SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


SBA at USENIX Security

Members of SBA will be present at USENIX Security and co-located workshops like WOOT or FOCI to cover them for our PRIME partner program. If you run into them, don’t be shy to say hi.


Sebastian and Martin will present two research papers at DFRWS USA, the leading conference in digital forensics.

The first one is on using nano-second timestamps for embedding steganographic information securely, titled “Time is on my side: Steganography in filesystem metadata”. You can find a preprint of the paper, the data and the source codes online. The second paper improves the forensic process by leveraging sub-file hashes part of the Torrent filesharing protocol, “PeekaTorrent: Leveraging P2P Hash Values for Digital Forensics”. Preprint, data and source codes can be found here.

This was QRS 2016!

The 2016 IEEE International Conference on Software Quality, Reliability & Security (QRS 2016) was held from 01 – 03 August 2016 in Vienna, Austria, supported by SBA Research.

Combinatorial Security Testing Tutorial @ QRS2016

Dimitris Simos (SBA Research), Rick Kuhn (NIST), Jeff Yu Lei (University of Texas at Arlington) and Raghu Kacker (NIST) give a tutorial on Combinatorial Security Testing at QRS 2016.

The tutorial is comprised of two parts focusing on combinatorial testing methods and their usage to security testing.

The abstract can be found here.

Dimitris Simos @ QRS 2016

Dimitris Simos gives a talk on August, 1 at QRS 2016 about “TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach” joint work with Kristoffer Kleine (SBA Research), Artemios Voyiatzis (SBA Research), Rick Kuhn (NIST), Raghu Kacker (NIST).

QRS 2016 takes place from August 1 – 3, 2016 in Vienna, Austria. QRS is organized by University of Texas at Dallas and supported by Graz University of Technology and SBA Research.

SBA at Blackhat & Defcon

Members of SBA will be present at Blackhat and Defcon.

Aaron’s work with Hanno Böck, Philipp Jovanovic and Sean Devlin on nonce re-uses in TLS is scheduled to be presented at Blackhat on August 3rd, 11:30. This work is also nominated for the Pwnie for Best Cryptographic Attack. Adrian Dabrowski will be on-site to cover the presentations for our PRIME partner program.

Meeting of the Bridge Early Phase SPLIT Project

The quarterly meeting of the SPLIT (Security Protocol Interaction Testing in Practice) project took place on July 29th, 2016 at SBA Research. SPLIT is funded under the Bridge Early Phase programme of the Austrian Research Promotion Agency (FFG). The project aims to provide quality assurance of security protocols by combining combinatorial testing and model-based testing methodologies as part of a fully automated test cycle. Recent advances of the project on protocols attacks and certificate testing were discussed.

SBA Research acts as the consortium leader, with Graz University of Technology (Franz Wotawa, Institute for Software Technology), University of Texas at Arlington (Jeff Lei, Department of Computer Science and Engineering) and Objentis Software Integration GmbH (Roland Tscheinig) as project partners. For more information regarding SPLIT see the project’s webpage or contact its project leader, Dimitris Simos at

A summary of the SPLIT project has been featured in a special theme of ERCIM News on cyber security, which can be found here.

Split Meeting

Wilfried Mayer on national TV

Wilfried Mayer was today on national TV and explained Tor, the dark web and how it is used world-wide by dissidents and journalists, not only by perpetrators.

You can watch the segment here for the next few days. Alternatively, you can find it here.

Four papers accepted for the Combinatorial Security Testing Team of SBA Research

The interplay between discrete mathematics and computer science is crucial for the successful deployment of real-world applications but also necessary for the advancement of theoretical approaches and methodologies.  Recently, the combinatorial security testing team of SBA Research has marked significant contributions in this regard:

