Munich Computer Systems Research Lab

Logo

Opportunities

If getting a PhD sounds interesting, and you're interested in our research papers and topics, please get in touch with us! Email address is u c s r l at unibw dot de

No Army Affiliation needed!

Because students keep asking us: Our PhD researchers are not in any way affiliated with Germany’s armed forces but normal, civilian PhD students that have obtained their Master’s degrees from other universities (TU Munich, TU Wien, and HHU, to be precise). Although most of our Bachelor and Masters students are, in fact, officers in the German Bundeswehr, most of them continue in their military career after graduation.

If you have an accredited Master’s degree from a European university, you are welcome to join μCSRL! (And you will also not have to perform any military duties.)

μCSRL Publications

Full list of publications, grouped by journals/conferences.

Reviewed Journal Papers

  1. N. Burow, S. A. Carr, J. Nash, P. Larsen, M. Franz, S. Brunthaler, and M. Payer. Control-Flow Integrity: Precision, Security, and Performance. In ACM Computing Surveys 50.1 (2017), pp. 1–33.
  2. G. Wagner, P. Larsen, S. Brunthaler, and M. Franz. Thinking Inside the Box. In ACM Transactions on Programming Languages and Systems 38.3 (2016), pp. 1–37.
  3. P. Larsen, S. Brunthaler, and M. Franz. Automatic Software Diversity. In IEEE Security & Privacy Magazine 13.2 (2015), pp. 30–37.
  4. A. Homescu, T. Jackson, S. J. Crane, S. Neisius, S. Brunthaler, P. Larsen, and M. Franz. Large-scale Automated Software Diversity—Program Evolution Redux. In IEEE Transactions on Dependable and Secure Computing PP.99 (2015).
  5. G. Savrun-Yeni¸ceri, W. Zhang, H. Zhang, E. Seckler, C. Li, S. Brunthaler, P. Larsen, and M. Franz. Efficient Hosted Interpreters on the JVM. In ACM Transactions on Architecture and Code Optimization 11.1 (2014), 9:1–9:24.
  6. P. Larsen, S. Brunthaler, and M. Franz. Security Through Diversity: Are We There Yet? In IEEE Security & Privacy Magazine 12.2 (2014), pp. 28–35.
  7. C. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz. Information Flow Tracking meets Just-In-Time Compilation. In ACM Transactions on Architecture and Code Optimization 10.4 (2013). Presented at HiPEAC’14 in Vienna, Austria, 38:1–38:25.

