SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

SBA Research moved to a new location!

Our new address: Floragasse 7, 1040 Vienna, Austria Effective since: June 25, 2019 More at:


IEEE Internet Computing Special Issue on Security and Privacy in Social Networks

Our manuscript “Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam” has been accepted for the upcoming special issue on Security and Privacy in Social Networks in the IEEE Journal of Internet Computing in May/Jun 2011. Preprint is available here.

In this article we have introduced friend-in-the-middle (FITM) attacks which are active eavesdropping attacks against social networking sites. By cloning a user’s authentication cookie which is transmitted in an unencrypted way, it becomes possible to completely impersonate the user. This can then be used to collect sensitive information in an automated fashion which ultimately enables large context-aware spam campaigns that propagate via social phishing. FITM attacks are applicable to the great majority of currently deployed SNSs, such as Facebook, Friendster, and Orkut. Based on FITM attacks we described three subsequent exploits: (1) Friend injection, (2) Application injection, and (3) Social engineering. We furthermore evaluated the impact of a large-scale spam attack on basis of FITM attacks. We therefore set-up a Tor exit node and analyzed the passing through HTTP traffic. Our experiments showed that finding possible FITM attack seeds for spam campaigns is cheap regarding time and hardware resources. Our attack simulation results furthermore suggest that based on the 4000 possible Facebook attack seeds we observed within two weeks, ~300.000 users could have been targeted with context-aware spam.

There are a number of limited protection strategies available to social networking users, such as using browser extensions such as EFF HTTPS Everywhere. The Tor browser bundles include the EFF HTTPS Everywhere extension since May 2010. Social networking providers ultimately have to protect their users against FITM attacks by securing the communication channels of their services with HTTPS. At the time of writing Facebook has announced that they will offer optional HTTPS support for their web service. We strongly advice users to make use of this option once it will become available to everyone.

Entry in IEEE Xplore

IPhone privacy

Our partners at ISecLab have a nice paper on privacy and IPhones (German heise Article)

Guest talk / Seminar: John Tait

Guest talk: John Tait

The term Semantic Search is becoming fashionable, but there are a number of problems with the term.

1) There are at least two forms of semantic search. One is based more-or-less hand programmed knowledge sources, like domain ontologies or thesauri. The other is based on emergent properties of the data being searched, using technques like Latent Semantic Analysis or clustering. It is far from clear that the results of applying the two approaches are similar or even compatible.
2) It is often assumed that semantic search is in some sense different from surface text search: which implies that normal old-fashioned Google search (for example) is equivalent to randon string search, when of course the underlying statistics depend critically on the fact that both the queries and copora are natural language (English or German) words with underlying semantics.
3) Semantic Search depends critically on text annotation processes during indexing: but these are potentially corruptable by malefactors. How can this be prevented?

The seminar will explore these three issues, and attempt to find a better definition of the term semantic search and to identify soem ways forward.

Timbus projects starts March 1, 2011

The digital preservation problem is well-understood for query-centric information scenarios but has been less explored for scenarios where the important digital information to be preserved is the execution context within which data is processed, analysed, transformed and rendered. Furthermore, preservation is often considered as a set of activities carried out in the isolation of a single domain, without considering the dependencies on third-party services, information and capabilities that will be necessary to validate digital information in a futureusage context.
TIMBUS will endeavour to enlarge the understanding of DP to include the set of activities, processes and tools that ensure continued access to services and software necessary to produce the context within which information can be accessed, properly rendered, validated and transformed into knowledge. One of the fundamental requirements is to preserve the functional and non-functional specifications of services and software, along with their dependencies.

SBA Research
SQS Software Quality systems AG
Westfälische Wilhelms-Universität Münster
INESC ID – Instituto de engenharia de sistemas e computadores, investigacao e desenvolvimento em Lisboa
iPharro Media GmbH
Intel Performance learning solutions limited
Caixa Magica Software lda
Laboratorio Nacional de Engenharia Civil
Karlsruher Institut für Technologie
Laboratorio de Instrumentacao e Fisica Experimental de Particulas
Digital Preservation Coalition limited by guarantee*DPC


SBA is via AARIT part of the ABCDE project and will accept follows that want to join the research center.

Initiated in 1992 and open to PhD holders from Europe and all over the world, the Alain Bensoussan Fellowship Programme (ABFP) is designed for ICT students, researchers and professionals. Funded entirely by ERCIM members, the ABFP yields about 20 fellows per year on average.
Focusing on inter-sectoral ICT research and lasting generally 18 months, the fellowships are composed of two 9-month periods (9+9) to be spent in two different ERCIM institutes (located in two European countries) to foster trans-national mobility. Fellowships of 12 months hosted by one single ERCIM institution are also considered. In such cases, short research visits to other institutes are required in order to meet the training and mobility objectives of the programme.
Throughout the programme, the fellows are supported by the ERCIM Human Resource Task Force in driving their personal development scheme and to assist them in their future career plans, whether in European research institutions or in European Industry.
We believe ABCDE will provide a real opportunity to further develop and improve the already robust and self-sustainable Alain Bensoussan Fellowship Programme. Moreover, given the strategic nature of this training scheme focusing on ICT and novel technologies, COFUND support in up-scaling this Fellowship Programme would also enhance its impact over European research and competitiveness at large.

Information Security Knowledge Management Survey

We kindly ask you to participate in our information security knowledge management survey. The survey is conducted by publicly-funded research institutions SBA Research (AT), Newcastle University (UK), and Vienna University of Technology (AT). We conduct the survey to explore potential ways of enabling companies and professionals to share information security knowledge through the application of collaborative semantic web technologies. The aggregated survey results will be published within publically-accessible research publications.


