Research

I am currently pursuing my PhD under the supervision of Prof. Lucas Davi at the university of Duisburg-Essen. My primary research interests include:

Here are some other websites about my research:

Previously I worked on dynamic analysis of Android applications. In the malware-lab of the FH Hagenberg Secure Informations Systems we started a project that provides a dynamic analysis platform for Android applications. This resulted in my first publication.

Later I also patched Taintdroid to contain taint sinks/sources/tags for cryptography APIs, which can result in insights how an application uses cryptography to protect user data.

I started a small project that does compile time function call instrumentation in LLVM (you could call it aspect oriented programming). It's focused on analysis and fault injection though and does come with a significant overhead. The project is now dead/unmaintained.

I did my master thesis at the IAIK Secure Systems groups, where I built upon the results of the Write Integrity Testing (WIT) paper, which I implemented within LLVM for Linux. I then evaluated WIT on the CGC dataset (only somewhat successfully).

At the beginning of my PhD I strolled around topic-wise a bit. So first I got to apply my LLVM/compiler experience to a Cyber-Physical Systems (CPS). There we basically built a two-variant execution system to monitor the "control behavior integrity" of the CPS. I was in charge of adapting the compiler (a modified matiec compiler + C-to-llvm backend) to compile the consolidated PLC code into a runnable version that would interact with a simulation of the external physical part of the system.

My next project was related to security of smart contracts on the Ethereum blockchain. We specifically looked at re-entrancy. I was the primary developer of a taint tracking system for the Ethereum Virtual Machine (EVM). We utilized this to create a locking based mechanism to detect (an theory also prevent) re-entrancy attacks.

Publications

  • "Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks"
    Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
    Proceedings of the Network and Distributed System Security Symposium (NDSS'19)
    paper video arxiv example attacks
  • "Control Behavior Integrity for Distributed Cyber-Physical Systems"
    Sridhar Adepu, Ferdinand Brasser, Luis Garcia, Michael Rodler, Lucas Davi, Ahmad-Reza Sadeghi, Saman Zonouz
    (under submission)
    arxiv
  • "Enforcing Pointer Integrity Through Static Analysis"
    Michael Rodler
    Master Thesis at TU Graz
    paper
  • "ANANAS - A Framework For Analyzing Android Applications"
    Thomas Eder, Michael Rodler, Dieter Vymazal, Markus Zeilinger
    First International Workshop on Emerging Cyberthreats and Countermeasures (Regensburg, 2013), IEEE.
    arxiv ieeexplore

Talks

  • "ROP CFI RAP XNR CPI WTF? – Navigating the Exploit Mitigation Jungle"
    at BsidesLjubljana 2017 (2017-03-10)
    slides
  • "A CTF Hackers Toolbox - Competitive hacking for fun and (non-)profit"
    with Stefan More
    at Grazer Linuxtage 2016 (2016-04-30)
    slides
  • "Weird Machines on Little Robots - Intro to binary exploitation on Android smartphones"
    at Hacking Night SS 2013 (2013-06-06)
    slides
  • "evil maid on droids"
    at Hacking Night WS 2012 (2012-12-06)
    slides
  • "Oh Noes, Another Android Malware Talk"
    with Thomas Eder
    at Insights Track at Security Forum 2012 (2012-04-18)
    slides
  • "Downgrade Attacks by Example"
    at BSidesVienna 2012 (2012-01-21)
    slides
  • "Downgrade Attacks: Compatibility Breaks Security"
    at Hacking Night WS 2011 (2011-12-14)
    slides
  • "Hackinggroup – Python Workshop"
    with Thomas Kastner
    at Hackinggroup Workshop (2010-12-07 and 2010-12-16)
    slides: part 1 part 2 sources
  • "Tatort Internet: Wer geht mit mir phishen?"
    with Sebastian Neuner
    at Hacking Night WS 2010 (2010-11-25)
    slides
  • "git for noobs"
    at Hackinggroup Workshop (2010-10-27)
    slides