I am a cyber security researcher for Fraunhofer SIT. Previously, I was a security engineer at Huawei Technologies, mobile software developer at Boostix/GAL, and a web and software developer for a number of other companies. I hold a master’s degree in Computer Science. Currently, I am co-chairing the Trusted Computing Group’s Network Equipment work group, working to secure vulnerable network equipment.
My research interests include cyber security, Trusted Computing, virtualization technologies, and distributed systems.
M.Sc. in Computer Science, 2014
Mittelhessen University of Applied Sciences
B.Sc. in Computer Science, 2009
Mittelhessen University of Applied Sciences
Pre-Diploma in Media Informatics, 2006
Mittelhessen University of Applied Sciences
90 %
100 %
60 %
Developing security solutions based on Trusted Computing for network and embedded systems.
Responsibilities include:
Vocational and occupational pedagogical aptitude includes the competence to independently plan, implement and control vocational training in the fields of action:
Achieving CCNA certification is the first step in preparing for a career in IT technologies. To earn CCNA certification, you pass one exam that covers a broad range of fundamentals for IT careers, based on the latest networking technologies, software development skills, and job roles.
CCNA gives you the foundation you need to take your career in any direction.
The digitalization of safety-critical railroad infrastructure enables new types of attacks. This increases the need to integrate Information Technology (IT) security measures into railroad systems. For that purpose, we rely on a security architecture for a railway object controller which controls field elements that we developed in previous work. Our architecture enables the integration of security mechanisms into a safety-certified railway system. In this paper, we demonstrate the practical feasibility of our architecture by using a Trusted Platform Module (TPM) 2.0 and a Multiple Independent Levels of Safety and Security (MILS) Separation Kernel (SK) for our implementation. Our evaluation includes a test bed and shows how certification and homologation can be achieved.
In this paper, we introduce Userspace Software Integrity Measurement (USIM) for the Linux OS. USIM enables interpreters to measure, log, and irrevocably anchor critical events in the Trusted Platform Module (TPM). We develop a software library in C which provides TPM-based measurement functionality as well as the USIM service, which provides concurrent access handling to the TPM based event logging. Further, we develop and implement a concept to realize highly frequent event logging on the slow TPM. We integrate this library into the Java Virtual Machine (JVM) to measure Java classes and show that it can be easily integrated into other interpreters. With performance measurements we demonstrate that our contribution is feasible and that overhead is negligible.
In this paper we analyze existing work on TPM-based remote attestation for virtualized environments and discuss benefits as well as shortcomings. We identify an approach that provides adequate security and is easy to implement but is prone to relay attacks. We improve that approach by developing countermeasures, while maintaining existing security guarantees. We implement and evaluate on production-grade hardware. With performance measurements and further evaluations we show that our solution is viable.