Xavier de Carné de Carnavalet
Assistant Professor
Radboud University
I am an Assistant Professor at Radboud University in the Digital Security group of the Faculty of Science.
My research interests span across network security and privacy, web security, Internet measurement, passwords and authentication, software and firmware security, and applications of machine learning to security.
Not sure how to address me? Please check this tutorial on how to correctly parse my name!
📧
Current and past positions
- Since Dec. 2024 @ Radboud University: Assistant Professor, Digital Security group
- 2021–2024 @ HK PolyU: Visiting Lecturer at the Institute of Advanced Executive Education (IAEE) for the ECF Fintech training
- 2021–2024 @ HK PolyU: Research Assistant Professor and Lecturer in the Department of Computing
- 2019–2020 @ CarletonU: Postdoctoral fellow in the CCSL lab with Prof. Paul van Oorschot
- 2014–2019 @ ConcordiaU: Ph.D. at the Madiba Security Research Group with Prof. Mohammad Mannan
Office
Office 2.13, Mercator 1, Toernooiveld 212, 6525EC, Nijmegen, Netherlands
Master's thesis / Research internship topics
For RU students looking for a thesis or internship, see if the following areas are of interest to you, and if so, contact me.
I am currently looking for 1 student to work on the following topics.
- Database breaches collection and analysis
- Machine learning-based password guessing
- Privacy leakage on modern operating systems
- (Embedded) firmware reverse-engineering
- Cryptographic WASM/Javascript reverse-engineering
- Host-based security suite testing
- IPv6 handling in network equipment
- Certificate Authorities trust stores
- Improving password managers
- Privacy leaks in browsers
Selected publications
See the full list of publications under the Research tab, and my profile on the following platforms:
Google Scholar
DBLP profile
ORCID
- Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling. M. Cai, X. de Carné de Carnavalet, S. Zhang, L. Zhao, M. Zhang. Nordic Conference on Secure IT systems (NordSec'24), Karlstad, Sweden, 2024.
- Exposed by Default: A Security Analysis of Home Router Default Settings. J. Ye, X. de Carné de Carnavalet, M. Zhang, L. Zhao, L. Wu, W. Zhang. ACM Symposium on Information, Computer and Communications Security (AsiaCCS'24), Singapore, 2024.
- A survey and analysis of TLS interception mechanisms and motivations. (Pre-print version: Dec. 27, 2022). X. de Carné de Carnavalet and Paul C. van Oorschot. ACM Computing Surveys (ACM CSUR), 55(13s), 1-40, July 2023.
- Killed by Proxy: Analyzing Client-end TLS Interception Software. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, USA, 2016.
- Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software. X. de Carné de Carnavalet and M. Mannan. Annual Computer Security Applications Conference (ACSAC'14), New Orleans, LA, USA, 2014.
- From Very Weak to Very Strong: Analyzing Password-Strength Meters. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, 2014.