SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

SBA Research moved to a new location!

Our new address: Floragasse 7, 1040 Vienna, Austria Effective since: June 25, 2019 More at:


Panel on the Future of Cyber Security Research & Tutorial on Ethics and Research Methods in Security Research

At the ICISSP 2017 conference Edgar Weippl is on Steve Furnell’s panel discussing the future of research in cyber security with Elisa Bertino. Later today, Edgar teaches a tutorial on Research Ethics and Research Methods in Applied Information Security Research.

SBA Research at RECODIS meetings

Artemios G. Voyiatzis from SBA Research represents Austria in the Management Committee (MC) and the Working Group (WG) meetings of the COST Action RECODIS on February 13-14, 2017 in Wroclaw, Poland.

The objective of the COST Action “Resilient Communication Services Protecting End-user Applications from Disaster-based Failures” (RECODIS) is to introduce the set of techniques of resilient communications, as well as recommendations on how to deploy/update topologies of communication networks to make them resistant to disruptions that can be applied in practice by network equipment operators and national/international network providers at the European level.

We will also present our research on “Algorithms and techniques for resilient routing involving edge devices” in the context of Working Group 4 “Malicious human activities”.

Network-Based Secret Communication in Clouds: A Survey

Our journal article “Network-Based Secret Communication in Clouds: A Survey” from Johanna Ullrich, Tanja Zseby, Joachim Fabini and Edgar Weippl has been published in the high-impact journal IEEE Communications Surveys & Tutorials. It is now available online.

You can find a preprint here.

Project TRUC started

Last week, project TRUC was officially started, with the first lectures happening at SBA. Focus of this FFG “Qualifizierungsnetz” will be to teach partner companies the state-of-the-art regarding cybersecurity, and defense-in-depth, to enable them towards developing secure software for e.g. Industrie 4.0 or cyber-physical systems.

German abstract: Trusted Code (TRUC) umfasst die Planung und Umsetzung hochspezialisierter Module und Wissensaustausch zum Thema “Sichere Softwareentwicklung”. Ziel ist es, benötigtes Spezialwissen aus relevanten Informationssicherheitsbereichen zu kombinieren, um damit das Detailwissen der beteiligten MitarbeiterInnen der Partnerfirmen auf ein – im internationalen Vergleich – Spitzenniveau zu heben. Dafür kombiniert TRUC neuste Erkenntnisse aus verschiedenen Bereichen, z.B. sprach-basierte Sicherheit, maximale Laufzeit-Analyse und formale Verifikation, um den Partnerfirmen ein umfassendes Wissen zu vermitteln. Damit sollen sie verschiedene neuer artige Sicherheitsprobleme und Aufgabenstellungen in unterschiedlichen Themengebieten – von Cyber-Physical Systems bis hin zu Sicherheit von neuen Produktionsmethoden in Industrie 4.0 – kompetent meistern können.

Martin Schmiedecker at HackPra, Bochum

Today, Martin Schmiedecker presents at the HackPra lecture at RUB, Bochum. He joins an impressive list of previous speakers, among others Mario Heiderich, Stefan Esser, Ange Albertini or Felix ‘FX’ Lindner.

Title: Turning Incident Response to Eleven
Abstract: We’ve all been there – this one course at university where they tell you to actually read the log files, do proper incident response, and document everything. And its all fun and games, until you get hit by reality and have to analyze a possible security incident with a laterally moving attacker, and possibly more than 100 affected systems. Or 1000. Or even more … Next thing you remember is waking up in a room without windows, packed with hard drives that are labeled obscurely, and a hardware write blocker that only does USB 2.0.

In this talk I’ll show which analysis techniques and tools that work at scale, namely for many systems in parallel. And central logging is just a tiny piece in the puzzle. In particular I will present the new open-source tools GRR, bulk_extractor/fiwalk and peekaTorrent.

You can find the video of the talk here.

Talk about “Improving the Quality Assurance of Secure Software through Combinatorial Methods”

Dimitris Simos highlight the great need to ensure an attack-free environment of software implementations by giving a talk about “Improving the Quality Assurance of Secure Software through Combinatorial Methods” at the Faculty of Informatics at TU Wien.

The Abstract can be found here.

Katharina Krombholz defended her PhD

Better late than never: late last year already, Katharina defended her PhD thesis and graduated with distinction. Her thesis is substantial for the field of usable security and privacy. It spans user-centric research on a variety of topics such as smartphone authentication, Bitcoin and its user expectations, and TLS deployments. Kudos from all of us!

A full list of her published papers can be found here or on her Google Scholar Profile.

ERCIM News No.108

The ERCIM News No. 108 has just been published at with a special theme “Machine Learning” (The issue is available in PDF here).

SBA Research contributed the article “Forensics using Internal Database Structures” by Peter Kieseberg, Edgar Weippl, and Sebastian Schrittwieser.

Adrian Dabrowski im Standard-Interview

“Wir untersuchen das ganz genau”, betont Dabrowski, der zu den führenden IT-Sicherheitsexperten Österreichs zählt. – (mehr)

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.