SBA @ Security Forum Hagenberg

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

June 4, 2025

In mid-May, our colleague Reinhard Kugler, applied research consultant at SBA Research, gave a talk on Tracing the Invisible: how to create Observability on Edge Devices with eBPF. His presentation focused on tracing protocols in embedded systems by instrumenting the kernel. He discussed protocols such as SPI, I2C, and CAN, and explained how kernel infrastructure can be leveraged through eBPF programs for security testing.

Abstract

Cyber-physical systems, such as industrial electronics, cars and medical devices transition to cloud-native technologies and have already adopted the Internet Protocol many years ago. Those former isolated systems have been connected to the Internet which exposes them to a broader community of attackers. A common pain point is the observability of such devices, since the available processing and memory resources are limited, even on Linux-based devices.

Therefore, many instances of attacks remain unnoticed on this device class, while the IT operates detection capabilities such as a SOC. How can companies step up the protections without taking an extensive toll on resources? Soft- ware using IP-based protocols, such as HTTP, MQTT and TLS already have access to an arsenal of security observability tools. Not so for non-IP protocols and on-board communication with pro- tocols such as SPI, UART, CAN and I2C, which is customized in many cases. How can a baseline of defenses be extended to the Edge?

With the eBPF technology the Linux Kernel can be extended by custom programs on the fly. This allows to integrate observability code into an embedded device. eBPF extends the system with in- depth protocol inspection as well as behavior tracking of the operating system. But does the gained observability surcharge the embedded system? This talk showcases in a hands-on fashion how to utilize container technologies in concert with eBPF to create a deeply integrated observability system to spot attack techniques of capable threat actors.

And on day 2, our scientific director Edgar Weippl presented on Companies and research institutions facing major challenges in the field of IT security.

Abstract

The presentation highlights why and how companies can benefit from collaborating with research institutions. It first examines what motivates companies to invest in IT security research. In addition to risk mitigation through innovative solutions, competitive advantages and access to highly qualified talent are key factors.

Another focus is on publicly funded research projects in Austria. The mechanisms of funding through the Austrian Research Promotion Agency (FFG), the Christian Doppler Research Association (CDG), and EU programs like Horizon Europe are explained. These programs provide companies with a structured framework for cooperating with research institutions. The presentation also offers practical advice on how companies and research institutions can collaborate most effectively to achieve sustainable results.

Furthermore, it discusses why it is important for university of applied sciences (FH) graduates — even those not directly involved in research — to understand the research landscape. This knowledge broadens career prospects and helps strategically leverage research projects.

Finally, the presentation explains the benefits for companies of supporting their employees’ doctoral studies and why pursuing a doctorate can be worthwhile. In addition to promoting innovation, it also strengthens employee retention.

About the Conference

The Security Forum is the annual ICT security conference organized by the Hagenberg Circle and traditionally takes place over two days in the spring. Attendees are offered both technical and management-oriented presentations on both days. Each year, around 300 participants from across Austria, Germany, and Switzerland attend the Security Forum, appreciating in particular the high quality of the expert talks and the professional atmosphere of the event.

Links

MATRIS – research group SBA Research
Security Forum
ORF Bundesland heute (until 13.06.2025)

News