SBA Research is a research center for Information Security funded by the national initiative for COMET Competence Centers for Excellent Technologies. We bring together 25 companies, 4 Austrian universities, one university of applied sciences, a non-university research institute, and many international research partners to jointly work on challenges ranging from organizational to technical security.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

News

Digital Business Trends: Ja dürfen die denn das?

Edgar Weippl was on a panel discussion on new business models, technology and legal constraints. “Cloud solutions allow startups to scale their technical infrastructure quickly, but scaling is hard when it comes to different national legal systems” (OTS, Video statements, Photos).

Photos: APA-Fotoservice/Preiss

ERCIM News No. 102

The ERCIM News No. 102 has just been published at http://ercim-news.ercim.eu/en102

SBA Research contributed with two articles:
CyPhySec: Defending Cyber-Physical Systems by Johanna Ullrich and Edgar Weippl
CyberROAD: Developing a Roadmap for Research in Cybercrime and Cyberterrorism by Peter Kieseberg

SBA Research im Standard.at: Windows Server 2003 noch auf Drittel aller Server: Support-Ende im Juli

“Die IT-Sicherheitsexperten von SBA Research gehen davon aus, dass derzeit noch rund ein Drittel aller Server auf dem veralteten System laufen – und sehen daher entsprechenden Handlungsbedarf. „E-Mail-Server, Web-Server oder gar Netzwerk-Server können nicht mehr sicher gegen Bedrohungen abgeschirmt werden, wenn es keinen aktuellen Support dafür gibt. Das stellt eine enorme Gefahrenquelle für Unternehmen dar, da sie dadurch angreifbar von außen sind. Ein IT-Sicherheitsrisiko, das sich durch den Umstieg auf aktuelle Systeme jedoch leicht vermeiden lässt“, so Andreas Tomek.”

Pressemitteilung
Standard.at

IPICS & SBA

SBA Research sends several students to IPICS, Edgar Weippl gives a lecture and we also sponsor the summer school.

Researchers of SBA Research found several critical security vulnerabilities in the Koha Library software via Combinatorial Testing

Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos of the Combinatorial Security Testing Team of SBA Research found several critical security vulnerabilities in the Koha Library Software. The vulnerabilities involve a variety of serious issues like unauthenticated SQL Injection, Local File Inclusions, XSS and XRFS which allow remote attackers to completely compromise the web application and web server. After a full disclosure to the community the development team of Koha fixed all issues and published a security release. SBA Research would like to thank Chris Cormack and his team.

Koha is a leading open source Integrated Libray Systen (ILS), used world-wide by thousands of public, school and special libraries. It has an active community and several commercial supporters like LibLime, ByWaterSolutionsand and BibLibre. Famous Koha users include the Museum of Natural History in Vienna, the UNIDO library and the Spanish Ministry of Culture.

More details can be found at:

http://koha-community.org/security-release-koha-3-20-1/
http://koha-community.org/security-release-koha-3-18-8/
http://koha-community.org/security-release-koha-3-16-12/

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423

SBA Research as experts on “Supernowak”

Katharina Krombholz and Matthias Gusenbauer served as IT experts on “Supernowak”, produced by Puls4 and broadcasted on June 11, 2015. Together with Rainhard Nowak they showed how many data one is unknowingly releasing while shopping, running or googling.

Typical Security Flaws in Large Distributed Systems. E-Health Summit Austria.

Edgar Weippl presents an analysis of typical security flaws found in large distributed systems at the “E-Health Summit Austria“.

The Future of Cloud

At the Event ‘The Future of Cloud‘ organized by AIT and Eurocloud Edgar Weippl gave a presentation on cloud security and was on the panel on discussing research challenges in cloud computing.

Book Chapter released

Johanna Ullrich and Edgar Weippl contributed a chapter to the The Cloud Security Ecosystem edited by Ryan Ko and Raymond Choo. The book comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security – putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key thought leaders and top researchers in the technical, legal, and business and management aspects of cloud security. The authors present the leading edge of cloud security research, covering the relationships between differing disciplines and discussing implementation and legal challenges in planning, executing, and using cloud security.

