ReTruSt
ReTruSt: Resilient, Trustworthy, Sustainable
Die Forschungsgruppen bestehen aus interdisziplinären Teammitgliedern mit unterschiedlichen Fachkenntnissen und Forschungsgebieten, koordiniert von Prof. Dr. Claudia Eckert.
Das Ziel von ReTruSt ist es, technologische, sowie auch soziotechnische, rechtliche und ökonomische Lösungen zu erforschen und zu erproben, um komplex vernetzte, hoch dynamische, soziotechnische Systeme über deren gesamten Lebenszyklus vertrauenswürdig und resilient gegenüber Cyberangriffen zu gestalten und nachprüfbar, nachhaltig sicher zu betreiben.
Mit ReTruSt sollen in interdisziplinärer Zusammenarbeit grundlegende Methoden, technische Konzepte und Software-Werkzeuge, sowie Systemarchitekturen erforscht und erprobt werden, die die Grundlage liefern, um die Herausforderungen zu meistern.
Durch die Vergrößerung der Angriffsfläche vernetzter Systeme steigen die Risiken für Cyberangriffe. Diese sind auch beim Einsatz fortgeschrittener Schutzmaßnahmen nicht auszuschließen. Deshalb müssen zukünftige Systeme in der Lage sein, die sensitiven Ressourcen zu schützen, aber gleichzeitig auch ihre Kernfunktionalität weiterhin zu erbringen, auch wenn das System Cyber-Angriffen ausgesetzt ist. Dies ist die Forderung nach Cyber-Resilienz. Cyber-resiliente Systeme müssen die Fähigkeiten besitzen, Angriffe zu erkennen und abzuwehren, also darauf vorbereitet sein, sie einkalkulieren, sie verkraften und sich davon erholen können. Gleichzeitig sollen sie lernfähig sein, und sich kontinuierlich verbessern, um nachhaltig ein gefordertes Schutzlevel aufrechtzuerhalten. Die Forderung nach Cyber-Resilienz geht somit deutlich über den Schutz von Systemen im klassischen Sinn hinaus und ist eine unerlässliche Eigenschaft zukünftiger Software-basierter Systeme, Infrastrukturen und Geschäftsprozesse.
Forschungsfelder:
1. Resiliente vertrauenswürdige Software-Architekturen, eingebettete Systeme und Infrastrukturen
2. Theoretische, formale Grundlagen und Systems-Engineering
3. Nutzerakzeptanz, Privacy und Nachvollziehbarkeit
Unser Team
Sprecherin: Prof. Dr. Claudia Eckert, (IT-Sicherheit)
Koordinator: Lukas Gehrke, (IT-Sicherheit)
Forschungsprojekte
Das Netzwerk RetruSt beinhaltet verschiedene Forschungsprojekte mit zahlreichen Industriepartnern:
- Hardware-Assisted Memory Safety and Security (Martin Fink, Distributed Systems and Operating Systems)
- Cyber-Resilient and Secure Systems (Lukas Gehrke, IT-Sicherheit)
- Cyber-Resilienz, in Zusammenarbeit mit Industriepartnern (Utku Budak, Sicherheit in der Informationstechnik)
- QUIC Post-Quantum Transport Layer Security, Measurements and Modeling (Marcel Kempf, Lehrstuhl für Netzarchitekturen und Netzdienste)
Promotionen
Speaker Series
Das Netzwerk hält regelmäßige Events ab, bei denen Studierende, wissenschaftliche Mitarbeiter und Partner aus der Industrie eingeladen sind.
"The Linux kernel architecture faces inherent limitations in its security design, primarily due to constraints imposed by the underlying hardware. The Linux kernel must not only isolate user-space processes but also protect itself from unauthorized access—a task made increasingly challenging by the presence of vulnerabilities. Since modern security mechanisms rely on the Linux kernel's integrity, their effectiveness collapses as soon as the kernel is compromised. Therefore, the kernel's resilience is crucial to the security of the entire system, raising the fundamental question: how can we maintain robust security despite the presence of kernel vulnerabilities?
In this presentation, we introduce a virtualization-assisted security architecture for the Linux kernel to address these challenges. Our solution provides a lightweight virtualization layer comprising a thin, formally-verifiable virtual machine monitor on top of the open-source NOVA microhypervisor. Acting as a security support layer, this architecture enables the Linux kernel to effectively leverage the system's virtualization extensions to fortify its defenses. In-line with virtualization-based state-of-the-art security mechanisms, our solution enforces Linux kernel code integrity and protects selected data structures from being abused by malicious actors. Beyond these capabilities, it enables advanced security features, such as isolating selected security-critical subsystems within the Linux kernel itself and providing a versatile event monitoring facility targeting the activity of applications and containers in user space. Overall, by bridging the traditional separation between the OS and system virtualization technologies, our open source implementation integrates both to create a more robust and resilient security foundation. We present our implementation as a promising approach to mitigating the risks posed by kernel vulnerabilities while significantly enhancing the security posture of modern systems."
