SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Letitia Kernschmidt @ CMU

Letitia Kernschmidt spent last semester at Carnegie Mellon University (CMU). She took several courses and enjoyed in particular the course on Information Security Policy and Management. It focused on the non-technical aspects of information security such as product liability laws, cyber-insurance, data- breach notification laws, and regulations about minimum security requirements. Besides these university classes, she continued to work on a research project on the spreading of interacting epidemics in the context of computer malware (WU Vienna).

Letitia – who started with a FemTech internship at SBA Research and stayed on as researcher – enjoyed her time at CMU so much that she will continue her studies there.

#FF for @SBA_Prime

We are proud to announce that we have created a new Twitter feed, @SBA_prime. It is a curated, low-volume infosec timeline, operated by numerous members of SBA.

Paper accepted @ MASCOTS 2017

The paper “Swimming with Fishes and Sharks: Beneath the Surface of Queue-based Ethereum Mining Pools” by Alexei Zamyatin, K. Wolter, S. Werner, C.E.A. Mulligan, P.G. Harrison and W.J. Knottenbelt was accepted for publication at the 25th IEEE International Symposium on the Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) 2017.

Cryptocurrency mining can be said to be the modern alchemy, involving as it does the transmutation of electricity into digital gold. The goal of mining is to guess the solution to a cryptographic puzzle, the difficulty of which is determined by the network, and thence to win the block reward and transaction fees. Because the return on solo mining has a very high variance, miners band together to create so-called mining pools. These aggregate the power of several individual miners, and, by distributing the accumulated rewards according to some scheme, ensure a more predictable return for participants.

In this paper we formulate a model of the dynamics of a queue- based reward distribution scheme in a popular Ethereum mining pool and develop a corresponding simulation. We show that the underlying mechanism disadvantages miners with above-average hash rates. We then consider two-miner scenarios and show how large miners may perform attacks to increase their profits at the expense of other participants of the mining pool. The outcomes of our analysis show the queue-based reward scheme is vulnerable to manipulation in its current implementation.

IPICS 2017

Barbara Limbeck-Lilienau and Alexandra Mai attended IPICS 2017 in Greece; Edgar Weippl gave a tutorial on Blockchains, based on our book.

Johanna Ullrich @ AG CYSIS Symposium

Johanna Ullrich visited the 3. AG CYSIS Symposium in Frankfurt, Germany. CYSIS is initiated by Deutsche Bahn and TU Darmstadt to develop secure railway infrastructures.

At the symposium, the results of the working groups “Resilient Architectures”, “Business Continuity Management”, “Security for Safety”, and “ETCS with Security” were presented.

ERCIM News 110 published – Special theme “Blockchain Engineering”

The ERCIM News No. 110 has just been published with a special theme on “Blockchain Engineering“.

SBA Research contributes two articles in this issue. The first article is by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl on “Bitcoin – Cryptocurrencies and Alternative Applications“. The second article is by Nicholas Stifter, Aljosha Judmayer, and Edgar Weippl on “A Holistic Approach to Smart Contract Security“.

The full issue is available in PDF format here.

Autonomous Machines

At the Autonomous Machines World Edgar Weippl chairs a Security Cafe Session, 2.5 hours discussion on security on autonomous production machines.

Edgar at Autonomous Machines World in Berlin

SBA @ CAI 2017

Today at ‘International Conference on Algebraic Informatics’ [CAI], Dimitris Simos is chairing a session on Design Theory, where Ludwig Kampel is presenting a paper titled ‘Covering Arrays as Set Covers’ (Ludwig Kampel, Bernhard Garn, and Dimitris E. Simos). CAI brings together researchers from mathematics and computer science, with topics discussed being at the intersection of these two fields.


Rowhammer’in with @lavados

We are proud to host Daniel Gruss today (website, @lavados) to show us how to rowhammer!

Rowhammer is an very interesting attack that can be used to flip bits in RAM, and can be used among other things to elevate privileges. You can find his slides here.

SBA Research as external partner at CDG Josef Ressel Center expansion

The Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) is being expanded in its third year. A new module is added, which is executed SBA Research, an external partner from Vienna, and the existing modules scope is extended.

Georg Merzdovnik and Edgar Weippl work on security aspects of container technology. SBA Research hosts this external module to further strengthen the cooperation with FH St. Pölten.

Further details can be found here and here.

Markus Klemen @ (ISC)2 Secure Summit DACH

Markus Klemen gives the keynote speech “Employee Loyalty – a Feasible Goal?” at the (ISC)² Secure Summit DACH in Zürich today.

Further details can be found here.

Artemios G. Voyiatzis @ SENTER SIG meetings for DF and TL

Artemios G. Voyiatzis is representing SBA Research at the Special Interest Group (SIG) meetings on Digital Forensics (DF) and Teaching/Learning (TL) of the EU-funded project “Strengthening European Network Centres of Excellence in Cybercrime” (SENTER). The meetings take place on June 26-27, 2017 in Esslingen, Germany.

Blocks and Chains now available

Our book on blockchains has just been published:
Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms.
Aljosha Judmayer, Nicholas Stifter, Katharina Krombholz, and Edgar Weippl

SACMAT Panel on Access Control in Mobile Operating Systems

Ninghui Li organized a panel on Access Control in Mobile Operating Systems with Xiaofeng Wang, Aafer Yousra, and Edgar Weippl (SACMAT).

Peter Kieseberg @ Imagine 2017

Today Peter Kieseberg from SBA research is giving a talk on „Big Data im Zeichen der GDPR: Technische Fragen aus der Praxis“ at Imagine 2017.

Empirical Research: Peering, Net Neutrality and Privacy

Edgar Weippl gives a talk on privacy at Iowa State University

Adrian Dabrowski at the ETSI 5G Security Meeting

Adrian Dabrowski is today at the ETSI in Sophia Antipolis, presenting at the ETSI 5G Security workshop, part of the Security Week at ETSI. You can find the Agenda here.


SBA at Linz Cyber Security Conference 2017

Today, Martin Schmiedecker presents at the Linz Cyber Security Conference 2017 on “Online Anonymity beyond Tor”. The slides can be found here.

You can find the full schedule here.

Stefan Jakoubi on putting a focus on visibility

Stefan Jakoubi talks about putting a focus on visibility at the Software Architecture Day organised by CON.ECT Informunity.

Artemios G. Voyiatzis at Cranfield University, UK

Artemios G. Voyiatzis is visiting Cranfield University in the UK. He is hosted by the TES Centre. During his stay, Artemios gives a talk about “Engineering Lifetime Information Security” at the 5th Through-life Engineering Services Summer School (June 5-9, 2017).

A short tour to Bletchley Park nearby and the Colossus computer was very much appreciated.

Peter Kieseberg @ Privacy Forum in Vienna

Today, Vinzenz Heußler (University of Vienna) and Peter Kieseberg (SBA Research) give a talk on “Privacy by Design Data Exchange between CSIRTs” at the Annual Privacy Forum in Vienna.

Invited Talk at SPI 2017 on Empirical Research, Privacy and Usability

Edgar Weippl gives an invited talk at SPI 2017 in Brno.