SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

SBA Research moved to a new location!

Our new address: Floragasse 7, 1040 Vienna, Austria Effective since: June 25, 2019 More at:


Guest talk: A Bird’s-Eye View of Optimal Codes and Symmetric Cryptography from Combinatorial Designs

A Bird’s-Eye View of Optimal Codes and Symmetric Cryptography from Combinatorial Designs

Dimitris E. Simos, Department of Mathematics, National Technical University of Athens,

 Abstract: In the past few decades, combinatorial design theory has grown to encompass a wider variety of investigations, many of which are not apparently motivated by any practical application. Rather, they are motivated by a desire to obtain a coherent and powerful theory of existence and properties of designs. Nevertheless, it comes as no surprise that applications in coding theory and communications continue to arise, and also that designs have found applications in new areas. Cryptography in particular has provided a new source of applications of designs in computer science, and simultaneously a field of new and challenging problems in design theory.

In this lecture, we present a number of applications of combinatorial designs in which the connection with classes of optimal codes and modern symmetric (private-key) cryptography appears to be substantial and meaningful. In the first part, we present some new results for self-dual codes and quasi-cyclic codes and exemplify some of their advantages in terms of encoding and decoding. In the continuum, we survey recent powerful private-key cryptosystems from special classes of combinatorial designs, that posses beautiful combinatorial properties. Practical aspects of the cryptosystems, in terms of security and cryptanalysis are analyzed and examples of real-time encryption and decryption are provided using cryptographic algorithms. We conclude, by providing a state-of-the-art comparison of private-key block ciphers in the field of modern cryptography.


Edgar Weippl is elected as vice president and will continue organizing the ECRIM fellowship program for Austria.

IT-SeCX 11.11.11: Social Snapshots

IT-SeCX 11.11.11: Markus Huber presents “Social Snapshots – Digitale Forensik für Soziale Netzwerke” at ITSeCX (more…)

SBA participates at the 2011 “IKT-Zentren Akademie”

Ulrich Bayer did hold a lesson on secure development of web applications at the “IKT-Zentren Akademie” of 2011. The talk included a theoretical and practical introduction to secure web application development and the most common attack vectors. (mehr…)

Sicherheitskonferenz Krems: Cloud Speicherdienste als Angriffsvektoren

Cloud Speicherdienste als Angriffsvektoren.

based on our Usenix Security 2011 Paper (Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space), we will present some recent updates at the Sicherheitskonferenz Krems

Summerschool on Security and Privacy, Aug 2012

We will teach a course in the summer school in Italy…

Piwik vulnerability

Manuel found and reported a vulnerability. Excerpt from the changelog (Piwik 1.6): “Security: we would like to thank the following people for their responsible disclosure: […] Secure Business Austria […] Thank you to all these people for disclosing security issues to the Piwik team, ensuring a healthy and safe experience for the whole community!

Webinar: Cloud Security

We present a short overview of security issue in cloud-based storage services at conect’s Webinar series “Security & Risk Management”.

Securing XML archives for Search Based Applications – John Tait

Securing XML archives for Search Based Applications (Talk by John Tait; Oct 19; 10am SBA)

There has been a recent trend to produce what are known as Search Based Applications. One strand of this work is based on the observation that many organisation keep legacy transaction orientated systems up and running in order to allow information contained in those systems to continue to be accessed for audit and security purposes. This is quite different from the high transaction volumes the systems were originally designed for. So for example a credit card might keep an obsolete retailer and customer service applciation up and running purely so security investigators can accessed historic customer transaction patterns via ad hoc SQL queries.

A better solution would be to archive the data in the transaction system to an XML store, and then use enterprise text search systems, like Lucene or Bing/FAST to provide the query facilities. However, this raises the question, does the XML data actually represent the data previously held in the transaction system, or has the data been altered in some way.

The seminar will discuss the security issues search based applications raises and seek to work with the audience to find ways forward with those issues.

CCS 2011: The Power of Procrastination

Clemens Kolbitsch recently finished his PhD  supervised by Engin Kirda and Chris Kruegel. Tomorrow, he will present his paper “The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code” at CCS 2011. Clemens will shortly join our partner company TLLOD.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.