Zur Person:

Michael Rodler ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Sichere Software Systeme an der Universität Duisburg-Essen.

Lebenslauf:

seit 08/2017

Wissenschaftlicher Mitarbeiter an der Universität Duisburg-Essen

10/2013 - 06/2017

Masterstudium Informatik an der Technischen Universität Graz (Abschluss mit Dipl.-Ing.)

10/2009 - 07/2013

Studiengang Sichere Informationssysteme an der Fachhochschule Oberösterreich Campus Hagenberg (Abschluss mit BSc)

Ehrungen und Auszeichnungen:

• Distinguished Technical Poster Award at NDSS 2019

Publikationen:

• Sridhar Adepu, Ferdinand Brasser, Luis Garcia, Michael Rodler, Lucas Davi, Ahmad-Reza Sadeghi; Saman Zonouz: Control Behavior Integrity for Distributed Cyber-Physical Systems. In: 11th IEEE/ACM Conference on Cyber-Physical Systems (ICCPS'20). 2020. BIB Download Details
• Michael Rodler; Wenting Li; Ghassan Karame; Lucas Davi: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Volltext BIB Download Kurzfassung Details

  Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

• Sebastian Surminski; Michael Rodler; Lucas Davi: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Volltext BIB Download Kurzfassung Details

  Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

  To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

• Thomas Eder; Michael Rodler; Dieter Vymazal; Markus Zeilinger: ANANAS - A Framework for Analyzing Android Applications. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (2013). doi:10.1109/ARES.2013.93 Volltext BIB Download Details

Vorträge:

• Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, ACM AFT, 21.10.2019, Zürich. Details
• Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, Network and Distributed System Security Symposium (NDSS), 27.02.2019, San Diego. Details