Dipl.-Inform. Marcel Winandy

Research Assistants - Chair System Security

Address

Ruhr-University Bochum
Universitätsstraße 150
D - 44780 Bochum
Germany

Location:
Dept. of Electr. Eng. and Information Sciences
Universitätsstr. 150
ID 2/449

Phone:: (+49) (0)234 32 - 28667
Fax:: (+49) (0)234 / 32 - 14956
Email:: marcel.winandy@trust.rub.de PGP key
Website:: http://www.marcel-winandy.de/

Vita

1997-2004: Studies at University of Bonn, Germany. Diploma (Master) in Computer Science.
2004-2005: Research Assistant at Institute of Computer Science III, University of Bonn, Germany. Research on the security of adaptive mobile applications.
Since 05/2005: Research Assistant at Horst Görtz Institute for IT Security, Ruhr-University Bochum. Research and development of hard-disk encryption, secure GUI, and ERM prototypes. My research focus is on using trusted computing technology and secure user interfaces to protect against phishing (secure wallet) and on virtualization of trusted computing hardware.

Research

Security and privacy
Operating systems security
Secure software systems
Secure user interfaces
Trusted Computing
Software engineering

Projects

RUBTrust/MediTrust
TVD-Solaris
TruWallet
Secure GUI
OpenTC (Open Trusted Computing)
EMSCB (European Multilaterally Secure Computing Platform)
TPM Compliance Tests

additional Courses

Praktikum Betriebssystemsicherheit und Trusted Computing

Publications

A Note on the Security in the Card Management System of the German E-Health Card

Marcel Winandy - Accepted for the 3rd International ICST Conference on Electronic Healthcare for the 21st century (eHealth 2010), Casablanca, Marocco, 13-15 December, 2010.

Securing the E-Health Cloud

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Accepted for the 1st ACM International Health Informatics Symposium (IHI 2010), November 11-12, Arlington, VA, USA, 2010.

Privilege Escalation Attacks on Android.

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Accepted for the 13th Information Security Conference (ISC 2010).

Return-Oriented Programming without Returns

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy - Accepted for the 17th ACM Conference on Computer and Communications Security (CCS 2010)

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments

Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy - Accepted for the 5th Annual Workshop on Scalable Trusted Computing (STC 2010).

Return-Oriented Programming without Returns on ARM

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Technical Report HGI-TR-2010-002

Token-Based Cloud Computing -- Secure Outsourcing of Data and Arbitrary Computations with Lower Latency

Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy - 3rd International Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on Trust in the Cloud, June 22, Berlin, Germany.

Trusted Virtual Domains: Color Your Network

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Datenschutz und Datensicherheit (DuD) 5/2010, p. 289-298.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - Technical Report HGI-TR-2010-001

Patterns for Secure Boot and Secure Storage in Computer Systems

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - 4th International Workshop on Secure systems methodologies using patterns (SPattern 2010), In Proceedings of ARES 2010: International Conference on Availability, Reliability and Security, pp.569-573, IEEE Computer Society, 2010

Trusted virtual domains - design, implementation and lessons learned.

Ahmad-Reza Sadeghi, Gianluca Ramunno, Dirk Kuhlmann, Konrad Eriksson, Luigi Catuogno, Alexandra Dmitrienko, Jing Zhan, Steffen Schulz, Marcel Winandy, Matthias Schunter - International Conference on Trusted Systems (INTRUST) 2009.

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks.

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 49-54, ACM, 2009.

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009.

Transparent Mobile Storage Protection in Trusted Virtual Domains

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy - 23rd Large Installation System Administration Conference (LISA '09), p. 159--172, USENIX Association, 2009.

A Pattern for Secure Graphical User Interface Systems.

Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy - 3rd International Workshop on Secure systems methodologies using patterns (SPattern 2009), in DEXA '09: Proceedings of the 20th International Workshop on Database and Expert Systems Application, p.186-190, IEEE Computer Society, 2009.

Einsatz von Sicherheitskernen und Trusted Computing.

Ahmad-Reza Sadeghi, Marcel Winandy, - D-A-CH Security 2009, Bochum, Germany.

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy - TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009.

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy - Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009.

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger - STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008.

Property-Based TPM Virtualization

Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008.

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy - INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Trusted User-Aware Web Authentication

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007.

Compartmented Security for Browsers

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007.

Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

TCG Inside? - A Note on TPM Specification Compliance

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Christian Wachsmann, Marcel Selhorst - In Proceedings of the first ACM Workshop on Scalable Trusted Computing (ACMSTC), Alexandria, Virginia, USA, November 3, 2006, pages 47-56. ACM Press, 2006.

Security Architecture for Device Encryption and VPN

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Ammar Alkassar, Michael Scheibel - Accepted for ISSE (Information Security Solution Europe) 2006

Design and Implementation of a Secure Linux Device Encryption Architecture

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel - LinuxTag 2006.

Multilateral Security Considerations for Adaptive Mobile Applications

Adrian Spalka, Armin B. Cremers, Marcel Winandy - Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), pp. 133-137, INSTICC, 2005.

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Marcel Selhorst, Oska Senft - DuD Heft 9-05, Trusted Computing News.

Chair for System Security