About Me↑ up

I am a fourth-year computer science PhD student in the Software Lab group at University of Stuttgart, advised by Prof. Dr. Michael Pradel. I am broadly interested in programming languages, software engineering, security, and systems. More concretely, I work on static and dynamic program analysis (Wasabi and other research projects); compilers and virtual machines (during internships at Oracle Labs and Google); fuzzing (internship at Microsoft Research); exploiting and preventing memory vulnerabilities (bachelor thesis, internship at Google); and automated testing (finding bugs in debuggers, master thesis).

Research Interests and Projects↑ up

WebAssembly logo
WebAssembly, the
universal bytecode.

Memory layout schematic, showing static data, stack, and heap.
Buffer overflow in
Wasm linear memory.

During my PhD, I focus on applying the above topics to WebAssembly. I believe WebAssembly is (i) well-suited for research due to its novelty and clean design, while at the same time (ii) tremendously important in practice as a universal bytecode for the web and (increasingly) beyond. One of our research projects is the analysis of WebAssembly's binary security, that is, how memory vulnerabilities in source languages such as C can be exploited when compiled to a WebAssembly binary (USENIX Security 2020). During an internship at Google, I also looked into WebAssembly host security, that is, protecting the system from malicious WebAssembly binaries. In the internship, I implemented W^X in the WebAssembly compiler of V8. I am the main author of Wasabi, a dynamic analysis framework for WebAssembly (ASPLOS 2019, best paper award), for which I developed my own binary parser and static instrumenter. Together with Aaron Hilbig, we also collected a large set of real-world binaries for analysis, as test inputs, and as training data for machine learning-based approaches. More recently, I work on static analysis, fuzzing, and reverse engineering of WebAssembly binaries (ongoing projects with several collaborators).

Firefox debugger screenshot
A bug we found in the debugger of Firefox.

I also worked on other projects during internships and my studies. In my master thesis and a follow-up project together with Sandro Tolksdorf, we developed automated testing of interactive debuggers, with which we found more than 25 bugs in the JavaScript debuggers of Firefox and Chrome. During an internship at Microsoft Research, I worked with Patrice Godefroid and Marina Polishchuk on RESTler, a fuzzer for REST APIs, which I augmented with differential regression testing (ISSTA 2020). At an internship at Oracle Labs, I worked on the compiler for a graph-processing language with the Spoofax language workbench. During my bachelor thesis, I worked together with Luca Davi and Ahmad-Reza Sadeghi on return-oriented programming attacks against coarse-grained control-flow integrity (USENIX Security, BlackHat USA 2014).

Short CV↑ up

Full CV and reference letters are available upon request.

Code↑ up

Wasabi logo
Our dynamic
analysis framework.

Wasabi is the largest project for which I am the main developer. It is a dynamic analysis framework for WebAssembly binaries. The website has more background, usage instructions, and even a little live demo. Wasabi is implemented in >5k lines of Rust and a bit of JavaScript. Feel free to contribute a pull request on GitHub. Wasabi builds on my own parser and static instrumentation library. It is split in a low-level parser of the binary format and a high-level AST that is more convenient to work with (e.g., putting type, name, and body of a function in a single place). Since WebAssembly uses LEB128-encoded integers throughout the binary format, I also wrote an LEB128 library in Rust. The existing libraries either did not support all integer widths or didn't do proper integer overflow checking.

I am a big fan of Rust, since it offers modern language features (algebraic data types, pattern matching, procedural macros, etc.) but still gives the user plenty of low-level control (over allocations, memory layout, explicit copying, static vs. dynamic dispatch, etc.). The language and ecosystem also try to avoid many of the issues that plague C and C++: Rust has proper modules, a standardized and easy package management and build system, great compiler errors, and good standard library and language defaults (move by default, fat pointers instead of NULL-delimited strings, UTF-8, hygenic macros, no implicit conversions, etc.). Rust's most unusual feature is of course the ownership and affine type system: this is great, not just for memory safety but especially for concurrent code. I have published a small utility library main_error on crates.io.

For research projects, I always try to make all code and data public. See publications for the respective repositories.

Peer-Reviewed Publications↑ up

An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases. 2021.
Aaron Hilbig, Daniel Lehmann, Michael Pradel.
In Proceedings of the Web Conference 2021 (WWW '21).
[paper] [dataset and code] [DOI] [] Copy to Clipboard @inproceedings{Hilbig2021WasmBench,
  title = {{An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases}},
  author = {Hilbig, Aaron and Lehmann, Daniel and Pradel, Michael},
  year = {2021},
  month = {April},
  booktitle = {Proceedings of the Web Conference 2021},
  series = {WWW '21},
  pages = {2696--2696},
  numpages = {13},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45038312-7},
  url = {https://doi.org/10.1145/3442381.3450138},
  doi = {10.1145/3442381.3450138},
}

Everything Old is New Again: Binary Security of WebAssembly. 2020.
Daniel Lehmann, Johannes Kinder, Michael Pradel.
In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20).
[paper] [conference website] [video] [slides] [code and data] [] Copy to Clipboard @inproceedings{Lehmann2020WasmBinarySecurity,
  title = {{Everything Old is New Again: Binary Security of WebAssembly}},
  author = {Lehmann, Daniel and Kinder, Johannes and Pradel, Michael},
  year = {2020},
  month = {August},
  booktitle = {Proceedings of the 29th USENIX Security Symposium},
  series = {USENIX Security 20},
  pages = {217--217},
  numpages = {18},
  publisher = {USENIX Association},
  isbn = {978-1-939133-17-5},
  url = {https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann},
}

