TUM Logo

Sergej Proskurin

M.Sc. Sergej Proskurin


BedRock Systems


 2F25 C100 6A8D 6C29 5EAA EE8C BC96 0B8C 7F38 5B91

Research Interests

I am a PhD candidate at the Technical University of Munich. My research areas cover a wide range of low level and IT security related topics focusing, in the first place, at dynamic malware analysis through virtual machine introspection. In particular, I explore modern cross-architectural hardware features that enable stealthy analysis of guest VMs. My secondary objectives involve hypervisor/OS design and security, rootkits, reverse engineering, and trusted computing. In addition to my research, I contribute to the open source Xen Project hypervisor and offer and supervise practical courses, seminars, and lectures to university students within the area of rootkit programming, reverse engineering, and operating systems.


Drakvuf on ARM

DRAKVUF is an open source, virtualization based binary analysis framework running on top of the Xen hypervisor. By using Virtual Machine Introspection (VMI) techniques, DRAKVUF is able to transparently monitor and control the state of a virtual machine from a level beyond the OS. While DRAKVUF is a powerful means to analyze malware, its was limited to x86-64 based architectures.

Within the context of this project, we have shifted the scope of application of DRAKVUF towards ARM and thus the mobile market ultimately providing powerful malware analysis on mobile devices. To achieve this, we implement the foundation for DRAKVUF on ARM, which simulates the behavior of an effective approach that allows to stealthy inject code into guest VMs on Intel. This approach leverages a subsystem of the Xen Project hypervisor called Xen alternate p2m - or short altp2m. Our implementation of Xen altp2m establishes the necessary means to (i) inject code into guest OSes and (ii) hide it from the guests by intercepting accesses to the memory and cloak the contents of the target location in memory by dynamically switching among different views on the guest's memory. Finally, we extend the VMI library LibVMI and DRAKVUF to leverage our Xen alp2m on ARM implementation and thus establish dynamic malware analysis on ARM.

We have open sourced DRAKVUF on ARM and its dependencies on Github.



Master's Thesis

Supervised Work

Work in Progress

  • none


  • IEEE S&P, 2020 (preview, talk, slides)
  • Honeynet Workshop, Innsbruck, 2019
  • DCC, Lisbon, 2019
  • ACSAC, San Juan, 2018 (slides)
  • IFIP SEC, Poznan, 2018 (slides)
  • Hacktivity, Budapest, 2016


2024 ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels
2021 SEVerity: Code Injection Attacks against Encrypted Virtual Machines
2020 xMP: Selective Memory Protection for Kernel and User Space
2018 Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection
Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection
2015 seTPM: Towards Flexible Trusted Computing on Mobile Devices based on GlobalPlatform Secure Elements
Retrospective Protection utilizing Binary Rewriting
2012 Smart Camp: Building Scalable and Highly Available IT-Infrastructures