The book is published in English by Syngress/Elsevier, available here: http://www.sciencedirect.com/science/book/9780128015957

COMET strategy meeting and some fun activities

SBA Research organized an internal event in Wetzlas to discuss and work on the COMET proposal on Friday and Saturday morning. The rest of the time we also had some non-research fun.

SBA Research with paper @ IEEE WoWMoM 2015

The paper “Privacy-preserving Routing in Delay Tolerant Networks based on Bloom Filters ” by Evangelos Papapetrou (University of Ioannina, Greece), Vasileios F. Bourgos (University of Ioannina, Greece), and Artemios G. Voyiatzis (SBA Research, Austria) has been accepted for publication in the 16th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM 2015).

WoWMoM 2015 takes place on June 14-17, 2015 in Boston, MA, USA and is ranked as an A-Conference in CORE.

Abstract: Privacy preservation in opportunistic networks, such as disruption and delay tolerant networks, constitutes a very challenging area of research. The wireless channel is vulnerable to malicious nodes that can eavesdrop data exchanges. Moreover, all nodes in an opportunistic network can act as routers and thus, gain access to sensitive information while forwarding data. Node anonymity and data protection can be achieved using encryption. However, cryptography-based mechanisms are complex to handle and computationally expensive for the participating (mobile) nodes. We propose SimBet-BF, a privacy-preserving routing algorithm for opportunistic networks. The proposed algorithm builds atop the SimBet algorithm and uses Bloom filters so as to represent routing as well as other sensitive information included in data packets. SimBet-BF provides anonymous communication and avoids expensive cryptographic operations, while the functionality of the SimBet algorithm is not significantly affected. In fact, we show that the required security level can be achieved with a negligible routing performance trade-off.

Conference Website

Details und Anmeldung

SBA presents international IFIP activities at Imagine 2015.

At the IMAGINE 2015 meeting Edgar Weippl gave an overview of international activities that SBA Research organizes in cooperation with IFIP WG 8.4. The next business meeting for the WG is planned for August in Toulouse, co-located with the ARES conference.
Moreover, we presented the support that SBA research can provide to security startups. This session was chaired by Michael Altrichter.

SBA Research @ OCG Jahrestagung 2015

SBA Research was part of the “OCG Jahrestagung 2015″. On Wednesday, June 10, Adrian Dabrowski and Aljosha Judmayer entertained the participants with our “Myth-Busters” session “Hollywood Hacking by SBA Research”. Afterwards we participated in the workshop “Privacy & Security” which was organized and led by Egdar Weippl.

More…

UberGrape first part of SBA’s Accelerator Program

Leo Fasbender @ IMPACT 2015

UberGrape is the first Start-Up company to become part of the SBA Research Accelerator Program. The cooperation was officially announced during the yearly “IMPACT” event on May 28th.

Their primary product is ChatGrape, an innovative communication solution for companies that intends to displace e-mail for inter-company communication. The solution uses semantic enrichment and integrates deeply into various cloud services such as GitHub, Google Calender, Google Drive and Trello. UberGrape also provides a custom-developed API to easily integrate their service into existing business solutions.

Since companies are a main target group of ChatGrape, Security is a major concern for ChatGrape. In the collaboration, SBA Research will support ChatGrape in terms of Secure Coding, resilience to external attacks and database security.

Article Computerwelt.at
Website of ChatGrape

 

 

 

Leo Fasbender, presenting ChatGrape @IMPACT 2015

Diskurs Digital – Keine einsamen Entscheidungen mehr!

„Akzeptanz und Legitimität im Umfeld von Online-Partizipation”

Heute fand die Veranstaltung “Diskurs Digital|Keine einsamen Entscheidungen mehr!”, unterstützt von SBA Research und organisiert von Liquid Participation, statt.

