Home · Research · Essays · Link Farm · Podcast · Curriculum Vitæ · Impressum


Picture of Stephan Neuhaus I work in computer security, where my research interests are getting ever broader. Among other things, I use experimental methods to analyze security incidents; analyse version archives to find and predict vulnerabilities; look at long-held beliefs in security to see if they stand up when confronted with data; and work on security issues in software-defined networking.

For contact information, see the impressum page.


Working in computer security is working at the limits of computer science. Blackhats, unlike ordinary users, are constantly and actively seeking to undermine the assumptions that we make when we design or deploy systems, and are actively trying to provoke bugs. I am fascinated by the possibilities of experimental incident analysis, because it seems to be one way of analyzing and predicting the behaviour of complex systems of programs. I have also worked on statistical software vulnerability analysis and prediction; and on security economics. Recently, I have become interested in security issues in Software-Defined Networking.

Software-Defined Networking (SDN) is a new networking paradigm in which the control and data planes of networking are opened up and an interface is installed in between them. On the one hand, this enables completely new networking applications; on the other hand, it brings with it its own share of specific security issues.

Experimental incident analysis is still a new field. The basic assumption is that software systems today are now so complex that their behaviour cannot be analyzed or predicted from first principles any more. Instead we use experimental techniques borrowed from the natural sciences in order to find out causes of break-ins. These experiments are not designed, carried out or evaluated manually (as would be common practice today), but rather automatically. The ongoing work on this topic is a project called Malfor.

Statistical software vulnerability analysis and prediction is the art of looking at version archives to analyze software for vulnerabilities and to predict which components are likely to have more (as yet undetected) vulnerabilities. The project name for this work is Vulture; it has resulted in one paper that was published at USENIX '09 and another paper that was presented at ACM CCS 2007. Vulture's main result is that it is possible to predict which source files will have unknown vulnerabilities. For Mozilla, we predicted in January 2007 that ten specific source files (out of 10,000) will have vulnerabilities. Out of these ten source files, five had to be fixed within the next six months due to security vulnerabilities.


ETH Zurich

Many of these lectures are available on video; see for example here.


International University in Bruchsal



Valid XHTML 1.0 Strict Valid CSS!