Daniel Lehmann

[firstname].[lastname] at iste.uni-stuttgart.de
+49 711 685-88375
Institut für Softwaretechnologie
Raum 1.218
Universitätsstr. 38
70569 Stuttgart

I am a PhD student at University of Stuttgart, advised by Prof. Dr. Michael Pradel. I am interested in programming languages, program analysis, and security. Currently, I work on Wasabi, a dynamic analysis framework for WebAssembly, and on WebAssembly binary security, i.e., if and how vulnerabilities in source languages such as C make WebAssembly binaries exploitable. Before, I worked on automated testing of debuggers, where we found more than 20 bugs in the debuggers of Firefox and Chrome. During internships at Microsoft Research and Oracle Labs, I also worked on differential testing of REST APIs and on a graph-processing language with the Spoofax language workbench.

Studies and Internships

PhD student at Universität Stuttgart
Since September 2019
Internship at Microsoft Research
Redmond, WA, USA
March 2019 – June 2019
Working on a fuzzer for automatic finding of regressions in REST APIs.
Mentors: Marina Polishchuk and Patrice Godefroid
PhD student at Technische Universität Darmstadt
December 2017 – August 2018
Advisor: Prof. Dr. Michael Pradel
Internship at Oracle Labs
Redwood Shores, CA, USA
May 2016 – September 2016
Working on Green-Marl, a domain-specific language for graph algorithms.
Master studies in IT Security and in Computer Science
TU Darmstadt, Germany
April 2014 – July 2017
Visiting student at Indian Institute of Technology Delhi, India
July 2012 – December 2012
Bachelor studies in Computer Science
TU Darmstadt, Germany
October 2010 – March 2014


Everything Old is New Again: Binary Security of WebAssembly. 2020.
Daniel Lehmann, Johannes Kinder, Michael Pradel.
In USENIX Security Symposium 2020.
[paper] [code and data]

Differential Regression Testing for REST APIs. 2020.
Patrice Godefroid, Daniel Lehmann, Marina Polishchuk.
In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '20).
[paper] [DOI]

Interactive Metamorphic Testing of Debuggers. 2019.
Sandro Tolksdorf, Daniel Lehmann, Michael Pradel.
In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '19).
[paper] [DOI]

Wasabi: A Framework for Dynamically Analyzing WebAssembly. 2019.
Daniel Lehmann and Michael Pradel.
In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19).
Won a best paper award.
[paper] [DOI] [slides] [code] [project website] [short news in Linux Magazin]

Feedback-Directed Differential Testing of Interactive Debuggers. 2018.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE '18).
[paper] [code] [DOI]

Automatic Testing of Interactive JavaScript Debuggers. 2017.
Daniel Lehmann.
In Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH Companion 2017).
Student Research Competition abstract, poster, and presentation. 2nd place in the graduate category.
[poster] [DOI]

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. 2014.
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose.
In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14).

Talks, Tutorials, etc.

Dynamically Analyzing WebAssembly with Wasabi. June 23, 2019.
Daniel Lehmann and Michael Pradel.
Half-day tutorial at PLDI 2019.
[overview and materials]

Differential Testing of Interactive Debuggers. June 18, 2018.
Daniel Lehmann.
At University of Pennsylvania in the Distributed Systems Laboratory seminar.

Differential Testing of Interactive Debuggers. December 12, 2017.
Daniel Lehmann.
At Dagstuhl Seminar 17502: Testing and Verification of Compilers.
[Dagstuhl report DOI]

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques. August 6, 2014.
Ahmad-Reza Sadeghi and Daniel Lehmann.
Talk and live demo of an exploit against Microsoft Enhanced Mitigation Experience Toolkit (EMET).
At Black Hat Briefings USA 2014.
[abstract] [video] [Microsoft EMET 5.1 release notes]


GitHub LinkedIn