Team

Dipl.-Ing. Michael Rodler

Academic Staff

Dipl.-Ing. Michael Rodler

Room:
S-GW 309
Telephone:
+49 201 18-37019
Email:
Homepage:
https://michaelrodler.at

Bio:

Michael Rodler is currently working and pursuing his PhD as a research assistant for Secure Software Systems at the University Duisburg-Essen. His research focus is on (1) low-level systems security and exploit mitigations for data-only attacks and (2) security of smart contracts. Previously he worked on dynamic analysis of android applications. He also worked in the security industry, mainly in the area of secure software development.

Curriculum Vitae:

since 08/2017

Research Assistant at University Duisburg-Essen

10/2013 - 06/2017

Master degree course Computer Science at Technical University Graz (graduated with Dipl.-Ing. equivalent to MSc)

10/2009 - 07/2013

Study program Secure Information Systems at the University of Applied Sciences Upper Austria Campus Hagenberg (graduated with BSc)

Publications:

Filter:
  • Cloosters, Tobias; Rodler, Michael; Davi, Lucas: TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In: Proc. of 29th USENIX Security Symposium. 2020. Citation Details
  • Adepu, Sridhar; Brasser, Ferdinand; Garcia, Luis; Rodler, Michael; Davi, Lucas; Sadeghi, Ahmad-Reza; Zonouz, Saman: Control Behavior Integrity for Distributed Cyber-Physical Systems. In: 11th IEEE/ACM Conference on Cyber-Physical Systems (ICCPS'20). 2020. Citation Details
  • Rodler, Michael; Li, Wenting; Karame, Ghassan; Davi, Lucas: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Full text Citation Details

    Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

  • Surminski, Sebastian; Rodler, Michael; Davi, Lucas: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Full text Citation Details

    Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

    To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

  • Eder, Thomas; Rodler, Michael; Vymazal, Dieter; Zeilinger, Markus: ANANAS - A Framework for Analyzing Android Applications. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (2013). doi:10.1109/ARES.2013.93 Full text Citation Details

Talks:

Filter:
  • Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, ACM AFT, 21.10.2019, Zürich. Details
  • Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, Network and Distributed System Security Symposium (NDSS), 27.02.2019, San Diego. Details