Publications

2016

Follow #ehealth2011: Measuring the Role and Effectiveness of Online and Social Media in Increasing the Outreach of a Scientific Conference
Marcel Winandy, Patty Kostkova, Ed de Quincey, Connie St Louis, Martin Szomszor
Journal of Medical Internet Research 2016; 18(7):e191, DOI: 10.2196/jmir.4480

Technical Report: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation
Johannes Hoffmann, Teemu Rytilahti, Davide Maiorca, Marcel Winandy, Giorgio Giacinto, Thorsten Holz
Technical Report TR-HGI-2016-003, Ruhr-University Bochum, August 2016.

POSTER: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation
Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Thorsten Holz, Davide Maiorca and Giorgio Giacinto
6th ACM Conference on Data and Application Security Privacy (CODASPY 2016), New Orleans, USA, March 9-11, 2016.

2014

A Trusted Versioning File System for Passive Mobile Storage Devices
Luigi Catuogno, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi
Journal of Network and Computer Applications, Vol. 38, February 2014, pp. 65-75, http://dx.doi.org/10.1016/j.jnca.2013.05.006

2013

Technical Report: On the Usability of Secure GUIs
Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy
Technical Report HGI-TR-2013-002, Ruhr-University Bochum, 2013.

Mit Sicherheit Mobil: Die Nutzung mobiler Geräte stellt Herausforderungen an Datenschutz und -sicherheit im Klinikalltag
Agnes Gawlik, Marcel Winandy
E-HEALTH-COM, Nr. 6, 2013, S. 38-39.

POSTER: On the Usability of Secure GUIs
Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy
9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013.

Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository
Lennart Köster, Fatih Korkmaz, Marcel Winandy
Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.

2012

Applying a Security Kernel Framework to Smart Meter Gateways
Michael Gröne, Marcel Winandy
ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, pp. 252-259, Springer Vieweg, 2012.

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems
Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy
Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN: http://ssrn.com/abstract=2457987

Informationssicherheit in der Arztpraxis: Aktuelle Herausforderungen und Lösungsansätze
Marcel Winandy
Datenschutz und Datensicherheit (DuD) 06/2012, pp. 419-424, Springer Gabler, 2012.

Flexible Patient-Controlled Security for Electronic Health Records
Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
IHI 2012: Proceedings of the 2nd ACM SIGHIT International Symposium on Health Informatics, ACM, 2012.

Security and Trust Architectures for Protecting Sensitive Data on Commodity Computing Platforms
Marcel Winandy
PhD Thesis, Ruhr-University Bochum, Shaker-Verlag, 2012.

2011

Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones
Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy
STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.

Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy
IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011.

Securing the Access to Electronic Health Records on Mobile Phones
Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
Biomedical Engineering Systems and Technologies 2011 - Revised Selected Papers, Springer, 2011

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients
Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol. 4, pp. 385-389, ISfTeH, Luxembourg, 2011.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.

A Security Architecture for Accessing Health Records on Mobile Phones
Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011.

2010

A Note on the Security in the Card Management System of the German E-Health Card
Marcel Winandy
Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012.

TruWalletM: Secure Web Authentication on Mobile Platforms
Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy
Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011.

Securing the E-Health Cloud
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), pp. 220-229, ACM, 2010.

Privilege Escalation Attacks on Android
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy
Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011.

Return-Oriented Programming without Returns
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy
Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), ACM, 2010.

Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy
Proceedings of the 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM, 2010.

Return-Oriented Programming without Returns on ARM
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy
Technical Report HGI-TR-2010-002, Ruhr-University Bochum, 2010.

Token-Based Cloud Computing - Secure Outsourcing of Data and Arbitrary Computations with Lower Latency
Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy
3rd International Conference on Trust and Trustworthy Computing (TRUST 2010) - Workshop on Trust in the Cloud, Springer, 2010.

Trusted Virtual Domains: Color Your Network
Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Datenschutz und Datensicherheit (DuD) 5/2010, pp. 289-298.

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
Technical Report HGI-TR-2010-001, Ruhr-University Bochum, 2010.
Available online: http://www.trust.rub.de/research/publications/DaSaWa10/

Patterns for Secure Boot and Secure Storage in Computer Systems
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
4th International Workshop on Secure Systems Methodologies Using Patterns (SPattern 2010), Proceedings of ARES 2010: International Conference on Availability, Reliability, and Security., pp. 569-573, IEEE Computer Society, 2010.

2009

Trusted Virtual Domains - Design, Implementation and Lessons Learned
Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter, Marcel Winandy, Jing Zhan
INTRUST2009 - The International Conference on Trusted Systems, Springer, 2010.

Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing (STC 2009), ACM, 2009.