Reviewed Conference and Journal Papers

  1. V. Sarafov, D. Makrvica, S. Brunthaler. TEPHRA: Principled Discovery of Fuzzer Limitations. In ASE ‘25: 40th IEEE/ACM International Conference on Automated Software Engineering, Seoul, South Korea, November 16 - 20, 2025. Ed. by M. Böhme and L. Zhang. ACM SIGSOFT Distinguished Paper Award
  2. V. Sarafov, D. Markvica, F. Berlakovich, M. Bernad, and S. Brunthaler. Understanding and Improving Coverage Tracking with AFL++ (Registered Report). In FUZZING’24: 3rd International Fuzzing Workshop, Vienna, Austria, September 16, 2024. Ed. by M. Böhme, Y. Noller, and L. Szekeres.
  3. F. Berlakovich and S. Brunthaler. Cross Module Quickening - The Curious Case of C Extensions. In 38th European Conference on Object-Oriented Programming (ECOOP 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 313, pp. 6:1-6:29, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024).
  4. M. Bernad and S. Brunthaler. HOBBIT: Hashed OBject Based InTegrity. In 38th European Conference on Object-Oriented Programming (ECOOP 2024). Leibniz International Proceedings in Informatics (LIPIcs), Volume 313, pp. 7:1-7:25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024).
  5. R. Mechelinck, D. Dorfmeister, B. Fischer, S. Volckaert, S. Brunthaler. GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer. In DIMVA ‘24: 21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Lausanne, Switzerland, July 17 - 19, 2024. Ed. by F. Maggi, M. Egele, M. Payer, and M. Carminati.
  6. F. Berlakovich and S. Brunthaler. R2C: AOCR-Resilient Diversity with Reactive and Reflective Camouflage. In EuroSys ’23: Eighteenth European Conference on Computer Systems, Rome, Italy, April 5 - 8, 2022. Ed. by A. Fedorova and D. Narayanan. (Acceptance rate 16.2%)
  7. M. Wiesinger, D. Dorfmeister, and S. Brunthaler. MAD: Memory Allocation Diversity. In 1st Workshop on DRAM Security (DRAMSec), co-located with ISCA 2021, Virtual Event, June 17, 2021.
  8. M. Desharnais and S. Brunthaler. Towards efficient and verified virtual machines for dynamic languages. In CPP ’21: 10th ACM SIGPLAN International Conference on Certified Programs and Proofs, Virtual Event, Denmark, January 17-19, 2021. Ed. by C. Hritcu and A. Popescu. ACM, 2021, pp. 61–75.
  9. M. Desharnais and S. Brunthaler. A Generic Framework for Verified Compilers Using Isabelle/HOL’s Locales. In 31es Journ´ees Francophones des Langages Applicatifs (JFLA), Gruissan, France, January 29–February 1st, 2020.
  10. M. Qunaibit, S. Brunthaler, Y. Na, S. Volckaert, and M. Franz. Accelerating Dynamically-Typed Languages on Heterogeneous Platforms Using Guards Optimization. In Proceedings of the 32nd European Conference on Object-Oriented Programming, Amsterdam, The Netherlands, July 16-21, 2018 (ECOOP ’18). Vol. 109. LIPIcs. Springer, 2018, 16:1–16:29.
  11. S. Neuner, A. G. Voyiatzis, M. Schmiedecker, S. Brunthaler, S. Katzenbeisser, and E. R. Weippl. Time is on my side: Steganography in filesystem metadata. In Proceedings of the 16th Annual USA Digital Forensics Research Conference (DFRWS ’16). 2016, pp. 76–86.
  12. C. Kerschbaumer, S. Stamm, and S. Brunthaler. Injecting CSP for Fun and Security. In Proceedings of the 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, 2016. (*Best paper award**).
  13. G. Savrun-Yeni¸ceri, M. L. Van de Vanter, P. Larsen, S. Brunthaler, and M. Franz. Efficient and Generic Event-based Profiler Framework for Dynamic Languages. In Proceedings of the 12th International Conference on Principles and Practice of Programming in Java, Melbourne, FL, USA, September 9-10, 2015 (PPPJ ’15). 2015, pp. 102–112.
  14. C. Stancu, C. Wimmer, S. Brunthaler, P. Larsen, and M. Franz. Safe and Efficient Hybrid Memory Management for Java. In Proceedings of the 14th International Symposium on Memory Management, Portland, OR, USA, June 14, 2015 (ISMM ’15). 2015, pp. 81–92.
  15. S. Crane, C. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M. Franz. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In Proceedings of the 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 18-20, 2015 (S&P ’15). 2015, pp. 763–780.
    Note: This line of research has culminated in another paper: R2C: AOCR-Resilient Diversity with Reactive and Reflective Camouflage.
  16. S. Crane, A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, February 8-11, 2015 (NDSS ’15). 2015.
  17. V. Mohan, P. Larsen, S. Brunthaler, K. Hamlen, and M. Franz. Opaque Control-Flow Integrity. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, February 8-11, 2015 (NDSS ’15). 2015.
  18. M. Murphy, P. Larsen, S. Brunthaler, and M. Franz. Software Profiling Options and Their Effects on Security Based Code Diversification. In Proceedings of the 1st ACM Workshop on Moving Target Defense, Scottsdale, AZ, USA, November 3rd, 2014 (MTD ’14). 2014, pp. 87–96.
