Team
Wissenschaftlicher Mitarbeiter
M. Sc. Christian Scholz
- Raum:
- S-GW 306
- Telefon:
- +49 201 18-37336
- E-Mail:
- christian.scholz (at) uni-due.de
- Autorenprofile:
- ORCID
Zur Person:
Christian Scholz ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen.
Lebenslauf:
seit 06/2023
Wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen
10/2020 - 09/2021
Wissenschaftliche Hilfskraft beim Max-Planck-Institut für Sicherheit und Privatsphäre
10/2019 - 10/2022
Masterstudium IT-Sicherheit/Informationstechnik an der Ruhr-Universität Bochum (Abschluss mit M. Sc.)
07/2019 - 09/2020
Werkstudent bei der emproof GmbH
01/2018 - 09/2018
Studentische Hilfskraft beim Sales Management Department an der Ruhr-Universität Bochum
10/2015 - 09/2019
Bachelorstudium IT-Sicherheit/Informationstechnik an der Ruhr-Universität Bochum (Abschluss mit B. Sc.)
Publikationen:
- Niesler, Christian; Scholz, Christian; Davi, Lucas: MPUsh: Applying Security Hotpatches Instead Of MPU Barriers. In: Proc. of 2nd Constructive Approaches for SeCurity Analysis and Design of Embedded systems Conference (CASCADE'26). Springer, Regensburg, Germany, 2026. Kurzfassung Details BIB Download
Due to hardware limitations and stringent timing demands, runtime hotpatching of security vulnerabilities on flash-constrained, hard real-time embedded systems remains a significant challenge. We present MPUsh, a novel Memory Protection Unit (MPU)-based hotpatching approach. MPUsh leverages the MPU to render vulnerable flash regions non-executable. Fault handlers then intercept these violations and redirect execution to RAM-resident patches. Our proof-of-concept prototype, implemented on an ARM Cortex-M4 (NUCLEO-F446RE) processor, activates patches in 15 cycles and redirects execution in 46 cycles. MPUsh outperforms interpreter-based alternatives while supporting arbitrary patch locations without pre-inserted hooks. Furthermore, MPUsh provides more patch slots than approaches that use hardware breakpoints. When evaluated on a safety-critical syringe pump, MPUsh successfully demonstrated real-time capability.
- Niesler, Christian; Scholz, Christian; Hannappel, Nils; Davi, Lucas: Co-Guard: Guarding Safety-Critical Embedded Devices in Emergencies. In: Proc. of 2nd Constructive Approaches for SeCurity Analysis and Design of Embedded systems Conference (CASCADE'26). Springer, Regensburg, Germany, 2026. Details BIB Download
- Giesen, Jens-Rene; Scholz, Christian; Davi, Lucas: Poster: Code HarvETHter: Corpus-Driven Decompilation of Ethereum Smart Contracts. In: Proc. of 32th Association for Computing and Machinery SIGSAC Conference on Computer & Communications Security (CCS). Association for Computing Machinery (ACM), Taipeh, Taiwan, 2025. doi:10.1145/3719027.3760714Kurzfassung Details BIB Download
This poster introduces HarvETHter, a smart contract decompiler for EVM-based platforms such as Ethereum, Binance, and Polygon. We present the corpus completeness hypothesis, which we investigate through HarvETHter. Relying on our hypothesis, HarvETHter sources knowledge of the Ethereum blockchain and leverages it to decompile smart contracts to Solidity source code.