- Software EntwicklerIn
- DissertantIn für Informatik
- Technische/r IT-Security-BeraterIn (Junior/Senior)
- BeraterIn Informationssicherheit
- Junior Researcher (PhD student) in ICS/SCADA domain
- Junior Researcher (PhD student) in network security
- SoftwareentwicklerInnen für Kooperationsprojekt mit unserem Unternehmenspartner Stiwa
Security Advisory: CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal
Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files.
After Srdjan Capkun’s opening keynote on ‘Secure Positioning and Location-Based Security’ and Bart Preneel’s presentation on ‘Challenges for Embedded Cryptography’, Edgar Weippl gave his invited talk on “Distributed Ledger Technology, Blockchain & Crypto Currencies – Hype & an Opportunity for Interdisciplinary Research” at the Cryptacus Conference.
Tomasz Miksa co-organised workshop on Domain specific extensions for machine-actionable Data Management Plans at the TPDL conference in Porto
The workshop entitled “Domain specific extensions for machine-actionable Data Management Plans” was held during the 22nd International Conference on Theory and Practice of Digital Libraries in Porto, Porugal.
In the workshop participants focused on the common data model for machine-actionable DMPs and seek to identify which domain specific extensions must be implemented to fulfil requirements of stakeholders, such as digital libraries and repositories. Discussion also focused on which information they can provide and which information they can expect, and how existing and future systems and services can support and potentially automate this information flow.
The results of the workshop contribute to the work of the RDA DMP Common Standards working group.
Bernhard Garn presents paper at 2nd IMA Conference on Theoretical and Computational Discrete Mathematics
Today, at the 2nd IMA Conference on Theoretical and Computational Discrete Mathematics [IMA], Bernhard Garn gives a talk titled ‘Algebraic Techniques for Covering Arrays and Related Structures’ (joint work with Dimitris Simos). The conference showcases theoretical and computational advances in the general field of discrete mathematics.
Tomasz Miksa on Research Data Preservation Using Process Engines and Machine-Actionable Data Management Plans at the TPDL conference in Porto
Tomasz Miksa presented a paper entitled “Research Data Preservation Using Process Engines and Machine-Actionable Data Management Plans” at the 22nd International Conference on Theory and Practice of Digital Libraries (TPDL 2018) which was held 10-13 September in Porto, Portugal.
The paper demonstrates how systems used for managing data during research can be extended with preservation functions using process engines that run pre-defined preservation workflows. It also shows a prototype of a machine-actionable data management plan that is automatically generated during this process to document actions performed.
The full text of the paper can be found here: [click].
Yesterday, Nicholas Stifter presented their paper:
Johanna Ullrich, Nicholas Stifter, Aljosha Judmayer, Adrian Dabrowski and Edgar Weippl, “Proof-of-Blackouts? How Proof-of-Work Cryptocurrencies Could Affect Power Grids” at RAID 2018 in Heraklion, Crete
The paper analyzes the potential impact cryptocurrency mining and its large power consumption could have on the reliable operation of synchronous power grids. For this, estimates of both the worldwide power consumption of Bitcoin and Ethereum, as well as their power consumption in different European power grids, are presented and discussed.
The morning session started with Edgar’s Opening Keynote on Distributed Ledger Technology, Blockchain & Crypto Currencies. The topic is not only a hype area but also well-suited for graduate students to start with focused research. In the presentation Edgar showed three aspects that are important in SBA’s research: (1) theoretical foundations, (2) understanding real world phenomena, and (3) impact.
KSÖ, SBA Research und KPMG suchen die besten Ideen rund um Security
Aljosha Judmayer will be presenting his full paper at CBT 2018 in Barcelona:
Aljosha Judmayer, Nicholas Stifter, Philipp Schindler and Edgar Weippl. “Enforcing rule changes through offensive forking- and consensus techniques”
Moreover Alexei Zamyatin had his poster accepted at the CBT´18 workshop, held as part as the ESORICS 2018:
Alexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais and William J. Knottenbelt. “Multisignatures for Cryptocurrency-Backed Tokens”
With a total of 308 participants from over 50 countries this year´s ARES & CD-MAKE broke all previous records. An acceptance rate of 22,3% along with 18 workshops, 6 of them held within the EU Projects Symposium, and 14 keynote speakers reflect the obtained success and impact.
In proper ARES style the productive days were complemented by wonderful evening events like the welcome reception inspired by the motto “fish buns and local traditions”, a harbor cruise and a laid-back conference dinner following a peak into the Miniature Wonderland.