I am a computer scientist researching at the intersection of Model-Driven Engineering (MDE), Domain-Specific Languages (DSLs), Program Analysis, and Software Security. My mission is to bridge the gap between high-level architectural abstractions and low-level system realities—making risk analysis, security checking, and complex systems optimization automated, scalable, and accessible through tailor-made languages and tools.
Currently, I serve as a tenured Lecturer at the Hamburg University of Technology, following successful appointments as an interim professor for Secure Systems at the University of Bremen and for Software Engineering at the University of Rostock.
💡 Current Research Spotlight (2024 – 2027)
I am actively leading the ExViPaS (funded by the German Federal Ministry of Research, Technology, and Space, BMFTR) as a Co-PI. In this project, we leverage model-driven techniques, and dynamic and static analysis to extract and verify hardware/software boundaries.
Core Research
Automated Software & Hardware Security
Security must be planned and embedded into the software architecture. My research focuses on automated threat modeling and static analysis (SAST) to systematically detect architectural security flaws before deployment.
Model-Driven Optimization & DSLs
Applying meta-heuristics to domain problems is a challenging task. My research bridges this gap by developing and researching a model-driven optimization and learning ecosystem powered by Domain-Specific Languages (DSLs) for domain experts.
Program Comprehension & Static Analysis
Developing frameworks for static program analysis and program comprehension, translating complex source code artifacts into structured, queryable models allowing to reason about the program behaviour.
Research Overview
Automated Software & Hardware Security
By utilizing model-driven engineering, domain-specific languages, and static and dynamic analysis techniques to extract formal representations directly from source code or hardware descriptions, my research focuses on systematically detecting architectural security flaws, improper authorization mechanisms, and unplanned information flows at the software-level. Recently, I am extending this research to the hardware level.
- Key Artifacts & Projects: ExViPaS (BMFTR), ArchSec (Best Engineering Paper Award @ SCAM ‘19), ML-SAST (BSI), SeeAuthZ.
Model-Driven Optimization & DSLs
Many problems require solving (multi-objective) optimization problems, from software product lines to hardware co-design. With EvoAl, my research enables domain experts to specify, configure, and execute randomized optimization algorithms, and model training without writing low-level code.
- Key Artifacts & Projects: EvoAl Ecosystem (Winner of the GECCO ‘24 Competition), CoDaPro (DFG SFB 1232), Member of the ROAR-NET Cost Action.
Program Comprehension & Static Analysis
Modern software engineering relies on understanding legacy systems and massive, heterogeneous codebases. By translating complex source code artifacts into structured, queryable models using compiler-construction techniques, my research enables developers to automatically analyze data flows and ensure strict compliance with design constraints.
- Key Artifacts & Projects: eNYPD, ArchSec.
Bridging Research, Teaching & Community
Research-Driven Teaching: Based on my own experience, I deeply believe that high-quality education is fueled by active research. Especially project-based learning allow students at any level to improve their skills and learn technical and soft skills. In my opinion, teaching is a central part of my work and thus I am involved in undergraduate teaching, teaching at the Master’s level and supervising theses that directly contribute to open-source research tools, DSL design, and academic publications.
Community Engagement: I am a deeply rooted member of the scientific community, regularly serving on program committees for premier venues (such as MSR, ICPC, FSE-IVR) and organizing international competitions (like the GECCO Competitions).