Dr.-Ing. Marcel Winandy

  • Former Assistant - Chair Systems Security
Winandy, Marcel
Website:
http://www.marcel-winandy.de/

Vita

  • 1997-2004: Studies at University of Bonn, Germany. Diploma (~ Master) in Computer Science.
  • 2004-2005: Research Associate at Institute of Computer Science III, University of Bonn, Germany. Research on the security of adaptive mobile applications.
  • 2005-2013: Research Associate at Horst Görtz Institute for IT-Security (System Security Lab, Prof. Sadeghi), Ruhr-University Bochum. Research and development of hard-disk encryption (Turaya.Crypt), secure graphical user interface system (Secure GUI), secure password protection against phishing (TruWallet), flexible virtualization of hardware security modules (Property-based vTPM), and security platforms for enterprise rights management and trusted virtual domains (Turaya).
  • Jan 2012: PhD in IT-Security from Ruhr-University Bochum.
  • Feb 2012 - Oct 2013: Senior System Architect with Sirrix AG security technologies, Bochum.
  • 2010 - 2013 Project Manager of RUBTrust/MediTrust and eBPG, two national R&D projects at RUB aiming at building trustworthy and secure architectures for e-health systems.
  • 01/2014 - 08/2014: Postdoc Researcher at Chair for System Security (Prof. Th. Holz) at Ruhr-University Bochum.
  • Since 09/2014: Security Technologist with Huawei Technologies, European Research Center.

Research

Research interests:
  • Security and privacy
  • Operating systems security
  • Secure software systems
  • Secure user interfaces
  • Trusted Computing
  • Software engineering
Scientific services:

Projects

Publications

2016
Technical Report: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Giorgio Giacinto, Thorsten Holz - TR-HGI-2016-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), August 2016

Poster: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Giorgio Giacinto, Thorsten Holz - Pro­cee­dings of the ACM Con­fe­rence on Data and Ap­p­li­ca­ti­on Se­cu­ri­ty and Pri­va­cy (ACM CO­DAS­PY) 2016

2014
A Trusted Versioning File System for Passive Mobile Storage Devices

Luigi Catuogno, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi - Journal of Network and Computer Applications, Vol. 38, February 2014, pp. 65-75. http://dx.doi.org/10.1016/j.jnca.2013.05.006

2013
Mit Sicherheit Mobil: Die Nutzung mobiler Geräte stellt Herausforderungen an Datenschutz und -sicherheit im Klinikalltag

Agnes Gawlik, Marcel Winandy - E-HEALTH-COM, 06/2013, S. 38-39.

On the Usa­bi­li­ty of Se­cu­re GUIs

Atanas Filyanov, Aysegül Nas, Me­la­nie Volka­mer, Marcel Winandy - Technical Report TR-HGI-2013-002

POSTER: On the Usability of Secure GUIs

Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy - 9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013.

Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository

Lennart Köster, Fatih Korkmaz, Marcel Winandy - Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.

2012
Applying a Security Kernel Framework to Smart Meter Gateways

Michael Gröne, Marcel Winandy - ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, pp. 252-259, Springer Vieweg, 2012.

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy - Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN: http://ssrn.com/abstract=2457987

Informationssicherheit in der Arztpraxis: Aktuelle Herausforderungen und Lösungsansätze

Marcel Winandy - Datenschutz und Datensicherheit (DuD) 06/2012, S. 419 - 424

Flexible Patient-Controlled Security for Electronic Health Records

Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - ACM SIGHIT International Symposium on Health Informatics (IHI), Miami, January 2012

Security and Trust Architectures for Protecting Sensitive Data on Commodity Computing Platforms

Marcel Winandy - PhD Thesis, Ruhr-University Bochum, Shaker-Verlag, 2012.

2011
Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones

Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy - STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy - IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011.

Securing the Access to Electronic Health Records on Mobile Phones

Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Biomedical Engineering Systems and Technologies 2011 - Revised Selected Papers, Springer-Verlag, 2011.

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol 4., pp. 385-389, ISfTeH, Luxembourg, 2011.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.

A Security Architecture for Accessing Health Records on Mobile Phones.

Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011.

2010
A Note on the Security in the Card Management System of the German E-Health Card

Marcel Winandy - Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012.

