Publications
2022
Marcel Winandy:
Edge Computing: Chancen und Sicherheitsrisiken
M. Lang, H. Löhr (Ed.), IT-Sicherheit: Technologien und Best Practices für die Umsetzung im Unternehmen, Carl Hanser, 2022.
2019
Angelo Liguori, Peter Schoo, Marcel Winandy:
Mind the Shift: Secure Migration of Containerized Processes in Edge Computing
5th IEEE International Conference on Edge Computing and Scalable Cloud (IEEE EdgeCom 2019), Paris, France, June 2019.
2018
Angelo Liguori, Marcel Winandy:
The
Diamond Approach for SDN Security
IEEE Softwarization, March 2018. https://sdn.ieee.org/newsletter/march-2018/the-diamond-approach-for-sdn-security
2016
Ana Danping, Makan Pourzandi, Sandra-Scott Hayward, Haibin Song, Marcel Winandy, Dacheng Zhang:
Threat Analysis for the SDN Architecture
Open Network Foundation (ONF), TR-530, July 2016.
Marcel Winandy, Patty Kostkova, Ed de Quincey, Connie St Louis, Martin Szomszor:
Journal of Medical Internet Research 2016; 18(7):e191, DOI: 10.2196/jmir.4480
Johannes Hoffmann, Teemu Rytilahti, Davide Maiorca, Marcel Winandy, Giorgio Giacinto, Thorsten Holz:
Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation
Technical Report TR-HGI-2016-003, Ruhr-University Bochum, August 2016.
Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Thorsten Holz, Davide Maiorca and Giorgio Giacinto:
POSTER: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation
6th ACM Conference on Data and Application Security Privacy (CODASPY 2016), New Orleans, USA, March 9-11, 2016.
2014
Luigi Catuogno, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi:
A Trusted Versioning File System for Passive Mobile Storage Devices
Journal of Network and Computer Applications, Vol. 38, February 2014, pp. 65-75, http://dx.doi.org/10.1016/j.jnca.2013.05.006
2013
Thomas Hupperich, Lennart Köster, Christoph Kowalski, Hiva Mahmoodi, Ahmad-Reza Sadeghi, Marcel Winandy:
Whitepaper - Sicherheitsaspekte der einrichtungsübergreifenden Elektronischen Patientenakte
Technical Report, Ruhr-University Bochum, December 2013.
Agnes Gawlik, Marcel Winandy:
E-HEALTH-COM, Nr. 6, 2013, S. 38-39.
Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy:
On the Usability of Secure GUIs
Technical Report HGI-TR-2013-002, Ruhr-University Bochum, 2013.
Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy:
POSTER: On the Usability of Secure GUIs
9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013.
Lennart Köster, Fatih Korkmaz, Marcel Winandy:
Standardorientierte Speicherung von verschlüsselten Dokumenten in einem XDS-Repository
Proceedings of the eHealth2013, May 23-24, Vienna, Austria, OCG, 2013.
2012
Michael Gröne, Marcel Winandy:
Applying a Security Kernel Framework to Smart Meter Gateways
ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, pp. 252-259, Springer Vieweg, 2012.
Agnes Gawlik, Lennart Köster, Hiva Mahmoodi, Marcel Winandy
Requirements for Integrating End-to-End Security into Large-Scale EHR Systems
Amsterdam Privacy Conference (APC 2012), Workshop on Engineering EHR Solutions (WEES), 2012, Available at SSRN: http://ssrn.com/abstract=2457987
Marcel Winandy:
Informationssicherheit in der Arztpraxis: Aktuelle Herausforderungen und Lösungsansätze
Datenschutz und Datensicherheit (DuD) 06/2012, pp. 419-424, Springer Gabler, 2012.
Thomas Hupperich, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
Flexible Patient-Controlled Security for Electronic Health Records
IHI 2012: Proceedings of the 2nd ACM SIGHIT International Symposium on Health Informatics, ACM, 2012.
Marcel Winandy:
Security and Trust Architectures for Protecting Sensitive Data on Commodity Computing Platforms
PhD Thesis, Ruhr-University Bochum, Shaker-Verlag, 2012.
