Zur Person:

Christian Niesler ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen.

Lebenslauf:

Ehrungen und Auszeichnungen:

• Eurobits Award 2020 für die Abschlussarbeit zum Thema: Securing Real-Time Embedded Systems through Hotpatching.

Publikationen:

• Niesler, Christian; Scholz, Christian; Davi, Lucas: MPUsh: Applying Security Hotpatches Instead Of MPU Barriers. In: Proc. of 2nd Constructive Approaches for SeCurity Analysis and Design of Embedded systems Conference (CASCADE'26). Springer, Regensburg, Germany, 2026. Kurzfassung Details BIB Download

  Due to hardware limitations and stringent timing demands, runtime hotpatching of security vulnerabilities on flash-constrained, hard real-time embedded systems remains a significant challenge. We present MPUsh, a novel Memory Protection Unit (MPU)-based hotpatching approach. MPUsh leverages the MPU to render vulnerable flash regions non-executable. Fault handlers then intercept these violations and redirect execution to RAM-resident patches. Our proof-of-concept prototype, implemented on an ARM Cortex-M4 (NUCLEO-F446RE) processor, activates patches in 15 cycles and redirects execution in 46 cycles. MPUsh outperforms interpreter-based alternatives while supporting arbitrary patch locations without pre-inserted hooks. Furthermore, MPUsh provides more patch slots than approaches that use hardware breakpoints. When evaluated on a safety-critical syringe pump, MPUsh successfully demonstrated real-time capability.

• Niesler, Christian; Scholz, Christian; Hannappel, Nils; Davi, Lucas: Co-Guard: Guarding Safety-Critical Embedded Devices in Emergencies. In: Proc. of 2nd Constructive Approaches for SeCurity Analysis and Design of Embedded systems Conference (CASCADE'26). Springer, Regensburg, Germany, 2026. Details BIB Download
• Mackensen, Philipp; Niesler, Christian; Blanco, Roberto; Davi, Lucas; Moonsamy, Veelasha: KINTSUGI : Secure Hotpatching for Code-Shadowing Real-Time Embedded Systems. In: Proc. of 34th USENIX Security Symposium. USENIX Association, WA, USA, 2025. Kurzfassung Details VolltextBIB Download

  Mission-critical embedded devices deal with strict real-time constraints, and thus make traditional updates or reboots unsuitable. While runtime fixes (i.e., hotpatching) reduce downtime, they pose challenges for resource management and real-time performance. Previous work has focused mainly on hotpatching devices executing their firmware from flash, neglecting those that use code-shadowing to execute firmware from RAM. These approaches neglect secure end-to-end hotpatch deployment during runtime, putting vulnerable devices at risk.

  We introduce Kintsugi, the first secure hotpatching framework for real-time embedded devices that uses code-shadowing. By leveraging the context switch of real-time operating systems, we achieve atomic application of hotpatches while enforcing strict memory policies to protect Kintsugi's resources with minimal overhead. Kintsugi is designed to prevent tampering attacks on both the framework and deployed hotpatches. Evaluated on the NRF52840-DK with an ARM Cortex-M4 MCU running at 64 MHz, a processor deployed in millions of devices, our results demonstrate Kintsugi's performance advantage with overheads as low as 38 cycles (0.59 \mu s) during normal operation, peaking at 216 cycles (3.38 \mu s). We show Kintsugi's effectiveness addressing real-world vulnerabilities in popular real-time operating systems like FreeRTOS and Zephyr, and libraries such as mbedTLS and picoTCP. Our approach introduces negligible overhead, making it ideal for real-time applications, as illustrated by our case study.

• Staudigl, Felix; Thoma, Jan Philipp; Niesler, Christian; Sturm, Karl; Pelke, Rebecca; Germek, Dominik; Joseph, Jan Moritz; Güneysu, Tim; Davi, Lucas; Leupers, Rainer: NVM-Flip: Non-Volatile-Memory BitFlips on the System Level. In: Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. Association for Computing Machinery (ACM), Porto, Portugal, 2024, S. 11-20. doi:10.1145/3643650.3658606Kurzfassung Details BIB Download

  Emerging non-volatile memories (NVMs) are promising candidates to substitute conventional memories due to their low access latency, high integration density, and non-volatility. These superior properties stem from the memristor representing the centerpiece of each memory cell and is branded as the fourth fundamental circuit element. Memristors encode information in the form of its resistance by altering the physical characteristics of their filament. Hence, each memristor can store multiple bits increasing the memory density and positioning it as a potential candidate to replace DRAM and SRAM-based memories, such as caches. However, new security risks arise with the benefits of these emerging technologies, like the recent NeuroHammer attack, which allows adversaries to deliberately flip bits in ReRAMs. While NeuroHammer has been shown to flip single bits within memristive crossbar arrays, the system-level impact remains unclear. Considering the significance of the Rowhammer attack on conventional DRAMs, NeuroHammer can potentially cause crucial damage to applications taking advantage of emerging memory technologies. To answer this question, we introduce NVgem5, a versatile system-level simulator based on gem5. NVgem5 is capable of injecting bit-flips in eNVMs originating from NeuroHammer. Our experiments evaluate the impact of the NeuroHammer attack on main and cache memories. In particular, we demonstrate a single-bit fault attack on cache memories leaking the secret key used during the computation of RSA signatures. Our findings highlight the need for improved hardware security measures to mitigate the risk of hardware-level attacks in computing systems based on eNVMs.

