Timo Pohl, M.Sc.

Researcher

Contact
Phone: +49 228 73-54246
Fax: +49 228 73-54254
Email: pohl@REMOVETHISPART.cs.uni-bonn.de
PGP public key: 0x4872A6DD1019A4D8
   
Visitor address: Institute of Computer Science 4
Friedrich-Hirzebruch-Allee 8
D-53115 Bonn
Germany
Postal address: Friedrich-Hirzebruch-Allee 5
Room: 1.018
 

Research interests

  • Software Supply Chain Security
  • Reproducible Builds for Programming Language Ecosystems

Teaching

If you are interested in a topic, don't hesitate to contact me.

Supervised Topics

2025

  • Classifying Package Differences of npm Packages for Reproducible Builds (Bachelor Thesis)
  • Automatically Collecting Metadata of Malicious npm Packages (Bachelor Thesis)
  • Systematization of Package-Repositories in the Context of Reproducible Builds (Bachelor Thesis)
  • Quantifying Anonymity on the Internet (Master Seminar)
  • Determining the Usefulness of CPU Utilization Metrics for Cryptojacking Detection (Master Seminar)
  • Deanonymizing Academic Reviews using Stylometry (Master Lab)
  • Analyzing the Reproducibility of Rust Crates (Master Thesis)

2024

  • Assessing the security of AI assisted code completion (Bachelor PG)
  • Automatic collection of malicious software packages (Bachelor PG)
  • State of the Art in Stylometry (Master Seminar)
  • State of the Art in Reproducible Builds for Software Components (Master Seminar)
  • Applicability of LLMs in Stylometry (Master Lab)
  • Recovering npm Package Build Environments from Provenance Information (Bachelor Thesis)

2023

  • Automatic creation of JavaScript bundles with ground truth (Bachelor PG)
  • Detection of JavaScript libraries within JavaScript bundles (Bachelor PG)
  • State of the Art in Software Metrics used for Project Security Assessments (Master Seminar)
  • Suitability of Software Metrics for Vulnerability Prediction (Master Lab)
  • State of the Art of Mitigations against Software Supply Chain Attacks (Master Seminar)
  • Attacks via IDE Extensions (Bachelor PG)

Publications

2025

  • "Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects", Ben Swierzy, Timo Pohl, Marc Ohm, Michael Meier; in Availability, Reliability and Security 2025
  • "SoK: Towards Reproducibility for Software Packages in Scripting Language Ecosystems", Timo Pohl, Pavel Novák, Marc Ohm, Michael Meier; in Availability, Reliability and Security 2025
  • "An Exploratory Study on Teaching Software Supply Chain Security Concepts to High School Students", Marc Ohm, Yannik Börgener, Timo Pohl; in Availability, Reliability and Security 2025

2024

  • "SoK: Automated Software Testing for TLS Libraries", Ben Swierzy, Felix Boes, Timo Pohl, Christian Bungartz, Michael Meier; in Availability, Reliability and Security 2024
  • "You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js", Timo Pohl, Marc Ohm, Felix Boes, Michael Meier; in Sicherheit 2024

2023

  • "Measuring Resource Efficiency of LaTeX Paper Templates", Timo Pohl, Marc Ohm; in EnviroInfo 2023
  • "Power Consumption of Common Symmetric Encryption Algorithms on Low-Cost Microchips", Marc Ohm, Lars Taufenbach, Karsten Weber, Timo Pohl; in EnviroInfo 2023
  • "Benutzerfreundliche Schutzmechanismen gegen USB-basierte Angriffe unter Linux", Timo Pohl, Arnold Sykosch; in 17. Deutscher IT-Sicherheitskongress des BSI