Container and Mobile Application Security

I embarked on my career journey as a chemical technician at Roche Diagnostics GmbH in Penzberg, laying the foundation for my professional growth. Fueled by a curiosity, I pursued higher education, earning both a Bachelor’s and Master’s degree in Computer Sciences from the University of Applied Sciences Kempten. During my academic journey, I blended my technological aspirations with the serene landscapes of the Allgäu region, finding inspiration in the mountains and on the road bike.

My academic voyage reached its zenith with a thesis at Siemens AG in Munich, which provided a practical perspective on the tech world. Today, I proudly serve as a Research Scientist at Siemens AG. In this role, I research and consult on cybersecurity domains such as container security, mobile application security, and privacy, collaborating closely with my talented colleagues.

I’ve also had the privilege of being part of a dynamic team at Siemens, where we collectively developed and conducted container security training programs. As a trainer, I’ve been able to share my knowledge and practical insights, helping professionals stay at the forefront of container security best practices.

Notably, since 2024 my colleagues Patrick Stöckle and I conduct a practicum on container security at the Technical University of Munich.

news

Aug 28, 2025	Ditching Spotify - Using GDPR Data Export to Build Your Physical Music Collection. A Go script that analyzes your Spotify data to identify which albums to buy, complete with search links. Perfect timing with Spotify’s price hikes! 🎵💿
Aug 13, 2025	Just published a comprehensive deep dive into building murnau.audio-guide.cloud - a modern multilingual audio guide platform for museums. The technical write-up covers everything from Go/Templ architecture and HTMX frontend choices to CI/CD automation and why traditional servers often beat hyped FaaS solutions for simple persistent applications. 🏛️🎧
Aug 03, 2025	Already missing the Thursday evening criterium races at the Allianz Arena. Can’t wait for next season! 🚴‍♂️⚡
Nov 23, 2024	Currently I am playing with Cloud Run on `GCP` (Awesome service 🚀. However, using volumes is a pain. I can use `gcfuse` to mount buckets to the file-system - So far so good. However, it cannot be used for concurrent access. I could use NFS volumes as the only alternative, but the costs start at 200$/month. Alternative: Provision small VM and start … NFS … so … I need a … VM for my SERVER LESS application 😭😭😭😭.
Oct 02, 2024	The summer semester at TUM has come to an end. I’m grateful for the opportunity to teach and learn from the students. Now we embark on a new journey in the winter semester 🚀 at HM. There I work with Thomas Schreck, Erwin Kupris, Patrick Stoeckle to create the lecture Sicherheit in verteilten Systemen.

latest posts

Aug 28, 2025	Ditching Spotify - Using GDPR Data Export to Build Your Physical Music Collection
Aug 13, 2025	Building a Modern Audio Guide Platform - murnau.audio-guide.cloud
Aug 02, 2025	Racing Thursdays at the Allianz Arena - My Munich Bike Stars Experience
Apr 13, 2024	SANS London April 2024
Oct 12, 2023	Simplifying OAuth for Container Orchestration

selected publications

Towards achieving confidentiality in Hyperledger Fabric

Benedikt Hofmann, Prabhakaran Kasinathan, and Martin Wimmer

In IEEE International Conference on Blockchain, Blockchain 2022, Espoo, Finland, August 22-25, 2022, 2022

DOI Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/HofmannKW22,
  author = {Hofmann, Benedikt and Kasinathan, Prabhakaran and Wimmer, Martin},
  title = {Towards achieving confidentiality in Hyperledger Fabric},
  booktitle = {{IEEE} International Conference on Blockchain, Blockchain 2022, Espoo,
                 Finland, August 22-25, 2022},
  pages = {384--391},
  publisher = {{IEEE}},
  year = {2022},
  url = {https://doi.org/10.1109/Blockchain55522.2022.00060},
  doi = {10.1109/Blockchain55522.2022.00060},
  timestamp = {Tue, 04 Oct 2022 22:39:16 +0200},
  biburl = {https://dblp.org/rec/conf/blockchain2/HofmannKW22.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Secure Remote Maintenance via Workflow-Driven Security Framework

Prabhakaran Kasinathan, Davide Martintoni, Benedikt Hofmann, and 2 more authors

In 2021 IEEE International Conference on Blockchain, Blockchain 2021, Melbourne, Australia, December 6-8, 2021, 2021

DOI Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/KasinathanMHSW21,
  author = {Kasinathan, Prabhakaran and Martintoni, Davide and Hofmann, Benedikt and Senni, Valerio and Wimmer, Martin},
  editor = {Xiang, Yang and Wang, Ziyuan and Wang, Honggang and Niemi, Valtteri},
  title = {Secure Remote Maintenance via Workflow-Driven Security Framework},
  booktitle = {2021 {IEEE} International Conference on Blockchain, Blockchain 2021,
                 Melbourne, Australia, December 6-8, 2021},
  pages = {29--37},
  publisher = {{IEEE}},
  year = {2021},
  url = {https://doi.org/10.1109/Blockchain53845.2021.00016},
  doi = {10.1109/Blockchain53845.2021.00016},
  timestamp = {Mon, 31 Jan 2022 14:35:12 +0100},
  biburl = {https://dblp.org/rec/conf/blockchain2/KasinathanMHSW21.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Best Current Practice for Workload Identity

Benedikt Hofmann and Hannes Tschofenig

Oct 2023

Work in Progress

Abs Bib

The use of the OAuth 2.0 framework for container orchestration systems poses a challenge as managing secrets, such as client_id and client_secret, can be complex and error-prone. "Service account token volume projection", a term introduced by Kubernetes, provides a way of injecting JSON Web Tokens (JWTs) to workloads. This document specifies the use of JWTs for client credentials in container orchestration systems to improve interoperability in orchestration systems, to reduce complexity for developers, and motivates authorization server to support RFC 7523.
@techreport{hofmann-wimse-workload-identity-bcp-00, number = {draft-hofmann-wimse-workload-identity-bcp-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-hofmann-wimse-workload-identity-bcp/00/}, author = {Hofmann, Benedikt and Tschofenig, Hannes}, title = {{Best Current Practice for Workload Identity}}, pagetotal = {10}, year = {2023}, month = oct, day = {10}, }