SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

News

Ivona Brandic, Energy Efficient Clouds

Ivona Brandic, Energy Efficient Clouds
May 31, 10am SBA

Cloud computing is a promising technology for the realization of large, scalable, and on-demand provisioned computing infrastructures. Currently, many enterprises are adopting this technology to achieve high performance and scalability for their applications while maintaining low cost. Service provisioning in the Cloud is based on a set of predefined non-functional properties specified and negotiated by means of Service Level Agreements (SLAs). Cloud workloads are dynamic and change constantly. Thus, in order to reduce steady human interactions, self-manageable Cloud techniques are required to comply with the agreed customers’ SLAs. In this talk we discuss flexible and reliable management of SLAs, which is of paramount importance for both Cloud providers and consumers. On the one hand, the prevention of SLA violations avoids penalties that are costly to providers. On the other hand, based on flexible and timely reactions to possible SLA violation threats, user interaction with the system can be minimized enabling Cloud computing to take roots as a flexible and reliable form of on-demand computing. Furthermore, a trade-off has to be found between proactive actions that prevent SLA violations and those that reduce energy consumption, i.e., increase energy efficiency.

IMPACT 2011

Im Rahmen von IMPACT 2011 fanden vier interessante Vorträge statt.

Prof. Dr. Stefan Katzenbeisser – TU Darmstadt – Privacy by Design – Technischer Datenschutz für hochsensible Daten
Prof. Davide Balzarotti, Ph.D. – EURECOM Sophia Antipolis – G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries
Prof. Dr. Günther Pernul – Universität Regensburg – On the Maturity of RBAC – A Survey and Classification of the Research Area
Günther Wiesauer – CEO Underground_8, Linz – Sicherheitsarchitektur für moderne Firewallsysteme

(more…)

Seminar on Social Network Security at DSV Forum

Markus Huber will hold a seminar on Social Network Security at the DSV Form in Stockholm on the 19th of May.

Research Talk: Designing Truthful Mechanisms

May 10, 2011, 10am @ SBA: Designing Truthful Mechanisms
Angelina Vidali

In this talk I will present my work on many different aspects of one of the most fundamental problems in algorithmic game theory (and more specifically algorithmic mechanism design), the problem of scheduling unrelated machines to minimize the makespan and I will also explain its connection with the problem of designing truthful combinatorial auctions. We assume that the machines behave like selfish players: they have to get paid in order to process the tasks, and would lie about their processing times if they could increase their utility in this way. The problem was proposed and studied in the seminal paper of Nisan and Ronen, where it was shown that the approximation ratio of mechanisms is between 2 and n.

Leak in Tor for Android (Orbot)

While performing traffic analysis on the current development version of Orbot, the official Android for Tor app, Manuel Leithner (Junior Researcher, SBA Research gGmbH) discovered that certain types of traffic (including VPN, GPS and videos) were not tunnelled through Tor. He subsequently developed a patch that enables full and enforced transparent proxying for all TCP and DNS traffic through the anonymisation service.

Talk by Daniel S Yeung on “Sensitivity Based Generalization Error for Single and Multiple Classifier Systems with Applications”

Sensitivity Based Generalization Error for Single and Multiple Classifier Systems with Applications

Abstract

Generalization error model provides a theoretical support for a classifier’s performance in terms of prediction accuracy. However, existing models give very loose error bounds. This explains why classification systems generally rely on experimental validation for their claims on prediction accuracy. In this talk we will revisit this problem and explore the idea of sensitivity measure in developing a new generalization error model based on the assumption that only prediction accuracy on unseen points in a neighborhood of a training point will be considered, since it will be unreasonable to require a classifier to accurately predict unseen points “far away” from training samples. Relationship between the new model and the regularization technique will be examined and a number of generic as well as domain specific applications will be presented.

Daniel S Yeung, Chair Professor, School of Computer Science and Engineering, South China University of Technology, Guangzhou, China, Junior Past President, IEEE Systems, Man and Cybernetics Society, Fellow of IEEE

Martin Mulazzani now works on Trudie

Martin Mulazzani now works on Trudie (TRUDIE – Trust Relationships in the Underground Economy, Sponsor: FIT-IT Trust in IT-Systems 3. Call, Austria)

USENIX Security ’11: Paper accepted

Our paper Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space was accepted. Unfortunately we cannot provide a preprint because the affected vendor(s) still need the time to fix some things…

SBA master student discovers flaw in Ruby on Rails

Rails 3.0.5 doesn’t validate the input for the X-Forwarded-For field in the header sent by clients with a class C remote-addr. (see: TRUSTED_PROXIES). (Security Focus, more details…)

Gilbert Wondracek joined SBA research as senior researcher

We are happy to have Gilbert Wondracek as a senior researcher on our team.

His last two IEEE S&P papers:

  • Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. 2010. A Practical Attack to De-anonymize Social Network Users. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP ’10). IEEE Computer Society, Washington, DC, USA, 223-238. DOI=10.1109/SP.2010.21 http://dx.doi.org/10.1109/SP.2010.21
  • Paolo Milani Comparetti, Gilbert Wondracek, Christopher Kruegel, and Engin Kirda. 2009. Prospex: Protocol Specification Extraction. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP ’09). IEEE Computer Society, Washington, DC, USA, 110-125. DOI=10.1109/SP.2009.14 http://dx.doi.org/10.1109/SP.2009.14

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close