Sebastian Surminski

Wissenschaftlicher Mitarbeiter

Sebastian Surminski, M.Sc.

S-GW 306
+49 201 18-37336

Zur Person:

Sebastian Surminski ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Sichere Software Systeme an der Universität Duisburg-Essen.


Seit 20/2018

Wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit (Syssec) an der Universität Duisburg-Essen

4/2017 - 02/2018

Wissenschaftlicher Mitarbeiter am Lehrstuhl für Modellierung Adaptiver Systeme (MAS) an der Universität Duisburg-Essen

4/2014 - 04/2017

Masterstudium Angewandte Informatik - Systems Engineering an der Universität Duisburg-Essen (Abschluss mit M. Sc.)

10/2007 - 4/2014

Bachelorstudium Angewandte Informatik an der Universität Paderborn (Abschluss mit B. Sc.)

Ehrungen und Auszeichnungen:


Sebastian Surminski arbeitet im Rahmen des Sonderforschungsbereichs (SFB) 1119 CROSSING in Projekt S2 an Lösungen für Remote Attestation.


  • Niesler, Christian; Surminski, Sebastian; Davi, Lucas: HERA: Hotpatching of Embedded Real-time Applications. In: Proc. of 28th Network and Distributed System Security Symposium (NDSS). 2021. doi:10.14722/ndss.2021.24159VolltextBIB DownloadDetails

    Memory corruption attacks are a pre-dominant attack vector against IoT devices. Simply updating vulnerable IoT software is not always possible due to unacceptable downtime and a required reboot. These side-effects must be avoided for highly-available embedded systems such as medical devices and, generally speaking, for any embedded system with real-time constraints.
    To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied to resource-constrained IoT devices. Furthermore, possible hardware-related issues have not been addressed, i.e., the inability to directly modify the firmware image due to read-only memory.

    In this paper, we present the design and implementation of HERA (Hotpatching of Embedded Real-time Applications) which utilizes hardware-based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems. HERA preserves hard real-time constraints while keeping the additional resource usage to a minimum. In a case study, we apply HERA to two vulnerable medical devices. Furthermore, we leverage HERA to patch an existing vulnerability in the FreeRTOS operating system. These applications demonstrate the high practicality and efficiency of our approach.

  • Surminski, Sebastian; Rodler, Michael; Davi, Lucas: Poster: Automated Evaluation of Fuzzers - Distinguished Technical Poster Award. In: Proc. of 26th Network and Distributed System Security Symposium (NDSS). 2019. VolltextBIB DownloadDetails

    Fuzzing is a well-known technique for automatically testing the robustness of software and its susceptibility to security-critical errors. Recently, many new and improved fuzzers have been presented. One critical aspect of any new fuzzer is its overall performance. However, given that there exist no standardized fuzzing evaluation methodology, we observe significant discrepancy in evaluation results making it highly challenging to  compare fuzzing techniques.

    To tackle this deficiency, we developed a new framework, called FETA, which automatically evaluates fuzzers based on a fixed and comprehensive test set enabling objective and general comparison of performance results. We apply FETA to various recently released academic and non-academic fuzzers, eventually resulting in a large scale evaluation of the current state-of-the-art fuzzing approaches.

  • Sebastian Surminski, Christian Moldovan; Hoßfeld, Tobias: Practical QoE Evaluation of Adaptive Video Streaming. In: Reinhard German, Kai-Steffen Hielscher; Krieger, Udo R. (Hrsg.): Measurement, Modelling and Evaluation of Computing Systems. Springer International Publishing, Cham 2018, S. 283-292. VolltextBIB DownloadDetails
  • Sebastian Surminski, Christian Moldovan; Hoßfeld, Tobias: Saving Bandwidth by Limiting the Buffer Size in HTTP Adaptive Streaming. In: Krieger, Udo R.; Schmidt, Thomas C.; Timm-Giel, Andreas (Hrsg.): MMBnet 2017 - Proceedings of the 9th GI/ITG Workshop „Leistungs-, Verlässlichkeits- und Zuverlässigkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen“. University of Bamberg Press, Hamburg 2017, S. 5-21. doi:10.20378/irbo-49762VolltextBIB DownloadDetails
  • Moldovan, Christian; Metzger, Florian; Surminski, Sebastian; Hoßfeld, Tobias; Burger, Valentin: Viability of Wi-Fi Caches in an Era of HTTPS Prevalence. In: Society, Ieee Communications; Electrical, Institute Of; Electronics Engineers, Institute of Electrical; Engineers, Electronics (Hrsg.): IEEE ICC'17: Bridging People, Communities, and Cultures. Paris, France 2017. VolltextBIB DownloadDetails