Dipl.-Inform. Marcel Winandy

Research Assistant - Research Group System Security

Address

Ruhr-University Bochum
Universitätsstraße 150
D - 44801 Bochum
Germany

Location:
Dept. of Electr. Eng. and Information Sciences
Universitätsstr. 150
ID 2/141

phone:: (+49) (0)234 32 - 28667
Fax:: (+49) (0)234 / 32 - 14956
email:: marcel.winandy@trust.rub.de PGP key
Website:: http://www.marcel-winandy.de/

Vita

1997-2004: Studies at University of Bonn, Germany. Diploma (~ Master) in Computer Science.
2004-2005: Research Assistant at Institute of Computer Science III, University of Bonn, Germany. Research on the security of adaptive mobile applications.
Since 05/2005: Research Assistant at Horst Görtz Institute for IT-Security (System Security Group), Ruhr-University Bochum. Research and development of hard-disk encryption (Turaya.Crypt), secure graphical user interface system (Secure GUI), secure password protection against phishing (TruWallet), flexible virtualization of hardware security modules (Property-based vTPM), and security platforms for enterprise rights management and trusted virtual domains (Turaya). My research focus is on using trusted computing technology and modern operating system security.

I am member of ACM (SIGSAC and SIGHIT) and IEEE (Computer Society).

Research

Research interests:

Security and privacy
Operating systems security
Secure software systems
Secure user interfaces
Trusted Computing
Software engineering

Scientific services:

PC Member of eGSSN 2012
Web Co-Chair of ACM IHI 2012
Social Media Chair von eHealth 2011
PC Member and Publicity/Web Chair of ACM STC 2011
PC Member of TRUST 2011
PC Member and Web/Proceedings Chair of ACM STC 2010
Organizing Committee Member of TRUST 2010
External reviewer for INTRUST 2010, ICISC 2010, FC 2010, DATE 2010, ICCAIE 2010, INTRUST 2009, TRUST 2009, EuroPKI 2009, STC 2009, VTC 2009, STC 2008, ISPEC 2008, InSPEC 2008, STC 2007, IIH-MSP 2006.

projects

eBPG (Project Manager)
RUBTrust/MediTrust (Project Manager)
TVD-Solaris (Project Co-Leader)
TruWallet (Project Co-Leader)
MyTrustCom (Project Coordinator)
Secure GUI
OpenTC
EMSCB
TPM Compliance Tests

additional courses

Praktikum Betriebssystemsicherheit und Trusted Computing

Publications

Flexible Patient-Controlled Security for Electronic Health Records

Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Proceedings of the 2nd ACM SIGHIT International Symposium on Health Informatics (IHI 2012), pp. 727-732, ACM, 2012.

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones

Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy - STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy - IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011.

Securing the Access to Electronic Health Records on Mobile Phones

Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Biomedical Engineering Systems and Technologies 2011 - Revised Selected Papers, Springer-Verlag, 2011.

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol 4., pp. 385-389, ISfTeH, Luxembourg, 2011.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.

A Security Architecture for Accessing Health Records on Mobile Phones.

Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011.

A Note on the Security in the Card Management System of the German E-Health Card

Marcel Winandy - Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012.

TruWalletM: Secure Web Authentication on Mobile Platforms

Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy - Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011.

Securing the E-Health Cloud

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), ACM, 2010.

Privilege Escalation Attacks on Android.

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011.

Return-Oriented Programming without Returns

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy - 17th ACM Conference on Computer and Communications Security (CCS 2010)

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments

Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy - Proceedings of 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM 2010.

Return-Oriented Programming without Returns on ARM

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Technical Report HGI-TR-2010-002

Token-Based Cloud Computing -- Secure Outsourcing of Data and Arbitrary Computations with Lower Latency

Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy - 3rd International Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on Trust in the Cloud, June 22, Berlin, Germany.

Trusted Virtual Domains: Color Your Network

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Datenschutz und Datensicherheit (DuD) 5/2010, p. 289-298.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - Technical Report HGI-TR-2010-001

Patterns for Secure Boot and Secure Storage in Computer Systems

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - 4th International Workshop on Secure systems methodologies using patterns (SPattern 2010), In Proceedings of ARES 2010: International Conference on Availability, Reliability and Security, pp.569-573, IEEE Computer Society, 2010

Trusted virtual domains - design, implementation and lessons learned.

Ahmad-Reza Sadeghi, Gianluca Ramunno, Dirk Kuhlmann, Konrad Eriksson, Luigi Catuogno, Alexandra Dmitrienko, Jing Zhan, Steffen Schulz, Marcel Winandy, Matthias Schunter - International Conference on Trusted Systems (INTRUST) 2009.

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks.

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 49-54, ACM, 2009.

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009.

Software distribution as a malware infection vector

Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy - International Conference for Internet Technology and Secured Transactions (ICITST 2009)

Transparent Mobile Storage Protection in Trusted Virtual Domains

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy - 23rd Large Installation System Administration Conference (LISA '09), p. 159--172, USENIX Association, 2009.

A Pattern for Secure Graphical User Interface Systems.

Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy - 3rd International Workshop on Secure systems methodologies using patterns (SPattern 2009), in DEXA '09: Proceedings of the 20th International Workshop on Database and Expert Systems Application, p.186-190, IEEE Computer Society, 2009.

Einsatz von Sicherheitskernen und Trusted Computing.

Ahmad-Reza Sadeghi, Marcel Winandy, - D-A-CH Security 2009, Bochum, Germany.

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy - TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009.

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy - Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009.

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger - STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008.

Property-Based TPM Virtualization

Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008.

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy - INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Property-Based TPM Virtualization

Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008.

Trusted User-Aware Web Authentication

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007.

Compartmented Security for Browsers

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007.

Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

TCG Inside? - A Note on TPM Specification Compliance

Ahmad-Reza Sadeghi, Christian Wachsmann, Marcel Selhorst, Christian Stüble, Marcel Winandy - In Proceedings of the first ACM Workshop on Scalable Trusted Computing (ACMSTC), Alexandria, Virginia, USA, November 3, 2006, pages 47-56. ACM Press, 2006.

Security Architecture for Device Encryption and VPN

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Ammar Alkassar, Michael Scheibel - Accepted for ISSE (Information Security Solution Europe) 2006

Design and Implementation of a Secure Linux Device Encryption Architecture

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel - LinuxTag 2006.

Multilateral Security Considerations for Adaptive Mobile Applications

Adrian Spalka, Armin B. Cremers, Marcel Winandy - Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), pp. 133-137, INSTICC, 2005.

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Marcel Selhorst, Oska Senft - DuD Heft 9-05, Trusted Computing News.

Research Group for System Security