Container and Mobile Application Security

Munich

I embarked on my career journey as a chemical technician at Roche Diagnostics GmbH in Penzberg, laying the foundation for my professional growth. Fueled by a curiosity, I pursued higher education, earning both a Bachelor’s and Master’s degree in Computer Sciences from the University of Applied Sciences Kempten. During my academic journey, I blended my technological aspirations with the serene landscapes of the Allgäu region, finding inspiration in the mountains and on the road bike.

My academic voyage reached its zenith with a thesis at Siemens AG in Munich, which provided a practical perspective on the tech world. Today, I proudly serve as a Cybersecurity Architect at Siemens AG. In this role, I actively engage in researching and advising on vital cybersecurity domains such as container security, mobile application security, and privacy, collaborating closely with my talented colleagues to ensure robust protection.

Notably, during my inaugural year as a Cybersecurity Architect at Siemens, I achieved a mobile application certification, further bolstering my expertise in the ever-evolving cybersecurity landscape. This accomplishment adds to my commitment to strengthening the security and privacy of digital applications in our increasingly connected world.

I’ve also had the privilege of being part of a dynamic team at Siemens, where we collectively developed and conducted container security training programs. As a trainer, I’ve been able to share my knowledge and practical insights, helping professionals stay at the forefront of container security best practices.

news

Mar 16, 2024	Recently I took part in the Kraken Hunter Workshop It was great fun with many learnings on how to secure workloads in the cloud, containers, K8s clusters and VMs. And in the End we were Kraken Hunters :).
Nov 25, 2023	If you are searching for a fun challenge try eksclustergames.com. Its a little CTF from wiz.io for learning about eks security. I did it with two collegues and it was great fun.
Oct 13, 2023	I’m excited to share an IETF draft my collegue and I wrote on simplifying OAuth 2.0 for container orchestration. This draft shows how Service Account Token Volume Projection in k8s makes client authentciation easier and more secure for developers. If your interested please join in the discussion and mail us.
Jul 15, 2023	I’ve achieved GIAC Mobile Device Security Analyst (GMOB) certification! It’s been an incredible journey of learning and growth in the field of cybersecurity. 🤜 🤛
Oct 13, 2022	Just came back from the collabs info day in Novi Sad - Serbia. Finally, I could meed the people we are collabrating with in person. Looking forward to the next one 😉

latest posts

Apr 13, 2024	SANS London April 2024
Oct 12, 2023	Simplifying OAuth for Container Orchestration
Feb 11, 2023	SANS Offensive Operations London 2023

selected publications

Towards achieving confidentiality in Hyperledger Fabric

Benedikt Hofmann, Prabhakaran Kasinathan, and Martin Wimmer

In IEEE International Conference on Blockchain, Blockchain 2022, Espoo, Finland, August 22-25, 2022, 2022

Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/HofmannKW22,
  author = {Hofmann, Benedikt and Kasinathan, Prabhakaran and Wimmer, Martin},
  title = {Towards achieving confidentiality in Hyperledger Fabric},
  booktitle = {{IEEE} International Conference on Blockchain, Blockchain 2022, Espoo,
                 Finland, August 22-25, 2022},
  pages = {384--391},
  publisher = {{IEEE}},
  year = {2022},
  url = {https://doi.org/10.1109/Blockchain55522.2022.00060},
  doi = {10.1109/Blockchain55522.2022.00060},
  timestamp = {Tue, 04 Oct 2022 22:39:16 +0200},
  biburl = {https://dblp.org/rec/conf/blockchain2/HofmannKW22.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Secure Remote Maintenance via Workflow-Driven Security Framework

Prabhakaran Kasinathan, Davide Martintoni, Benedikt Hofmann, and 2 more authors

In 2021 IEEE International Conference on Blockchain, Blockchain 2021, Melbourne, Australia, December 6-8, 2021, 2021

Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/KasinathanMHSW21,
  author = {Kasinathan, Prabhakaran and Martintoni, Davide and Hofmann, Benedikt and Senni, Valerio and Wimmer, Martin},
  editor = {Xiang, Yang and Wang, Ziyuan and Wang, Honggang and Niemi, Valtteri},
  title = {Secure Remote Maintenance via Workflow-Driven Security Framework},
  booktitle = {2021 {IEEE} International Conference on Blockchain, Blockchain 2021,
                 Melbourne, Australia, December 6-8, 2021},
  pages = {29--37},
  publisher = {{IEEE}},
  year = {2021},
  url = {https://doi.org/10.1109/Blockchain53845.2021.00016},
  doi = {10.1109/Blockchain53845.2021.00016},
  timestamp = {Mon, 31 Jan 2022 14:35:12 +0100},
  biburl = {https://dblp.org/rec/conf/blockchain2/KasinathanMHSW21.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Best Current Practice for Workload Identity

Benedikt Hofmann, and Hannes Tschofenig

Oct 2023

Work in Progress

Abs Bib

The use of the OAuth 2.0 framework for container orchestration systems poses a challenge as managing secrets, such as client_id and client_secret, can be complex and error-prone. "Service account token volume projection", a term introduced by Kubernetes, provides a way of injecting JSON Web Tokens (JWTs) to workloads. This document specifies the use of JWTs for client credentials in container orchestration systems to improve interoperability in orchestration systems, to reduce complexity for developers, and motivates authorization server to support RFC 7523.
@techreport{hofmann-wimse-workload-identity-bcp-00, number = {draft-hofmann-wimse-workload-identity-bcp-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-hofmann-wimse-workload-identity-bcp/00/}, author = {Hofmann, Benedikt and Tschofenig, Hannes}, title = {{Best Current Practice for Workload Identity}}, pagetotal = {10}, year = {2023}, month = oct, day = {10}, }