Container and Mobile Application Security

Munich

I embarked on my career journey as a chemical technician at Roche Diagnostics GmbH in Penzberg, laying the foundation for my professional growth. Fueled by a curiosity, I pursued higher education, earning both a Bachelor’s and Master’s degree in Computer Sciences from the University of Applied Sciences Kempten. During my academic journey, I blended my technological aspirations with the serene landscapes of the Allgäu region, finding inspiration in the mountains and on the road bike.

My academic voyage reached its zenith with a thesis at Siemens AG in Munich, which provided a practical perspective on the tech world. Today, I proudly serve as a Research Scientist at Siemens AG. In this role, I research and consult on cybersecurity domains such as container security, mobile application security, and privacy, collaborating closely with my talented colleagues.

I’ve also had the privilege of being part of a dynamic team at Siemens, where we collectively developed and conducted container security training programs. As a trainer, I’ve been able to share my knowledge and practical insights, helping professionals stay at the forefront of container security best practices.

Notably, since 2024 my colleagues Patrick Stöckle and I conduct a practicum on container security at the Technical University of Munich.

news

Nov 23, 2024	Currently I am playing with Cloud Run on `GCP` (Awesome service 🚀. However, using volumes is a pain. I can use `gcfuse` to mount buckets to the file-system - So far so good. However, it cannot be used for concurrent access. I could use NFS volumes as the only alternative, but the costs start at 200$/month. Alternative: Provision small VM and start … NFS … so … I need a … VM for my SERVER LESS application 😭😭😭😭.
Oct 2, 2024	The summer semester at TUM has come to an end. I’m grateful for the opportunity to teach and learn from the students. Now we embark on a new journey in the winter semester 🚀 at HM. There I work with Thomas Schreck, Erwin Kupris, Patrick Stoeckle to create the lecture Sicherheit in verteilten Systemen.
Aug 24, 2024	I’ve achieved the GIAC Certified Web Application Defender (GWEB) certification! Together with the SEC522 Training its a really interesting learning experience. Great hands on exercises to make web security tangible .
Mar 16, 2024	Recently I took part in the Kraken Hunter Workshop It was great fun with many learnings on how to secure workloads in the cloud, containers, K8s clusters and VMs. And in the End we were Kraken Hunters :).
Nov 25, 2023	If you are searching for a fun challenge try eksclustergames.com. Its a little CTF from wiz.io for learning about eks security. I did it with two collegues and it was great fun.

latest posts

Apr 13, 2024	SANS London April 2024
Oct 12, 2023	Simplifying OAuth for Container Orchestration
Feb 11, 2023	SANS Offensive Operations London 2023

selected publications

Towards achieving confidentiality in Hyperledger Fabric

Benedikt Hofmann, Prabhakaran Kasinathan, and Martin Wimmer

In IEEE International Conference on Blockchain, Blockchain 2022, Espoo, Finland, August 22-25, 2022, 2022

Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/HofmannKW22,
  author = {Hofmann, Benedikt and Kasinathan, Prabhakaran and Wimmer, Martin},
  title = {Towards achieving confidentiality in Hyperledger Fabric},
  booktitle = {{IEEE} International Conference on Blockchain, Blockchain 2022, Espoo,
                 Finland, August 22-25, 2022},
  pages = {384--391},
  publisher = {{IEEE}},
  year = {2022},
  url = {https://doi.org/10.1109/Blockchain55522.2022.00060},
  doi = {10.1109/Blockchain55522.2022.00060},
  timestamp = {Tue, 04 Oct 2022 22:39:16 +0200},
  biburl = {https://dblp.org/rec/conf/blockchain2/HofmannKW22.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Secure Remote Maintenance via Workflow-Driven Security Framework

Prabhakaran Kasinathan, Davide Martintoni, Benedikt Hofmann, and 2 more authors

In 2021 IEEE International Conference on Blockchain, Blockchain 2021, Melbourne, Australia, December 6-8, 2021, 2021

Bib HTML PDF

@inproceedings{DBLP:conf/blockchain2/KasinathanMHSW21,
  author = {Kasinathan, Prabhakaran and Martintoni, Davide and Hofmann, Benedikt and Senni, Valerio and Wimmer, Martin},
  editor = {Xiang, Yang and Wang, Ziyuan and Wang, Honggang and Niemi, Valtteri},
  title = {Secure Remote Maintenance via Workflow-Driven Security Framework},
  booktitle = {2021 {IEEE} International Conference on Blockchain, Blockchain 2021,
                 Melbourne, Australia, December 6-8, 2021},
  pages = {29--37},
  publisher = {{IEEE}},
  year = {2021},
  url = {https://doi.org/10.1109/Blockchain53845.2021.00016},
  doi = {10.1109/Blockchain53845.2021.00016},
  timestamp = {Mon, 31 Jan 2022 14:35:12 +0100},
  biburl = {https://dblp.org/rec/conf/blockchain2/KasinathanMHSW21.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org},
}

Best Current Practice for Workload Identity

Benedikt Hofmann, and Hannes Tschofenig

Oct 2023

Work in Progress

Abs Bib

The use of the OAuth 2.0 framework for container orchestration systems poses a challenge as managing secrets, such as client_id and client_secret, can be complex and error-prone. "Service account token volume projection", a term introduced by Kubernetes, provides a way of injecting JSON Web Tokens (JWTs) to workloads. This document specifies the use of JWTs for client credentials in container orchestration systems to improve interoperability in orchestration systems, to reduce complexity for developers, and motivates authorization server to support RFC 7523.
@techreport{hofmann-wimse-workload-identity-bcp-00, number = {draft-hofmann-wimse-workload-identity-bcp-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-hofmann-wimse-workload-identity-bcp/00/}, author = {Hofmann, Benedikt and Tschofenig, Hannes}, title = {{Best Current Practice for Workload Identity}}, pagetotal = {10}, year = {2023}, month = oct, day = {10}, }