Team

Team:

Dipl.-Ing. Michael Rodler

Academic Staff

Dipl.-Ing. Michael Rodler

Room:
S-GW 306
Telephone:
+49 201 18-37336
Email:
Homepage:
https://michaelrodler.at

Bio:

Michael Rodler is currently working and pursuing his PhD as a research assistant for Secure Software Systems at the University Duisburg-Essen. His research focus is on (1) low-level systems security and exploit mitigations for data-only attacks and (2) security of smart contracts. Previously he worked on dynamic analysis of android applications. He also worked in the security industry, mainly in the area of secure software development.

Curriculum Vitae:

YearPosition / Study Program
since 08/2017Research Assistant at University Duisburg-Essen
10/2013 - 06/2017Master degree course Computer Science at Technical University Graz (graduated with Dipl.-Ing. equivalent to MSc)
10/2009 - 07/2013Study program Secure Information Systems at the University of Applied Sciences Upper Austria Campus Hagenberg (graduated with BSc)
2009Matura at Christian-Doppler Gymnasium Salzburg

Publications:

Filter:
  • Michael Rodler; Wenting Li; Ghassan Karame; Lucas Davi: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Full text Citation Details

    Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

  • Sebastian Surminski; Michael Rodler; Lucas Davi: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Full text Citation Details

    Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

    To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

  • Thomas Eder; Michael Rodler; Dieter Vymazal; Markus Zeilinger: ANANAS - A Framework for Analyzing Android Applications. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (2013). doi:10.1109/ARES.2013.93 Full text Citation Details

Talks:

Filter:
  • Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, Network and Distributed System Security Symposium (NDSS), 27.02.2019, San Diego. Details