In May 2017, I moved to the School of Computer Science at the University of Birmingham. Information on this page may now be out of date.

You should be redirected to my new home page in 10 seconds…

I am a Research Associate in the Department of Computing at Imperial College London, working with Sergio Maffeis. My research interests are generally computer security-related, and include quantitative information flow control, web security, and programming language security. I also teach.


I obtained my PhD from the School of Computer Science at the University of Birmingham in 2014, under the supervision of Tom Chothia. I also obtained a BSc in Computer Science and an MSc in Advanced Computer Science from the same department, in 2009 and 2010 respectively.

During my time as a PhD student, I was also a Senior Teaching Associate. My PhD was funded for four years, rather than three: 25% of my time was spent teaching.


My research focuses on computer security, although I'm also interested in distributed systems and security-centric aspects of usability.

I'm a member of the Research Institute in Automated Program Analysis and Verification, currently as part of the Certified Verification of Client-Side Web Programs project. I was previously a member of the Security and Privacy Group in the School of Computer Science at the University of Birmingham, and was also a member of the CryptoForma network and its successor, CryptoForma 2.

Web security & privacy

My recent research has investigated the web's security and privacy models, particularly with regard to the implementation of standardised security policies in major web browsers. With Charlie Hothersall-Thomas and Sergio Maffeis, I've developed BrowserAudit, a web application allowing casual users, web developers and browser developers alike to assess how well their browsers implement today's main browser security policies, such as the the same-origin policy, the Content Security Policy, and Cross-Origin Resource Sharing.

Information flow control

My earlier research focused on quantifying information leakage in complex, real-world software and systems, using both formal approaches to precisely compute information leakage and empirical approaches to accurately estimate information leakage. Along with Tom Chothia, Yusuke Kawamoto, David Parker and Rajiv Ranjan Singh, I've developed a number of automated information leakage analysis tools and their underlying theory.

Monitoring of peer-to-peer file-sharing networks

I've also conducted research into the monitoring of peer-to-peer networks — specifically, BitTorrent — by third parties. From 2009 to 2011, Tom Chothia, Marco Cova, Camilo González Toro and I studied the behaviour of BitTorrent peers in swarms for torrents indexed by The Pirate Bay, a famous (and copyright-infringing) file-sharing web site. We found that file-sharers are being monitored on an enormous scale by a range of organisations, including copyright enforcement agencies and market research companies. This work received a large amount of coverage in both the technical and general press.

Academic service

I was previously a member of the Programme Committee for SEC@SAC16 and SEC@SAC17, and have been invited to review submissions to TCS-QAPL 2014, HotSpot 2015, POST 2015, PPREW-4, SSPREW-6, and S&P 2017.


Teaching responsibilities in previous academic sessions:

Details of my former life as a Senior Teaching Associate in the School of Computer Science at the University of Birmingham can be found on my "Teaching" web page there.

Other activities

Together with Tom Chothia and Marco Cova, I founded the University of Birmingham Hacking Club in 2009. We regularly compete in ethical computer hacking competitions under the team name A Finite Number of Monkeys — I participate under the pseudonym csn.

From its inception, I was involved in the running of the Computer Science Society, the official student society of the School of Computer Science at the University of Birmingham, for several years: I was elected Third-Year Representative from 2008–09, and General Secretary from 2009–11.


Email is by far the quickest way of contacting me — my address is If your email is confidential, you might want to encrypt it before sending it to me: my PGP public key is available on all popular key servers. If you'd like to encrypt your email using PGP but aren't sure how, the Enigmail extension for Mozilla Thunderbird offers a quick-start guide.

My office is room 558C in the Huxley Building. I'm afraid I don't have personal office hours — if you'd like to talk, please email me and we can arrange a meeting. I may also be available by telephone or Skype.

Postal address (please let me know if you post something to me, or I might be slow to respond):

Dr. Chris Novakovic
Department of Computing
Huxley Building, 180 Queen's Gate
South Kensington Campus
Imperial College London
London SW7 2AZ, United Kingdom