SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
Last Sunday, students and faculty of SBA Research and TU Wien participated in the 2017 RuCTF Finals competition held in Yekaterinburg, Russia, as members of the team We_0wn_Y0u.
Students are primarily recruited from our “(Advanced) Internet Security” lecture series which is taught together with the Secure Systems Lab of TU Wien. The class is known as the “hacker lecture” at TU Wien. In this lecture students have to circumvent the security of an application approximately every two weeks in a safe environment. This prepares our students for security competitions like this one, as well as for securing commercial servers and networks in the future.
SBA supports this team financially and organizationally.
Scientific director Edgar Weippl has been interviewed by Austrian Broadcasting (ORF) radio channel OE1 on how to cope with password issues. The abstract of the interview can be found at www.orf.at, mobile version here.
Tomasz Miksa co-authored a whitepaper on machine-actionable data management plans (maDMPs). The whitepaper was used to seed the discussions at the 9th RDA Plenary in Barcelona, Spain and will lead to the establishment of new RDA groups.
The paper presents selected community-generated use cases that reflect the needs of various stakeholders. It also articulates a consensus about the need for a common standard for machine-actionable data management plans to enable future work in this area, thus making research outputs FAIR, i.e., Findable, Accessible, Interoperable, and Reusable.
The project “Secure Execution of Smart Contracts” (SESC) started on January 1, 2017. SESC is an R&D project supported by the BRIDGE 1 Programme of the Austrian Research Promotion Agency (FFG). The first project consortium meeting was hosted by SBA Research on March 21, 2017.
Dimitris Simos gives a talk on “Coveringcerts: Combinatorial Methods for X.509 Certificate Testing”, a joint work with Kristoffer Kleine, on March 14, 2017 at the 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017).
ICST 2017 takes place during March 13-18, 2017 in Tokyo, Japan at Waseda University and is one of the leading conference for software testing and validation.
The results of this work establish a new research field for combinatorial testing and testing of security protocols.
SBA Research will offer a series of evening trainings focusing on the hot topic “Blocks & Chains”. We will discuss specialized contents such as smart contracts, blockchain interlinking, privacy, and regulations attempts regarding cryptocurrencies.
The series starts with a tutorial, covering general information about cryptocurrencies and their underlying technology. During each of the following four evening trainings we will discuss one specialized topic in depth.
Today starts the Android Security Symposium at the Technical University of Vienna, courtesy of the Josef Ressel Center u’smile. The upcoming three days are packed with presentations surrounding the entire Android security ecosystem, ranging from presentations about the security architecture of Android by Google and AT&T right this morning, to secure app development, novel attacks, and much more.
Last weekend, the SBA-supported CTF team “We_0wn_Y0u” (W0Y) of the TU Wien again showcased its outstanding capabilities. In the academic International Capture the Flag (iCTF) contest they secured the third place out of 78 participating universities worldwide in an 8-hour race. W0Y started receiving points late in the game but managed to overtake the field leaving only Moscow State University (1st) and Saarbrücken University (2nd) in front.
As a novelty, this year, the iCTF also included a 24-hour non-academic contest where W0Y scored 4th out of 317 teams. The 24 hours meant three times more fun (by time), but also unique challenges regarding rest times and shift operations.
W0Y has a long-standing tradition in participating iCTF since 2005. They managed to be in the top-10 every time and won the competition twice. They comprise outstanding students and teaching staff of the “Internet Security” and “Advanced Internet Security” course-series taught at TU Wien. The courses are a cooperation of the Institute of Computer Aided Automation and the Institute for Software and Interactive Systems. The lectures are sometimes called hacking-course since they teach the unique offensive perspective to enable students to understand attackers and develop secure software in the future.
The iCTF is a so-called “attack-defense” competition. Every team has the same copy of a server to defend against other teams and simultaneously to attack the competitors. Each server provides about a couple of services. Attack points are awarded for every service that a team manages to overtake from another team by stealing a “flag”. Flags are files containing a secret unique to that team and service. Defense points are awarded for keeping the own services running and secure (i.e., not losing any flags).
The team likes to thank the UC Santa Barbara and Arizona State University for organizing the competition.
FM4 is broadcasting parts of the “myth-buster”-session “Hollywood Hacking by SBA Research”, created by Adrian Dabrowski. Every now and then, a movie excerpt is aired to give an amusing rollercoaster ride through the ups and downs of screenwriters imagination on computer security.
James Bond, Independence Day, Jurassic Park and Matrix Reloaded were already part of the series.