SBA Research is a research center for Information Security funded by the national initiative for COMET Competence Centers for Excellent Technologies. We bring together 25 companies, 4 Austrian universities, one university of applied sciences, a non-university research institute, and many international research partners to jointly work on challenges ranging from organizational to technical security.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Schwerwiegende Schwachstelle im Windows HTTP-Protokoll-Stack (MS15-034)

Eine kürzlich bekanntgewordene schwere Windows Lücke betrifft vor allem Windows Webserver. Derzeit (16.04.2015) sind nur Denial-of-Service Angriffe möglich. Es ist relativ wahrscheinlich, dass in naher Zukunft Angriffe mit höherem Risiko entwickelt werden.

SBA Research hat alle derzeit verfügbaren Informationen in einem White-Paper zusammengefasst: SBA Whitepaper: Microsoft HTTP.sys Schwachstelle

Für weitere Informationen wenden Sie sich bitte an .

Security Afterworks am 14. April 2015

Das Security Afterworks am 14. April 2015 beschäftigte sich mit dem Thema “Cybercrime – Lessons From The Field & Best Of Troopers15″. Andreas Tomek sprach über Cybercrime-Vorfälle des letzten Jahres und bereitet diese hinsichtlich Identifikation, Incident Response und Prävention auf. Danach fassten Andrian Dabrowski und Peter Kieseberg die Hot Topics der Troopers15 Konferenz zusammen die Mitte März in Heidelberg stattgefunden hat.

Die Präsentationen zur Nachlese gibt es im Überblick hier.

Edgar Weippl is part of the Academic Advisory Network of Europol

Europol’s Cybercrime Center established an Academic Advisory Network. Edgar Weippl was part of the inaugural Meeting.


Edgar Weippl as expert at EU project COURAGE

Edgar Weippl was invited as expert to the focus group of the European project COURAGE (Cybercrime and Cyberterrorism European Research Agenda) at West Yorkshire Police’s District HQ in Leeds.

Paper accepted @ RTA 2015

The paper “Constructing Orthogonal Designs in Powers of Two: Groebner Bases Meet Equational Unification” by Dimitris E. Simos (SBA Research, Austria), Ilias Kotsireas (Wilfrid Laurier University, Canada), Temur Kutsia (RISC – Johannes Kepler University, Austria) has been accepted for publication in 26th International Conference on Rewriting Techniques and Applications (RTA 2015). RTA is the premium venue for rewriting techniques on computation theory and mathematics.

RTA 2015 takes place from June 29 – July 1, 2015 in Warsaw, Poland and is ranked as A-Conference in CORE.

Conference Website

Dimitris Simos @ IWCT2015

Dimitris Simos gives a talk on April, 13th in the Fourth International Workshop on Combinatorial Testing (IWCT 2015) about an Evaluation of the IPO-Family Algorithms for Test Case Generation in Web Security Testing. The workshop takes place in Graz, Austria and is collocated with ICST2015 (8th IEE International Conference on Software Testing, Verification and Validation) during April 13-17, 2015.


Talk at Vienna University of Technology

Katharina Krombholz gives a talk about “Usable Security and Privacy in Mobile and Wearable Computing” at the Vienna University of Technology.

Monday, April 13th, 13.00
TU Vienna, Bibliothek 187/2

3rd place with Team We0wnY0u at iCTF

Students of SBA Research participated as members of the team We0wnY0u of the Vienna University of Technology in the international capture-the-flag contest iCTF. In an 8 hours timeframe, 42 (in words: forty two) services were to exploit from previous iCTF competitions.




Overall We0wnY0u reached the 3rd rank, from more than 80 participating universities. The final scoreboard can be found here.

Guest Talk: “A Combinatorial Approach to Conformance Testing of Personal Healthcare Devices”

Prof. Jeff Lei, Department of Computer Science and Engineering at the University of Texas at Arlington, USA gives a talk about “A Combinatorial Approach to Conformance Testing of Personal Healthcare Devices”. His research interests are in the area of automated software analysis, testing and verification, with a current focus on combinatorial testing. He is a member of the Advanced Combinatorial Testing System (or ACTS) project sponsored by the Information Technology Laboratory of the US National Institute of Standards and Technology.

Friday, April 10th, 2015,11:15-12:00.

