
    • INPROCEEDINGS--
    • Andrei Homescu and Michael Stewart and Per Larsen and Stefan Brunthaler and Michael Franz
    • 6th Workshop on Offensive Technologies (WOOT 2012)
    @INPROCEEDINGS{Homescu2012Microgadgets,
       author = {Andrei Homescu and Michael Stewart and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Microgadgets: Size Does Matter in Turing-Complete Return-Oriented Programming},
       booktitle = {6th Workshop on Offensive Technologies (WOOT 2012)},
       year = {2012},
       month = {8},
       pdf = {woot12.pdf},
    }
  • librando: Transparent Code Randomization for Just-in-Time Compilers (2013)
    • INPROCEEDINGS--
    • Andrei Homescu and Stefan Brunthaler and Per Larsen and Michael Franz
    • 2013 ACM SIGSAC Conference on Computer and Communications Security (CSS 2013)
    @INPROCEEDINGS{Homescu2013librando,
       author = {Andrei Homescu and Stefan Brunthaler and Per Larsen and Michael Franz},
       title = {librando: Transparent Code Randomization for Just-in-Time Compilers},
       booktitle = {2013 ACM SIGSAC Conference on Computer and Communications Security (CSS 2013)},
       year = {2013},
       month = {9},
       pdf = {ccs13.pdf},
    }
  • Profile-guided automated software diversity (2013)
    • INPROCEEDINGS--
    • Andrei Homescu and Steven Neisius and Per Larsen and Stefan Brunthaler and Michael Franz
    • 2013 IEEE ACM International Symposium on Code Generation and Optimization (CGO)
    @INPROCEEDINGS{Homescu2013Profileguided,
       author = {Andrei Homescu and Steven Neisius and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Profile-guided automated software diversity},
       booktitle = {2013 IEEE ACM International Symposium on Code Generation and Optimization (CGO)},
       year = {2013},
       month = {2},
       pdf = {cgo13.pdf},
    }
  • Large-scale Automated Software Diversity - Program Evolution Redux (2015)
    • ARTICLE-true
    • Andrei Homescu and Todd Jackson and Stephen Crane and Stefan Brunthaler and Per Larsen and Michael Franz
    • IEEE Transactions on Dependable and Secure Computing
    @ARTICLE{Homescu2015Largescale,
       author = {Andrei Homescu and Todd Jackson and Stephen Crane and Stefan Brunthaler and Per Larsen and Michael Franz},
       authorhotlist = {true},
       title = {Large-scale Automated Software Diversity - Program Evolution Redux},
       journal = {IEEE Transactions on Dependable and Secure Computing},
       year = {2015},
       month = {6},
       pdf = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7122891},
    }
  • CrowdFlow: Efficient Information Flow Security (2013)
    • INPROCEEDINGS--
    • Christoph Kerschbaumer and Eric Hennigan and Per Larsen and Stefan Brunthaler and Michael Franz
    • 16th Information Security Conference (ISC 2013)
    @INPROCEEDINGS{Kerschbaumer2013CrowdFlow,
       author = {Christoph Kerschbaumer and Eric Hennigan and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {CrowdFlow: Efficient Information Flow Security},
       booktitle = {16th Information Security Conference (ISC 2013)},
       year = {2013},
       month = {11},
       pdf = {isc13.pdf},
    }
  • Information flow tracking meets just-in-time compilation (2013)
    • ARTICLE--
    • Christoph Kerschbaumer and Eric Hennigan and Per Larsen and Stefan Brunthaler and Michael Franz
    • ACM Transactions on Architecture and Code Optimization
    @ARTICLE{Kerschbaumer2013Information,
       author = {Christoph Kerschbaumer and Eric Hennigan and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Information flow tracking meets just-in-time compilation},
       journal = {ACM Transactions on Architecture and Code Optimization},
       year = {2013},
       month = {12},
       pdf = {taco13.pdf},
       volume = {10/4},
    }
  • Injecting CSP for Fun and Security (2016)
    • INPROCEEDINGS--
    • Christoph Kerschbaumer and Sid Stamm and Stefan Brunthaler
    • 2nd International Conference on Information Systems Security and Privacy
    @INPROCEEDINGS{Kerschbaumer2016Injecting,
       author = {Christoph Kerschbaumer and Sid Stamm and Stefan Brunthaler},
       title = {Injecting CSP for Fun and Security},
       booktitle = {2nd International Conference on Information Systems Security and Privacy},
       year = {2016},
       month = {2},
    }