  19. W. Zhang, P. Larsen, S. Brunthaler, and M. Franz. Accelerating Iterators in Optimizing AST Interpreters. In Proceedings of the 29th ACM SIGPLAN Conference on Object Oriented Programming: Systems, Languages, and Applications, Portland, OR, USA, October 20-24, 2014 (OOPSLA ’14). 2014, pp. 727–743.
  20. C. Stancu, C. Wimmer, S. Brunthaler, P. Larsen, and M. Franz. Comparing Points-to Static Analysis with Runtime Recorded Profiling Data. In Proceedings of the 11th International Conference on Principles and Practice of Programming in Java, Cracow, Poland, September 23-26, 2014 (PPPJ ’14). 2014, pp. 157–168.
  21. P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated Software Diversity. In Proceedings of the 35th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 18-21, 2014 (S&P ’14). 2014, pp. 276–291.
  22. C. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz. CrowdFlow: Efficient Information Flow Security. In Proceedings of the 16th Information Security Conference, Dallas, TX, USA, November 13-15, 2013 (ISC ’13). 2013.
  23. A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. librando: Transparent Code Randomization for Just-in-Time Compilers. In Proceedings of the 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 4-8, 2013 (CCS ’13). 2013, pp. 993–1004.
    NOTE: It’s what JIT compilers crave!
  24. G. Savrun-Yeni¸ceri, W. Zhang, H. Zhang, C. Li, S. Brunthaler, P. Larsen, and M. Franz. Efficient Interpreter Optimizations for the JVM. In Proceedings of the 10th International Conference on Principles and Practice of Programming in Java, Stuttgart, Germany, September 11-13, 2013 (PPPJ ’13). 2013, pp. 113–123.
  25. S. J. Crane, P. Larsen, S. Brunthaler, and M. Franz. Booby Trapping Software. In Proceedings of the New Security Paradigms Workshop, Banff, AB, Canada, September 9-12, 2013 (NSPW ’13). 2013, pp. 95–106.
  26. C. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz. Towards Precise and Efficient Information Flow Control in Web Browsers. In Proceedings of the 6th International Conference on Trust & Trustworthy Computing, London, United Kingdom, June 17-19, 2013 (TRUST ’13). Lecture Notes in Computer Science. Springer Verlag Berlin Heidelberg, 2013, pp. 187–195.
  27. E. Hennigan, C. Kerschbaumer, S. Brunthaler, P. Larsen, and M. Franz. First-Class Labels: Using Information Flow to Debug Security Holes. In Proceedings of the 6th International Conference on Trust & Trustworthy Computing, London, United Kingdom, June 17-19, 2013 (TRUST ’13). Lecture Notes in Computer Science. Springer Verlag Berlin Heidelberg, 2013, pp. 151–168.
  28. A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz. Profile-guided Automatic Software Diversity. In Proceedings of the 11th IEEE / ACM International Symposium on Code Generation and Optimization, Shenzhen, China, February 23-27, 2013 (CGO ’13). 2013, pp. 1–11.
  29. A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz. Microgadgets: Size Does Matter in Turing-Complete Return-Oriented Programming. In Proceedings of the 6th USENIX Workshop on Offensive Technologies, Bellevue, WA, USA, August 6-7, 2012 (WOOT ’12). 2012, pp. 64–76.
  30. C. Wimmer, S. Brunthaler, P. Larsen, and M. Franz. Fine-grained modularity and reuse of virtual machine components. In Proceedings of the 11th International Conference on Aspect-oriented Software Development, Potsdam, Germany, March 25-30, 2012 (AOSD ’12). ACM, 2012, pp. 203–214.
  31. S. Brunthaler. Interpreter Instruction Scheduling. In Proceedings of the 20th International Conference on Compiler Construction, Saarbr¨ucken, Germany, March 26-April 3rd, 2011 (CC ’11). Vol. 6601/2011. Lecture Notes in Computer Science. Springer, 2011, pp. 164–178.
  32. S. Brunthaler. Efficient Interpretation using Quickening. In Proceedings of the 6th Symposium on Dynamic Languages, Reno, NV, USA, October 18, 2010 (DLS ’10). New York, NY, USA: ACM Press, 2010, pp. 1–14.
  33. S. Brunthaler. Inline Caching meets Quickening. In Proceedings of the 24th European Conference on Object-Oriented Programming, Maribor, Slovenia, June 21-25, 2010 (ECOOP ’10). Vol. 6183/2010. Lecture Notes in Computer Science. Springer, 2010, pp. 429–451.
  34. S. Brunthaler. Efficient Inline Caching without Dynamic Translation. In Proceedings of the 2010 ACM Symposium on Applied Computing, Sierre, Switzerland, March 22-26, 2010 (SAC ’10). Sierre, Switzerland: ACM, 2010, pp. 2155–2156.
  35. S. Brunthaler. Virtual-Machine Abstraction and Optimization Techniques. In Proceedings of the 4th International Workshop on Bytecode Semantics, Verification, Analysis and Transformation, York, United Kingdom, March 29, 2009 (BYTECODE ’09). Vol. 253(5). Electronic Notes in Theoretical Computer Science. York, United Kingdom: Elsevier, 2009, pp. 3–14.

Theses

Unreviewed Manuscripts

  1. S. Brunthaler: Multi-Level Quickening: Ten Years After. Arxiv.