Zur Person:

Michael Rodler ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Sichere Software Systeme an der Universität Duisburg-Essen.

Lebenslauf:

JahrPosition / Studienprogrammseit 08/2017Wissenschaftlicher Mitarbeiter an der Universität Duisburg-Essen10/2013 - 06/2017Masterstudium Informatik an der Technischen Universität Graz (Abschluss mit Dipl.-Ing.)10/2009 - 07/2013Studiengang Sichere Informationssysteme an der Fachhochschule Oberösterreich Campus Hagenberg (Abschluss mit BSc)2009Matura am Christian-Doppler Gymnasium Salzburg

Ehrungen und Auszeichnungen:

• Distinguished Technical Poster Award at NDSS 2019

Publikationen:

• Michael Rodler; Wenting Li; Ghassan Karame; Lucas Davi: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Volltext RIS Download Kurzfassung Details

  Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

• Sebastian Surminski; Michael Rodler; Lucas Davi: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Volltext RIS Download Kurzfassung Details

  Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

  To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

• Thomas Eder; Michael Rodler; Dieter Vymazal; Markus Zeilinger: ANANAS - A Framework for Analyzing Android Applications. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (2013). doi:10.1109/ARES.2013.93 Volltext RIS Download Details

Vorträge:

• Michael Rodler: Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, Network and Distributed System Security Symposium (NDSS), 27.02.2019, San Diego. Details