Secure Business Austria

IEEE Transactions SMC-C: Special Issue on Availability, Reliability, and Security

eweippl — Tue, 27 Jul 2010 16:14:46 +0000

The six papers in this special issue focus on availability, reliability, and security. Some of the topics covered include prevention of identity theft, biometric technology and authentication, and security considerations for RF identification. Guest editors: Ravi Sandhu, A Min Tjoa, Edgar Weippl. (more…)

Verification, Validation, and Evaluation in Information Security Risk Management

sfenz — Wed, 21 Jul 2010 07:19:12 +0000

Our article “Verification, Validation, and Evaluation in Information Security Risk Management” (Authors: Stefan Fenz and Andreas Ekelhart) got accepted at IEEE Security & Privacy. Check out the preprint at the IEEE Digital Library.

Abstract:
Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs, obviously exist, verification, validation, and evaluation of research is essential in any field, and ISRM is no exception. Individual approaches exist, but so far there is no systematic overview of the available methods. In this article we survey verification, validation and evaluation methods referenced in ISRM literature and discuss in which ISRM phases the methods should be applied. The selection of appropriate methods is demonstrated with a potential real-world example. This systematic analysis draws conclusions on the current status of ISRM verification, validation and evaluation and can serve as a reference for researchers and users of ISRM approaches who aim to establish trust in their results.

Markus Huber at CMU

mhuber — Tue, 20 Jul 2010 16:12:55 +0000

Markus Huber will work this summer on his research in Social Networking Privacy and Security at Carnegie Mellon University with Alessandro Acquisti.

Technical report: Friend-In-The-Middle (FITM) Attacks

mhuber — Wed, 14 Jul 2010 09:10:41 +0000

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

FITM_TR-SBA-Research-0710-01.pdf

“INFORM” awarded 2nd place

mmulazzani — Wed, 23 Jun 2010 10:15:40 +0000

The SBA FIT-IT proposal “INFORM” (Internet Forensic Framework) has been awarded the 2nd place in the competition for the best proposal among all proposals for “Trust in IT-Systems” in 2009.

The goal of “INFORM” is to study current challenges in computer forensics and to produce tools that enricht the toolset of a forensic analysist. In the traditional approach, the seizure of the suspects hard drives is used to analyse traces of malicious activities. With the widesread availability of hard drive encryption tools, online file storate systems and bootable Linux distributions that leave no traces on the hard drive, new tools and procedures are needed to support the evidence collection process. Social networks and anonymization networks pose further challenges for online forensics that will be adressed by “INFORM”.

The news report on futurezone and derstandard.

Social Engineering Bot and Porn Sites

eweippl — Sun, 13 Jun 2010 19:01:25 +0000

Our researchers of ISecLab have recently released some nice papers that are quoted on slashdot (see 1 and 2). More news reports on PCWorld, BBC and darkreading.

IMPACT 2010: May 6

eweippl — Sat, 22 May 2010 19:30:35 +0000

We celebrate the new grant COMET-K1 (more…)

“Digital Genome” Safeguards Dying Data Formats

eweippl — Thu, 20 May 2010 09:50:00 +0000

quoted from ACM Queue: “European researchers have deposited a “digital genome” time capsule inside a data storage facility known as the Swiss Fort Knox, which contains a blueprint that future generations can use to read data stored using obsolete technology. The capsule is the result of the four-year Planets project, which was launched to preserve the world’s digital assets as technology changes. “The time capsule being deposited inside Swiss Fort Knox contains the digital equivalent of the genetic code of different data formats,” says British Library archivist Adam Farquhar. Planets project researchers note that the European Union alone loses at least three billion euros worth of digital information every year. “Unlike hieroglyphics carved in stone or ink on parchment, digital data has a shelf life of years, not millennia,” says University of Technology of Vienna professor Andreas Rauber. The project aims to preserve data DNA, the information and tools to access and read historical digital material and prevent digital memory loss into the next century. “If we can nail the next 100 years, we figure we will be able to nail the next 100 years as well,” Farquhar says. ”

(more…) (Andreas Rauber @ SBA)

Guest talks and visiting researchers from the university of Deusto.

eweippl — Wed, 19 May 2010 18:18:19 +0000

Pablo García Bringas and Igor Santos Grueiro visited SBA Research and we plan to collaborate in the area of privacy and forensics in social networks.

New Key Researcher: Prof. Stefanie Rinderle-Ma

eweippl — Wed, 12 May 2010 17:38:20 +0000

We are happy to have a new key research who focuses on workflow systems and security: Prof. Stefanie Rinderle-Ma (at the University of Vienna)