publications

list of all my peer-reviewed publications

IT security conferences, the most important publication medium in my area, use the CORE ranking. Top-tier conferences are ranked A* (filter). You can find my citation profiles below.

Total: 45. Peer Reviewed: 31. Rank A*: 11. Awarded: 3.

2024

  1. SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements
    Louis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav Mladenov
    In European Symposium on Security and Privacy (Euro S&P), Vienna, Austria, accepted papers: 45/208 = 22%, Jul 2024

2023

  1. CCS
    Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers
    Dominik Noß, Lukas Knittel, Christian Mainka, Marcus Niemietz, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, accepted papers: 234/1222 = 19%, Nov 2023
  2. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    In USENIX Security Symposium, Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023

2022

  1. CCS
    DISTINCT: Identity Theft Using In-Browser Communications in Dual-Window Single Sign-On
    Louis Jannett, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, accepted papers: 218/971 = 22%, Nov 2022
  2. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022

2021

  1. CCS
    2021_xsinator.png
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021
  2. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  3. Processing Dangerous Paths - On Security and Privacy of the Portable Document Format
    Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  4. S&P
    Breaking the Specification: PDF Certification
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In IEEE Symposium on Security and Privacy (S&P), Virtual Conference, accepted papers: 115/952 = 12%, May 2021

2020

  1. WOOT
    Office Document Security and Privacy
    Jens Müller, Fabian Ising, Christian Mainka, Vladislav Mladenov, and Sebastian Schinzel
    In USENIX Workshop on Offensive Technologies (WOOT), Virtual Conference, accepted papers: 12/36 = 33%, May 2020

2019

  1. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  2. CCS
    Practical Decryption exFiltration: Breaking PDF Encryption
    Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

2018

  1. More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
    Paul Rösler, Christian Mainka, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, accepted papers: 33/144 = 23%, Nov 2018

2017

  1. ROOTS
    On the (in-)Security of JavaScript Object Signing and Encryption
    Dennis Detering, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ROOTS: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium, accepted papers: 8/13 = 62%, Nov 2017
  2. SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
    Dennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017
  3. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%, Apr 2017
  4. Same-Origin Policy: Evaluation in Modern Browsers
    Jörg Schwenk, Marcus Niemietz, and Christian Mainka
    In USENIX Security Symposium, Vancouver, BC, Canada, accepted papers: 85/572 = 15%, Apr 2017

2016

  1. How Secure Is TextSecure?
    Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz
    In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016
  2. WOOT
    How to Break Microsoft Rights Management Services
    Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016
  3. Your Cloud in My Company: Modern Rights Management Services Revisited
    Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, and Jörg Schwenk
    In International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria, accepted papers: 21/85 = 25%, Aug 2016
  4. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Aug 2016
  5. WOOT
    SoK: XML Parser Vulnerabilities
    Christopher Späth, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015
  3. OIS
    Automatic Recognition, Processing and Attacking of Single Sign-on Protocols with Burp Suite
    Christian Mainka, Vladislav Mladenov, Tim Guenther, and Jörg Schwenk
    In Open Identity Summit, Nov 2015
  4. SIOT
    Not so Smart: On Smart TV Apps
    Marcus Niemietz, Juraj Somorovsky, Christian Mainka, and Jörg Schwenk
    In International Workshop on Secure Internet of Things (SIoT), Vienna, Austria, Nov 2015

2014

  1. CCSW
    Your Software at My Service: Security Analysis of SaaS Single Sign-on Solutions in the Cloud
    Christian Mainka, Vladislav Mladenov, Florian Feldmann, Julian Krautwald, and Jörg Schwenk
    In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, Scottsdale, Arizona, USA, Oct 2014

2013

  1. ZEUS
    A New Approach for WS-Policy Intersection Using Partial Ordered Sets
    Abeer Elsafie, Christian Mainka, and Jörg Schwenk
    In Services and Their Composition (ZEUS), Rostock, Germany, Feb 2013
  2. A New Approach towards DoS Penetration Testing on Web Services
    Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Conference on Web Services (ICWS), Santa Clara, CA, USA, accepted papers: 91/479 = 19%, Jun 2013

2012

  1. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In World Congress on Services (SERVICES), Honolulu, HI, USA, Jun 2012
  2. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    In International Conference on Cloud Computing and Services Science (CLOSER), Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012