Curriculum Vitae (CV)
Education
- Ph.D. (with highest distinction) in Computer Science, Saarland University, August 2024
thesis: “TEE-based Designs for Network Gateways, Web Authentication, and VM Introspection” - M.Sc. (grade: 1.1 / A) in Computer Science, Saarland University, November 2017
thesis: “Kernel-based Process Monitoring of Network Services” - B.Sc. (grade: 1.3 / A) in Computer Science, Saarland University, September 2015
thesis: “Security Analysis of Mobile Banking Apps”
Work experience
- Networking Security Research Architect (full-time position), 01/2025
- Research Assistant (full-time position, PhD Student), 11/2017 – 08/2024
- CISPA Helmholtz Center for Information Security & Saarland University
- Supervisor: Prof. Dr. Christian Rossow
- Responsibilities included:
- Research on attestable system and network security designs based on trusted execution environments for:
network gateways, firewalls, FIDO2 web authentication, and virtual machine introspection (forensics) - Design, implementation, and evaluation of research prototypes (proof of concepts)
- Publication of research papers at international conferences, and presentation at conferences, workshops, and science outreach events (talks, posters)
- Supervision of (under-)graduate students on cyber security projects, bachelor theses, and research projects
- Research Immersion Lab, 11/2016 – 02/2017
- Information Security & Cryptography Chair, CISPA, Saarland University
- Supervisor: Dr. Sven Bugiel
- Topic: “Android Middleware Instrumentation for Fuzzing Support”
Statically instrumenting the Android middleware (system services) to provide middleware-targeting fuzzers with AFL-like code coverage information.
- Research Immersion Lab, 06/2016 – 11/2016
- System Security Group, CISPA, Saarland University
- Supervisor: Prof. Dr. Christian Rossow
- Topic: “Long-term Malware Monitoring”
Setting up the Drakvuf execution tracer in our virtualization-based malware analysis framework. Evaluating memory deduplication features of hypervisors (KVM, Xen) for scaling the long-term tracing of in-VM malware.
- Research Assistant (student helper), 11/2015 – 02/2016
- System Security Group, CISPA, Saarland University
- Supervisor: Dr. Giancarlo Pellegrino and Prof. Dr. Christian Rossow
- Topic: “Security Study of Data Compression in Mobile Services”
Exploring the feasibility of data-flow analysis tools to detect zip bomb-like vulnerabilities in Android apps.
Awards and Honors
- 2023: “especially noteworthy reviewer” at the RAID 2023 conference (Research in Attacks, Intrusions and Defenses)
- 01/2016 – 10/2017: scholarship of the Saarbruecken Graduate School of Computer Science at Saarland University
- 05/2013 – 10/2015: “Bachelor Honors Program” (~top 5% of students) of computer science at Saarland University
- 10/2012 – 09/2013: scholarship “Deutschlandstipendium” (German public-private scholarship)
Experience / Skills
During my PhD I have completed five research projects in the area of system, network, and web security, with a focus on designs based on trusted computing (or confidential computing) technologies and their remote attestation protocols. I was responsible for identifying open research challenges, proposing research questions, designing conceptual solutions, as well as implementing and evaluating concrete technical architectures as prototypes. Furthermore, I was responsible for publishing the results in the form of research papers and open-source prototypes, and presenting them at renowned international security conferences in the form of technical talks. In four of the five projects I have been the main author and project lead. In the fifth one I have been a co-leader. The projects include intra- and inter-institutional cooperations, and sometimes involved student helpers.
As part of my research, I have gained experience in several technical and non-technical areas, including but not limited to:
- design and implementation of CPU-assisted system and network security architectures, in particular, new solutions based on trusted execution environments (TEEs) and remote attestation for attack isolation, prevention, or detection
- threat analysis with focus on user- and system-level attackers (e.g., malware, rootkits) and network attackers
writing, publishing, and presenting research papers at international security conferences, and supporting the transfer of research results into a patent request
- practical (hands-on) experience in implementing low-level system security architectures and network services:
- application areas: traffic-to-app attribution, per-application firewall policies, isolated network firewalls, virtual machine introspection (forensics), FIDO2 web authentication
- use of trusted execution environments (TEEs) / confidential computing technologies:
Intel SGX, Arm TrustZone, AMD SEV (SEV-SNP), OP-TEE OS, Graphene-SGX (now: Gramine) - combining TEE-based remote attestation protocols with network (TLS, DTLS) and web protocols (WebAuthn)
- Linux kernel, virtualization / hypervisor (esp. QEMU KVM), and (NIC) device driver extensions
- extending user/kernel network services (e.g., TCP/IP stacks, firewalls, NIC interfaces, VPN-like services)
- interaction with electronic IDs (e.g., ICAO-compliant ePassports with PACE, PA, and EAC)
- implementation of a virtual FIDO2 authenticator (CTAP, WebAuthn)
- system programming languages: C, C++, Rust, assembly (x86/arm);
others: Python, Go, Java (less experienced)
- other areas of experience include:
- conceptual design of the hardware/software interface of a RISC-V CPU (co-processor) extension
- non-TEE CPU extensions, e.g., Intel Keylocker, Intel Processor Trace
- eBPF-based event tracing (as part of my master thesis)
- understanding Android app permissions and binder IPC (as part of my bachelor thesis)
For more details on my finished (research) projects, have a look at my project portfolio and list of publications.
I am fluent in German (native language) and English.
Publications
During my PhD I have published and presented several papers on international research conferences. One additional paper on a RISC-V CPU extension is currently pending (under revision).
Schwarz, F. and Rossow, C., "00SEVen -- Re-enabling Virtual Machine Forensics: Introspecting Confidential VMs Using Privileged in-VM Agents". In: 33rd USENIX Security Symposium. August 2024
Schwarz, F., Do, K., Heide, G., Hanzlik, L., and Rossow, C., "FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs". Technical Report. January 2023
Schwarz, F., Do, K., Heide, G., Hanzlik, L., and Rossow, C., "FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs". In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. November 2022
Schwarz, F., "TrustedGateway: TEE-Assisted Routing and Firewall Enforcement using ARM TrustZone". In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. ACM, October 2022.
Schwarz, F. and Rossow, C., "SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients". In: 29th USENIX Security Symposium. August 2020
Supervised Projects
During my PhD I have supervised cyber security projects and bachelor theses of (under-)graduate students.
Academic Service
I have served as a voluntary helper at international academic conferences, workshops, and journals.
Program Committee Member
Journal Reviewer
