Publications

Peer-reviewed publications generated from sources/publications.bib.

Summary Metric Count
Own publications 35
Rank A* & A papers 17
IEEE S&P papers 4
CCS papers 3
USENIX papers 4
NDSS papers 2
  1. The State of Passkeys: Studying the Adoption and Security of Passkeys on the Web
    Louis Jannett, Maximilian Westers, Andreas Mayer, and 3 more authors
    In 35^th USENIX Security Symposium (USENIX’26), 2026
    Rank A*/A
  2. "Only as Strong as the Weakest Link": On the Security of Brokered Single Sign-On on the Web
    Tommaso Innocenti, Louis Jannett, Christian Mainka, and 2 more authors
    In 2025 IEEE Symposium on Security and Privacy (SP), May 2025
    Rank A*/A
    DOI
  3. Security Implications of Malicious G-Codes in 3D Printing
    Jost Rossel, Vladislav Mladenov, Nico Wördenweber, and 1 more author
    In 34^th USENIX Security Symposium (USENIX’25), May 2025
    Rank A*/A
  10. SSO-Monitor: Fully-Automatic Large-Scale Security and Privacy Analyses of Single Sign-On in the Wild
    Max Westers, Tobias Wich, Louis Jannett, and 3 more authors
    In 2024 IEEE European Symposium on Security and Privacy (EuroS&P), Aug 2024
    Rank A*/A
  13. Security Analysis of the 3MF Data Format
    Jost Rossel, Vladislav Mladenov, and Juraj Somorovsky
    In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’ 23), Oct 2023
    Rank A*/A
    DOI
  14. Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and 2 more authors
    In 32^st USENIX Security Symposium (USENIX’23), Oct 2023
    Rank A*/A
  15. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and 1 more author
    In 31^st USENIX Security Symposium (USENIX’22), Oct 2022
    Rank A*/A AWARD
  16. DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On
    Louis Jannet, Vladislav Mladenov, Christian Mainka, and 1 more author
    In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS), Nov 2022
    Rank A*/A
    DOI
  18. Processing Dangerous Paths – On Security and Privacy of the Portable Document Form
    Jens Müller, Dominik Noss, Christian Mainka, and 2 more authors
    In In Proceedings of the Network and Distributed System Security Symposium (NDSS), Nov 2021
    Rank A*/A
    DOI PDF
  19. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In In Proceedings of the Network and Distributed System Security Symposium (NDSS), Nov 2021
    Rank A*/A
    DOI PDF
  20. Breaking the Specification: PDF Certification
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and 1 more author
    In 2021 IEEE Symposium on Security and Privacy (SP), Nov 2021
    Rank A*/A
    DOI
  21. Vulnerability Report: Breaking the Specification – PDF Certification
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and 1 more author
    Nov 2021
    DOI
  23. Vulnerability Report: Attacks bypassing the signature validation in PDF (Shadow Attacks)
    Christian Mainka, Vladislav Mladenov, Simon Rohlmann, and 1 more author
    Nov 2020
  24. Office Document Security and Privacy
    Jens Müller, Fabian Ising, Vladislav Mladenov, and 2 more authors
    In 14th USENIX Workshop on Offensive Technologies (WOOT 20), Nov 2020
  27. Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
    Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, and 3 more authors
    Open Identity Summit 2019, Nov 2019
  28. Practical Decryption ExFiltration: Breaking PDF Encryption
    Jens Müller, Fabian Ising, Vladislav Mladenov, and 3 more authors
    In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, Nov 2019
    Rank A*/A
    DOI
  29. Vulnerability Report: Attacks bypassing confidetiality in encrypted PDF
    Jens Müller, Fabian Ising, Vladislav Mladenov, and 3 more authors
    Nov 2019
  30. 1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, and 2 more authors
    In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, Nov 2019
    Rank A*/A AWARD
    DOI
  31. Vulnerability Report: Attacks bypassing the signature validation in PDF
    Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, and 2 more authors
    Nov 2019
  36. PostScript Undead: Pwning the Web with a 35 Years Old Language
    Jens Müller, Vladislav Mladenov, Dennis Felsch, and 1 more author
    In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID ’18), Nov 2018
    DOI
  37. Security Analysis of eIDAS–The Cross-Country Authentication Scheme in Europe
    Nils Engelbertz, Nurullah Erinola, David Herring, and 3 more authors
    In 12th {USENIX} Workshop on Offensive Technologies (WOOT 18), Nov 2018
  40. SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
    Dennis Felsch, Christian Mainka, Vladislav Mladenov, and 1 more author
    In ACM Asia Conference on Computer and Communications Security (ASIACCS), Nov 2017
    Rank A*/A
  41. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Vladislav Mladenov, Christian Mainka, Tobias Wich, and 1 more author
    In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), Nov 2017
    Rank A*/A
    DOI
  42. Sok: Exploiting network printers
    Jens Müller, Vladislav Mladenov, Juraj Somorovsky, and 1 more author
    In 2017 IEEE Symposium on Security and Privacy (SP), Nov 2017
    Rank A*/A
    DOI
  43. On the (in-) security of JavaScript Object Signing and Encryption
    Dennis Detering, Juraj Somorovsky, Christian Mainka, and 2 more authors
    In Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium, Nov 2017
    DOI PDF
  44. Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In 2016 IEEE European Symposium on Security and Privacy (EuroS&P), Nov 2016
    Rank A*/A
    DOI
  45. SoK: XML parser vulnerabilities
    Christopher Späth, Christian Mainka, Vladislav Mladenov, and 1 more author
    In 10th USENIX Workshop on Offensive Technologies (WOOT 16), Austin, TX, Nov 2016
  48. Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite
    Christian Mainka, Vladislav Mladenov, Tim Guenther, and 1 more author
    Open Identity Summit, Nov 2015
  49. OpenID Connect – Security Considerations
    V. Mladenov, and C. Mainka
    Nov 2015
  52. On the Security of Holder-of-Key Single Sign-On.
    Andreas Mayer, Vladislav Mladenov, and Jörg Schwenk
    In Sicherheit, Nov 2014
  53. Strengthening Web Authentication through TLS – Beyond TLS Client Certificates
    Andreas Mayer, Vladislav Mladenov, Jörg Schwenk, and 2 more authors
    Open Identity Summit, Nov 2014
  54. Guardians of the Clouds: When Identity Providers Fail
    Andreas Mayer, Marcus Niemietz, Vladislav Mladenov, and 1 more author
    In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, Scottsdale, Arizona, USA, Nov 2014
  55. Your Software at My Service: Security Analysis of SaaS Single Sign-On Solutions in the Cloud
    Vladislav Mladenov, Christian Mainka, Florian Feldmann, and 2 more authors
    In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, Scottsdale, Arizona, USA, Nov 2014
    DOI
  57. Options for integrating eID and SAML
    Detlef Hühnlein, Vladislav Mladenov, Florian Feldmann, and 6 more authors
    In Proceedings of the 2013 ACM workshop on Digital identity management, Nov 2013
    DOI
  58. Penetration test tool for XML-based web services
    Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, and 1 more author
    In ESSoS Doctoral Symposium 2013, Nov 2013