I am currently pursuing my PhD under the supervision of Prof. Lucas Davi at the
university of Duisburg-Essen. My primary research interests include:
- Vulnerability Research and Hardening Mechanisms
- Program Analysis
- Secure Software Development
Here are some other websites about my research:
Previously I worked on dynamic analysis of Android applications. In the
malware-lab of the FH Hagenberg Secure Informations Systems we started a
project that provides a dynamic analysis platform for Android applications.
This resulted in my first publication.
Later I also patched Taintdroid to contain taint sinks/sources/tags for
cryptography APIs, which can result in insights how an application uses
cryptography to protect user data.
I started a small project that does compile time function call
instrumentation in LLVM (you could call it aspect oriented programming). It's
focused on analysis and fault injection though and does come with a significant
overhead. The project is now dead/unmaintained.
I did my master thesis at the IAIK Secure Systems groups, where I built
upon the results of the Write Integrity Testing (WIT) paper, which I
implemented within LLVM for Linux. I then evaluated WIT on the CGC dataset
(only somewhat successfully).
At the beginning of my PhD I strolled around topic-wise a bit. So first I got
to apply my LLVM/compiler experience to a Cyber-Physical Systems (CPS). There
we basically built a two-variant execution system to monitor the "control
behavior integrity" of the CPS. I was in charge of adapting the compiler (a
modified matiec compiler + C-to-llvm backend) to compile the consolidated PLC
code into a runnable version that would interact with a simulation of the
external physical part of the system.
My next project was related to security of smart contracts on the Ethereum
blockchain. We specifically looked at re-entrancy. I was the primary developer
of a taint tracking system for the Ethereum Virtual Machine (EVM). We utilized
this to create a locking based mechanism to detect (an theory also prevent)
"Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks"
Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
Proceedings of the Network and Distributed System Security Symposium (NDSS'19)
"Control Behavior Integrity for Distributed Cyber-Physical Systems"
Sridhar Adepu, Ferdinand Brasser, Luis Garcia, Michael Rodler, Lucas Davi, Ahmad-Reza Sadeghi, Saman Zonouz
"Enforcing Pointer Integrity Through Static Analysis"
Master Thesis at TU Graz
"ANANAS - A Framework For Analyzing Android Applications"
Thomas Eder, Michael Rodler, Dieter Vymazal, Markus Zeilinger
First International Workshop on Emerging Cyberthreats and Countermeasures (Regensburg, 2013), IEEE.
"ROP CFI RAP XNR CPI WTF? – Navigating the Exploit Mitigation Jungle"
at BsidesLjubljana 2017 (2017-03-10)
"A CTF Hackers Toolbox - Competitive hacking for fun and (non-)profit"
with Stefan More
at Grazer Linuxtage 2016 (2016-04-30)
"Weird Machines on Little Robots - Intro to binary exploitation on Android smartphones"
at Hacking Night SS 2013 (2013-06-06)
"evil maid on droids"
at Hacking Night WS 2012 (2012-12-06)
"Oh Noes, Another Android Malware Talk"
with Thomas Eder
at Insights Track at Security Forum 2012 (2012-04-18)
"Downgrade Attacks by Example"
at BSidesVienna 2012 (2012-01-21)
"Downgrade Attacks: Compatibility Breaks Security"
at Hacking Night WS 2011 (2011-12-14)
"Hackinggroup – Python Workshop"
with Thomas Kastner
at Hackinggroup Workshop (2010-12-07 and 2010-12-16)
"Tatort Internet: Wer geht mit mir phishen?"
with Sebastian Neuner
at Hacking Night WS 2010 (2010-11-25)
"git for noobs"
at Hackinggroup Workshop (2010-10-27)