• Thoma, Jan Philipp; Niesler, Christian; Funke, Dominic; Leander, Gregor; Mayr, Pierre; Pohl, Nils; Davi, Lucas; Güneysu, Tim: ClepsydraCache - Preventing Cache Attacks with Time-Based Evictions. In: Proc. of 32nd USENIX Security Symposium. USENIX Association, Anaheim, CA, USA, 2023. Kurzfassung Details VolltextBIB Download

  In the recent past, we have witnessed the shift towards attacks on the microarchitectural CPU level. In particular, cache side-channels play a predominant role as they allow an attacker to exfiltrate secret information by exploiting the CPU microarchitecture. These subtle attacks exploit the architectural visibility of conflicting cache addresses. In this paper, we present CLEPSYDRACACHE, which mitigates state-of-the-art cache attacks using a novel combination of cache decay and index randomization. Each cache entry is linked with a Time-To-Live (TTL) value. We propose a new dynamic schedulingmechanism of the TTL which plays a fundamental role in preventing those attacks while maintaining performance. CLEPSYDRACACHE efficiently protects against the latest cache attacks such as PRIME+(PRUNE+)PROBE. We present a full prototype in gem5 and lay out a proof-of-concept hardware design of the TTL mechanism, which demonstrates the feasibility of deploying CLEPSYDRACACHE in real-world systems.

• Surminski, Sebastian; Niesler, Christian; Davi, Lucas; Sadeghi, Ahmad-Reza: DMA'n'Play: Practical Remote Attestation Based on Direct Memory Access. In: Proc. of 21st International Conference on Applied Cryptography and Network Security (ACNS). Springer, Cham, Kyoto, Japan, 2023. doi:10.1007/978-3-031-33491-7_2Kurzfassung Details BIB Download

  Remote attestation allows validating the trustworthiness of a remote device. Existing attestation schemes either require hardware changes, trusted computing components, or rely on strict timing constraints. In this paper, we present a novel remote attestation approach, called DMA’n’Play, that tackles these practical limitations by leveraging DMA (direct memory access). Since DMA does not require CPU time, DMA’n’Play even allows attestation of devices with real-time constraints. To prevent the exploitation of side-channels which potentially could determine if the attestation is running, we developed DMA’n’Play To-Go, a small, mobile attestation device that can be plugged into the attested device. We evaluated DMA’n’Play on two real-world devices, namely a syringe pump and a drone. Our evaluation shows that DMA’n’Play adds negligible performance overhead and prevents dataonly attacks, by validating critical data in memory.

• Surminski, Sebastian; Niesler, Christian; Linsner, Sebastian; Davi, Lucas; Reuter, Christian: SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand. In: Proc. of 13th ACM Conference on Data and Application Security and Privacy (CODASPY). Association for Computing Machinery (ACM), Charlotte, NC, USA, 2023. doi:10.1145/3577923.3583652Kurzfassung Details BIB Download

  From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, the user will not detect any compromise. The user has minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphone. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol.
  Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of SCAtt-man against a variety of attacks and its usability based on a comprehensive user study with 20 participants.

• Surminski, Sebastian; Niesler, Christian; Brasser, Ferdinand; Davi, Lucas; Sadeghi, Ahmad-Reza: RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints. In: Proc. of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS). Association for Computing Machinery (ACM), New York, USA, 2021. doi:10.1145/3460120.3484788Kurzfassung Details BIB Download

  Smart factories, critical infrastructures, and medical devices largely rely on embedded systems that need to satisfy realtime constraints to complete crucial tasks. Recent studies and reports have revealed that many of these devices suffer from crucial vulnerabilities that can be exploited with fatal consequences. Despite the security and safety-critical role of these devices, they often do not feature state-of-the-art security mechanisms. Moreover, since realtime systems have strict timing requirements, integrating new security mechanisms is not a viable option as they often influence the device's runtime behavior. One solution is to offload security enhancements to a remote instance, the so-called remote attestation.

  We present RealSWATT, the first software-based remote attestation system for realtime embedded devices. Remote attestation is a powerful security service that allows a party to verify the correct functionality of an untrusted remote device. In contrast to previous remote attestation approaches for realtime systems, RealSWATT does neither require custom hardware extensions nor trusted computing components. It is designed to work within real-world IoT networks, connected through Wi-Fi. RealSWATT leverages a dedicated processor core for remote attestation and provides the required timing guarantees without hardware extensions. We implement RealSWATT on the popular ESP32 microcontroller, and we evaluate it on a real-world medical device with realtime constraints. To demonstrate its applicability, we furthermore integrate RealSWATT into a framework for off-the-shelf IoT devices and apply it to a smart plug, a smoke detector, and a smart light bulb.

• Niesler, Christian; Surminski, Sebastian; Davi, Lucas: HERA: Hotpatching of Embedded Real-time Applications. In: Proc. of 28th Network and Distributed System Security Symposium (NDSS). Network and Distributed System Security (NDSS) Symposium, 2021. doi:10.14722/ndss.2021.24159Kurzfassung Details VolltextBIB Download

  Memory corruption attacks are a pre-dominant attack vector against IoT devices. Simply updating vulnerable IoT software is not always possible due to unacceptable downtime and a required reboot. These side-effects must be avoided for highly-available embedded systems such as medical devices and, generally speaking, for any embedded system with real-time constraints.
  To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied to resource-constrained IoT devices. Furthermore, possible hardware-related issues have not been addressed, i.e., the inability to directly modify the firmware image due to read-only memory.

  In this paper, we present the design and implementation of HERA (Hotpatching of Embedded Real-time Applications) which utilizes hardware-based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems. HERA preserves hard real-time constraints while keeping the additional resource usage to a minimum. In a case study, we apply HERA to two vulnerable medical devices. Furthermore, we leverage HERA to patch an existing vulnerability in the FreeRTOS operating system. These applications demonstrate the high practicality and efficiency of our approach.