Sergej Proskurin works as a Senior Staff Security Engineer at BlueRock Security, specializing in virtualization-assisted operating system security. He received his Ph.D. in Computer Science from the Technical University of Munich. His research interests cover a wide range of low-level topics. In particular, he is passionate about operating system design and leveraging virtualization technology for dynamic binary analysis and operating system security. In the past, Sergej actively contributed to open source projects, including the Xen Project hypervisor and the black-box binary analysis system DRAKVUF.
Chunyang Chen: Brief Introduction to the Chair of Software Engineering & AI at TUM Heilbronn
Zhen Tao: Research talk on “Automated AI Compliance: Assessing EU AI Act Compliance Checkers”
Abstract: AI systems are now part of everyday life, and people have become concerned about the privacy issues raised by AI. Regulations (e.g. GDPR and the EU AI Act) commonly mandate AI products to be safe, transparent, and respectful of users’ data rights. Ensuring compliance under AI regulations is a challenge for companies and developers. This talk discusses AI privacy compliance from two angles. First, we review how mainstream providers of foundational LLMs disclose their data practices in privacy policies. Second, we focus on citizen developers of AI products. They often lack legal knowledge and struggle to meet regulatory requirements. In response to this challenge, automated EU AI Act compliance checkers have emerged to help citizen developers verify the compliance of their AI products. However, little is known about these checkers. By examining how they operate, what they cover, and where they leave gaps, we aim to reveal the current state of EU AI Act compliance checkers and help enhance the usability of compliance support tools.
Speaker Series Vol. 3 (15.01.26)
“COCONUT-SVSM: Lessons Learned from Writing a Confidential-First OS in Rust” am 15.01.2026 ab 10 Uhr in Raum 01.07.014
Sprecher: Jörg Rödel, AMD
Abstract: Building a new operating system in Rust is challenging as Rust’s safety guarantees only hold once the kernel has established those guarantees for itself. Doing so in a confidential-computing environment adds another layer of complexity, as does operating without the Rust standard library.
This talk walks through the COCONUT-SVSM codebase to highlight the architectural choices and trade-offs involved in creating a confidential-first OS in Rust. We will explore key subsystems such as memory management, user-mode execution, and interrupt/IRQ handling, and discuss how these components addressed the various challenges.
The session will also cover areas that remain challenging, such as per-CPU data handling, allocator design, and safe abstractions around low-level hardware interactions, and outline potential approaches for addressing these issues. Attendees will gain practical insights into applying Rust in OS development while meeting the stringent requirements of confidential computing.
Publikationen
Marcel Kempf, Simon Tietz, Benedikt Jaeger, Johannes Späth, Georg Carle, and Johannes Zirngibl. 2025. QUIC Steps: Evaluating Pacing Strategies in QUIC Implementations. Proc. ACM Netw. 3, CoNEXT2, Article 13 (June 2025), 14 pages. doi.org/10.1145/3730985
U. Budak, F. D. Santis, O. Yasar, M. Safieh and G. Sigl, "A Lightweight Firmware Resilience Engine for Real-Time Operating Systems," 2025 IEEE International Conference on Cyber Security and Resilience (CSR), Chania, Crete, Greece, 2025, pp. 401-406, doi: 10.1109/CSR64739.2025.11129996.
Budak, U., Safieh, M., De Santis, F., Sigl, G. (2025). A Cyber-Resilient DICE Architecture for Resource-Constrained Devices. In: Skopik, F., Naessens, V., De Sutter, B. (eds) Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15998. Springer, Cham. doi.org/10.1007/978-3-032-00642-4_5
Lukas Gehrke et al. Forschungsbericht: "Proceedings of the Seminar Cyber-Resilient Systems: Summer Semester 2024", doi:10.14459/2024md1759337
Utku Budak, Fabrizio De Santis, and Georg Sigl. "A Lightweight Firmware Resilience Engine for IoT Devices Leveraging Minimal Processor Features." 2024 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2024. (Best Paper Award) doi.org/10.1109/CSR61664.2024.10679408
Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, and Pramod Bhatotia. 2025. “Cage: Hardware-Accelerated Safe WebAssembly.” In Proceedings of the 23rd ACM/IEEE International Symposium on Code Generation and Optimization (CGO '25). Association for Computing Machinery, New York, NY, USA, 538–552. doi.org/10.1145/3696443.3708920
Marcel Kempf et al. "A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights," 2024 IFIP Networking Conference (IFIP Networking), Thessaloniki, Greece, 2024, pp. 195-203, doi.org/10.23919/IFIPNetworking62109.2024.10619916