SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
Today we attend the highly prestigious International Conference on Business Process Management (BPM’2009) and present our paper “Business Process-based Resource Importance Determination” in the main track.
Our paper “A Reference Model for Risk-Aware Business Process Management” has been accepted at the 4th International Conference on Risks and Security of Internet and Systems (CRISIS2009).
Our paper “Towards Automating Social Engineering Using Social Networking Sites” has been accepted at the International Conference on Privacy, Security, Risk and Trust (PASSAT2009).
From 18th to 19th June 2009 Aad van Moorsel and Simon E. Parkin from Newcastle University will visit our research center. Our goal is to identify and initialize joint research projects between Newcastle University and Secure Business Austria in the field of economically justified security solutions. On 18th June… Read More
Edgar Weippl gives a talk on Database Forensic at the Security Forum in Hagenberg. Abstract: Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and restore deleted data. While this fact… Read More
We are attending the IEEE International Conference on Systems and present our latest research results regarding pseudonymization. We received the best paper award for the paper “Technologies for the Pseudonymization of Medical Data: A Legal Evaluation”. Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