AddressChristian Holler, M.Sc.
Mobile: +49 176 2198 5042
S/MIME: StartSSL X.509 Certificate
Email (Business): Click Here
Email (Private): Click Here
My interests are generally aimed at Practical Security. This area provides a lot of problems that are not only interesting but also affect a large part of companies and normal users. Some of the problems I am interested in are listed here.
This section lists older research areas that I used to work on.
Spam (UBE/UCE) and Fraud (Phishing/Pharming) is something that certainly everyone who owns an email address was already confronted with. Be it a simple text spam mail advertising a pornographic web site, container spam (Pictures, Documents, etc) trying to sell you drugs or forged mails prompting you to "renew" your online banking account, everyone who receives them knows how annoying they are. But such mails are not only annoying; more than enough people are already victims of phishing and pharming attacks, causing a significant financial loss. In the past there have been very interesting approaches to solve the problem, but unfortunately, fighting spam is still an arms race. I'm interested in both identifying different kinds spam reliably and analyzing the infrastructures used by spammers to provide this constantly rising rate of spam. In 2006, container spam, i.e. mails containing their spam content in attachments (mostly graphics) posed a big problem and I started a project called "FuzzyOcr" to identify container spam in a fast and reliable way (see the Software section for more information). The software spread quickly and was one of the main reasons why the rate of image spam decreased drastically.
Statistical software vulnerability analysis and prediction is the art of looking at version archives to analyze software for vulnerabilities and to predict which components are likely to have more (as yet undetected) vulnerabilities. The project name for this work is Vulture; it has resulted in a paper that has been accepted for publication at ACM CCS 2007. Vulture's main result is that it is possible to predict which components will have more vulnerabilities than others: We correctly identify two thirds of all vulnerable components and about half of our predictions identify components that have had past vulnerabilities. We can also predict the ranking of components: the top 30 predicted vulnerable components contain on average 85% of the vulnerabilities of the real to 30 vulnerable components. That means that if you fix the top 30 predicted components, you will have fixed 85% of all vulnerabilities that you could have fixed at all.
Penetration Testing and Auditing is used to find security vulnerabilities in near-delivery or already delivered software systems. There are several ways of testing such systems: For blackbox testing, the tester has the same information available as any real attacker would have, whereas for whitebox testing, the tester is supplied with additional information, such as source code or other environmental data. I have specialized on white- and blackbox testing of web applications and I am also working on methods to aid this task or even automate it. I also do such tests on the server/network layer, searching for possible weaknesses in network infrastructure that could allow attackers to gain foot in a network.
Links to friends
I currently live in Bonn
I enjoy different styles of music but mostly I listen to electronic music.