Sebastian Surminski

Sebastian Surminski, M.Sc.

Room:
S-GW 306
Phone:
+49 201 18-37336
Email:

Bio:

Sebastian Surminski is a research assistant in the working group for Secure Software Systems at the University of Duisburg-Essen.

Curriculum Vitae:

since 02/2018

Research Assistant at the chair for Secure Software Systems (Syssec) ath the University of Duisburg-Essen

4/2017 - 02/2018

Research Assistant at the chair for Modelling of Adaptive Systems (MAS) ath the University of Duisburg-Essen

4/2014 - 04/2017

Master's studies in Applied Computer Sciences - Systems Engineering at the University of Duisburg-Essen (graduated with M.Sc.)

10/2007 - 4/2014

Bachelor's studies in Applied Computer Sciences at the University of Paderborn (graduated with B.Sc.)

Honours and Awards:

Projects:

Sebastian Surminski works as researcher within the CRC 1119 CROSSING in project S2 on remote attestation.

Publications:

Filter:
  • Paaßen, David; Surminski, Sebastian; Rodler, Michael; Davi, Lucas: My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers. In: Proc. of 26th European Symposium on Research in Computer Security. Springer International Publishing, Darmstadt 2021. CitationDetails
  • Niesler, Christian; Surminski, Sebastian; Davi, Lucas: HERA: Hotpatching of Embedded Real-time Applications. In: Proc. of 28th Network and Distributed System Security Symposium (NDSS). 2021. doi:10.14722/ndss.2021.24159PDFFull textCitationDetails

    Memory corruption attacks are a pre-dominant attack vector against IoT devices. Simply updating vulnerable IoT software is not always possible due to unacceptable downtime and a required reboot. These side-effects must be avoided for highly-available embedded systems such as medical devices and, generally speaking, for any embedded system with real-time constraints.
    To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied to resource-constrained IoT devices. Furthermore, possible hardware-related issues have not been addressed, i.e., the inability to directly modify the firmware image due to read-only memory.

    In this paper, we present the design and implementation of HERA (Hotpatching of Embedded Real-time Applications) which utilizes hardware-based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems. HERA preserves hard real-time constraints while keeping the additional resource usage to a minimum. In a case study, we apply HERA to two vulnerable medical devices. Furthermore, we leverage HERA to patch an existing vulnerability in the FreeRTOS operating system. These applications demonstrate the high practicality and efficiency of our approach.

  • Surminski, Sebastian; Rodler, Michael; Davi, Lucas: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. Full textCitationDetails

    Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

    To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

  • Sebastian Surminski, Christian Moldovan; Hoßfeld, Tobias: Practical QoE Evaluation of Adaptive Video Streaming. In: Reinhard German, Kai-Steffen Hielscher; Krieger, Udo R. (Ed.): Measurement, Modelling and Evaluation of Computing Systems. Springer International Publishing, Cham 2018, p. 283-292. Full textCitationDetails
  • Sebastian Surminski, Christian Moldovan; Hoßfeld, Tobias: Saving Bandwidth by Limiting the Buffer Size in HTTP Adaptive Streaming. In: Krieger, Udo R.; Schmidt, Thomas C.; Timm-Giel, Andreas (Ed.): MMBnet 2017 - Proceedings of the 9th GI/ITG Workshop „Leistungs-, Verlässlichkeits- und Zuverlässigkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen“. University of Bamberg Press, Hamburg 2017, p. 5-21. doi:10.20378/irbo-49762Full textCitationDetails
  • Moldovan, Christian; Metzger, Florian; Surminski, Sebastian; Hoßfeld, Tobias; Burger, Valentin: Viability of Wi-Fi Caches in an Era of HTTPS Prevalence. In: Society, Ieee Communications; Electrical, Institute Of; Electronics Engineers, Institute of Electrical; Engineers, Electronics (Ed.): IEEE ICC'17: Bridging People, Communities, and Cultures. Paris, France 2017. Full textCitationDetails