SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Visit at ETH

Last Thursday, Katharina Krombholz visited Srdjan Capkun’s group at ETH Zurich and gave a talk on her research in usable security and privacy in the course of the ZISC lunch time seminar series.

The abstract of her talk can be found here.

SBA Research at Troopers’17

Numerous members of SBA Research are at TROOPERS17, happening this week in Heidelberg. You can find the agenda here.

If you spot one of us, chat us up!

Project SESC started

The project “Secure Execution of Smart Contracts” (SESC) started on January 1, 2017. SESC is an R&D project supported by the BRIDGE 1 Programme of the Austrian Research Promotion Agency (FFG). The first project consortium meeting was hosted by SBA Research on March 21, 2017.

SESC focuses on research addressing the emerging requirements for supporting the whole lifecycle of smart contract infrastructures in the long term. Learn more about SESC at

Dimitris Simos @ ICST 2017

Dimitris Simos gives a talk on “Coveringcerts: Combinatorial Methods for X.509 Certificate Testing”, a joint work with Kristoffer Kleine, on March 14, 2017 at the 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017).

ICST 2017 takes place during March 13-18, 2017 in Tokyo, Japan at Waseda University and is one of the leading conference for software testing and validation.

The results of this work establish a new research field for combinatorial testing and testing of security protocols.

Blocks & Chains – The Age of Cryptocurrency Technologies

SBA Research will offer a series of evening trainings focusing on the hot topic “Blocks & Chains”. We will discuss specialized contents such as smart contracts, blockchain interlinking, privacy, and regulations attempts regarding cryptocurrencies.

The series starts with a tutorial, covering general information about cryptocurrencies and their underlying technology. During each of the following four evening trainings we will discuss one specialized topic in depth.

More details can be found here: Blocks & Chains

Tutorial on Applied Research in Network Security

Edgar Weippl gives a tutorial at NetSys17 on Applied Research in Network Security.

Dimitris Simos @ IWCT 2017

Dimitris Simos chairs the Sixth  International Workshop on Combinatorial Testing (IWCT 2017) on March 13, 2017.

He is also giving a talk on “Combinatorial Methods for Modelling Composed Software Systems” (joint with Ludwig Kampel and Bernhard Garn).

IWCT 2017 takes place in Tokyo, Japan and is collocated with ICST 2017, the 10th IEEE International Conference on Software Testing, Verification and Validation during March 13-18, 2017.

Start of the Android Security Symposium 2017

Today starts the Android Security Symposium at the Technical University of Vienna, courtesy of the Josef Ressel Center u’smile. The upcoming three days are packed with presentations surrounding the entire Android security ecosystem, ranging from presentations about the security architecture of Android by Google and AT&T right this morning, to secure app development, novel attacks, and much more.

You can find the entire program here, and may watch #AndroidSecuritySymposium on Twitter for updates.

CTF team We_0wn_Y0u secured 3rd place in academic International Capture the Flag (iCTF) contest

Last weekend, the SBA-supported CTF team “We_0wn_Y0u” (W0Y) of the TU Wien again showcased its outstanding capabilities. In the academic International Capture the Flag (iCTF) contest they secured the third place out of 78 participating universities worldwide in an 8-hour race. W0Y started receiving points late in the game but managed to overtake the field leaving only Moscow State University (1st) and Saarbrücken University (2nd) in front.

As a novelty, this year, the iCTF also included a 24-hour non-academic contest where W0Y scored 4th out of 317 teams. The 24 hours meant three times more fun (by time), but also unique challenges regarding rest times and shift operations.

W0Y has a long-standing tradition in participating iCTF since 2005. They managed to be in the top-10 every time and won the competition twice. They comprise outstanding students and teaching staff of the “Internet Security” and “Advanced Internet Security” course-series taught at TU Wien. The courses are a cooperation of the Institute of Computer Aided Automation and the Institute for Software and Interactive Systems.  The lectures are sometimes called hacking-course since they teach the unique offensive perspective to enable students to understand attackers and develop secure software in the future.