TruWalletM: Secure Web Authentication on Mobile Platforms

Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy - Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011.

Securing the E-Health Cloud

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), ACM, 2010.

Privilege Escalation Attacks on Android.

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011.

Return-Oriented Programming without Returns

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy - 17th ACM Conference on Computer and Communications Security (CCS 2010)

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments

Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy - Proceedings of 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM 2010.

Return-Oriented Programming without Returns on ARM

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy - Tech­ni­cal Re­port HGI-TR-2010-002

Token-Based Cloud Computing -- Secure Outsourcing of Data and Arbitrary Computations with Lower Latency

Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy - 3rd International Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on Trust in the Cloud, June 22, Berlin, Germany.

Trusted Virtual Domains: Color Your Network

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Datenschutz und Datensicherheit (DuD) 5/2010, p. 289-298.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - Technical Report HGI-TR-2010-001

Pat­terns for Se­cu­re Boot and Se­cu­re Sto­r­a­ge in Com­pu­ter Sys­tems

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - 4th In­ter­na­tio­nal Work­shop on Se­cu­re sys­tems me­tho­do­lo­gies using pat­terns (SPat­tern 2010), In Proceedings of ARES 2010: International Conference on Availability, Reliability and Security, pp.569-573, IEEE Computer Society, 2010

2009
Trusted virtual domains - design, implementation and lessons learned.

Ahmad-Reza Sadeghi, Gianluca Ramunno, Dirk Kuhlmann, Konrad Eriksson, Luigi Catuogno, Alexandra Dmitrienko, Jing Zhan, Steffen Schulz, Marcel Winandy, Matthias Schunter - International Conference on Trusted Systems (INTRUST) 2009.

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks.

Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 49-54, ACM, 2009.

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy - STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009.

Software distribution as a malware infection vector

Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy - International Conference for Internet Technology and Secured Transactions (ICITST 2009)

Transparent Mobile Storage Protection in Trusted Virtual Domains

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy - 23rd Large Installation System Administration Conference (LISA '09), p. 159--172, USENIX Association, 2009.

A Pattern for Secure Graphical User Interface Systems.

Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy - 3rd International Workshop on Secure systems methodologies using patterns (SPattern 2009), in DEXA '09: Proceedings of the 20th International Workshop on Database and Expert Systems Application, p.186-190, IEEE Computer Society, 2009.

Einsatz von Sicherheitskernen und Trusted Computing.

Ahmad-Reza Sadeghi, Marcel Winandy, - D-A-CH Security 2009, Bochum, Germany.

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels.

Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy - TRUST 2009: Proceedings of the 2nd International Conference on Trusted Computing, LNCS 5471, p. 45-62 Springer, 2009.

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.

Hans Löhr, Ahmad-Reza Sadeghi, Claire Vishik, Marcel Winandy - Proceedings of 5th Information Security Practice and Experience Conference (ISPEC'09), LNCS 5451, p. 396-407, Springer, 2009.

2008
Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger - STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008.

Property-Based TPM Virtualization

Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Information Security, 11th International Conference, ISC 2008, LNCS 5222, p. 1-16, Springer, 2008.

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis

Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy - INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Property-Based TPM Virtualization

Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008.

2007
Trusted User-Aware Web Authentication

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007.

Compartmented Security for Browsers

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007.

2006
Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

TCG Inside? - A Note on TPM Specification Compliance

Ahmad-Reza Sadeghi, Christian Wachsmann, Marcel Selhorst, Christian Stüble, Marcel Winandy - In Proceedings of the first ACM Workshop on Scalable Trusted Computing (ACMSTC), Alexandria, Virginia, USA, November 3, 2006, pages 47-56. ACM Press, 2006.

Security Architecture for Device Encryption and VPN

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Ammar Alkassar, Michael Scheibel - Accepted for ISSE (Information Security Solution Europe) 2006

Design and Implementation of a Secure Linux Device Encryption Architecture

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel - LinuxTag 2006.

2005
Multilateral Security Considerations for Adaptive Mobile Applications

Adrian Spalka, Armin B. Cremers, Marcel Winandy - Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), pp. 133-137, INSTICC, 2005.

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Marcel Selhorst, Oska Senft - DuD Heft 9-05, Trusted Computing News.