SBA Research is a research center for Information Security funded by the national initiative for COMET Competence Centers for Excellent Technologies. We bring together 25 companies, 4 Austrian universities, one university of applied sciences, a non-university research institute, and many international research partners to jointly work on challenges ranging from organizational to technical security.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

News

SBA Research im Schweizer Fernsehen

Das Schweizer Fernsehen kam zu SBA, um über Martinas Paper zu berichten (Andrubis – 1,000,000 Apps Later: A View on Current Android Malware Behaviors)


Für die Studie hat das Forschungszentrum SBA Research in Wien eine App mitentwickelt, mit der User ihr Smartphone nach schädlichen Programmen durchleuchten können. «Fast alle Apps sammeln Daten», sagt Edgar Weippl wissenschaftlicher Direktor von SBA Research, gegenüber «Kassensturz».” (SRF)

SBA Research @ B2B Software Days 2015

SBA Research ist mit einem Messestand bei den 3. International B2B Software Days 2015  der Wirtschaftskammer Österreich vertreten.

Die International B2B Software Days bieten eine Plattform um mehr über die neuesten Trends im “Digital Business” zu lernen und um internationale Kooperationspartner für Forschung, Technologie und Business-Projekte zu finden.

Genauere Informationen zur Veranstaltung finden Sie hier.

Security Forum 2015

Edgar Weippl wird über “Advanced Persistent Threats & Social Engineering” sprechen:

Abstract: Social Engineering ist schon seit langer Zeit als effektive Angriffsmethode bekannt. Der Begriff “Wissensarbeiter” wurde von Peter Drucker vor etwa 50 Jahren geprägt. Aktuelle Trends wie BYOD (bring your own device) und öffentliche Cloud-Dienste stellen für Arbeitgeber eine neue Herausforderung da. Junge Wissensarbeiterinnen und –arbeiter erwarten in ihrem beruflichen Umfeld die gleichen mobilen Geräte und Dienste verwenden zu können, die sie auch privat verwenden.

Die Abnahme direkter und persönlicher Kommunikation und die große Zahl verwendeter Tools (E-Mail, IM, Skype, Dropbox, Linked-In, Lync, etc.) ermöglichen neue Angriffsvektoren. Aktuelle Angriffe zeigen, dass technisch unterstützte Social-Engineering-Angriffe sehr oft der erste Schritt komplexer APTs (Advanced Persistent Threats) sind. In dem Vortrag werden aktuelle Gefahren aufgezeigt und analysiert.

Edgar Weippl @ (ISC)2 Secure Central Eastern Europe 2015

The (ISC)2 Secure Central Eastern Europe 2015 Conference deals with the topic “Managing Risk in an Ever Changing Threat Landscape”. The conference takes place on 21st April 2015 at the Óbuda University in Budapest, Hungary.

Edgar Weippl will give a talk about “Research Challenges in Information Security”.

Over the last years, there is an increasing number of descriptive works observing and describing complex phenomena, e.g., the efficiency of different spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. These studies are characterized by large sets of samples.
Future research will focus on networks and cloud systems; the research methodology will be empirical systems security: (1) passively observing large systems and (2) active probing that stimulates revealing behavior of the Systems.

Sorgenkind IT-Security: Mehr Bedrohungen und weniger Profis

Andreas Tomek in der Computerwelt über die Ergebnisse der Global Information Security Workforce Study (GISWS) von (ISC)².

Den Artikel gibt es hier zu lesen.
Studie zum Download

“Awareness ist eine der wichtigsten Sicherheitsmaßnahmen”: Andreas Tomek in der Computerwelt

“Die siebte Global Information Security Workforce Study (GISWS) des (ISC)² kommt zu dem Schluss, das international bis 2020 1,5 Millionen IT-Security-Fachkräfte fehlen werden. Aber wie sieht die Lage in Österreich aus? Computerwelt.at hat den Experten Andreas Tomek, Head of Professional Services bei SBA Research und Vorstandsmitglied beim (ISC)² Chapter Österreich, dazu befragt.”

Das Interview in der Computerwelt gibt es hier zu lesen.

Paper accepted @ IEEE WoWMoM 2015

The paper “Privacy-preserving Routing in Delay Tolerant Networks based on Bloom Filters ” by Evangelos Papapetrou (University of Ioannina, Greece), Vasileios F. Bourgos (University of Ioannina, Greece), and Artemios G. Voyiatzis (SBA Research, Austria) has been accepted for publication in the 16th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM 2015).

WoWMoM 2015 takes place on June 14-17, 2015 in Boston, MA, USA and is ranked as an A-Conference in CORE.

Abstract
Conference Website

Schwerwiegende Schwachstelle im Windows HTTP-Protokoll-Stack (MS15-034)

Eine kürzlich bekanntgewordene schwere Windows Lücke betrifft vor allem Windows Webserver. Derzeit (16.04.2015) sind nur Denial-of-Service Angriffe möglich. Es ist relativ wahrscheinlich, dass in naher Zukunft Angriffe mit höherem Risiko entwickelt werden.

