SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT



DBT#1 “IT-Sicherheit” mit Johanna Ullrich

Am Donnerstag, den 18. Jänner, findet die erste DBT-Veranstaltung im neuen Jahr 2018 statt: Ab 19:30 Uhr dreht sich im Foyer des Haus der Musik alles um das Thema „IT-Sicherheit: Vom Stiefkind zur globalen Herausforderung“.


Im Anschluss an die Keynote von Alexander Janda (KSÖ – Kuratorium Sicheres Österreich) diskutieren u.a. Verena Becker (Wirtschaftskammer Österreich), Alexander Mense (FH Technikum Wien), Markus Schreiber (A1 Telekom Austria) und  Johanna Ullrich (SBA Kompetenzzentrum der TU Wien).

Details und Anmeldung

SBA at USENIX Security & Usenix Magazine

‘Securing the Internet, One HTTP 200 OK at a Time’ (Login, Usenix Magazine Winter 2017, Vol. 42, No. 4) is a summary of our recent Usenix Security paper ‘“I Have No Idea What I’m Doing” – On the Usability of Deploying HTTPS‘, and you’ll be soon able to watch the recording here due to the USENIX open access policy.

News coverage: Bulletproof TLS Newsletter, USENIX ;login:

Heise’s C’t also just covered our research in a long article.

Future of Online Anonymity: FWF Project accepted

Wilfried Mayer and Edgar Weippl will work on our newly accepted FWF project “FuOnA: Future of Online Anonymity”

This project aims to (i) understand the foundations of online anonymity, (ii) study the proposed technical mechanisms in detail, and (iii) further extend the schemes which are able to work at scale and protect the online personae of its users.

“On Security Research towards Future Mobile Network Generations” accepted in IEEE Communications Surveys and Tutorials

David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, and Christina P ̈opper. On security research towards future mobile network generations. IEEE Communications Surveys and Tutorials, 2018.

Cybercrime Busters: About CERTs and the cybercriminals of Vienna

At this event, organized by the OCG Forum Privacy and the OCG-working group IT-security, the project consortium presents three significant results of the KIRAS project CERT-Komm II. This project, for the federal chancellery of Austria, consists of SBA Research as the consortium leader and the following project partners:

  • University of Vienna, Faculty of Informatics, Multimedia Information Systems Research Group
  • Danube University Krems, department for infrastructural security
  • Research Institute AG & Co KG
  • IKARUS Security Software GmbH

More information can be found here. (in german)

Invited Talk on Security in Production Systems Engineering

At the Software Quality Days 2018, Edgar Weippl gives a talk on Security Challenges in Cyber-Physical Production Systems with a focus on securing the lifecycle of production systems engineering.

published by Springer.

SBA Research among partners of Austrian lead project IoT4CPS

IoT4CPS will develop guidelines, methods and tools to enable safe and secure IoT-based applications for automated driving and for smart production. The project will address safety and security aspects in a holistic approach both along the specific value chains and the product life cycles.


Click here for full article.

Botnets and Electrical Grids

Heise picked up on our recent ACSAC Paper. also reads Heise. and also published articles. Summary on

The paper “Grid Shock: Coordinated Load-Change Attacks on Power Grids” by Adrian Dabrowski, Johanna Ullrich, and Edgar Weippl was recently presented at the 2017 Annual Computer Security Applications Conference (ACSAC 33).

Our work analyzes whether large-scale botnets are able to modulate electric power consumption in a coordinate way to bring down the power grid. ACSAC is a leading conference in applied computer security. In total, 48 out of 244 submissions were accepted, resulting in an acceptance rate of 19.7%. ACSAC 33 will be held in San Juan, Puerto Rico in December 2017.

Empirical Research for Software Security

Our new book on empirical research for software security is available.
empirical research for software security
Empirical Research for Software Security: Foundations and Experience,
Lotfi ben Othmane, Martin Gilje Jaatun, Edgar Weippl (eds), CRC Press, ISBN 9781498776417.

SBA Research @ WeAreDevelopers World Congress 2018!

We are happy to announce that SBA Research is hosting the security track „Private and Secure Development“ of WeAreDevelopers World Congress 2018, the biggest development conference in Europe (Twitter).

We are supporting WeAreDevelopers with our information security and secure development experience.

Securing the Internet, One HTTP 200 OK at a Time

HTTPS is the most commonly used cryptographic protocol on the Internet. It protects communication content and provides endpoint authenticity at scale. However, deploying HTTPS in a truly secure fashion can be a challenging task even for experienced admins. To explore why this is the case and how these challenges can be fixed in order to support an even wider adoption, we conducted a user study, which was presented at USENIX Security 2017.

(Securing the Internet, One HTTP 200 OK at a Time, Wilfried Mayer, Katharina Krombholz, Martin Schmiedecker,and Edgar Weippl, Login, Usenix 2017, Vol 42, No 4)

Nicholas Stifter and Aljosha Judmayer give an interview on blockchain – Profil

Nicholas Stifter and Aljosha Judmayer, two of our four researchers focusing full time on blockchain technology gave an interview for Profil.

RIPE article on IPv6 addressing

Johanna Ullrich has contributed a post on IPv6 Address Security and Privacy to RIPE Labs.

For the full article please see here.

Unique Fingerprint for each Computer

Sebastian Schrittwieser (SBA Research) works on faster identification of cyber attacks by making the hacking process more obvious. Schrittwieser and his team are designing highly complex program codes in order to prevent damage.

Full article

Promotio sub auspiciis Praesidentis for Dr. Johanna Ullrich

Johanna Ullrich finally got her PhD officially awarded sub auspiciis Praesidentis in presence of the Austrian president Dr. Alexander Van der Bellen. This type of promotion is the highest honor for achievement, and the laureates receive a gold ring from the president. The tradition dates back to the 17th century.

Please also see the announcement of TU Wien

500 attendees joined Blockchain Summit at WU

500 participants discussed and prepared pilot projects at several workshops on Tuesday, December 5.

SBA Research is among the cooperation partners of WU´s newly founded Research Department of Crypto Economy that is in charge of accompanying the pilot projects.

©Blockchain Austria

More Security for Production Systems

Interview with Edgar Weippl in “Die Messe”.

Marc Juarez from KU Leuven gave guest lecture at Privacy Enhancing Technologies course

Marc Juarez from KU Leuven gave a guest lecture at TU Wien (in this years “Privacy Enhancing Technologies” course).

He spoke about “Website Fingerprinting Attacks and Defenses in the Wild” on December 1st 2017.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.