The iCTF is a so-called “attack-defense” competition. Every team has the same copy of a server to defend against other teams and simultaneously to attack the competitors. Each server provides about a couple of services. Attack points are awarded for every service that a team manages to overtake from another team by stealing a “flag”. Flags are files containing a secret unique to that team and service. Defense points are awarded for keeping the own services running and secure (i.e., not losing any flags).

Rest of the team after 24h / Photo: Georg Merzdovnik

The team likes to thank the UC Santa Barbara and Arizona State University for organizing the competition.

Hollywood Hacking @ FM4

FM4 is broadcasting parts of the “myth-buster”-session “Hollywood Hacking by SBA Research”, created by Adrian Dabrowski. Every now and then, a movie excerpt is aired to give an amusing rollercoaster ride through the ups and downs of screenwriters imagination on computer security.

James Bond, Independence Day, Jurassic Park and Matrix Reloaded were already part of the series.

Adrian Dabrowski about PNR security

Adrian Dabrowski is – due to the Amadeus-“Hack” – speaking about PNR security in the magazine “Faktum” (2/2017).

Faktum 2/2017

NIS Guideline: Panel Discussion at IRIS 2017 in Salzburg

Stephan Eder invited Edgar Weippl to a panel discussion on the NIS guidelines (IRIS program).

Josef Ressel Center TARGET successful mid-term evaluation

Sebastian Schrittwieser’s Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) successfully passed the mid-term evaluation and SBA Research hopes to join the research project in the next few months.

Congratulation to the excellent presentations!

Guest talk: “Trust Management for securing the IoT networks”

Zeeshan Ali Khan, an ERCIM Postdoc Fellow with the Department of Telematics of the Norwegian University of Science and Technology (NTNU), gave a talk on “Trust Management for securing the IoT networks”. Abstract

acm_chapter_symThis event is hosted by the Vienna ACM SIGSAC Chapter.

SBA Research is hosting an ERCIM Postdoc Fellow

In the context of the ERCIM Research Exchange Programme, SBA Research is hosting between February 23 and March 1, 2017 Dr. Zeeshan Ali Khan.

Zeeshan is an ERCIM Postdoc Fellow with the Department of Telematics of the Norwegian University of Science and Technology (NTNU) working under the supervision of Prof. Peter Herrmann on “Trust based Security Solutions for Resource Constrained IoT Devices”.

Panel on the Future of Cyber Security Research & Tutorial on Ethics and Research Methods in Security Research

At the ICISSP 2017 conference Edgar Weippl is on Steve Furnell’s panel discussing the future of research in cyber security with Elisa Bertino. Later today, Edgar teaches a tutorial on Research Ethics and Research Methods in Applied Information Security Research.

SBA Research at RECODIS meetings

Artemios G. Voyiatzis from SBA Research represents Austria in the Management Committee (MC) and the Working Group (WG) meetings of the COST Action RECODIS on February 13-14, 2017 in Wroclaw, Poland.

The objective of the COST Action “Resilient Communication Services Protecting End-user Applications from Disaster-based Failures” (RECODIS) is to introduce the set of techniques of resilient communications, as well as recommendations on how to deploy/update topologies of communication networks to make them resistant to disruptions that can be applied in practice by network equipment operators and national/international network providers at the European level.

We will also present our research on “Algorithms and techniques for resilient routing involving edge devices” in the context of Working Group 4 “Malicious human activities”.

Network-Based Secret Communication in Clouds: A Survey

Our journal article “Network-Based Secret Communication in Clouds: A Survey” from Johanna Ullrich, Tanja Zseby, Joachim Fabini and Edgar Weippl has been published in the high-impact journal IEEE Communications Surveys & Tutorials. It is now available online.

You can find a preprint here.