2011
Lucas Davi, Alexandra Dmitrienko, Christoph Kowalski, Marcel Winandy:
Trusted Virtual Domains on OKL4: Secure Information Sharing on Smartphones
STC '11: Proceedings of the 6th ACM Workshop on Scalable Trusted Computing, pp. 49-58, ACM, 2011.
Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, Marcel Winandy:
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN 2011), pp. 1-12. IEEE Computer Society, 2011.
Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
Securing the Access to Electronic Health Records on Mobile Phones
Biomedical Engineering Systems and Technologies 2011 - Revised Selected Papers, Springer, 2011
Ammar Alkassar, Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients
Med-e-Tel - Global Telemedicine and eHealth Updates: Knowledge Resources, Vol. 4, pp. 385-389, ISfTeH, Luxembourg, 2011.
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy:
ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), ACM, 2011.
Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
A Security Architecture for Accessing Health Records on Mobile Phones
Proceedings of the 4th International Conference on Health Informatics (HEALTHINF 2011), pp. 87-96, SciTePress, 2011.
2010
Marcel Winandy:
A Note on the Security in the Card Management System of the German E-Health Card
Electronic Healthcare, Third International Conference, eHealth 2010, LNICST 69, pp. 196-203, Springer, 2012.
Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy:
TruWalletM: Secure Web Authentication on Mobile Platforms
Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011.
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
Proceedings of the 1st ACM International Health Informatics Symposium (IHI 2010), pp. 220-229, ACM, 2010.
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy:
Privilege Escalation Attacks on Android
Information Security, 13th International Conference, ISC 2010, LNCS 6531/2011, pp. 346-360, Springer 2011.
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy:
Return-Oriented Programming without Returns
Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), ACM, 2010.
Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel Winandy:
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Proceedings of the 5th Annual Workshop on Scalable Trusted Computing (STC 2010), ACM, 2010.
Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy:
Return-Oriented Programming without Returns on ARM
Technical Report HGI-TR-2010-002, Ruhr-University Bochum, 2010.
Ahmad-Reza Sadeghi, Thomas Schneider, Marcel Winandy:
Token-Based Cloud Computing - Secure Outsourcing of Data and Arbitrary Computations with Lower Latency
3rd International Conference on Trust and Trustworthy Computing (TRUST 2010) - Workshop on Trust in the Cloud, Springer, 2010.
Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
Trusted Virtual Domains: Color Your Network
Datenschutz und Datensicherheit (DuD) 5/2010, pp. 289-298.
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy:
ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
Technical Report HGI-TR-2010-001, Ruhr-University Bochum, 2010.
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
Patterns for Secure Boot and Secure Storage in Computer Systems
4th International Workshop on Secure Systems Methodologies Using Patterns (SPattern 2010), Proceedings of ARES 2010: International Conference on Availability, Reliability, and Security, pp. 569-573, IEEE Computer Society, 2010.
2009
Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter, Marcel Winandy, Jing Zhan:
Trusted Virtual Domains - Design, Implementation and Lessons Learned
INTRUST2009 - The International Conference on Trusted Systems, Springer, 2010.
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy:
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks
Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing (STC 2009), ACM, 2009.
Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
TruWallet: Trustworthy and Migratable Wallet-based Web Authentication
Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing (STC 2009), ACM, 2009.
Felix Gröbert, Ahmad-Reza Sadeghi, Marcel Winandy:
Software distribution as a malware infection vector
International Conference for Internet Technology and Secured Transactions (ICITST 2009), IEEE, 2009.
Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Marcel Winandy:
Transparent Mobile Storage Protection in Trusted Virtual Domains
Proceedings of the 23rd Large Installation System Administration Conference (LISA '09), USENIX, 2009.
Thomas Fischer, Ahmad-Reza Sadeghi, Marcel Winandy:
A Pattern for Secure Graphical User Interface Systems
20th International Workshop on Database and Expert Systems Application, (SPattern 2009: 3rd International Workshop on Secure Systems Methodologies Using Patterns), IEEE Computer Society, 2009.
Ahmad-Reza Sadeghi, Marcel Winandy:
Einsatz von Sicherheitskernen und Trusted Computing
D-A-CH Security 2009, syssec Verlag, 2009.
Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy:
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trusted Computing, Second International Conference, Trust 2009, LNCS, Vol. 5471, Springer, 2009.
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy, Claire Vishik:
Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing
Information Security Practice and Experience, 5th International Conference, ISPEC 2009, LNCS, Vol. 5451, Springer, 2009.
2008
Marcel Winandy:
Trusted Computing: Prüfender Chip
Kommune21, Titelthema Datenschutz im E-Government, 12/2008, S. 26-27, K21 media AG, 2008.
Yacine Gasmi, Rani Husseiki, Ahmad-Reza Sadeghi, Patrick Stewin, Christian Stüble, Martin Unger, Marcel Winandy:
Flexible and Secure Enterprise Rights Management based on Trusted Virtual Domains
Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), ACM, 2008.
Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
Property-Based TPM Virtualization
Information Security: 11th International Conference (ISC 2008), LNCS, Vol. 5222, Springer, 2008.
Yacine Gasmi, Christian Hessmann, Martin Pittenauer, Marcel Winandy:
Sicherheitsprobleme elektronischer Wahlauszählungssysteme in der Praxis
INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beiträge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), LNI 133, GI, 2008.
Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
Property-Based TPM Virtualization
Technical Report HGI-TR-2008-001, Ruhr-University Bochum, 2008.
2007
Sebastian Gajek, Ahmad-Reza Sadeghi, Jörg Schwenk, Marcel Winandy:
Trusted User-Aware Web Authentication
3rd Workshop on Trustworthy Interfaces for Passwords and Personal Information (TIPPI), Stanford University, 2007.
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
Proceedings of the Second International Conference on Availability, Reliability and Security (ARES 2007), IEEE Computer Society, 2007.
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Compartmented Security for Browsers
Technical Report HGI-TR-2007-001, Ruhr-University Bochum, 2007.
2006
Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy:
Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks
1st Benelux Workshop on Information and System Security (WISSec 2006), Antwerpen (Belgium), 2006.
Ahmad-Reza Sadeghi, Marcel Selhorst, Christian Stüble, Christian Wachsmann, Marcel Winandy:
TCG Inside? - A Note on TPM Specification Compliance
Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC'06), ACM, 2006.
Ammar Alkassar, Michael Scheibel, Christian Stüble, Ahmad-Reza Sadeghi, Marcel Winandy:
Security Architecture for Device Encryption and VPN
Proceedings of Information Security Solutions Europe (ISSE 2006).
Ahmad-Reza Sadeghi, Michael Scheibel, Christian Stüble, Marcel Winandy:
Design and Implementation of a Secure Linux Device Encryption Architecture
LinuxTag 2006, Wiesbaden (Germany), 2006.
2005
Ahmad-Reza Sadeghi, Marcel Selhorst, Oskar Senft, Christian Stüble and Marcel Winandy:
New Aspects on Trusted Computing - New and Advanced Possibilities to Improve Security and Privacy
Datenschutz und Datensicherheit (DuD), 9/2005.
Adrian Spalka, Marcel Winandy, Armin B. Cremers:
Multilateral Security Considerations for Adaptive Mobile Applications
Proceedings of the 2nd International Conference on E-Business and Telecommunication Networks (ICETE 2005), INSTICC, 2005.
Holger Mügge, Tobias Rho, Marcel Winandy, Markus Won, Armin B. Cremers, Pascal Costanza, Roman Englert:
Towards Context-Sensitive Intelligence
Proceedings of the 2nd European Workshop on Software Architectures (EWSA 2005), LNCS, Vol. 3527, Springer, 2005.
2003
Adrian Spalka, Marcel Winandy:
A Protection Environment for Administrators of Windows 2000/XP Against Malicious Program Attacks
Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC 2003), IEEE Computer Society, 2003.
2002
Marcel Winandy, Armin B. Cremers, Adrian Spalka, Hanno Langweg:
Protecting Java Component Integrity Against Trojan Horse Programs
Proceedings of IFIP TC11/WG11.5 Fifth Working Conference on Integrity and Internal Control in Information Systems (IICIS 2002), Kluwer, 2003.
Marcel Winandy:
Robuste Integration kryptographischer Anwendungen in Java und Windows 2000
Diplomarbeit, Universität Bonn, 2002.