  • Security through Diversity: Are We There Yet? (2014)
    • ARTICLE--
    • Per Larsen and Stefan Brunthaler and Michael Franz
    • IEEE Security and Privacy
    @ARTICLE{Larsen2014Security,
       author = {Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Security through Diversity: Are We There Yet?},
       journal = {IEEE Security and Privacy},
       year = {2014},
       month = {3},
       pdf = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6617633},
       volume = {12/2},
    }
  • SoK: Automated Software Diversity (2014)
    • INPROCEEDINGS-true
    • Per Larsen and Andrei Homescu and Stefan Brunthaler and Michael Franz
    • 2014 IEEE Symposium on Security and Privacy
    @INPROCEEDINGS{Larsen2014SoK,
       author = {Per Larsen and Andrei Homescu and Stefan Brunthaler and Michael Franz},
       authorhotlist = {true},
       title = {SoK: Automated Software Diversity},
       booktitle = {2014 IEEE Symposium on Security and Privacy},
       year = {2014},
       month = {5},
       pdf = {sp14b.pdf},
    }
  • Opaque control-flow integrity (2015)
    • INPROCEEDINGS-true
    • Vishwath Mohan and Per Larsen and Stefan Brunthaler and Kevin W. Hamlen and Michael Franz
    • Network and Distributed System Security Symposium
    @INPROCEEDINGS{Mohan2015Opaque,
       author = {Vishwath Mohan and Per Larsen and Stefan Brunthaler and {Kevin W.} Hamlen and Michael Franz},
       authorhotlist = {true},
       title = {Opaque control-flow integrity},
       booktitle = {Network and Distributed System Security Symposium},
       year = {2015},
       month = {2},
       pdf = {ndss15a.pdf},
    }
  • Software Profiling Options and Their Effects on Security Based Diversification (2014)
    • INPROCEEDINGS--
    • Mark Murphy and Per Larsen and Stefan Brunthaler and Michael Franz
    • 1st ACM Workshop on Moving Target Defense (MTD 2014)
    @INPROCEEDINGS{Murphy2014Software,
       author = {Mark Murphy and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Software Profiling Options and Their Effects on Security Based Diversification},
       booktitle = {1st ACM Workshop on Moving Target Defense (MTD 2014)},
       year = {2014},
       month = {11},
       pdf = {mtd14.pdf},
    }
  • Time is on my side: Steganography in filesystem metadata (2016)
    • INPROCEEDINGS-true
    • Sebastian Neuner and Artemios G. Voyiatzis and Martin Schmiedecker and Stefan Brunthaler and Stefan Katzenbeisser and Edgar R. Weippl
    • 16th Annual DFRWS Conference
    @INPROCEEDINGS{Neuner2016Time,
       author = {Sebastian Neuner and {Artemios G.} Voyiatzis and Martin Schmiedecker and Stefan Brunthaler and Stefan Katzenbeisser and {Edgar R.} Weippl},
       authorhotlist = {true},
       title = {Time is on my side: Steganography in filesystem metadata},
       booktitle = {16th Annual DFRWS Conference},
       year = {2016},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/timestampStego_preprint.pdf},
       link_data = {https://www.sba-research.org/dfrws2016/},
       link_slides = {http://www.slideshare.net/SBAResearch/time-is-on-my-side-steganography-in-filesystem-metadata},
    }
  • Efficient interpreter optimizations for the JVM (2013)
    • INPROCEEDINGS--
    • Gülfem Savrun-Yeniçeri and Wei Zhang and Huahan Zhang and Chen Li and Stefan Brunthaler and Per Larsen and Michael Franz
    • International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools
    @INPROCEEDINGS{SavrunYeniceri2013Efficient,
       author = {Gülfem Savrun-Yeniçeri and Wei Zhang and Huahan Zhang and Chen Li and Stefan Brunthaler and Per Larsen and Michael Franz},
       title = {Efficient interpreter optimizations for the JVM},
       booktitle = {International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines,
       Languages,
       and Tools},
       year = {2013},
       month = {9},
       pdf = {pppj13.pdf},
    }
  • Efficient hosted interpreters on the JVM (2014)
    • ARTICLE--
    • Gülfem Savrun-Yeniçeri and Wei Zhang and Huahan Zhang and Eric Seckler and Chen Li and Stefan Brunthaler and Per Larsen and Michael Franz
    • ACM Transactions on Architecture and Code Optimization
    @ARTICLE{SavrunYeniceri2014Efficient,
       author = {Gülfem Savrun-Yeniçeri and Wei Zhang and Huahan Zhang and Eric Seckler and Chen Li and Stefan Brunthaler and Per Larsen and Michael Franz},
