Xavier de Carné de Carnavalet
Assistant Professor
Radboud University
I am an Assistant Professor at Radboud University in the Digital Security group of the Faculty of Science.
My research interests span across network security and privacy, web security, Internet measurement, passwords and authentication, software and firmware security, and applications of machine learning to security.
Not sure how to address me? Please check this tutorial on how to correctly parse my name!
📧
Current and past positions
- Since Dec. 2024 @ Radboud University: Assistant Professor, Digital Security group
- 2021–2024 @ HK PolyU: Visiting Lecturer at the Institute of Advanced Executive Education (IAEE) for the ECF Fintech training
- 2021–2024 @ HK PolyU: Research Assistant Professor and Lecturer in the Department of Computing
- 2019–2020 @ CarletonU: Postdoctoral fellow in the CCSL lab with Prof. Paul van Oorschot
- 2014–2019 @ ConcordiaU: Ph.D. at the Madiba Security Research Group with Prof. Mohammad Mannan
Office
Office 2.13, Mercator 1, Toernooiveld 212, 6525EC, Nijmegen, Netherlands
Master's thesis / Research internship topics
For RU students looking for a thesis or internship, see if the following areas are of interest to you, and if so, contact me.
I am currently looking for motivated students to work on the following topics.
- Database breaches collection and analysis
- Machine learning-based password guessing
- Privacy leakage on modern operating systems
- Privacy leakage in mobile apps
- Privacy leaks in browsers
Embedded/x86 firmware reverse-engineering- Cryptographic WASM/Javascript reverse-engineering
- IPv6 handling in network equipment
Certificate Authorities trust stores- Internship only:
- Automatic building environment for cryptographic software
- Host-based security suite testing
- Improving password managers
Selected publications
See the full list of publications under the Research tab, and my profile on the following platforms:
Google Scholar
DBLP profile
ORCID
- Understanding Home Router Configuration Habits & Attitudes. J. Ye, X. de Carné de Carnavalet, L. Zhao, L. Wu, M. Zhang. ACM CHI Conference on Human Factors in Computing Systems (CHI'25), Yokohama, Japan, Apr. 26-May 1, 2025. [DOI]
- Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling. M. Cai, X. de Carné de Carnavalet, S. Zhang, L. Zhao, M. Zhang. Nordic Conference on Secure IT systems (NordSec'24), Karlstad, Sweden, Nov. 6-7, 2024. [DOI]
- Exposed by Default: A Security Analysis of Home Router Default Settings. J. Ye, X. de Carné de Carnavalet, M. Zhang, L. Zhao, L. Wu, W. Zhang. ACM Symposium on Information, Computer and Communications Security (AsiaCCS'24), Singapore, July 1-5, 2024. [DOI]
- A survey and analysis of TLS interception mechanisms and motivations. (Pre-print version: Dec. 27, 2022). X. de Carné de Carnavalet and Paul C. van Oorschot. ACM Computing Surveys (ACM CSUR), 55(13s), 1-40, July 2023. [DOI]
- Killed by Proxy: Analyzing Client-end TLS Interception Software. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, USA, Dec. 21-24, 2016. [DOI]
- Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software. X. de Carné de Carnavalet and M. Mannan. Annual Computer Security Applications Conference (ACSAC'14), New Orleans, LA, USA, 2014, Dec. 8-12, 2014. [DOI]
- From Very Weak to Very Strong: Analyzing Password-Strength Meters. X. de Carné de Carnavalet and M. Mannan. Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, 2014, Feb. 23-26, 2014. [DOI]