Thank you for your support.

APARSEN project starts on Jan 1, 2011

Digital preservation (DP) offers the economic and social benefits associated with the long-term preservation of information, knowledge and know-how for re-use by current as well as later generations. However, digital preservation has a great problem, namely that preservation support structures are built on projects which are short lived and is fragmented. The unique feature of APARSEN is that it is building on the already established Alliance for Permanent Access (APA), a membership organization of major European stakeholders in digital data and digital preservation. These stakeholders have come together to create a shared vision and framework for a sustainable digital information infrastructure providing permanent access to digitally encoded information. To this self-sustaining grouping APARSEN will add a wide range of other experts in digital preservation including academic, and commercial researchers, as well as researchers in other cross-European organizations. The members of the consortium already undertake research in digital preservation individually but even here the effort is fragmented despite smaller groupings of these organizations working together in specific EU and national projects. APARSEN will help to combine and integrate these programes into a shared program of work, thereby creating the pre-eminent virtual research center in digital preservation in Europe, if not the World. The Joint Programme of Activity will lead to:

• The integration of the majority of the research activities in DP within a common vision and common terminology and evidence standard
• A common agreement of the services needed for preservation, access and most importantly re-use of data holdings over the whole lifecycle;
• Embedding of legal and economic issues, including costs, governance issues and digital rights in digital preservation
• A discipline of data curators with appropriate qualifications recognized across Europe, and well defined support services

Science and Technology Facilities Council
Stichting European Alliance for Permanent Access
European Organization for Nuclear Research
Stichting Secretariaat van de International Association of Scientific, Technical and Medical Publishers
FTK Forschungsinstitut für Telekommunikation e.V
CSC – Tieteen tietotekniikan keskus Oy
Deutsche Nationalbibliothek
Digital Preservation Coalition limited by Guarantee*DPC
Alfred-Wegener-Institut fuer Polar- und Meeresforschung
The British Library
European Space Agency
Koninklijke nederlandse Akademie van Wetenschappen-Knaw
Koninklijke Bibliotheek
Stichting LIBER Foundation
Consorzio interuniversitario nazionale per l’informatica
InConTec GmbH
Foundation for Research and Technology – Hellas
Globit – Global Information Technology GmbH
Microsoft Research (Cambridge Lab)
Philips Consumer Lifestyle B.V.
Airbus Operations SAS
INMARK Estudios y Estrategias S.A.
Fondazione Rinascimento Digitale-nuove tecnologie per i beni culturali
Luleå University of Technology
University degli studi di Trento
Tessella PLC
IBM Israel – Science and technology ltd
SBA Research
Space Research Institute of the Russian Academy of Sciences
Österreichische Nationalbibliothek
University of Patras

Mumia project

The tremendous power and speed of current search engines to respond, almost instantaneously to millions of user queries on a daily basis is one of the greatest successes of the past decade. While this technology empowers users need to extract relevant information from the hundreds of thousands of terabytes of existing data available on the web, the next decade presents many new grand challenges. This next wave of search technology is faced with even greater demands, not only in terms of volume of requests, but also in terms of the changes to the content available, and the dynamics of Web 2.0+ data being produced. These increased and new demands mean that search technology must be able to search, filter, extract, combine, integrate, and process multiple and distributed sources of multilingual content, delivered to an even wider global audience and variety of population. Inevitably, Multilingual and Multifaceted Interactive Information Access (MUMIA) research and development will be a key part of the next generation of search technology. Machine Translation (MT), Information Retrieval (IR) and Multifaceted Interactive Information Access (MIIA) are three disciplines which address the main components of MUMIA. However, relevant research, which is vitally important for the development of next generation search systems, is fragmented. This Action will launch a much needed initiative to coordinate the collaboration between these disciplines, fostering research and technology transfer in these areas and play an important role in the definition of the future of search. To form a common basis for collaboration the domain of patent retrieval has been selected as it provides highly sophisticated and information intensive search tasks that have significant economic ramifications; as well as providing a large scale unifying test bed of multilingual and dynamic data. This Action will explore innovative frameworks to empower the synergies from the disparate research fields of MT/IR/MIIA within the specific context of patent search and other next generation Web applications.

Alexander Technological Educational Institute of Thessaloniki
Information Retrieval Facility
Dublin City University
Univ. of Duissburg-Essen
Univ. of Sheffield
Univ. “Al.I.Cuza” Iasi
University of Santiago de Compostela
University of Amsterdam
Norwegian University of Science and Technology
Swedish Institute of Computer Science (SICS)
Institute for Parallel Processing, Bulgarian Academy of Sciences
LIG (laboatoire d’Inforamtique de Grenoble), University of Grenoble
Centrum voor Wiskunde & Informatica
INRIA Futurs
University of Tampere, Department of Information Studies and Interactive Media
University of Glasgow
Barcelona Media Innovation Centre (FBM-UPF)
Information Science and Technology Institute (ISTI) of the Italian National Research Council

EU projects!

Andreas Rauber has been very successful. He brought several new EU projects to the center: APARSEN, TIMBUS and Mumia. Moreover, we will start with INMOTOS and we hope to attract one or two ERCIM fellows.
…more information will be posted soon…

Martin Mulazzani at Purdue University

Martin Mulazzani will work the next months at Purdue University in Lafayette, IN with Prof. Elisa Bertino and Prof. Christina Nita-Rotaru.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.