Differential Regression Testing for REST APIs. 2020.
Patrice Godefroid, Daniel Lehmann, Marina Polishchuk.
In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '20).
[paper] [Microsoft blog post] [tool source code] [DOI] [] Copy to Clipboard @inproceedings{Godefroid2020DifferentialRESTler,
  title = {{Differential Regression Testing for REST APIs}},
  author = {Godefroid, Patrice and Lehmann, Daniel and Polishchuk, Marina},
  year = {2020},
  month = {July},
  booktitle = {Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis},
  series = {ISSTA '20},
  pages = {312--312},
  numpages = {12},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45038008-9},
  url = {https://doi.org/10.1145/3395363.3397374},
  doi = {10.1145/3395363.3397374},
}

Interactive Metamorphic Testing of Debuggers. 2019.
Sandro Tolksdorf, Daniel Lehmann, Michael Pradel.
In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '19).
[paper] [DOI] [] Copy to Clipboard @inproceedings{Tolksdorf2019MetamorphicDebuggerTesting,
  title = {{Interactive Metamorphic Testing of Debuggers}},
  author = {Tolksdorf, Sandro and Lehmann, Daniel and Pradel, Michael},
  year = {2019},
  month = {July},
  booktitle = {Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis},
  series = {ISSTA '19},
  location = {Beijing, China},
  pages = {273--273},
  numpages = {11},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45036224-5},
  url = {https://doi.org/10.1145/3293882.3330567},
  doi = {10.1145/3293882.3330567},
}

Wasabi: A Framework for Dynamically Analyzing WebAssembly. 2019.
Daniel Lehmann and Michael Pradel.
In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19).
Won a best paper award.
[paper] [slides] [code] [project website] [short news in Linux Magazin] [DOI] [] Copy to Clipboard @inproceedings{Lehmann2019Wasabi,
  title = {{Wasabi: A Framework for Dynamically Analyzing WebAssembly}},
  author = {Lehmann, Daniel and Pradel, Michael},
  year = {2019},
  month = {April},
  booktitle = {Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems},
  series = {ASPLOS '19},
  location = {Providence, RI, USA},
  pages = {1045--1045},
  numpages = {14},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45036240-5},
  url = {https://doi.org/10.1145/3297858.3304068},
  doi = {10.1145/3297858.3304068},
}

Feedback-Directed Differential Testing of Interactive Debuggers. 2018.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018).
[paper] [code] [DOI] [] Copy to Clipboard @inproceedings{Lehmann2018DifferentialDebuggerTesting,
  title = {{Feedback-Directed Differential Testing of Interactive Debuggers}},
  author = {Lehmann, Daniel and Pradel, Michael},
  year = {2018},
  month = {October},
  booktitle = {Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  series = {ESEC/FSE 2018},
  location = {Lake Buena Vista, FL, USA},
  pages = {610--610},
  numpages = {11},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45035573-5},
  url = {https://doi.org/10.1145/3236024.3236037},
  doi = {10.1145/3236024.3236037},
}

Automatic Testing of Interactive JavaScript Debuggers. 2017.
Daniel Lehmann.
In Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH Companion 2017).
2nd place in the ACM Student Research Competition, graduate category.
[poster] [DOI] [] Copy to Clipboard @inproceedings{Lehmann2017AutomaticDebuggerTesting,
  title = {{Automatic Testing of Interactive JavaScript Debuggers}},
  author = {Lehmann, Daniel},
  year = {2017},
  month = {October},
  booktitle = {Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity},
  series = {SPLASH Companion 2017},
  location = {Vancouver, BC, Canada},
  pages = {24--24},
  numpages = {3},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  isbn = {978-1-45035514-8},
  url = {https://doi.org/10.1145/3135932.3135945},
  doi = {10.1145/3135932.3135945},
}

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. 2014.
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose.
In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14).
[paper] [conference website] [Microsoft EMET 5.1 release notes] [] Copy to Clipboard @inproceedings{Davi2014Stitching,
  title = {{Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection}},
  author = {Davi, Lucas and Sadeghi, Ahmad-Reza and Lehmann, Daniel and Monrose, Fabian},
  year = {2014},
  month = {August},
  booktitle = {Proceedings of the 23rd USENIX Security Symposium},
  series = {USENIX Security 14},
  pages = {401--401},
  numpages = {16},
  publisher = {USENIX Association},
  isbn = {978-1-931971-15-7},
  url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/davi},
}

Invited Talks, Tutorials, etc.↑ up

Everything Old is New Again: Binary Security of WebAssembly. Daniel Lehmann.
Longer technical talk about our USENIX Security 2020 paper. Given in slightly adapted versions at:

Dynamically Analyzing WebAssembly with Wasabi. Daniel Lehmann and Michael Pradel.
Half-day tutorial session at PLDI 2019 on using our framework, e.g., for extracting a call graph or in reverse engineering. Phoenix, AZ, USA. June 23, 2019.
There is an accompanying website with materials (tasks, required setup, solutions) and slides.

Differential Testing of Interactive Debuggers. Daniel Lehmann.
Technical talk about our ESEC/FSE 2018 paper. Given at:

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques. Daniel Lehmann and Ahmad-Reza Sadeghi.
At Black Hat Briefings USA. August 6, 2014.
Talk and live demo of an exploit against Microsoft Enhanced Mitigation Experience Toolkit (EMET), which was subsequently fixed by Microsoft. Based on my bachelor thesis work.
Recording on YouTube.