SBA Research hat alle derzeit verfügbaren Informationen in einem White-Paper zusammengefasst: SBA Whitepaper: Microsoft HTTP.sys Schwachstelle

Für weitere Informationen wenden Sie sich bitte an ms15034@sba-research.org .

Security Afterworks am 14. April 2015

Das Security Afterworks am 14. April 2015 beschäftigte sich mit dem Thema “Cybercrime – Lessons From The Field & Best Of Troopers15″. Andreas Tomek sprach über Cybercrime-Vorfälle des letzten Jahres und bereitet diese hinsichtlich Identifikation, Incident Response und Prävention auf. Danach fassten Andrian Dabrowski und Peter Kieseberg die Hot Topics der Troopers15 Konferenz zusammen die Mitte März in Heidelberg stattgefunden hat.

Die Präsentationen zur Nachlese gibt es im Überblick hier.

Edgar Weippl is part of the Academic Advisory Network of Europol

Europol’s Cybercrime Center established an Academic Advisory Network. Edgar Weippl was part of the inaugural Meeting.

Meeting

Edgar Weippl as expert at EU project COURAGE

Edgar Weippl was invited as expert to the focus group of the European project COURAGE (Cybercrime and Cyberterrorism European Research Agenda) at West Yorkshire Police’s District HQ in Leeds.

Paper accepted @ RTA 2015

The paper “Constructing Orthogonal Designs in Powers of Two: Groebner Bases Meet Equational Unification” by Dimitris E. Simos (SBA Research, Austria), Ilias Kotsireas (Wilfrid Laurier University, Canada), Temur Kutsia (RISC – Johannes Kepler University, Austria) has been accepted for publication in 26th International Conference on Rewriting Techniques and Applications (RTA 2015). RTA is the premium venue for rewriting techniques on computation theory and mathematics.

RTA 2015 takes place from June 29 – July 1, 2015 in Warsaw, Poland and is ranked as A-Conference in CORE.

Abstract
Conference Website

Dimitris Simos @ IWCT2015

Dimitris Simos gives a talk on April, 13th in the Fourth International Workshop on Combinatorial Testing (IWCT 2015) about an Evaluation of the IPO-Family Algorithms for Test Case Generation in Web Security Testing. The workshop takes place in Graz, Austria and is collocated with ICST2015 (8th IEE International Conference on Software Testing, Verification and Validation) during April 13-17, 2015.

Program

Talk at Vienna University of Technology

Katharina Krombholz gives a talk about “Usable Security and Privacy in Mobile and Wearable Computing” at the Vienna University of Technology.

Monday, April 13th, 13.00
TU Vienna, Bibliothek 187/2
Details

3rd place with Team We0wnY0u at iCTF

Students of SBA Research participated as members of the team We0wnY0u of the Vienna University of Technology in the international capture-the-flag contest iCTF. In an 8 hours timeframe, 42 (in words: forty two) services were to exploit from previous iCTF competitions.

 

scoreboard_ictf2015

 

Overall We0wnY0u reached the 3rd rank, from more than 80 participating universities. The final scoreboard can be found here.
Press: derStandard.at, futurezone.at

Guest Talk: “A Combinatorial Approach to Conformance Testing of Personal Healthcare Devices”

Prof. Jeff Lei, Department of Computer Science and Engineering at the University of Texas at Arlington, USA gives a talk about “A Combinatorial Approach to Conformance Testing of Personal Healthcare Devices”. His research interests are in the area of automated software analysis, testing and verification, with a current focus on combinatorial testing. He is a member of the Advanced Combinatorial Testing System (or ACTS) project sponsored by the Information Technology Laboratory of the US National Institute of Standards and Technology.

Friday, April 10th, 2015,11:15-12:00.

Abstract: Combinatorial testing has been shown to be very effective in detecting software faults. In this talk, we introduce a combinatorial testing-based framework for conformance testing of personal healthcare devices. In particular, we show how to apply combinatorial testing to ensure conformance of personal healthcare  devices with the IEEE 11073 message exchange protocol which defines how personal healthcare devices communicate with computing resources like PCs and set top boxes. This framework ensures that different implementations of the protocol stack conform to the same specification and are thus able to interoperate with each other.

We demonstrate a prototype tool that applies the proposed framework on Antidote, an open-source implementation of the IEEE 11073 protocol, and report some  preliminary testing results. We note that the current implementation of the framework is specific to the IEEE 11073 protocol, but the underlying approach is general and can be extended to other communication protocols.

Guest Talk: “Introduction to Advanced Combinatorial Testing System”

Dr. Raghu Kacker, Mathematical and Computational Sciences Division (MCSD), Information Technology Laboratory (ITL),National Institute of Standards and Technology (NIST), USA gives a talk about “Introduction to Advanced Combinatorial Testing System “.

Friday, April 10th, 2015, 10:15-10:30.

SACMAT accepted papers

17 papers were accepted as full papers.

Announcing tlscompare.org

As part of an ongoing project on increasing TLS security we are today announcing https://tlscompare.org

This webpage is about evaluating a massive extension of the ruleset for HTTPSEverywhere, a browser extension for Chrome and Firefox which switches user traffic from unencrypted HTTP to encrypted and authenticated HTTPS automatically. You can read more details in the FAQ.