Matthias Kruk

Principal Engineer in the Miracle Linux Development Team

My primary responsibilities are the development of the build system used for the development of Miracle Linux, the largest Japanese Linux distribution. As part of this work, I am also responsible for the infrastrucure of the build system, which uses a combination of KVM-based virtualzation and Docker-based containerization. Due to the breadth of the work that goes into the development of a Linux distribution, this continuously… Show more

Principal Engineer in the Miracle Linux Development Team

My primary responsibilities are the development of the build system used for the development of Miracle Linux, the largest Japanese Linux distribution. As part of this work, I am also responsible for the infrastrucure of the build system, which uses a combination of KVM-based virtualzation and Docker-based containerization. Due to the breadth of the work that goes into the development of a Linux distribution, this continuously gives me opportunity to learn new things. Show less

Contracted to Wind River, working as Security Lead for Helix EdgeSync and improving the VxWorks kernel.

As Security Lead of EdgeSync, I was responsible for the creation of a threat model, including a threat analysis of the EdgeSync architecture. As part of the analysis, I created several proposals how to mitigate (or not to mitigate) risks and discussed them with the other stakeholders. Once mitigations were agreed upon, I helped the team implement the mitigations and perform tests… Show more

Contracted to Wind River, working as Security Lead for Helix EdgeSync and improving the VxWorks kernel.

As Security Lead of EdgeSync, I was responsible for the creation of a threat model, including a threat analysis of the EdgeSync architecture. As part of the analysis, I created several proposals how to mitigate (or not to mitigate) risks and discussed them with the other stakeholders. Once mitigations were agreed upon, I helped the team implement the mitigations and perform tests whether the mitigations were effective.
In the preparations of the release, I was responsible for setting up the Product Security Incident Response Team, which I lead in the months following the release.

During that time I also worked on a project to improve POSIX compatibility of Wind River's VxWorks real-time operating system. To make porting of applications from Linux easier, I implemented the fork and exec system calls. To improve my development and testing workflow, I also implemented support for the ext2 and ext3 file systems in VxWorks. Show less

Working student in the Automotive Solutions Delivery department

My first project was to evaluate several testing tools to facilitate ISO26262 certification and MISRA-C conformance of the VxWorks kernel's interrupt handling. The results of my assessment were used for the selection of an automated testing tool and lead to the partnership with one of the tool providers.
One of the tools that I evaluated performed symbolic execution on binarys for several ARM SoCs. In the course of the… Show more

Working student in the Automotive Solutions Delivery department

My first project was to evaluate several testing tools to facilitate ISO26262 certification and MISRA-C conformance of the VxWorks kernel's interrupt handling. The results of my assessment were used for the selection of an automated testing tool and lead to the partnership with one of the tool providers.
One of the tools that I evaluated performed symbolic execution on binarys for several ARM SoCs. In the course of the evaluation of this tool, I learned to read and write assembly code for the ARMv7 and ARMv8 architectures, and developed an understanding of interrupt handling in ARM processors.

Following the testing tool evaluation project, I got involved in the Intel Security Hardening project, the goal of which was to improve the security posture of the IVI platform that Intel (Wind River's parent company at the time) was developing. I was primarily responsible for testing the USB and network stacks. I used a FaceDancer board to emulate various USB devices and check if the USB stack handled misbehaving USB devices correctly.
Testing of the network stack was performed with several network-based fuzzing tools. In the course of the tests, I identified and fixed two vulnerabilities in OpenAVB, the AVB stack that was used on the platform.
Outside of these tasks, I was also responsible for the development of a tool to automatically generate the SELinux policies that were used by the devices. Show less

Working student in the Group IT Strategy And Enterprise Architecture department

My first task was to support the Digitalization@Allianz initiative, which aimed to reduce the use of paper and improve automation within the company. This initiative also aimed to improve and unify the adoption of open source software within the organization and all of its entities. For the latter, I was tasked with the implementation of a web portal that could be used within the company to share knowledge… Show more

Working student in the Group IT Strategy And Enterprise Architecture department

My first task was to support the Digitalization@Allianz initiative, which aimed to reduce the use of paper and improve automation within the company. This initiative also aimed to improve and unify the adoption of open source software within the organization and all of its entities. For the latter, I was tasked with the implementation of a web portal that could be used within the company to share knowledge about open source software.
Another of my tasks was to aid the evaluation of a tool for enterprise architecture management. In the course of this project, I gained insights (I wouldn't go so far as to say they're deep insights) into BPM and Enterprise Architecture frameworks. Show less