I am a Research Fellow in the School of Computer Science at the University of Birmingham, working on the DARPA-funded BRASS project with Dave Parker. My research interests are generally computer security-related, and include quantitative information flow control, web security, and programming language security. I also teach.


I obtained a BSc in Computer Science from the University of Birmingham in 2009, followed by an MSc in Advanced Computer Science in 2010.

I obtained my PhD from the University of Birmingham in 2014, under the supervision of Tom Chothia. During my time as a PhD student, I was also a Senior Teaching Associate. My PhD was funded for four years, rather than three: 25% of my time was spent teaching.

Following my PhD, I was a Research Associate in the Department of Computing at Imperial College London from October 2014 until May 2017, working with Sergio Maffeis.


My research focuses on computer security, although I'm also interested in distributed systems and security-centric aspects of usability.

I'm a member of the Security and Privacy Group in the School of Computer Science at the University of Birmingham. During my time at Imperial College London, I was a member of the Research Institute in Automated Program Analysis and Verification, as part of the Certified Verification of Client-Side Web Programs project. I was also a member of the CryptoForma network and its successor, CryptoForma 2.

Web security & privacy

My recent research has investigated the web's security and privacy models, particularly with regard to the implementation of standardised security policies in major web browsers. With Charlie Hothersall-Thomas and Sergio Maffeis, I've developed BrowserAudit, a web application allowing casual users, web developers and browser developers alike to assess how well their browsers implement today's main browser security policies, such as the the same-origin policy, the Content Security Policy, and Cross-Origin Resource Sharing.

Information flow control

My earlier research focused on quantifying information leakage in complex, real-world software and systems, using both formal approaches to precisely compute information leakage and empirical approaches to accurately estimate information leakage. Along with Tom Chothia, Yusuke Kawamoto, David Parker and Rajiv Ranjan Singh, I've developed a number of automated information leakage analysis tools and their underlying theory.

Monitoring of peer-to-peer file-sharing networks

I've also conducted research into the monitoring of peer-to-peer networks — specifically, BitTorrent — by third parties. From 2009 to 2011, Tom Chothia, Marco Cova, Camilo González Toro and I studied the behaviour of BitTorrent peers in swarms for torrents indexed by The Pirate Bay, a famous (and copyright-infringing) file-sharing web site. We found that file-sharers are being monitored on an enormous scale by a range of organisations, including copyright enforcement agencies and market research companies. This work received a large amount of coverage in both the technical and general press.

Academic service

I was previously a member of the Programme Committee for SEC@SAC16 and SEC@SAC17, and have been invited to review submissions to TCS-QAPL 2014, HotSpot 2015, POST 2015, PPREW-4, SSPREW-6, S&P 2017, and ASE '17.


I was a lab demonstrator as an MSc student at Birmingham during the 2009/10 academic session. While I was a PhD student between 2010 and 2014, I spent around a quarter of my time teaching undergraduate and taught-postgraduate students as a Teaching Assistant (and later as a Senior Teaching Associate); during this time, Tom Chothia and I developed a virtual machine for use in the practical coursework component of the Computer Security and Introduction to Computer Security modules.

After moving to Imperial, I created the Network and Web Security course from scratch with Sergio Maffeis, combining the teaching of abstract network and web security concepts with practical tutorials using specially-designed virtual machines. This culminated in a practical exam which tested students' abstract knowledge as well as their ability to break in to a range of tailor-made vulnerable web services.

Teaching record

Department of Computing, Imperial College London
School of Computer Science, University of Birmingham

Other activities

Together with Tom Chothia and Marco Cova, I founded the University of Birmingham Hacking Club in 2009. We regularly compete in ethical computer hacking competitions under the team name A Finite Number of Monkeys — I participate under the pseudonym csn.

From its inception, I was involved in the running of the Computer Science Society, the official student society of the School of Computer Science at the University of Birmingham, for several years: I was elected Third-Year Representative from 2008–09, and General Secretary from 2009–11.


Email is by far the quickest way of contacting me — my address is c.novakovic@cs.bham.ac.uk. If your email is confidential, you might want to encrypt it before sending it to me: my PGP public key is available on all popular key servers. If you'd like to encrypt your email using PGP but aren't sure how, the Enigmail extension for Mozilla Thunderbird offers a quick-start guide.

My office is room 234 in the Computer Science building (Y9 on the Edgbaston Campus map).

Postal address (please let me know if you post something to me, or I might be slow to respond):

Dr. Chris Novakovic
School of Computer Science
University of Birmingham
Birmingham B15 2TT
United Kingdom