Prof. Dr. Marc Rennhard

Work at ZHAW

Position

Director of Department Department Information Technology, Electrical Engineering and Mechatronics

Focus

Professor for Information Security, focussing on Software Security, Security Testing, Security Analysis and Security Engineering. In teaching and research, I collaborate closely with the Institute of Computer Science (InIT).

Experience

• Head of Department Information Technology, Electrical Engineering and Mechatronics (IEM)
  ZHAW, School of Engineering
  2023 - today
• Professor (Lecturer until 2007) for Computer Science
  ZHAW, School of Engineering
  2004 - today
• Head of Institute of Applied Information Technology
  ZHAW, Institute of Applied Information Technology (InIT)
  2017 - 2023
• Head of Research Group Information Security
  ZHAW, Institute of Applied Information Technology (InIT)
  2005 - 2017
• Senior IT Security Consultant (Freelancing)
  Consecom AG
  2007 - 2015
• Senior Researcher
  ETH Zurich, Zurich Information Security Center (ZISC)
  2004 - 2005
• Research Assistant
  ETH Zurich, Communication Systems Group
  1999 - 2004
• IT Consultant
  Solution Providers AG
  1998 - 1999
• Software Engineer
  Siemens Schweiz AG
  1995 - 1997

Education and Continuing education

Education

• Dr. sc. techn. ETH (PhD) / Anonymous Internet communication
  ETH Zurich
  1999 - 2004
• Dipl. El.-Ing. ETH (MSc)
  ETH Zurich
  1992 - 1998
• Matura Typus C
  Bündner Kantonsschule Chur
  1986 - 1991

Continuing Education

• ZHAW Leadership and Management Training
  ZHAW
  2009
• Certified Information Systems Security Professional (CISSP)
  ISC2
  2004
• Teaching Diploma for Higher Education in Computer Science
  ETH Zurich
  2003
• Cambridge Proficiency in English
  Cambridge English
  2001

Network

Membership of networks

• Information Security Society Switzerland (ISSS)
• Jury member Information Security Society Switzerland (ISSS) Excellence Award
• Informatics Europe (representative of ZHAW School of Engineering)
• Digital Society (DSI) Community Cybersecurity at University of Zurich
• Advisory Board scanmeter GmbH

Social media

LinkedIn

Projects

• Dynamic Security Analysis of Android Pre-installed Apps / Project leader / laufend
• CYREN ZH: Cyber Resilience Network For The Canton Of Zurich / Co-project leader / laufend
• Dynamic Analysis of Internal Android Systems / Project leader / abgeschlossen
• FASTscan: Fully Automated Security Testing with scanmeter / Project leader / abgeschlossen
• OptiPhish – Effective and Measurable Phishing Awareness Training / Team member / abgeschlossen
• CNO Software Development 2019 / Team member / abgeschlossen
• scanmeter Next Generation / Project leader / abgeschlossen
• SeCoSS: Secure Collaboration with SecureSafe / Deputy project leader / abgeschlossen
• PhD Network in Data Science / Team member / abgeschlossen
• Platform for automated security analysis of IT systems (ASAP) / Project leader / abgeschlossen
• Highly Trustworthy Service for Linking Physical Products with Digital Information (dokspot) / Project leader / abgeschlossen
• dokspot - Linking Physical Products with Digital Information / Project leader / abgeschlossen
• SecureSafe for integrated usage in companies and eGovernment / Project leader / abgeschlossen
• DSwiss SecureSafe Technology: Improving Mobile Platform Support / Project leader / abgeschlossen
• Datasafe for professional Users / Project leader / abgeschlossen
• A New Commercial Online Platform: schnappundweg.eu / Project leader / abgeschlossen
• Corporate Data Safe / Project leader / abgeschlossen
• IT-Security in the Area of Road Traffic Telematics / Project leader / abgeschlossen
• Automated Software Security Testing 2 / Project leader / abgeschlossen
• Online Datasafe (datainherit.com) / Project leader / abgeschlossen

Publications

• Sutter, Thomas; Kehrer, Timo; Rennhard, Marc; Tellenbach, Bernhard; Klein, Jacques,

  2024.

  Dynamic security analysis on Android : a systematic literature review.