TruWallet: Trustworthy and Migratable Wallet-based Web Authentication
Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing (STC 2009), ACM, 2009.

Software distribution as a malware infection vector
Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy
International Conference for Internet Technology and Secured Transactions (ICITST 2009), IEEE, 2009.

Transparent Mobile Storage Protection in Trusted Virtual Domains
Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of the 23rd Large Installation System Administration Conference (LISA '09), USENIX, 2009.

A Pattern for Secure Graphical User Interface Systems
Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy
20th International Workshop on Database and Expert Systems Application, (SPattern 2009: 3rd International Workshop on Secure Systems Methodologies Using Patterns), IEEE Computer Society, 2009.

Einsatz von Sicherheitskernen und Trusted Computing
Ahmad-Reza Sadeghi, Marcel Winandy
D-A-CH Security 2009, syssec Verlag, 2009.

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy
Trusted Computing, Second International Conference, Trust 2009,, Lecture Notes in Computer Science, Vol. 5471, Springer, 2009.

Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy, Claire Vishik
Information Security Practice and Experience, 5th International Conference, ISPEC 2009, Lecture Notes in Computer Science, Vol. 5451, Springer, 2009.

2008

Trusted Computing: Prüfender Chip
Marcel Winandy
Kommune21, Titelthema Datenschutz im E-Government, 12/2008, S. 26-27, K21 media AG, 2008.

Flexible and Secure Enterprise Rights Management based on Trusted Virtual Domains
Yacine Gasmi, Rani Husseiki, Ahmad-Reza Sadeghi, Patrick Stewin, Christian Stüble, Martin Unger, Marcel Winandy
Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), ACM, 2008.

Property-Based TPM Virtualization
Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Information Security: 11th International Conference (ISC 2008), Lecture Notes in Computer Science, Vol. 5222, Springer, 2008.

Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis
Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy
INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.

Property-Based TPM Virtualization
Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Technical Report HGI-TR-2008-001, Ruhr-University Bochum, 2008.

2007

Trusted User-Aware Web Authentication
Sebastian Gajek, Ahmad-Reza Sadeghi, Jörg Schwenk, Marcel Winandy
3rd Workshop on Trustworthy Interfaces for Passwords and Personal Information (TIPPI), Stanford University, 2007.

Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Proceedings of the Second International Conference on Availability, Reliability and Security (ARES 2007), IEEE Computer Society, 2007.

Compartmented Security for Browsers
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Technical Report HGI-TR-2007-001, Ruhr-University Bochum, 2007.

2006

Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
1st Benelux Workshop on Information and System Security (WISSec 2006), Antwerpen (Belgium), 2006.

TCG Inside? - A Note on TPM Specification Compliance
Ahmad-Reza Sadeghi, Marcel Selhorst, Christian Stüble, Christian Wachsmann, Marcel Winandy
Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC'06), ACM Press, 2006.

Security Architecture for Device Encryption and VPN
Ammar Alkassar, Michael Scheibel, Christian Stüble, Ahmad-Reza Sadeghi, Marcel Winandy
Proceedings of Information Security Solutions Europe (ISSE 2006).

Design and Implementation of a Secure Linux Device Encryption Architecture
Ahmad-Reza Sadeghi, Michael Scheibel, Christian Stüble, Marcel Winandy
LinuxTag 2006, Wiesbaden (Germany), 2006.

2005

New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy
Ahmad-Reza Sadeghi, Marcel Selhorst, Oskar Senft, Christian Stüble and Marcel Winandy
Datenschutz und Datensicherheit (DuD), 9/2005.

Multilateral Security Considerations for Adaptive Mobile Applications
Adrian Spalka, Marcel Winandy, Armin B. Cremers
Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), INSTICC, 2005.

Towards Context-Sensitive Intelligence
Holger Mügge, Tobias Rho, Marcel Winandy, Markus Won, Armin B. Cremers, Pascal Costanza, Roman Englert
Proceedings of the 2nd European Workshop on Software Architectures (EWSA 2005), Lecture Notes in Computer Science Vol. 3527, Springer, 2005.

2003

A Protection Environment for Administrators of Windows 2000/XP Against Malicious Program Attacks
Adrian Spalka, Marcel Winandy
Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC 2003), IEEE Computer Society, 2003.

2002

Protecting Java Component Integrity Against Trojan Horse Programs
Marcel Winandy, Armin B. Cremers, Adrian Spalka, Hanno Langweg
Integrity and Internal Control in Information Systems V: Proceedings of IFIP TC11/WG11.5 Fifth Working Conference on Integrity and Internal Control in Information Systems (IICIS 2002), Kluwer, 2003.

Robuste Integration kryptographischer Anwendungen in Java und Windows 2000
Marcel Winandy
Diplomarbeit, Universität Bonn, 2002.