       title = {Efficient hosted interpreters on the JVM},
       journal = {ACM Transactions on Architecture and Code Optimization},
       year = {2014},
       month = {2},
       pdf = {taco14.pdf},
       volume = {11/1},
    }
  • An Efficient and Generic Event-based Profiler Framework for Dynamic Languages (2015)
    • INPROCEEDINGS--
    • Gülfem Savrun-Yeniçeri and Michael L. Van de Vanter and Per Larsen and Stefan Brunthaler and Michael Franz
    • Principles and Practices of Programming on The Java Platform (PPPJ 2015)
    @INPROCEEDINGS{SavrunYeniceri2015Efficient,
       author = {Gülfem Savrun-Yeniçeri and {Michael L.} {Van de Vanter} and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {An Efficient and Generic Event-based Profiler Framework for Dynamic Languages},
       booktitle = {Principles and Practices of Programming on The Java Platform (PPPJ 2015)},
       year = {2015},
       month = {9},
       pdf = {http://dl.acm.org/citation.cfm?doid=2807426.2807435},
    }
  • Comparing points-to static analysis with runtime recorded profiling data (2014)
    • INPROCEEDINGS--
    • Codruţ Stancu and Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz
    • International Conference on Principles and Practices of Programming on the Java platform Virtual machines, Languages, and Tools (PPPJ 2014)
    @INPROCEEDINGS{Stancu2014Comparing,
       author = {Codruţ Stancu and Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz},
       title = {Comparing points-to static analysis with runtime recorded profiling data},
       booktitle = {International Conference on Principles and Practices of Programming on the Java platform Virtual machines,
       Languages,
       and Tools (PPPJ 2014)},
       year = {2014},
       month = {9},
       pdf = {pppj14.pdf},
    }
  • Safe and efficient hybrid memory management for Java (2015)
    • INPROCEEDINGS-true
    • Codruţ Stancu and Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz
    • 2015 ACM SIGPLAN International Symposium on Memory Management (ISMM 2015)
    @INPROCEEDINGS{Stancu2015Safe,
       author = {Codruţ Stancu and Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz},
       authorhotlist = {true},
       title = {Safe and efficient hybrid memory management for Java},
       booktitle = {2015 ACM SIGPLAN International Symposium on Memory Management (ISMM 2015)},
       year = {2015},
       month = {6},
       pdf = {http://dl.acm.org/citation.cfm?doid=2754169.2754185},
    }
  • Thinking Inside the Box: Compartmentalized Garbage Collection (2013)
    • ARTICLE--
    • Gregor Wagner and Per Larsen and Stefan Brunthaler and Michael Franz
    • ACM Transactions on Programming Languages and Systems (TOPLAS)
    @ARTICLE{WagnerThinking,
       author = {Gregor Wagner and Per Larsen and Stefan Brunthaler and Michael Franz},
       title = {Thinking Inside the Box: Compartmentalized Garbage Collection},
       journal = {ACM Transactions on Programming Languages and Systems (TOPLAS)},
       year = {2013},
    }
  • Fine-grained modularity and reuse of virtual machine components (2012)
    • INPROCEEDINGS--
    • Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz
    • 11th Annual International Conference on Aspect-Oriented Software Development (AOSD 2012)
    @INPROCEEDINGS{Wimmer2012Finegrained,
       author = {Christian Wimmer and Stefan Brunthaler and Per Larsen and Michael Franz},
       title = {Fine-grained modularity and reuse of virtual machine components},
       booktitle = {11th Annual International Conference on Aspect-Oriented Software Development (AOSD 2012)},
       year = {2012},
       month = {3},
       pdf = {aosd12.pdf},
    }
  • Accelerating iterators in optimizing AST interpreters (2014)
    • INPROCEEDINGS-true
    • Wei Zhang and Per Larsen and Stefan Brunthaler and Michael Franz
    • 2014 ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA 2014)
    @INPROCEEDINGS{Zhang2014Accelerating,
       author = {Wei Zhang and Per Larsen and Stefan Brunthaler and Michael Franz},
       authorhotlist = {true},
       title = {Accelerating iterators in optimizing AST interpreters},
       booktitle = {2014 ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA 2014)},
       year = {2014},
       month = {10},
       pdf = {oopsla14.pdf},
    }

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close