Welcome to my research page. I am Cristian, a tenure-track faculty at CISPA – Helmholtz Center for Information Security in Saarbrücken, Germany. I completed my PhD in the Software Lab group at TU Darmstadt, Germany under the supervision of Michael Pradel. Prior to that, I obtained my Master's from EIT Digital, a European double degree Master's program. Concretely, I studied one year at the University of Twente, Netherlands and one year at University of Trento, Italy. I obtained my Bachelor's degree in Computer Engineering from Politehnica University of Timișoara, Romania. You can check my complete CV here.
My core research interest is in system security, at the intersection of software/web security, software engineering and programming languages. One of the central goals of my research group is to directly contribute to the open-source ecosystem: either by building tools that can be used by practitioners or by uncovering security vulnerabilities in real systems/projects. Below are the most important themes of my research:
- Novel software engineering use cases for existing unit tests: in ASE 2017 we propose using constants in existing unit tests for boosting the performance of automatic test generation, and in ICSE2020 we advocate using existing unit tests for extracting taint specifications.
- Applied machine learning: in TheWebConf2019 we use unsupervised machine learning for automatic source code classification, and in ASE 2017 we use more lightweight, statistical techniques for augmenting state-of-the-art automatic test generation.
- vm2 issue 285, CVE-2021-21413 - sandbox breakout vulnerabilities.
- HackerOne report 329957 - a privacy vulnerability in Twitter that allows targeted user-tracking through cross-origin image requests.
- CVE-2017-16042 - a command injection vulnerability in growl, an npm package.
- CVE-2017-16119 - a ReDoS vulnerability in fresh, an npm package that ships with the express framework.
- CVE-2017-15010 - a ReDoS vulnerability in tough-cookie, a popular npm package.
- Several vulnerabilities in npm packages, identified during an internship at Semmle, now GitHub UK.
- node-sqlite issue 1450 - hard crash of the Node.js process.