Dr. Simon Koch
Post-Doc

E-mailsimon.koch@uibk.ac.at
Phone+43 512 507-53252
AddressTechnikerstraße 21A, 6020 Innsbruck, Austria
OfficeICT 3N01
Dr. Simon Koch

Research Interests

  • Software supply chain security/Software Bills of Material (SBOM)
  • Web security
  • Mobile privacy

Positions

since 06/2025 Postdoctoral Fellow, Security and Privacy Lab, University of Innsbruck, Austria
2018 – 2025 Research Assistant, Institute for Application Security, TU Braunschweig, Germany
2016 – 2018 Student Assistant, CISPA, Saarland University, Germany

Education

2018 – 2025 Ph.D. in Computer Science, Institute for Application Security, TU Braunschweig, Germany
2016 – 2018 M.Sc. in Computer Science, Saarland University, Germany
2012 – 2016 B.Sc. in Computer Science, Saarland University, Germany

Publications

  • Karl, M., Koch, S., Klein, D., and Johns, M. Uncovering Bigger Truths: Deobfuscating PHP with Phoebe. In Annual Computer Security Application Conference (ACSAC). ACSA, Honolulu, USA, 2025.
  • Schloegel, M., Klischies, D., Koch, S., et al. Confusing Value with Enumeration: Studying the Use of CVEs in Academia. In USENIX Security Symposium. USENIX Association, Seattle, USA, 2025. [Publisher]
  • Wessels, M., Koch, S., Bettels, L., Klein, D., and Johns, M. HyTrack: Resurrectable and Persistent Tracking Identifiers Across Android Apps and the Web. In USENIX Security Symposium. USENIX Association, Seattle, USA, 2025. [Publisher]
  • Hartung, J., Koch, S., and Johns, M. Extract: A PHP Foot-Gun Case Study. In USENIX WOOT Conference on Offensive Technologies (WOOT). USENIX Association, Seattle, USA, 2025. [Publisher]
  • Koch, S., Karl, M., Kirchner, R., Wessels, M., Paschke, A., and Johns, M. The Impact of Default Mobile SDK Usage on Privacy and Data Protection. In Proceedings on Privacy Enhancing Technologies (PETS). Washington D.C., USA, 2025, pp. p. 808–823. [Publisher]
  • Kirchner, R., Koch, S., Kamangar, N., Klein, D., and Johns, M. A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing. In Proceedings on Privacy Enhancing Technologies (PETS). Bristol, UK, 2024, pp. p. 674–691. [Publisher]
  • Wessels, M., Koch, S., Pellegrino, G., and Johns, M. SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications. In USENIX Security Symposium. USENIX Association, Philadelphia, USA, 2024. [Publisher]
  • Koch, S., Klein, D., and Johns, M. The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code. In Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb). San Diego, USA, 2024. [Publisher]
  • Koch, S., Altpeter, B., and Johns, M. The OK is Not Enough: Large Scale Study of Consent Dialogs in Smartphone Applications. In USENIX Security Symposium. USENIX Association, Anaheim, USA, 2023. [Publisher]
  • Groß, S., Koch, S., Bernhardt, L., Holz, T., and Johns, M. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities. In Network and Distributed System Security (NDSS) Symposium. Internet Society, San Diego, USA, 2023. [Publisher]
  • Koch, S., Wessels, M., Altpeter, B., Olvermann, M., and Johns, M. Keeping Privacy Labels Honest. In Proceedings on Privacy Enhancing Technologies (PETS). Sydney, Australia, 2022, pp. p. 486–506. [Publisher]
  • Koch, S., Sauer, T., Johns, M., and Pellegrino, G. Raccoon: Automated Veriication of Guarded Race Conditions in Web Applications. In ACM SIGAPP Symposium on Applied Computing (SAC). ACM, Brno, Czech Republic, 2020, pp. p. 1678–1687. [Publisher]
  • Pellegrino, G., Johns, M., Koch, S., Backes, M., and Rossow, C. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. In ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Dallas, USA, 2017, pp. p. 1757–1771. [Publisher]

Scientific Community Service

PC IEEE European Symposium on Security and Privacy (IEEE Euro S&P) 2026
PC SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2026
PC Privacy Enhancing Technologies Symposium (PETS) 2026
PC MADWeb 2024 – 2026
PC ACM Conference on Computer and Communications Security (CCS) 2024
PC SecWeb 2024
AC Privacy Enhancing Technologies Symposium (PETS) 2022 – 2025

Talks

2025 DAST in Time, 5th Cyber Security Meetup at TU Braunschweig, Braunschweig
2023 Dark Patterns in Smartphone App Datenschutzdialogen, German OWASP Day, Frankfurt am Main

Awards

2025 Distinguished paper award, USENIX Security
2025 Best paper award, WOOT
2023 Best presentation award, MADWeb