  IEEE Access.

  12, pp. 57261-57287.

  Available from: https://doi.org/10.1109/ACCESS.2024.3390612

• Rennhard, Marc; Kushnir, Malte; Favre, Olivier; Esposito, Damiano; Zahnd, Valentin,

  2022.

  Automating the detection of access control vulnerabilities in web applications.

  SN Computer Science.

  3(5), pp. 376.

  Available from: https://doi.org/10.1007/s42979-022-01271-1

• Rennhard, Marc; Esposito, Damiano; Ruf, Lukas; Wagner, Arno,

  2019.

  Improving the effectiveness of web application vulnerability scanning.

  International Journal on Advances in Internet Technology.

  12(1/2), pp. 12-27.

  Available from: https://doi.org/10.21256/zhaw-17956

• Tellenbach, Bernhard; Paganoni, Sergio; Rennhard, Marc,

  2016.

  Detecting obfuscated JavaScripts from known and unknown obfuscators using machine learning.

  International Journal on Advances in Security.

  9(3/4), pp. 196-206.

  Available from: https://doi.org/10.21256/zhaw-1537

• Rennhard, Marc,

  2004.

  MorphMix : a peer-to-peer-based system for anonymous internet access.

  Aachen:

  Shaker.

  TIK-Schriftenreihe ; 61.

  ISBN 3-8322-2651-6.

• Tellenbach, Bernhard; Rennhard, Marc; Schweizer, Remo,

  2019.

  Security of data science and data science for security

  .

  In:

  Braschler, Martin; Stadelmann, Thilo; Stockinger, Kurt, eds.,

  Applied data science : lessons learned for the data-driven business.

  Cham:

  Springer.

  pp. 265-288.

  Available from: https://doi.org/10.1007/978-3-030-11821-1_15

• Kushnir, Malte; Favre, Olivier; Rennhard, Marc; Esposito, Damiano; Zahnd, Valentin,

  2021.

  Automated black box detection of HTTP GET request-based access control vulnerabilities in web applications [paper].

  In:

  Proceedings of the 7th International Conference on Information Systems Security and Privacy.

  ICISSP 2021, online, 11-13 February 2021.

  SciTePress.

  pp. 204-216.

  Available from: https://doi.org/10.5220/0010300102040216

• Lapagna, Kevin; Zollinger, Moritz; Rennhard, Marc; Strobel, Hans; Derché, Cyrille,

  2018.

  Dokspot : securely linking healthcare products with online instructions [paper].

  In:

  HEALTHINFO 2018 : the Third International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing.

  HEALTHINFO 2018, Nice, France, 14-18 October 2018.

  IARIA.

  Available from: https://doi.org/10.21256/zhaw-5000

• Esposito, Damiano; Rennhard, Marc; Ruf, Lukas; Wagner, Arno,

  2018.

  Exploiting the potential of web application vulnerability scanning [paper].

  In:

  ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection.

  ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018.

  IARIA.

  pp. 22-29.

  Available from: https://doi.org/10.21256/zhaw-3927

• Rennhard, Marc; Tschannen, Michael; Christen, Tobias,

  2012.

  SecureSafe : a highly secure online data safe [paper].

  In:

  Proceedings of the Eurosys Workshop on Measurement, Privacy, and Mobility (MPM 2012).

  Eurosys Workshop on Measurement, Privacy, and Mobility (MPM 2012), Bern, 10-13 April 2012.

  New York:

  Association for Computing Machinery.

• Frei, Adrian; Rennhard, Marc,

  2008.

  Histogram matrix : log file visualization for anomaly detection [paper].

  In:

  Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008).

  Third International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, 4-7 March 2008.

  IEEE.

  pp. 610-617.

  Available from: https://doi.org/10.1109/ARES.2008.148

• Rennhard, Marc; Plattner, Bernhard,

  2004.

  Practical anonymity for the masses with MorphMix [paper].

  In:

  Juels, Ari, ed.,

  Financial Cryptography.

  Financial Cryptography Conference (FC 2004), Key West, USA, 9-12 February 2004.

  Berlin:

  Springer.

  pp. 233-250.

