SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Gilbert Wondracek in the Economist

Gilbert Wondracek at the Vienna University of Technology in Austria and his colleagues built a history-stealing website aimed at groups on Xing, a business-orientated social network. Mr Wondracek’s analysis of over 6,500 Xing groups, containing a total of more than 1.8m users, suggested that his rogue site would be able to determine the identity of around four in ten visitors. A trial run, in which Mr Wondracek invited colleagues who use Xing to visit his history-stealing site, showed this estimate to be about right. The vulnerability he exploited has since been addressed by the engineers behind several browsers, including Firefox and Safari, but has so far not been fixed in Microsoft’s Internet Explorer.” (verbatim quote from The Economist, Monitor: Anonymous no more, May 10, 2010,

Sebastian Schrittwieser post graduate research at NII

Sebastian will stay 5 months at the National Institute of Informatics (NII) in Tokyo, Japan.

Invited Talk at NII

Edgar Weippl gives an invited talk at NII.

Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and restore deleted data. While this fact is well known for computer forensic and multiple tools to forensically analyze data exist, the systematic analysis of
data sources such as Web 2.0 services and their underlying database systems has only recently begun.

Clearly, database system are bound to leave more extensive traces since they not only store a file but, in addition, need indexes, rollback segments and log files. In this talk I will cover the basics of forensic analysis particularly focusing on database systems.

During the past few years, a huge number of online file storage services have been introduced. While some provide very basic functionality, e.g., uploading and retrieving files by a specific user, more advanced services offer features like shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. In this talk we closely look at Dropbox, in particular the Dropbox client software as well as the transmission protocol, and describe an attack that results in the unauthorized access to files stored with Dropbox. This attack can be used effectively for forensic investigations.

Österreichs Rolle im IT-Markt der Dach-Region (Future Networks)

Markus Klemen and Edgar Weippl are panelists at Future-Network’s event on “Austria’s role in IT markets in Germany, Austria and Switzerland”.

IEEE Internet Computing Special Issue on Security and Privacy in Social Networks

Our manuscript “Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam” has been accepted for the upcoming special issue on Security and Privacy in Social Networks in the IEEE Journal of Internet Computing in May/Jun 2011. Preprint is available here.

In this article we have introduced friend-in-the-middle (FITM) attacks which are active eavesdropping attacks against social networking sites. By cloning a user’s authentication cookie which is transmitted in an unencrypted way, it becomes possible to completely impersonate the user. This can then be used to collect sensitive information in an automated fashion which ultimately enables large context-aware spam campaigns that propagate via social phishing. FITM attacks are applicable to the great majority of currently deployed SNSs, such as Facebook, Friendster, and Orkut. Based on FITM attacks we described three subsequent exploits: (1) Friend injection, (2) Application injection, and (3) Social engineering. We furthermore evaluated the impact of a large-scale spam attack on basis of FITM attacks. We therefore set-up a Tor exit node and analyzed the passing through HTTP traffic. Our experiments showed that finding possible FITM attack seeds for spam campaigns is cheap regarding time and hardware resources. Our attack simulation results furthermore suggest that based on the 4000 possible Facebook attack seeds we observed within two weeks, ~300.000 users could have been targeted with context-aware spam.

There are a number of limited protection strategies available to social networking users, such as using browser extensions such as EFF HTTPS Everywhere. The Tor browser bundles include the EFF HTTPS Everywhere extension since May 2010. Social networking providers ultimately have to protect their users against FITM attacks by securing the communication channels of their services with HTTPS. At the time of writing Facebook has announced that they will offer optional HTTPS support for their web service. We strongly advice users to make use of this option once it will become available to everyone.

Entry in IEEE Xplore

IPhone privacy

Our partners at ISecLab have a nice paper on privacy and IPhones (German heise Article)

Guest talk / Seminar: John Tait

Guest talk: John Tait

The term Semantic Search is becoming fashionable, but there are a number of problems with the term.

1) There are at least two forms of semantic search. One is based more-or-less hand programmed knowledge sources, like domain ontologies or thesauri. The other is based on emergent properties of the data being searched, using technques like Latent Semantic Analysis or clustering. It is far from clear that the results of applying the two approaches are similar or even compatible.
2) It is often assumed that semantic search is in some sense different from surface text search: which implies that normal old-fashioned Google search (for example) is equivalent to randon string search, when of course the underlying statistics depend critically on the fact that both the queries and copora are natural language (English or German) words with underlying semantics.
3) Semantic Search depends critically on text annotation processes during indexing: but these are potentially corruptable by malefactors. How can this be prevented?

The seminar will explore these three issues, and attempt to find a better definition of the term semantic search and to identify soem ways forward.

Timbus projects starts March 1, 2011

The digital preservation problem is well-understood for query-centric information scenarios but has been less explored for scenarios where the important digital information to be preserved is the execution context within which data is processed, analysed, transformed and rendered. Furthermore, preservation is often considered as a set of activities carried out in the isolation of a single domain, without considering the dependencies on third-party services, information and capabilities that will be necessary to validate digital information in a futureusage context.
TIMBUS will endeavour to enlarge the understanding of DP to include the set of activities, processes and tools that ensure continued access to services and software necessary to produce the context within which information can be accessed, properly rendered, validated and transformed into knowledge. One of the fundamental requirements is to preserve the functional and non-functional specifications of services and software, along with their dependencies.

SBA Research
SQS Software Quality systems AG
Westfälische Wilhelms-Universität Münster
INESC ID – Instituto de engenharia de sistemas e computadores, investigacao e desenvolvimento em Lisboa
iPharro Media GmbH
Intel Performance learning solutions limited
Caixa Magica Software lda
Laboratorio Nacional de Engenharia Civil
Karlsruher Institut für Technologie
Laboratorio de Instrumentacao e Fisica Experimental de Particulas
Digital Preservation Coalition limited by guarantee*DPC


SBA is via AARIT part of the ABCDE project and will accept follows that want to join the research center.

Initiated in 1992 and open to PhD holders from Europe and all over the world, the Alain Bensoussan Fellowship Programme (ABFP) is designed for ICT students, researchers and professionals. Funded entirely by ERCIM members, the ABFP yields about 20 fellows per year on average.
Focusing on inter-sectoral ICT research and lasting generally 18 months, the fellowships are composed of two 9-month periods (9+9) to be spent in two different ERCIM institutes (located in two European countries) to foster trans-national mobility. Fellowships of 12 months hosted by one single ERCIM institution are also considered. In such cases, short research visits to other institutes are required in order to meet the training and mobility objectives of the programme.
Throughout the programme, the fellows are supported by the ERCIM Human Resource Task Force in driving their personal development scheme and to assist them in their future career plans, whether in European research institutions or in European Industry.
We believe ABCDE will provide a real opportunity to further develop and improve the already robust and self-sustainable Alain Bensoussan Fellowship Programme. Moreover, given the strategic nature of this training scheme focusing on ICT and novel technologies, COFUND support in up-scaling this Fellowship Programme would also enhance its impact over European research and competitiveness at large.

Information Security Knowledge Management Survey

We kindly ask you to participate in our information security knowledge management survey. The survey is conducted by publicly-funded research institutions SBA Research (AT), Newcastle University (UK), and Vienna University of Technology (AT). We conduct the survey to explore potential ways of enabling companies and professionals to share information security knowledge through the application of collaborative semantic web technologies. The aggregated survey results will be published within publically-accessible research publications.


Thank you for your support.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.