SBA Research is a research center for Information Security funded by the national initiative for COMET Competence Centers for Excellent Technologies. We bring together 25 companies, 4 Austrian universities, one university of applied sciences, a non-university research institute, and many international research partners to jointly work on challenges ranging from organizational to technical security.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

News

Guest talk: “Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces”

Engin Kirda, Professor of Computer Science and Engineering at Northeastern University in Boston, and the director of the Northeastern Information Assurance Institute, gives a talk about “Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces”. Abstract

Engin Kirda

Tuesday, 02.025.2016, 11.00-12.00

This event is hosted by the IEEE CS/SMCS Austria Chapter.

ACM Computing Surveys (CSUR) Paper on Software Obfuscation accepted

Sebastian Schrittwieser, Johannes Kinder, Stefan Katzenbeisser, and Edgar Weippl. Protecting software through obfuscation: Can it keep pace with progress in code analysis? ACM Computing Surveys (CSUR), accepted for publication, 2016.

SBA Research @ Dagstuhl Seminar on “Reproducibility of Data-Oriented Experiments in e-Science”

Rudolf Mayer and Andreas Rauber are currently participating in the prestigious Dagstuhl Seminar series, together with around 35 research fellows from Europe, Australia, Japan, Brazil and the USA.

The seminar deals with the challenges in making experimental research in e-Science reproducible. Many issues concern the lack of proper documentation of the experiments, the input data and parameters used, as well as the computing environment used as a platform. The target audience ranges from the original investigator to interested peers or reviewers.

SBA Research worked on the challenge of reproducible research in the EU-funded research project TIMBUS, which concluded in 2015, and will take up the outcomes and new developments of the seminar in the currently ongoing national project DEXHELPP, where reproducibility in e-Health research is one important aspect.

More information about the seminar can be found here.

CCS 2016 – Call for Papers

The Call for Papers for CCS 2016 is out. Submission Deadline: May 23, 2016 23:59 UTC-11
The 23rd ACM Conference on Computer and Communications Security will be held from October 24 – 28, 2016 at the Hofburg Palace in Vienna, Austria and is organized by SBA Research.

Security Afterworks “How to become a TLS-Hipster & Best of CCC”

The time has come to become a TLS-Hipster. Thomas Konrad gave a talk on how to get the knack of managing your SSL/TLS landscape. Free certificates from Let´s Encrypt, OCSP Stapling, HTTP Public Key Pinning, HSTS and detailed instructions on how to finally configure your TLS in the right way. Compatibility included.

Martin Schmiedecker presented a summary of the most interesting talks from the 32. Chaos Communication Congress (32c3) that took place in Hamburg.

The presentations of the talks can be found here.

SA21.01.2016_2               SA21.01.2016               SA21.01.2016_1

Bitcoin Tutorial at WWW2016 accepted

Our Tutorial ‘Cryptographic Currencies Crash Course‘ (Aljosha Judmayer, Edgar Weippl) has been accepted at WWW2016. We also have a workshop on empirical research methods at the conference.

Call for Papers – Special Issue on ARES 2015 / Cyber-Physical Systems

EURASIP Journal on Information Security welcomes submissions to the new special issue on ARES 2015 / Cyber-Physical Systems

In this special issue we want to explore security aspects of cyberphysical systems (CPS). We invite submission that address security issues of CPS and look at some specific topics related to CPS. Extended conference submissions are permissible if (i) the original paper is clearly and explicitly referenced in the introduction and (ii) the new content is at least 40%.

Submission Deadline: February 11, 2016
Guest Editor: Edgar Weippl, SBA Research, Austria
Call for Papers

Artemios Voyiatzis, Stefan Brunthaler and Peter Kieseberg joined COST Actions

Artemios Voyiatzis has been nominated as a MC Member to the COST Action RECODIS and Stefan Brunthaler has been nominated as a MC Member to the COST Action EUTYPES. Peter Kieseberg has been nominated as MC Substitute to both Actions.

COST (European Cooperation in Science and Technology)

SBA Research commits to the European Charter and Code for Researchers

SBA Research welcomes and supports the initiative of the European Commission and the recommendations given in „The European Charter for Researchers“ and „The Code of Conduct for the Recruitment of Researchers“. Although SBA Research already has many of these recommendations in place, we will promote further implementations to support the work of researchers and to maintain and enhance the high quality of research. Additional information can be found here.

ERCIM News No.104

The ERCIM News No. 104 has just been published at http://ercim-news.ercim.eu/en104/

SBA Research contributed with two articles:
Women in IT Security Research: The Case of SBA Research by Veronika Nowak
Trust for the Doctor in the Loop by Peter Kiesberg

Guest Talk: “Alice in the Sky – On Security of Air Traffic Control Communication”

Prof. Dr. Joachim Posegga, Chair of IT Security, University of Passau, Germany gives a guest talk about “Alice in the Sky – On Security of Air Traffic Control Communication”. Abstract

Thursday, 14.01.2016, 15.00-16.45

This event is hosted by the Vienna ACM SIGSAC Chapter.

GuestTalkPosegga

Call for Book Chapters

SBA Research at 32c3

Numerous members of SBA Research are currently at the Chaos Communication Congress (32c3) in Hamburg. If you happen to be there and spot one of us, approach us – we love to chat!

Here are some pictures from derstandard.at and some more (random) pictures on flickr. This is us:

sba_IMG_8024_c

SBA at Real World Crypto 2016

Aaron Zauner will present our findings on the usage of TLS in the email ecosystem and counter-measures for secure mail transport at Real World Crypto 2016 in January. You can find the detailed results here, while the program of RWC’16 is already available online.

Second paper at Financial Crypto 2016

Yet another paper was accepted at the International Conference of Financial Cryptography and Data Security (FC’16): “CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes” by Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda.

CuriousDroid was developed in collaboration with Northeastern University in Boston and provides intelligent, user-like user interface interactions for the large-scale analysis of Android apps, for example in analysis systems such as Andrubis.

Paper accepted at Financial Crypto 2016

Katharina Krombholz, Aljosha Judmayer, Matthias Gusenbauer and Edgar Weippl got their paper “The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy” accepted at the International Conference of Financial Cryptography and Data Security (FC’16) which will be held in February 2016 in Christ Church, Barbados.

Katharina Krombholz and Aljosha Judmayer already presented a first preview of their results in the course of a Bitcoin Austria Meet up which was held on Monday, 30th of November at SBA Research.

iCTF 2015

Last Friday, students and faculty of SBA Research and the Vienna University of Technology participated as members of the team We_0wn_Y0u in the 2015 edition of the international capture-the-flag contest iCTF.

Within 8 hours we managed to exploit 15 services, and finished 8th place with a very thrilling last-minute race for positions.