Skip to content
Technical University of Munich

ReTruSt

ReTruSt: Resilient, Trustworthy, Sustainable

The research groups consist of interdisciplinary team members with different expertise and research areas, coordinated by Prof. Dr. Claudia Eckert.

The goal of ReTruSt is to research and test technological, as well as socio-technical, legal and economical solutions in order to make complex networked, highly dynamic, socio-technical systems trustworthy and resilient to cyber-attacks throughout their entire life cycle and to operate them in a verifiable, sustainably secure manner. 

With ReTruSt, fundamental methods, technical concepts, software tools, and system architectures are to be researched and tested in interdisciplinary collaboration, which provides the basis for mastering the challenges. 

As the attack surface of networked systems increases, the risks of cyber-attacks increase. These cannot be ruled out even when using advanced protective measures. Therefore, future systems must be able to protect sensitive resources but at the same time continue to provide their core functionality, even if the system is exposed to cyber-attacks. This is the demand for Cyber-Resilience. Cyber-Resilient systems must have the ability to detect and defend against attacks, i.e. be prepared for them, plan for them, cope with them and recover from them. At the same time, they should be able to learn and continuously improve in order to sustainably maintain the required level of protection. The demand for Cyber-Resilience goes well beyond the protection of systems in the classic sense and is an indispensable property of future software-based systems, infrastructures and business processes.

Research Areas:

1. Resilient trusted software architectures, embedded systems and infrastructures

2. Theoretical, formal foundations and systems engineering

3. User acceptance, privacy and traceability

Our Team

Spokesperson: Prof. Dr. Claudia Eckert, (IT Security)

Coordinator:  Lukas Gehrke, (IT Security)

Research projects

The Retrust network includes various research projects with numerous industry partners:

Doctoral theses

Speaker Series

The network organizes reoccurring events, open to university students, researchers and industry partners.

Vol. 5 on 15th of June 2026 (10.00 a.m. in “Interims Hörsaal 2” 5620.01.102)

Mathias Payer, EPFL, HexHive Research Group

Android Archaeology: Digging Up Vulnerabilities Layer by Layer

Android has become an ubiquitous platform for running mobile apps, granting different actors access to vast amounts of private data. The growing complexity of the Android ecosystem introduces significant security challenges. In this talk, we will explore multiple layers of Android security: examining the foundational virtualization layers, stress-testing trusted applications, and assessing the impact of recent user-space mitigations. Through the lens of system security, we uncover vulnerabilities even in the most trusted layers. Trusted applications are susceptible to type confusion, while regular apps may face risks such as heap corruption attacks. Join us on this journey to enhance mobile ecosystem security through fuzzing, improved standards, and safer defaults.

Mathias Payer is a professor at EPFL, leading the HexHive group. His research centers on strengthening software and system security in the presence of vulnerabilities. His broader interests include fuzzing and sanitization to uncover and address flaws, developing effective mitigations to protect against the exploitation of unknown or unpatched bugs, and employing fault isolation to enforce privilege separation. Mathias joined EPFL in 2018 where he founded the Polygl0ts CTF team. Previously, he was an assistant professor at Purdue University, a PostDoc at UC Berkeley, and a PhD student at ETH Zurich.

 

Publications

Marcel Kempf, Simon Tietz, Benedikt Jaeger, Johannes Späth, Georg Carle, and Johannes Zirngibl. 2025. QUIC Steps: Evaluating Pacing Strategies in QUIC Implementations. Proc. ACM Netw. 3, CoNEXT2, Article 13 (June 2025), 14 pages. doi.org/10.1145/3730985

U. Budak, F. D. Santis, O. Yasar, M. Safieh and G. Sigl, "A Lightweight Firmware Resilience Engine for Real-Time Operating Systems," 2025 IEEE International Conference on Cyber Security and Resilience (CSR), Chania, Crete, Greece, 2025, pp. 401-406, doi: 10.1109/CSR64739.2025.11129996.

Budak, U., Safieh, M., De Santis, F., Sigl, G. (2025). A Cyber-Resilient DICE Architecture for Resource-Constrained Devices. In: Skopik, F., Naessens, V., De Sutter, B. (eds) Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15998. Springer, Cham. doi.org/10.1007/978-3-032-00642-4_5

Lukas Gehrke et al. Report: "Proceedings of the Seminar Cyber-Resilient Systems: Summer Semester 2024", doi:10.14459/2024md1759337 

Utku Budak, Fabrizio De Santis, and Georg Sigl. "A Lightweight Firmware Resilience Engine for IoT Devices Leveraging Minimal Processor Features." 2024 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2024. (Best Paper Award) doi.org/10.1109/CSR61664.2024.10679408

Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, and Pramod Bhatotia. 2025. “Cage: Hardware-Accelerated Safe WebAssembly.” In Proceedings of the 23rd ACM/IEEE International Symposium on Code Generation and Optimization (CGO '25). Association for Computing Machinery, New York, NY, USA, 538–552. doi.org/10.1145/3696443.3708920

Marcel Kempf et al. "A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights," 2024 IFIP Networking Conference (IFIP Networking), Thessaloniki, Greece, 2024, pp. 195-203, doi.org/10.23919/IFIPNetworking62109.2024.10619916

To top