  Available from: https://doi.org/10.1007/978-3-540-27809-2_24

• Sutter, Thomas; Lapagna, Kevin; Berlich, Peter; Rennhard, Marc; Germann, Fabio; et al.,

  2021.

  Web content signing with service workers.

  ZHAW Zürcher Hochschule für Angewandte Wissenschaften.

  Available from: https://doi.org/10.21256/zhaw-22514

• Rennhard, Marc; Koster, Marco; Marschal, Claude; Schildknecht, Lukas,

  2011.

  IT-Security im Bereich Verkehrstelematik.

  Forschungsberichte SVI

  ; 1350.

  Bern:

  Bundesamt für Strassen.

• Rennhard, Marc; Marschal, Claude,

  2011.

  IT-Security in der Verkehrstelematik.

  Strasse und Verkehr.

  2011(10), pp. 26.

• Rennhard, Marc; Tschannen, Michael; Christen, Tobias,

  2010.

  2-Factor authentication for mobile applications : introducing DoubleSec.

  InIT Publikationsreihe

  .

  Winterthur:

  ZHAW Zürcher Hochschule für Angewandte Wissenschaften.

  Available from: https://doi.org/10.21256/zhaw-1522

• Rennhard, Marc; Christen, Tobias,

  2010.

  Der digitale Datensafe als SaaS-Dienst.

  Swiss Engineering STZ.

  2010(10), pp. 31.

• Ruf, Lukas; Rennhard, Marc,

  2009.

  Fälschbare Zertifikate.

  IT Security.

  2009(1), pp. 19.

• Rennhard, Marc,

  2008.

  Automatisiertes Software-Security-Testing.

  IT Security.

  2008(4), pp. 24-26.

• Rennhard, Marc; Frei, Adrian,

  2006.

  Dokumentensicherheit in verteilten Dokumenten-Management-Systemen - Projektbericht : Internal Report 05/01.

  Winterthur:

  ZHAW Zürcher Hochschule für Angewandte Wissenschaften.

• Rennhard, Marc,

  2019.

  Schwachstellen vor den Hackern finden : automatisierte Sicherheitstests von IT-Systemen.

  In:

  Thurgauer Technologietag, Wängi, 22. März 2019.

  Amt für Wirtschaft und Arbeit des Kantons Thurgau.

• Rennhard, Marc,

  2016.

  Client TLS testing / detecting obfuscated JavaScripts.

  In:

  Swiss Cyber Storm 2016, Luzern, 19. Oktober 2016.

• Rennhard, Marc,

  2010.

  Automatisiertes Software Security-Testing.

  In:

  ERFA-Tagung des Schweizerischen Instituts für Systems Engineering, Bern, 14. September 2010.

• Rennhard, Marc,

  2010.

  Internet Datasafe : Sicherheitstechnische Herausforderungen.

  In:

  ERFA-Tagung des Schweizerischen Instituts für Systems Engineering, Bern, 14. September 2010.

• Rennhard, Marc,

  2009.

  Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus?.

  In:

  Asecus Seminar, Wallisellen, 28. Mai 2009.

• Rennhard, Marc,

  2009.

  Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus?.

  In:

  Computerlinks University Zurich, Zürich, 4. Februar 2009.

• Rennhard, Marc,

  2009.

  Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus?.

  In:

  52. Tagung AK Technik, Zürich, 10.-11. Februar 2009.

• Rennhard, Marc,

  2008.

  Histogram matrix : log file visualization for anomaly detection.

  In:

  Third International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, 4-7 March 2008.

• Rennhard, Marc,

  2008.

  Aktuelle Sicherheitsprobleme im Internet : Angriffe auf Web-Applikationen.

  In:

  FAEL-Seminar: Internet-Security - Wo lauern die Gefahren?, Zürich, 5. November 2008.

• Rennhard, Marc,

  2008.

  Automatisiertes Software Security-Testing.

  In:

  Security-Zone 2008, Zürich, 24.-25. September 2008.

• Rennhard, Marc,

  2007.

  Web-Applikationen : Angriffe - und wie Sie sich dagegen verteidigen.

  In:

  IT-Security Forum #6, Winterthur, 1. Februar 2007.

• Rennhard, Marc,

  2006.

