Michael Eckel

Michael Eckel

Cyber Security Researcher

Fraunhofer SIT


I am a cyber security researcher for Fraunhofer SIT. Previously, I was a security engineer at Huawei Technologies, mobile software developer at Boostix/GAL, and a web and software developer for a number of other companies. I hold a master’s degree in Computer Science. Currently, I am co-chairing the Trusted Computing Group’s Network Equipment work group, working to secure vulnerable network equipment.

My research interests include cyber security, Trusted Computing, virtualization technologies, and distributed systems.


  • Cyber Security
  • Trusted Computing
  • Virtualization Technologies
  • Distributed Systems


  • M.Sc. in Computer Science, 2014

    Mittelhessen University of Applied Sciences

  • B.Sc. in Computer Science, 2009

    Mittelhessen University of Applied Sciences

  • Pre-Diploma in Media Informatics, 2006

    Mittelhessen University of Applied Sciences


C Coding

90 %


100 %

RC Flying

60 %



Cyber Security Researcher

Fraunhofer SIT

Sep 2018 – Present Darmstadt

Developing security solutions based on Trusted Computing for network and embedded systems.

Responsibilities include:

  • Modeling security concepts
  • Implementation
  • Project Management

Security Engineer

Huawei Technologies

Jan 2015 – Aug 2018 Darmstadt
Developed security solutions based on Trusted Computing for network and cloud systems.


Certificate: Cryptography I

Coursera online course “Cryptography I” by Prof. Dan Boneh from the University of Stanford. The course consists of a theoretical part and a practical part (programming).
See certificate

Trainer Certification according to the German “Ausbilder-Eignungsverordnung (AEVO)”

Vocational and occupational pedagogical aptitude includes the competence to independently plan, implement and control vocational training in the fields of action:

  1. Checking training prerequisites and planning training,
  2. Preparing training and assisting in the recruitment of trainees,
  3. Carrying out training and
  4. Completing training.

Bundesministerium für Bildung und Forschung (BMBF)

See certificate

Cisco Certified Network Associate (CCNA)

Achieving CCNA certification is the first step in preparing for a career in IT technologies. To earn CCNA certification, you pass one exam that covers a broad range of fundamentals for IT careers, based on the latest networking technologies, software development skills, and job roles.

CCNA gives you the foundation you need to take your career in any direction.

Cisco Systems

See certificate

Recent Posts



Hardware-based Safety Platform for Railroad Control and Safety Technology


Challenge-Response based Remote Attestation with TPM 2.0

Recent Publications

Quickly discover relevant content by filtering publications.

Implementing a Security Architecture for Safety-Critical Railway Infrastructure

The digitalization of safety-critical railroad infrastructure enables new types of attacks. This increases the need to integrate Information Technology (IT) security measures into railroad systems. For that purpose, we rely on a security architecture for a railway object controller which controls field elements that we developed in previous work. Our architecture enables the integration of security mechanisms into a safety-certified railway system. In this paper, we demonstrate the practical feasibility of our architecture by using a Trusted Platform Module (TPM) 2.0 and a Multiple Independent Levels of Safety and Security (MILS) Separation Kernel (SK) for our implementation. Our evaluation includes a test bed and shows how certification and homologation can be achieved.

Userspace Software Integrity Measurement

In this paper, we introduce Userspace Software Integrity Measurement (USIM) for the Linux OS. USIM enables interpreters to measure, log, and irrevocably anchor critical events in the Trusted Platform Module (TPM). We develop a software library in C which provides TPM-based measurement functionality as well as the USIM service, which provides concurrent access handling to the TPM based event logging. Further, we develop and implement a concept to realize highly frequent event logging on the slow TPM. We integrate this library into the Java Virtual Machine (JVM) to measure Java classes and show that it can be easily integrated into other interpreters. With performance measurements we demonstrate that our contribution is feasible and that overhead is negligible.

A Security Architecture for Protecting Safety-Critical Railway Infrastructure

This article gives an overview of an IT security architecture, which allows to operate security measures on safety systems such as object controllers. It consists of a hardware platform with a Trusted Platform Module (TPM) 2.0, a MILS (Multiple Independent Levels of Safety and Security) Separation Kernel (SK), and various security applications. The TPM serves as security anchor and enables, e.g., secure storage, measured boot, and remote attestation to detect tampering with the system software. The MILS OS ensures freedom of interference when running safety and security applications.

Secure Attestation of Virtualized Environments

In this paper we analyze existing work on TPM-based remote attestation for virtualized environments and discuss benefits as well as shortcomings. We identify an approach that provides adequate security and is easy to implement but is prone to relay attacks. We improve that approach by developing countermeasures, while maintaining existing security guarantees. We implement and evaluate on production-grade hardware. With performance measurements and further evaluations we show that our solution is viable.

Subverting Linux' Integrity Measurement Architecture

In this paper, we demonstrate that the security guarantees of the Linux Integrity Measurement Architecture (IMA) can be undermined by means of a malicious block device. We validate the viability of the attack with an implementation of a specially-crafted malicious block device in QEMU, which delivers different data depending on whether the block has already been accessed. We analyse and discuss how the attack affects certain use cases of IMA and discuss potential mitigations.


  • +49 6151 869-221
  • Rheinstraße 75
    64295 Darmstadt
  • Monday 10:00 to 13:00
    Wednesday 09:00 to 10:00