Abstract: Combinatorial testing has been shown to be very effective in detecting software faults. In this talk, we introduce a combinatorial testing-based framework for conformance testing of personal healthcare devices. In particular, we show how to apply combinatorial testing to ensure conformance of personal healthcare  devices with the IEEE 11073 message exchange protocol which defines how personal healthcare devices communicate with computing resources like PCs and set top boxes. This framework ensures that different implementations of the protocol stack conform to the same specification and are thus able to interoperate with each other.

We demonstrate a prototype tool that applies the proposed framework on Antidote, an open-source implementation of the IEEE 11073 protocol, and report some  preliminary testing results. We note that the current implementation of the framework is specific to the IEEE 11073 protocol, but the underlying approach is general and can be extended to other communication protocols.

Guest Talk: “Introduction to Advanced Combinatorial Testing System”

Dr. Raghu Kacker, Mathematical and Computational Sciences Division (MCSD), Information Technology Laboratory (ITL),National Institute of Standards and Technology (NIST), USA gives a talk about “Introduction to Advanced Combinatorial Testing System “.

Friday, April 10th, 2015, 10:15-10:30.

SACMAT accepted papers

17 papers were accepted as full papers.


As part of an ongoing project on increasing TLS security we are today announcing

This webpage is about evaluating a massive extension of the ruleset for HTTPSEverywhere, a browser extension for Chrome and Firefox which switches user traffic from unencrypted HTTP to encrypted and authenticated HTTPS automatically. You can read more details in the FAQ.

Delegation from Taiwan visits SBA Research

As part of a business trip to Austria and Germany, SBA Research welcomed guests from the Ministry of Science and Technology, the Information and Communication Security Technology Center and the National Applied Research Laboratories, Taiwan, at our research institution.


Guest talk: “Large-scale Automated Software Diversity – Programming Language Technology to Enhance System Security”

Dr. Stefan Brunthaler, Department of Computer Science, Donald Bren School of Information & Computer Sciences, USA gives a talk about “Large-scale Automated Software Diversity – Programming Language Technology to Enhance System Security”. The Abstract can be found here.

Thursday, March 26, 2015, 10:00-11:00

This event ist hosted by the IEEE CS/SMCS Austria Chapter.

Troopers 2015 – “Gridlock”

Zum zweiten Mal in Folge, gewann das CTF-Team (We 0wn You Lite) unter der Führung von SBA und FH St.Pölten (sowie je einem Gast aus Östrreich, Deutschland und Indien) den Hackerwettbewerb “Packetwars” im Rahmen der Troopers 2015.

Simuliert wurde ein Car-2-Car Netzwerk und eine darin grassierende Malware (“Gridlock”). Das ganze Setting basierte ausschließlich auf IPv6. Das Team überzeugte bei allen drei Teilbewerben und konnte zu Schluss root-Rechte am Command-and-Control Server der Malware erlangen.

Peter Frühwirt PhD defense

Peter defended his thesis (“Database Forensics: Towards a forensic-aware database solution”) successfully and graduated with distinction. Congratulations! Abstract

Peter Frühwirt Defensio

Edgar Weippl im Interview auf Ö1

Edgar Weippl spricht im Journal-Panorama zum Thema “Hacking: Wie sicher ist unser digitales Leben?” auf Ö1.
Journal-Panorama, 19. März 2015, 18:25 Uhr

Talk at Troopers15

Peter Kieseberg and Sebastian Schrittwieser give a talk about “iAnalyze –  Automated security analysis of iOS apps” at the “Hacking Mobiles Vol. 2.1 – MMA: Mobile Malicious Apps” workshop, which is held at Troopers15 conference in Heidelberg, Germany.

Workshop Agenda
Troopers 2015

Edgar Weippl zu Captchas in der pressetext Nachrichtenagentur

“Wirklich gute Alternativen zu Captchas gibt es noch nicht – manchmal werden stattdessen Rechenaufgaben gestellt, für Smartphones könnten auch Audio-Captchas besser geeignet sein. Dahingehend müsste noch mehr geforscht werden”. Artikel

Edgar Weippl in der pressetext Nachrichtenagentur,

Dimitris Simos @ ALCOMA 2015

Dimitris Simos gives a talk on March, 16th in the Fourth International ALCOMA Conference on Algebraic Combinatorics and Applications about Combinatorial Designs and the Analysis of their Application to Channel Estimation. The conference takes place in Kloster Banz, Germany during March 16-20.