Current and past positions
Office
Office 2.13, Mercator 1, Toernooiveld 212, 6525EC, Nijmegen, Netherlands
Master's thesis / Research internship topics
For RU students looking for a thesis or internship, see if the following areas are of interest to you, and if so, contact me.
- Database breaches collection and analysis
- Machine learning-based password guessing
- Privacy leakage on modern operating systems
- (Embedded) firmware reverse-engineering
- Cryptographic WASM/Javascript reverse-engineering
- Host-based security suite testing
- IPv6 handling in network equipment
- Certificate Authorities trust stores
- Improving password managers
Selected publications
See the full list of publications under the Research tab, and my profile on the following platforms:
Google Scholar
DBLP profile
ORCID
- Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling. M. Cai, X. de Carné de Carnavalet, S. Zhang, L. Zhao, M. Zhang. Nordic Conference on Secure IT systems (NordSec'24), Karlstad, Sweden, 2024.
- Exposed by Default: A Security Analysis of Home Router Default Settings. J. Ye, X. de Carné de Carnavalet, M. Zhang, L. Zhao, L. Wu, W. Zhang. ACM Symposium on Information, Computer and Communications Security (AsiaCCS'24), Singapore, 2024.
- A survey and analysis of TLS interception mechanisms and motivations. (Pre-print version: Dec. 27, 2022). X. de Carné de Carnavalet and Paul C. van Oorschot. ACM Computing Surveys (ACM CSUR), 55(13s), 1-40, July 2023.
- Killed by Proxy: Analyzing Client-end TLS Interception Software. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, USA, 2016.
- Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software. X. de Carné de Carnavalet and M. Mannan. Annual Computer Security Applications Conference (ACSAC'14), New Orleans, LA, USA, 2014.
- From Very Weak to Very Strong: Analyzing Password-Strength Meters. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, 2014.