TUM Logo

Christian Schneider

Dr. Christian Schneider


now at Google Germany GmbH

Research Interests

In my reasearch I am investigating how the security and trustworthyness of commodity operating systems as Windows or Linux can be enhanced. To accomplish this, I focus onto two technologies: First, trusted platforms, and second, virtualization of the underlying hardware.

Trusted platforms allow to measure the state of a system and to provide authentic evidence for that state. In addition, critical data as cryptographic keys can be bound to that state, e. g., using the trusted platform module.

System virtualization provides strong isolation of different virtual machines on one physical host. It allows to monitor their state, intercept certain activities, and to reset the machine back to a trusted state, if necessary.

InSight logoFor my research in the field of virtual machine introspection, I developed a powerful tool, InSight, for bridging the semantic gap between hypervisor and guest operating system. InSight has already been applied to several projects at our chair and proven to be a flexible, high-performance, and stable means of re-constructing kernel objects out of guest physical memory. In the meanwhile, InSight has been released to the public and is licensed to the terms and conditions of the GNU GPLv2.

For more information visit the project website of InSight hosted at Google Code.

My Google Scholar profile

Supervised Theses

  • A VMI-based Sandbox Environment
  • State Analysis for the Application of Machine Learning Methods to Intrusion Detection
  • Design and Implementation of a Virtual Machine Introspection based Intrusion Detection System
  • Intrusion Detection through complete Machine State Analysis
  • Hypercall Support for Kernel-based Virtual Machines
  • Reputationssysteme für offene Service-Marktplätze
  • Control-Flow Enforcement in Workflows in the Presence of Exceptions (in cooperation with SAP Research)


  • Summer semester 2012
    • Exercises for lecture Secure mobile Systems
    • Honeynets Lab
  • Winter semester 2011/12
    • Exercises for lecture IT Security
  • Summer semester 2011
    • Exercises for lecture Secure mobile Systems
    • Seminar Virtualization Techniques for System Security
  • Winter semester 2010/11
    • Exercises for lecture IT Security
    • Seminar Virtualization Techniques for System Security
  • Summer semester 2010
    • Exercises for lecture Secure mobile Systems
  • Winter semester 2009/10
    • Exercises for lecture IT Security
    • Tutor for lecture Basic Principles: Operating Systems and System Software
  • Summer semester 2009
    • Exercises for lecture Secure mobile Systems
    • Seminar System Virtualization: the Technology of VMware & Co.
  • Summer semester 2008
    • Exercises for lecture IT Security at the TU Darmstadt
  • Winter semester 2007/08
    • Exercises for lecture Introduction to Computer Science III (algorithms and data structures) at the TU Darmstadt


2013 Leveraging String Kernels for Malware Detection
X-TIER: Kernel Module Injection
Full Virtual Machine State Reconstruction for Security Applications
2012 Bridging the Semantic Gap Through Static Code Analysis
2011 Nitro: Hardware-based System Call Tracing for Virtual Machines
A Universal Semantic Bridge for Virtual Machine Introspection
2010 Exploiting the x86 Architecture to Derive Virtual Machine State Information
2009 A Formal Model for Virtual Machine Introspection
Enhancing Control of Service Compositions in Service-Oriented Architectures