Organisationen stehen immer wieder vor der Herausforderung: Wie entwickle ich programmatische Positionen? Was legitimiert und qualifiziert Personen zur Beteiligung? Diese und weitere Fragen sollen in einer spannenden Diskussion erörtert werden.

Weitere Infos zur Veranstaltung finden Sie hier.

Video-Zusammenfassung der Veranstaltung

 

 

Stefan Pröll and Co-Authors publish the third edition of “MySQL 5.7 – Das umfassende Handbuch”

mysql_5 7Just recently the third edition of “MySQL 5.7 – Das umfassende Handbuch” was published. The book is a comprehensive guide to MySQL 5.7, written by our employee Stefan Pröll in collaboration with Eva Zangerle and Wolfgang Gassler, both employed at University of Innsbruck. Admins and users from novice to expert find all the required knowledge and practical tips for installing, configuring and administrating MySQL database server instances.

The book provides in-depth knowledge of the most important parameters, settings, tweaks and administrative tools and has a focus on practical applications. Central topics are backup strategies, replication, security, permission and rights management, query tuning and optimization, stored procedures, programming interfaces and also the NoSQL integration with MySQL. The authors explain and demonstrate all examples in the book with a considerably large test dataset from a consistent real world scenario. The dataset is distributed with the book and available on the publisher’s website. The book was published in the German language by the Rheinwerk Verlag.

Martin Mulazzani held talk @is4is summit Vienna 2015

Martin Mulazzani held a talk today at the first is4is summit (http://summit.is4is.org/about), organized by Prof. Wolfgang Hofkirchner. The topic was “Ethics in IT Security Research”: Research in IT security often comes with decisions and possibilities that may or may not be considered ethical. However, it is often hard for young researchers to estimate the impact of their work, possible consequences and overall morality, as well as to where to draw the line. The talk was followed by a lively discussion with the audience.

ACM Senior Member Award for Artemios Voyiatzis

The Association for Computing Machinery (ACM) awarded Artemios G. Voyiatzis the Senior Member Grade. The Senior Member Grade recognizes those ACM members with at least 10 years of professional experience and five years of continuous professional membership who have demonstrated performance that sets them apart from their peers. Artemios is one of the 56 recipients of this international award for 2015.

Das war die IMPACT 2015 – 28. Mai 2015

Bei der IMPACT 2015 haben wir gemeinsam mit hochkarätigen Vortragenden aus den Bereichen Wissenschaft und Wirtschaft, u.a. Andreas Moser, Google Switzerland und Mario de Boer, Security Analyst Gartner, die Brücke von der Forschung zum Markt gebaut und aufgezeigt, wie wir bei SBA Research Wissen und Wissenschaft anwendbar machen. Beim anschließenden Jahresfest blieb ausreichend Zeit für Networking und einen entspannten Ausklang – natürlich mit kulinarischer Begleitung.

Als besonderes Highlight luden wir vor dem offiziellen Start der IMPACT 2015 zu einer unterhaltsamen „Myth-Busters“-Session ein, bei der wir abenteuerliche Hollywood-Fantasien der realen Welt der IT-Security gegenüberstellen: Hollywood Hacking by SBA Research.

Die IMACT 2015 hat in den Räumen der OCG stattgefunden. Wir bedanken uns bei 120 Gästen für ihre Teilnahme! Die Präsentationen der einzelnen Vorträge finden Sie hier auf SlideShare bzw. auf einen Blick hier.
(Programm + Abstracts IMPACT 2015 PDF)

SACMAT 2015

Today is the first day of SACMAT 2015, which takes place from June 1 – 3, 2015 at the TU Wien and is hosted by SBA Research. Bart Preneel (KU Leuven, Belgium) holds today his keynote about Post-Snowden Threat Models.

Website

Dimitris Simos @ CROSSING

Dimitris Simos is invited to participate at the CROSSING Conference: CROSSING – Where Quantum Physics, Cryptography, System Security and Software Engineering meet, held in Darmstadt during June 1-2, 2015.

Leading researchers from the fields of Quantum Physics, Cryptography, System Security and Software Engineering will present the latest research results.