Michael Eckel

Michael Eckel

Cyber Security Researcher

Fraunhofer SIT


I am a cyber security researcher for Fraunhofer SIT. Previously, I was a security engineer at Huawei Technologies, mobile software developer at Boostix/GAL, and a web and software developer for a number of other companies. I hold a master’s degree in Computer Science. Currently, I am co-chairing the Trusted Computing Group’s Network Equipment work group, working to secure vulnerable network equipment.

My research interests include cyber security, Trusted Computing, virtualization technologies, and distributed systems.


  • Cyber Security
  • Trusted Computing
  • Virtualization Technologies
  • Distributed Systems


  • M.Sc. in Computer Science, 2014

    Mittelhessen University of Applied Sciences

  • B.Sc. in Computer Science, 2009

    Mittelhessen University of Applied Sciences

  • Pre-Diploma in Media Informatics, 2006

    Mittelhessen University of Applied Sciences


C Coding

90 %


100 %

RC Flying

60 %



Cyber Security Researcher

Fraunhofer SIT

Sep 2018 – Present Darmstadt

Developing security solutions based on Trusted Computing for network and embedded systems.

Responsibilities include:

  • Modeling security concepts
  • Implementation
  • Project Management

Security Engineer

Huawei Technologies

Jan 2015 – Aug 2018 Darmstadt
Developed security solutions based on Trusted Computing for network and cloud systems.


Certificate: Cryptography I

Coursera online course “Cryptography I” by Prof. Dan Boneh from the University of Stanford. The course consists of a theoretical part and a practical part (programming).
See certificate

Trainer Certification according to the German “Ausbilder-Eignungsverordnung (AEVO)”

Vocational and occupational pedagogical aptitude includes the competence to independently plan, implement and control vocational training in the fields of action:

  1. Checking training prerequisites and planning training,
  2. Preparing training and assisting in the recruitment of trainees,
  3. Carrying out training and
  4. Completing training.

Bundesministerium für Bildung und Forschung (BMBF)

See certificate

Cisco Certified Network Associate (CCNA)

Achieving CCNA certification is the first step in preparing for a career in IT technologies. To earn CCNA certification, you pass one exam that covers a broad range of fundamentals for IT careers, based on the latest networking technologies, software development skills, and job roles.

CCNA gives you the foundation you need to take your career in any direction.

Cisco Systems

See certificate

Recent Posts



Hardware-based Safety Platform for Railroad Control and Safety Technology


Challenge-Response based Remote Attestation with TPM 2.0

Recent Publications

Quickly discover relevant content by filtering publications.

Userspace Software Integrity Measurement

In this paper, we introduce Userspace Software Integrity Measurement (USIM) for the Linux OS. USIM enables interpreters to measure, log, and irrevocably anchor critical events in the Trusted Platform Module (TPM). We develop a software library in C which provides TPM-based measurement functionality as well as the USIM service, which provides concurrent access handling to the TPM based event logging. Further, we develop and implement a concept to realize highly frequent event logging on the slow TPM. We integrate this library into the Java Virtual Machine (JVM) to measure Java classes and show that it can be easily integrated into other interpreters. With performance measurements we demonstrate that our contribution is feasible and that overhead is negligible.

A Security Architecture for Protecting Safety-Critical Railway Infrastructure

This article gives an overview of an IT security architecture, which allows to operate security measures on safety systems such as object controllers. It consists of a hardware platform with a Trusted Platform Module (TPM) 2.0, a MILS (Multiple Independent Levels of Safety and Security) Separation Kernel (SK), and various security applications. The TPM serves as security anchor and enables, e.g., secure storage, measured boot, and remote attestation to detect tampering with the system software. The MILS OS ensures freedom of interference when running safety and security applications.

Secure Attestation of Virtualized Environments

In this paper we analyze existing work on TPM-based remote attestation for virtualized environments and discuss benefits as well as shortcomings. We identify an approach that provides adequate security and is easy to implement but is prone to relay attacks. We improve that approach by developing countermeasures, while maintaining existing security guarantees. We implement and evaluate on production-grade hardware. With performance measurements and further evaluations we show that our solution is viable.

Subverting Linux' Integrity Measurement Architecture

In this paper, we demonstrate that the security guarantees of the Linux Integrity Measurement Architecture (IMA) can be undermined by means of a malicious block device. We validate the viability of the attack with an implementation of a specially-crafted malicious block device in QEMU, which delivers different data depending on whether the block has already been accessed. We analyse and discuss how the attack affects certain use cases of IMA and discuss potential mitigations.

Softwaredesign für Dynamische Integritätsmessungen bei Linux

Die meisten Sicherheitstools versuchen schädliche Programme anhand ihrer Signatur oder anhand ihres Verhaltens zu erkennen. Dies hat den Nachteil, dass das Schadprogramm oder dessen Verhalten bereits bekannt sein muss. Ein anderer Ansatz ist es, ausführbare Programme direkt auf Änderungen im Programmcode zu überwachen, bevor diese ausgeführt werden. Mit diesem Ansatz ist es allerdings nicht möglich zur Laufzeit auftretenden Programmcode-Änderungen zu erkennen. Der in dieser Publiaktion vorgestellte Ansatz der TPM-basierten Dynamic Runtime Attestation (DRA) basiert auf dem Vergleich zwischen geladenem Programmcode und bekannten Referenzwerten. Um die nötige Flexibilität und Erweiterbarkeit zu erreichen, wird in den beteiligten Komponenten die Attestierungsstrategie (Guideline) zentral umgesetzt, welche die nötigen Schritte für alle Attestierungsoperationen, wie z.B. Messungen, Referenzwert-Generierung und Verifikation definieren.


  • +49 6151 869-221
  • Rheinstraße 75
    64295 Darmstadt
  • Monday 10:00 to 13:00
    Wednesday 09:00 to 10:00