SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


October is ENISA Cyber Security Month

As part of the ENISA Cyber Security Month (this October), SBA Research is presenting at the Security Potpourri 2016, organized by FH Technikum Wien. Martin Schmiedecker will give an overview of recent conferences, current trends in research as well as the cyber grand challenge, organized by DARPA. You can find the program here.

SBA Research @ SENTER event

SBA Research participates in the conference “Empowering EU Security Research through co-Innovation, co-Creation and co-Implementation” held on October 19-21, 2016 in Vilnius, Lithuania and presents its activities and initiatives as the Austrian Center of Excellence (CoE) and an Associate Partner of the project “Strengthening European Network Centres of Excellence in Cybercrime” (SENTER) co-funded by the European Commission.


Paper accepted @ IEEE EuroS&P 2017

Our paper titled “Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools” has been accepted for publication at IEEE EuroS&P 2017.

The paper is a joint work of SBA Research (G. Merzdovnik, D. Buhov, S. Neuner, M. Schmiedecker, and E. Weippl), FH St. Pölten (M. Huber), and Stony Brook University (N. Nikiforakis).

In total, 38 out of 194 submissions were accepted (acceptance rate: 19.6%). The 2nd IEEE European Symposium on Security and Privacy will be held on April 26-28, 2017 in Paris, France.

Abstract of the paper:
Online third-party tracking has become a widespread practice on the Internet, with serious implications for the privacy of users. While users are often unaware that their online behaviour is being monitored by omnipresent third-party trackers, trackers continuously expand their coverage and the methods by which they ensure the longevity of their tracking identifiers.

In this paper, we quantify the effectiveness of third-party tracker blockers on a large scale. First, we analyze the architecture of various, state-of-the-art blocking solutions and discuss the advantages and disadvantages of each method. Second, we perform a two-part measurement study on the effectiveness of popular tracker-blocking tools. Our analysis quantifies the protection offered against trackers present on more than 100,000 popular websites and 10,000 popular Android applications. We provide novel insights into the ongoing arms race between trackers and developers of blocking tools, and which tools, under what circumstances, achieve the best results. Among others, we discover that rule-based browser extensions outperform learning-based ones, trackers with smaller footprints are more successful at avoiding being blocked, and CDNs pose a major threat towards the future of tracker-blocking tools.

Cyber Security Advanced Training Course Held at RACVIAC

Gernot Goluch and Edgar Weippl taught courses on cyber security at RACVIAC in Croatia (more).


CALGO team @ ICTSS2016

Ludwig Kampel presents the paper „Set-based Algorithms for Combinatorial Test Set Generation” (joint work with Dimitris E. Simos) at ICTSS 2016 taking place October 17 – 19 2016, in Graz.

This paper proposes a modular algorithmic framework for the generation of covering arrays based on the notion of independent family of sets (IFS). Experimental results reported compare favorably to the existing greedy algorithmic techniques for binary covering arrays, the underlying mathematical primitive used to construct test sets in combinatorial testing applications.

CST team @ ICTSS2016

Kristoffer Kleine and Bernhard Garn presented the paper „A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing” at ICTSS 2016 taking place October 17 – 19 2016, in Graz.

This work is a joint contribution between SBA Research (Dimitris E. Simos, Kristoffer Kleine  and Bernhard Garn) with the University of Texas at Arlington (Laleh Shikh Gholamhossein Ghandehari and Yu Lei) and represents a novel combination of CT with fault-localization techniques to find the root cause of XSS vulnerabilities. As XSS remains in the top web application security risks and this work paves the way for a fully automated analysis of security vulnerabilities of web applications, it is a further strengthening of CST.

SBA Research at the PrivacyWeek

Adrian Dabrowski and Martin Schmiedecker will present at the upcoming PrivacyWeek. This new event is organized by the Chaos Computer Club Wien (, and will happen between Oct. 24th and Oct. 30th in Vienna.

You can find the full program including highlights such as the Austrian Big Brother Awards and “Chaos Macht Schule” here.


Research for Law Enforcement

At this year’s IKT-Sicherheitskonferenz Edgar Weippl gave a presentation on research for law enforcement.

Young Researchers’ Day

SBA Research organizes jointly with the Austrian Computer Society the Young Researchers’ Day, a networking event that brings together students that graduate in information security from all Austrian institutions. This year’s event is co-loated with the IKT-Sicherheitstagung.

Security Classes at TU Wien

Many students attended our presentation on our teaching focus Security at TU Wien. We offer classes ranging from introductory classes for Bachelor students to technically demanding classes at Master level and research-focused lectures for our PhD students.


SBA @ APWG.EU eCrime CyberSecurity Symposium 2016

Today our Researcher Peter Kieseberg joins the APWG.EU eCrime CyberSecurity Symposium 2016 in Bratislava in the panel discussion on the eCrime Data Exchange. Furthermore, we are proud to be part of the APWG.EU Scientific Committee that took place today.

SBA organizes ACM CCS 2016 in Vienna

CCS 2016 starts soon and media coverage already started (X-Tech,,

EMENA Keynote

Edgar Weippl gave a presentation on how to engage students in information security research and explained some of the current research challenges.

Privacy not just a right but a duty

Casting one’s ballot is not just a right but a duty; one might argue that privacy protection requires a similar approach. Edgar Weippl in an interview with Factor.


ERCIM News No.107

The ERCIM News No. 107 has just been published at with a special theme “Machine Learning” (The issue is available in PDF here).

SBA Research contributed the article “Privacy Aware Machine Learning and the Right to be Forgotten” by Bernd Malle, Peter Kieseberg, Sebastian Schrittwieser, and Andreas Holzinger.

Technology Outlook Audimax ETH

Edgar Weippl explained why applied security research is important to solve today’s and future problems; Jan Camenisch (IBM Research) showed some of his fundamental work that later lead to his Advanced ERC Grant and Dirk Helbing (ETH Zurich) picked up on the topic of New Enlightenment and emphasized that we all need to work hard to keep the freedoms we take for granted.


Edgar Weippl ETH Zurich

Read the report: Report Technology Outlook

SBA Research @ ESORICS 2016

Today is the first day of the 21th European Symposium on Research in Computer Security (ESORICS 2016). Two of our researchers, Stefan Brunthaler and Johanna Ullrich, are attending; Johanna is presenting her paper on attacks exploiting Xen rate limits tomorrow. ESORICS 2016 takes place from 28-30 September 2016 in Heraklion, Crete, and is A-ranked according to the CORE ranking.

Masaryk University

As part of the colloquia programme Edgar Weippl gave a presentation on research methods for applied computer scecurity students.


SBA @ ASQT 2016

Last Friday our researcher Peter Kieseberg presented our work in the area of “Testing Algorithms in Sensitive Data Driven Research” and related security issues on the 14th installment of the “Anwenderkonferenz Softwarequalität, Test und Innovation” (ASQT 2016) at the Alpen-Adria-Universität Klagenfurt (University Klagenfurt).

Expert Discussion on Big Data

ADV organized an expert discussion on Big Data and Data Analytics jointly with the researchers from China. Edgar Weippl presented current and upcoming security and privacy challenges.