Currently on sabbatical, but open to talk about offers for interesting positions.
Owner of this site / Inhaber:in dieser Seite:
Marcel Fourné
Tech creator by trade, wrote some science, stood on conference stages, likes some deep topics and solid infrastructure.
Best contacted electronically by: / Der beste Weg der Kontaktaufnahme ist der elektronische, gerichtet an:
This address is heavily filtered. The current OpenPGP-Key has the fingerprint 5D32 D293 A8D4 B94E 13CB 7242 3093 74D8 374C 3B48.
In 2024 I was working at the University of Paderborn.
From 2020 to 2023 I was working on the usability of tools for analysing software security against cryptographic side-channels and supply chain security in general as a Research Engineer at Max Planck Institute for Security and Privacy under the supervision of Yasemin Acar, Peter Schwabe and Gilles Barthe. I graduated with Dr. rer. nat. (PhD equivalent) from University of Paderborn. You can find my officially released dissertation Human factors in open source security at the Uni Paderborn library website. You can also find a local copy here.
From 2017 to 2020, I worked at the chair for Formal Methods in Computer Science, Faculty of Engineering, University of Duisburg-Essen.
From 2012 to 2014, I worked at the Institute for Internet-Security, Westfälische Hochschule in Gelsenkirchen.
From 2008 to 2012, I studied IT-Security (M.Sc., Ingenieur) at Ruhr-Universität Bochum.
From 2003 to 2008, I studied Informatik (Diplom) at FH-Aachen.
I implement classical as well as post-quantum cryptography and work on the tools (like, editors, but also compilers and code analysis) I use to do so. I prefer Haskell over Rust, over others.
I publish Haskell software on Hackage since 2009.
I am a Debian Maintainer. I work on some packages in the Debian Haskell Group since years before that and on different points of interest to me and others.
You may find some stuff on Github or Codeberg as well.
Another profile would be on Haskellers.com.
2024: ``You have to read 50 different RFCs that contradict each other'': An Interview Study on the Experiences of Implementing Cryptographic Standards (Original Publication (in the same form): at USENIX'24), replication package
2024: ``These results must be false'': A usability evaluation of constant-time analysis tools (Original Publication (in the same form): at USENIX'24)
2023: A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda. (Original Publication (in the same form): IEEE Security & Privacy Special Issue on Secure Software Supply Chain)
2023: It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security (Original Publication (in the same form): IEEE S&P 2023), appendix
2022: Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects (Original Publication (in the same form): IEEE S&P 2022, Distinguished Paper Award)
2021: “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks (Original Publication (in the same form): IEEE S&P 2022, also presented at RWC 2022)
2014: Aggregation of Network Protocol Data Near Its Source (Original Publication (in the same form): ICT-EurAsia 2014)
2013: Attack-Test and Verification Systems, steps towards verifiable Anomaly Detection (Original Publication (in the same form): INFORMATIK 2013)
2023: It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security (external video recording of the IEEE S&P 2023 talk)
2022: "They're not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks (external video recording of the IEEE S&P 2022 talk)
2020: Side-Channels in Cryptographic Software, the Haskell case
2018: Can Verification of Cryptographic Libraries be liberated from the von Neumann Style?