Daniel Lehmann

E-mail:
[firstname].[lastname] at iste.uni-stuttgart.de
Phone:
+49 711 685-88375 (but e-mail preferred)
Address:
Institut für Softwaretechnologie
Raum 1.218
Universitätsstr. 38
70569 Stuttgart

I am a PhD student at University of Stuttgart, advised by Prof. Dr. Michael Pradel. I am interested in programming languages, security, program analysis, and automated testing. Currently, I work on WebAssembly binary security; for example, how memory vulnerabilities in source languages such as C make compiled WebAssembly binaries exploitable (USENIX Security 2020). I am also the main author of Wasabi, a dynamic analysis framework for WebAssembly (ASPLOS 2019, best paper award), for which I developed a WebAssembly binary parser and instrumentation library. Previously, I looked into automated testing of interactive debuggers, with which we found more than 25 bugs in the JavaScript debuggers built into Firefox and Chrome (ISSTA 2019, ESEC/FSE 2018). During an internship at Microsoft Research, I worked with Patrice Godefroid and Marina Polishchuk (ISSTA 2020) on RESTler, a fuzzer for REST APIs, which has recently been open-sourced. Earlier, I worked on the compiler for a graph-processing language with the Spoofax language workbench (internship at Oracle Labs), and as a bachelor student on attacks against coarse-grained control-flow integrity (USENIX Security 2014, BlackHat USA 2014).

Studies and Internships

PhD student at University of Stuttgart
Since September 2019
Advisor: Prof. Dr. Michael Pradel
Internship at Microsoft Research
Redmond, WA, USA
March 2019 – June 2019
Working on RESTler, a fuzzer for automatic finding of regressions in REST APIs.
Mentors: Patrice Godefroid and Marina Polishchuk
PhD student at Technische Universität Darmstadt
December 2017 – August 2018
Advisor: Prof. Dr. Michael Pradel
Internship at Oracle Labs
Redwood Shores, CA, USA
May 2016 – September 2016
Working on Green-Marl, a domain-specific language for graph algorithms.
Master studies in IT Security and in Computer Science
TU Darmstadt, Germany
April 2014 – July 2017
Visiting student at Indian Institute of Technology Delhi
New Delhi, India
July 2012 – December 2012
Bachelor studies in Computer Science
TU Darmstadt, Germany
October 2010 – March 2014

Peer-Reviewed Publications

Everything Old is New Again: Binary Security of WebAssembly. 2020.
Daniel Lehmann, Johannes Kinder, Michael Pradel.
In USENIX Security Symposium 2020.
[paper] [video] [code and data]

Differential Regression Testing for REST APIs. 2020.
Patrice Godefroid, Daniel Lehmann, Marina Polishchuk.
In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '20).
[paper] [DOI] [blog post] [tool source code]

Interactive Metamorphic Testing of Debuggers. 2019.
Sandro Tolksdorf, Daniel Lehmann, Michael Pradel.
In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '19).
[paper] [DOI]

Wasabi: A Framework for Dynamically Analyzing WebAssembly. 2019.
Daniel Lehmann and Michael Pradel.
In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19).
Won a best paper award.
[paper] [DOI] [slides] [code] [project website] [short news in Linux Magazin]

Feedback-Directed Differential Testing of Interactive Debuggers. 2018.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE '18).
[paper] [DOI] [code]

Automatic Testing of Interactive JavaScript Debuggers. 2017.
Daniel Lehmann.
In Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH Companion 2017).
Student Research Competition abstract, poster, and presentation. 2nd place in the graduate category.
[poster] [DOI]

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. 2014.
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose.
In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14).
[paper] [Microsoft EMET 5.1 release notes]

Talks, Tutorials, etc.

(Upcoming) Everything Old is New Again: Binary Security of WebAssembly. November 25, 2020.
At the OWASP Los Angeles virtual meetup.
[abstract]

Everything Old is New Again: Binary Security of WebAssembly. October 30, 2020.
At UC Santa Cruz in the Languages, Systems, and Data (LSD) seminar.
[abstract]

Dynamically Analyzing WebAssembly with Wasabi. June 23, 2019.
Half-day tutorial at PLDI 2019, together with Michael Pradel.
[overview and materials]

Differential Testing of Interactive Debuggers. June 18, 2018.
At University of Pennsylvania in the Distributed Systems Laboratory seminar.

Differential Testing of Interactive Debuggers. December 12, 2017.
At Dagstuhl Seminar 17502: Testing and Verification of Compilers.
[Dagstuhl report DOI]

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques. August 6, 2014.
At Black Hat Briefings USA 2014.
Talk and live demo of an exploit against Microsoft Enhanced Mitigation Experience Toolkit (EMET), together with Ahmad-Reza Sadeghi.
[abstract] [video]

Social

GitHub  Google Scholar  LinkedIn