A group of dedicated young researchers presented their work in the course of the ICT Security Conference on October 1-2, 2019. Katharina Pfeffer (SBA) introduced her research in the area of Usable Security.

The conference counting a total of 2500 attendees once more showed that cyber attacks present a great threat to economy, infrastructure, democracy and the apparatus of state. The YRD successfully demonstrates ongoing efforts to ensure security in all areas.

Read more

The 2^nd Conference on Urban Resilience, organized by the Czech Informatics, Robotics and Cybernetics Institute (CIIRC), targeted the interdisciplinary approach of fostering technological innovation in an emerging field such as Resilience.

In regard to the specific focus on increasing the urban capabilities to tackle present and future challenges, a diverse mix of industrial, educational, political and scientific representatives attended the two-day conference. Vaclav Hlavac, Miroslav Svitek,Leon Rothkrantz and numerous other speakers described the role of AI, IoT and Blockchain in this field and discussed the potential as well as the threats of such technologies. The industrial point of view was highlighted by presenters such as Jean-Louis Champseix, Peter C. Young and Jean-Baptiste Burtscher, who talked about the positive side-effects of successful attempts to include resilient thinking into management, processing or distribution. Researchers like Massimo Guarascio, Rene Lindner or Eric Rigaud presented the potential of standardization methods and theoretical and practical limitations of existing infrastructures. Speakers in the area of cybersecurity, among them Otto Sladek or Pavlina Blahova, pressed on the necessity of software-based solutions for modern social-ecological challenges. Overall, the conference helped us to establish various contacts in an uttermost diverse field and to initiate talks about future collaboration possibilities.

Tomasz Miksa  and Bernhard Gößwein presented their paper on Data identification and process monitoring for reproducible earth observation research at the 15^th IEEE eScience conference in San Diego.

Earth observation researchers use specialised computing services for satellite image processing offered by various data backends. The source of data is often the same, for example Sentinel-2 satellites operated by Copernicus, but the way how data is pre-processed, corrected, updated, and later analysed may differ among the backends. Backends often lack mechanisms for data versioning, for example, data corrections are not tracked. Furthermore, an evolving software stack used for data processing remains a black box to researchers. Researchers have no means to identify why executions of the same code deliver different results. This hinders reproducibility of earth observation experiments. In this paper, we present how infrastructure of existing earth observation data backends can be modified to support reproducibility. The proposed extensions are based on recommendations of the Research Data Alliance regarding data identification and the VFramework for automated process provenance documentation. We implemented these extensions at the Earth Observation Data Centre, a partner in the openEO consortium. We evaluated the solution on a variety of usage scenarios, providing also performance and storage measures to evaluate the impact of the modifications. The results indicate reproducibility can be supported with minimal performance and storage overhead.

SBA Research organizes jointly with the FH Upper Austria and the Austrian Computer Society the Young Researchers’ Day, co-located with the IKT Sicherheitskonferenz 2019. The Young Researchers’ Day brings together information security graduates from several Austrian institutions. For the first time, the presentations of the young researchers will be integrated into the main program of the IKT Sicherheitskonferenz and thus the results of their work can be made available to a wider audience.

OCG Blog Young Researchers’ Day

Agenda Young Researchers‘ Day

Abstracts Young Researchers‘ Day

The special issue on Security and Privacy in Smart Cyber-physical Systems was published in the latest edition of the Computer & Security Journal.

Details

Philipp Reisinger gives a talk at this year´s IKT Sicherheitskonferenz 2019 in Fürstenfeld!

The cyber security guideline for production plants was established by members of the platform industry 4.0 expert group “Security and safety”. We are content to have had the opportunity to provide expertise from a security research point of view.

The Easy FancyBox WordPress Plugin Version 1.8.17 is susceptible to Stored cross-site Scripting in the Settings > Media admin page due to improper encoding of arbitrarily submitted setting parameters. The vulnerability affects every publicly accessible page of the WordPress site.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS

Philipp Reisinger gives a talk on the mitigation of cyber security risks in a connected world at the “logical thinkers club” on September 25, 2019.

Logical Thinkers Club

20 hand picked computer science students joined the “Ethical Hacking-Boot-camp” hosted by the St. Pölten University of Applied Sciences from September 4-6, 2019. The workshop was organized by the IT Security Hub Austria, SBA Research and the St. Pölten University of Applied Sciences, represented among others by Mr. FH-Prof. Univ.-Doz. Dipl.-Ing. Dr. Ernst Piller, Mr. Reinhard Kugler, MSc. and Mr. Helmut Kaufmann, MSc.

The students, who have completed their first year of the new program “Cyber-Security” at the computer science department, were very enthusiastic about the realization of this three-day event. They focused on topics related to network attacks, hacking methods, various weaknesses of the Internet and Internet of Things (IOT). In other words, attack possibilities or security gaps that could affect anyone in everyday life. The above-mentioned IT security challenges were not only dealt with theoretically, but were also tested in various practical exercises. In addition, all participating students were awarded the certificate “Ethical Hacker Essentials” after successfully passing the test.
This interesting boot camp does not only highlight the existing cooperation between the two institutions, but also functioned as an enriching course for the students of the computer science department, who are trained to become experts in IT security and cyber security. The demand for specialists in this field in our digitized society is growing all the time. Many thanks to the organizers for the great organization of this workshop!