publications

list of all my peer-reviewed publications

IT security conferences, the most important publication medium in my area, use the CORE ranking. Top-tier conferences are ranked A* (filter). You can find my citation profiles below.

Total: 45. Peer Reviewed: 31. Rank A*: 11. Awarded: 3.

2024

  1. SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements
    Louis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav Mladenov
    In European Symposium on Security and Privacy (Euro S&P) , Vienna, Austria, Jul 2024

2023

  1. CCS
    Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers
    Dominik Noß, Lukas Knittel, Christian Mainka, Marcus Niemietz, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , Copenhagen, Denmark, accepted papers: 234/1222 = 19%, Nov 2023
  2. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    In USENIX Security Symposium , Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023

2022

  1. CCS
    DISTINCT: Identity Theft Using In-Browser Communications in Dual-Window Single Sign-On
    Louis Jannett, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , Los Angeles, CA, USA, accepted papers: 218/971 = 22%, Nov 2022
  2. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Security Symposium , Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022

2021

  1. CCS
    2021_xsinator.png
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021
  2. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In Network and Distributed System Security Symposium , Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  3. Processing Dangerous Paths - On Security and Privacy of the Portable Document Format
    Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In Network and Distributed System Security Symposium , Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  4. S&P
    Breaking the Specification: PDF Certification
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In IEEE Symposium on Security and Privacy (S&P) , Virtual Conference, accepted papers: 115/952 = 12%, May 2021

2020

  1. WOOT
    Office Document Security and Privacy
    Jens Müller, Fabian Ising, Christian Mainka, Vladislav Mladenov, and Sebastian Schinzel
    In USENIX Workshop on Offensive Technologies (WOOT) , Virtual Conference, accepted papers: 12/36 = 33%, May 2020

2019

  1. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  2. CCS
    Practical Decryption exFiltration: Breaking PDF Encryption
    Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security , London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

2018

  1. More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
    Paul Rösler, Christian Mainka, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P) , London, United Kingdom, accepted papers: 33/144 = 23%, Nov 2018

2017

  1. ROOTS
    On the (in-)Security of JavaScript Object Signing and Encryption
    Dennis Detering, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ROOTS: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium , accepted papers: 8/13 = 62%, Nov 2017
  2. SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
    Dennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ACM Asia Conference on Computer and Communications Security (ASIACCS) , Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017
  3. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P) , Parice, France, accepted papers: 38/194 = 20%, Apr 2017
  4. Same-Origin Policy: Evaluation in Modern Browsers
    Jörg Schwenk, Marcus Niemietz, and Christian Mainka
    In USENIX Security Symposium , Vancouver, BC, Canada, accepted papers: 85/572 = 15%, Apr 2017

2016

  1. How Secure Is TextSecure?
    Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz
    In European Symposium on Security and Privacy (Euro S&P) , Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016
  2. WOOT
    How to Break Microsoft Rights Management Services
    Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT) , Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016
  3. Your Cloud in My Company: Modern Rights Management Services Revisited
    Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, and Jörg Schwenk
    In International Conference on Availability, Reliability and Security (ARES) , Salzburg, Austria, accepted papers: 21/85 = 25%, Aug 2016
  4. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P) , Saarbrücken, Germany, accepted papers: 29/169 = 17%, Aug 2016
  5. WOOT
    SoK: XML Parser Vulnerabilities
    Christopher Späth, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT) , Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Workshop on Quantitative Aspects of Security Assurance (QASA) , Vienna, Austria, Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT) , Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015
  3. OIS
    Automatic Recognition, Processing and Attacking of Single Sign-on Protocols with Burp Suite
    Christian Mainka, Vladislav Mladenov, Tim Guenther, and Jörg Schwenk
    In Open Identity Summit , Nov 2015
  4. SIOT
    Not so Smart: On Smart TV Apps
    Marcus Niemietz, Juraj Somorovsky, Christian Mainka, and Jörg Schwenk
    In International Workshop on Secure Internet of Things (SIoT) , Vienna, Austria, Nov 2015

2014

  1. CCSW
    Your Software at My Service: Security Analysis of SaaS Single Sign-on Solutions in the Cloud
    Christian Mainka, Vladislav Mladenov, Florian Feldmann, Julian Krautwald, and Jörg Schwenk
    In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security , Scottsdale, Arizona, USA, Oct 2014

2013

  1. ZEUS
    A New Approach for WS-Policy Intersection Using Partial Ordered Sets
    Abeer Elsafie, Christian Mainka, and Jörg Schwenk
    In Services and Their Composition (ZEUS) , Rostock, Germany, Feb 2013
  2. A New Approach towards DoS Penetration Testing on Web Services
    Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Conference on Web Services (ICWS) , Santa Clara, CA, USA, accepted papers: 91/479 = 19%, Jun 2013

2012

  1. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In World Congress on Services (SERVICES) , Honolulu, HI, USA, Jun 2012
  2. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    In International Conference on Cloud Computing and Services Science (CLOSER) , Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012