  Aktuelle Sicherheitsprobleme im Internet : Angriffe auf Web-Applikationen.

  In:

  Siemens-Dozierendentag 2006, Winterthur, 10. November 2006.

• Rennhard, Marc,

  2006.

  Fachhochschulen als Innovationspartner für KMU.

  In:

  Orbit-iEX 2006, Zürich, 16.-19. Mai 2006.

• Rennhard, Marc,

  2006.

  VoIP : Potentielle Sicherheitsprobleme.

  In:

  Security-Zone 2006, Zürich, 20.-21. September 2006.

• Rennhard, Marc; Mumprecht, Eduard,

  2005.

  PKI und Digitale Signatur : Theorie, Politik, Wunschdenken und Realität.

  In:

  WinLink - Lunch & Learn, Winterthur, 13. Juli 2005.

• Hülser, René; Rennhard, Marc; Steffen, Andreas,

  2005.

  ICTnet - KTI : innovative Lösungen trotz beschränkten Ressourcen.

  In:

  Security-Zone 2005, Zürich, 21.-22. September 2005.

• Rennhard, Marc,

  2004.

  Schutz der Privatsphäre aus Benutzersicht.

  In:

  IT-Security Forum #3, Winterthur, 26. Oktober 2004.

Publications before appointment at the ZHAW

• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Towards Pseudonymous e-Commerce. In Electronic Commerce Research Journal, Special Issue on Security and Trust in Electronic Commerce, Kluwer Academics Publisher, volume 4, issue 1-2, pages 83-111, January-April 2004.
• M. Rennhard and B. Plattner. Practical Anonymity for the Masses with Mix-Networks. In Proceedings of the 8th IEEE Intl. Workshop on Enterprise Security (WET ICE 2003), pages 255-260, Linz, Austria, 9th-11th June 2003.
• M. Rennhard. Anonymity for the Masses with MorphMix. Technical Report Nr. 159, TIK, ETH Zurich, Switzerland, May 2003.
• M. Rennhard. Practical Anonymity for the Masses with Mix-Networks. Technical Report Nr. 157, TIK, ETH Zurich, Switzerland, February 2003.
• M. Rennhard and B. Plattner. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), in association with 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 91-102, Washington, DC, USA, 21st November 2002.
• M. Rennhard. MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. Technical Report Nr. 147, TIK, ETH Zurich, Switzerland, August 2002.
• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Analysis of an Anonymity Network for Web Browsing. In Proceedings of the 7th IEEE Intl. Workshop on Enterprise Security (WET ICE 2002), pages 49-54, Pittsburgh, USA, June 10th-12th 2002.
• M. Rennhard, S. Rafaeli, and L. Mathy. Design, Analysis, and Implementation of an Anonymity Network for Web Browsing. Technical Report Nr. 129, TIK, ETH Zurich, Switzerland, February 2002.
• M. Chapman, G. Davida, and M. Rennhard. A Practical and Effective Approach to Large-Scale Automated Linguistic Steganography. In Proceedings of the Information Security Conference (ISC 2001), pages 156-165, Malaga, Spain, 1st-3rd October 2001.
• M. Rennhard, S. Rafaeli. and L. Mathy. From SET to PSET: The Pseudonymous Secure Electronic Transaction Protocol. Technical Report Nr. 117, TIK, ETH Zurich, Switzerland, August 2001.
• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. An Architecture for an Anonymity Network. In Proceedings of the 6th IEEE Intl. Workshop on Enterprise Security (WET ICE 2001), pages 165-170, Boston, USA, 20st-22nd June 2001
• S. Rafaeli, M. Rennhard, L. Mathy, B. Plattner, and D. Hutchison. An Architecture for Pseudonymous e-Commerce. In Proceedings of the Symposium on Information Agents for Electronic Commerce (AISB 2001), pages 33-42, York, UK, 21st-24th March 2001
• M. Rennhard, S. Rafaeli, L. Mathy. The Pseudonymity Network Architecture. Technical Report MPG-01-02, Computing Department, Lancaster University, Lancaster, UK, February 2001.
• M. Rennhard. A Software System for Turning Ciphertext into Plain English via Contextual Templates. Diploma Thesis, ETH Zurich, Switzerland, March 1998.

go back