ReTruSt
ReTruSt: Resilient, Trustworthy, Sustainable
The research groups consist of interdisciplinary team members with different expertise and research areas, coordinated by Prof. Dr. Claudia Eckert.
The goal of ReTruSt is to research and test technological, as well as socio-technical, legal and economical solutions in order to make complex networked, highly dynamic, socio-technical systems trustworthy and resilient to cyber-attacks throughout their entire life cycle and to operate them in a verifiable, sustainably secure manner.
With ReTruSt, fundamental methods, technical concepts, software tools, and system architectures are to be researched and tested in interdisciplinary collaboration, which provides the basis for mastering the challenges.
As the attack surface of networked systems increases, the risks of cyber-attacks increase. These cannot be ruled out even when using advanced protective measures. Therefore, future systems must be able to protect sensitive resources but at the same time continue to provide their core functionality, even if the system is exposed to cyber-attacks. This is the demand for Cyber-Resilience. Cyber-Resilient systems must have the ability to detect and defend against attacks, i.e. be prepared for them, plan for them, cope with them and recover from them. At the same time, they should be able to learn and continuously improve in order to sustainably maintain the required level of protection. The demand for Cyber-Resilience goes well beyond the protection of systems in the classic sense and is an indispensable property of future software-based systems, infrastructures and business processes.
Research Areas:
1. Resilient trusted software architectures, embedded systems and infrastructures
2. Theoretical, formal foundations and systems engineering
3. User acceptance, privacy and traceability
- Prof. Dr. Claudia Eckert (Chair of IT Security)
- Prof. Jens Großklags, Ph.D. (Cyber Trust)
- Prof. Dr. Pramod Bhatotia (Distributed Systems and Operating Systems)
- Prof. Dr.-Ing. Georg Carle (Chair of Network Architectures and Services)
- Prof. Dr.-Ing. Georg Sigl (Chair of Security in Information Technology)
Research projects
The Retrust network includes various research projects with numerous industry partners:
- Hardware-Assisted Memory Safety and Security (Martin Fink, Distributed Systems and Operating Systems)
- Cyber-Resilient and Secure Systems (Lukas Gehrke, IT Security)
- Cyber Resilience, in collaboration with industry partners (Utku Budak, Security in Information Technology)
- QUIC Post-Quantum Transport Layer Security, Measurements and Modeling (Marcel Kempf, Network Architectures and Services)
Speaker Series
The network organizes reoccurring events, open to university students, researchers and industry partners.
Vol. 3 on 15th of January 2026 (10.00 a.m. in room 01.07.014)
Jörg Rödel, AMD
COCONUT-SVSM: Lessons Learned from Writing a Confidential-First OS in Rust
Abstract: Building a new operating system in Rust is challenging as Rust’s safety guarantees only hold once the kernel has established those guarantees for itself. Doing so in a confidential-computing environment adds another layer of complexity, as does operating without the Rust standard library.
This talk walks through the COCONUT-SVSM codebase to highlight the architectural choices and trade-offs involved in creating a confidential-first OS in Rust. We will explore key subsystems such as memory management, user-mode execution, and interrupt/IRQ handling, and discuss how these components addressed the various challenges.
The session will also cover areas that remain challenging, such as per-CPU data handling, allocator design, and safe abstractions around low-level hardware interactions, and outline potential approaches for addressing these issues. Attendees will gain practical insights into applying Rust in OS development while meeting the stringent requirements of confidential computing.
Publications
Marcel Kempf, Simon Tietz, Benedikt Jaeger, Johannes Späth, Georg Carle, and Johannes Zirngibl. 2025. QUIC Steps: Evaluating Pacing Strategies in QUIC Implementations. Proc. ACM Netw. 3, CoNEXT2, Article 13 (June 2025), 14 pages. doi.org/10.1145/3730985
U. Budak, F. D. Santis, O. Yasar, M. Safieh and G. Sigl, "A Lightweight Firmware Resilience Engine for Real-Time Operating Systems," 2025 IEEE International Conference on Cyber Security and Resilience (CSR), Chania, Crete, Greece, 2025, pp. 401-406, doi: 10.1109/CSR64739.2025.11129996.
Budak, U., Safieh, M., De Santis, F., Sigl, G. (2025). A Cyber-Resilient DICE Architecture for Resource-Constrained Devices. In: Skopik, F., Naessens, V., De Sutter, B. (eds) Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15998. Springer, Cham. doi.org/10.1007/978-3-032-00642-4_5
Lukas Gehrke et al. Report: "Proceedings of the Seminar Cyber-Resilient Systems: Summer Semester 2024", doi:10.14459/2024md1759337
Utku Budak, Fabrizio De Santis, and Georg Sigl. "A Lightweight Firmware Resilience Engine for IoT Devices Leveraging Minimal Processor Features." 2024 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2024. (Best Paper Award) doi.org/10.1109/CSR61664.2024.10679408
Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, and Pramod Bhatotia. 2025. “Cage: Hardware-Accelerated Safe WebAssembly.” In Proceedings of the 23rd ACM/IEEE International Symposium on Code Generation and Optimization (CGO '25). Association for Computing Machinery, New York, NY, USA, 538–552. doi.org/10.1145/3696443.3708920
Marcel Kempf et al. "A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights," 2024 IFIP Networking Conference (IFIP Networking), Thessaloniki, Greece, 2024, pp. 195-203, doi.org/10.23919/IFIPNetworking62109.2024.10619916