Simon Koch

PhD candidate and research assistant at the IAS



IZ 211

Mühlenpfordtstr. 23

38106, Braunschweig

I am a 6th year PhD candidate and research assistant of Martin Johns at the Institute for Application Security, TU Braunschweig. My research focuses on questions surrounding mobile privacy and web security. For mobile privacy I primarily conduct dynamic traffic measurements to assess the data leaked by applications. Whereas for web security I am doing both dynamic and static program analysis research, trying to understand live deployments as well as discovering new vulnerabilities of web applications.

If some of my work peaked your interest I am always interested in new collaborations. I am looking forward to finish my PhD this year and therefore searching for new opportunities in academia to continue my research in both the mobile and web space.


Jul 05, 2024 Our shepherd agreed with our revision of SSRF vs Developers: A Study of SSRF-Defenses in PHP Applications which is going to appear at USENIX’24.
Mar 08, 2024 Our shepherd agreed with our revision of A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing which is going to appear at PETS’24.
Mar 01, 2024 I presented The Fault in Our Stars at MADWeb and am honored to receive the Distinguished Presentation Award.

selected publications

  1. The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications
    Simon Koch, Benjamin Altpeter , and Martin Johns
    In USENIX Security Symposium , 2023
  2. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities
    Samuel Groß , Simon Koch, Lukas Bernhardt , Thorsten Holz , and Martin Johns
    In Network and Distributed System Security (NDSS) Symposium , 2023
  3. Keeping Privacy Labels Honest
    Simon Koch, Malte Wessels , Benjamin Altpeter , Madita Olvermann , and Martin Johns
    In Privacy Enhancing Technologies Symposium (PETS) , 2022
  4. Deemon: Detecting CSRF with dynamic analysis and property graphs
    Giancarlo Pellegrino , Martin Johns , Simon Koch, Michael Backes , and Christian Rossow
    In ACM SIGSAC Conference on Computer and Communications Security (CCS) , 2017