  • The paper “Algebraic Modelling of Covering Arrays” by Bernhard Garn and Dimitris Simos (both with SBA Research) has been accepted in Springer Proceeding Series in Mathematics and Statistics.
  • The papers “Set-based Algorithms for Combinatorial Test Set Generation” by Ludwig Kampel and Dimitris Simos (both with SBA Research) and “A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing” by Dimitris Simos (SBA Research), Kristoffer Kleine (SBA Research), Laleh Ghandehari (University of Texas at Arlington), Bernhard Garn (SBA Research) and Jeff Yu Lei (University of Texas at Arlington) have been both accepted for publication at the 28th International Conference on Testing Software and Systems (ICTSS-2016) which takes place on October 17-19 at Graz, Austria.
  • The paper “TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach” by Dimitris Simos (SBA Research), Kristoffer Kleine (SBA Research), Artemios Voyiatzis (SBA Research), Rick Kuhn (NIST) and Raghu Kacker (NIST) has been accepted for publication at the 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS 2016) which takes place on August 1-3 at Vienna, Austria.

The results of these papers demonstrate the effectiveness of combinatorial methods in security testing together with theoretical advancements on related algorithms for combinatorial testing.

SBA Research @ DBSec 2016

IMG_20160718_132147Artemios G. Voyiatzis presents today our paper “Whom you gonna trust? A longitudinal study on TLS notary services” at the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) held in Trento, Italy. He is chairing one of the conference’s sessions tomorrow.

DBSec is an annual international conference covering research in data and applications security.

ERCIM News No. 106 – Special Theme coordinated by Edgar Weippl and Fabio Martinelli

The ERCIM News No. 106 has just been published at

The Special Theme presents a variety of research results that show the richness and range of Cybersecurity issues and their application domains. This special theme has been coordinated by the guest editors Fabio Martinelli (IIT-CNR) and Edgar Weippl (SBA Research).

Furthermore, SBA Research contributed with the articles “SPLIT: Security Protocol Interaction Testing in Practice” by Dimitris Simos and “On Reducing Bottlenecks in Digital Forensics” by Martin Schmiedecker and Sebastian Neuner.

The issue in pdf.

Countdown for “Security Rockstars”

Submission deadline is 15 July 2016!

Security Rockstars – the European Information Security Start-up Competition  is organized by SBA Research and supported by partners from the public and private sector. The competition’s goal is to find and support innovative ideas and solutions in the area of Information Security. The final pitch takes place in the context of the CCS Conference on 24 October 2016 in Vienna.

PRIZES:security rockstar
First place: 20.000 EUR
Second place: 10.000 EUR
Third place: 5.000 EUR

More information can be found here.
Follow Security Rockstars on Facebook and Twitter

SBA becomes associated partner of the project “SENTER”

SENTER_logoThe “Strengthening European Network Centres of Excellence in Cybercrime” project is funded by the European Commission under Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single point of Reference for EU national Cybercrime Centres of Excellence and develop further the Network of national CoE into well-defined and well-functioning community.

More information can be found here.

SBA joins European Cyber Security Organisation (ECSO)

ecsoThe general objective of the Association is to support all types of initiatives or projects that aim to develop, promote, encourage European cybersecurity. Yesterday, July 5th 2016, the cybersecurity contractual Public-Private Partnership (cPPP) has been signed at the European Parliament of Strasbourg, in presence of the VP Ansip and the Commissioner Oettinger.

More information about ECSO can be found here.

Paper accepted @ ESORICS 2016

The paper “The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor” by Johanna Ullrich and Edgar Weippl has been accepted for publication at the 21st European Symposium on Research in Computer Security (ESORICS) which takes place from September, 26th-30th, 2016 in Heraklion, Greece. ESORICS is an A-ranked conference in CORE.


Edgar Weippl gives a lecture on Current Research Topics in Information Security at NII

Edgar Weippl gives a lecture on Current Research Topics in Information Security at NII.

First (ISC)2 SecureAustria with 120 delegates

Today, the one-day conference (ISC)2 SecureAustria, focused on “Securing the virtual organization”, co-organized by the (ISC)2 Austria Chapter and co-hosted by T-Systems Austria & SBA Research was held for the very first time in Vienna.

120 delegates participated in the event, the day provided a diverse and broad range of topics ranging from awareness, organizational and technical aspects within the field of information security.

Find the full agenda here.

SBA-K1 has been granted – new research endeavor ahead

We are happy to report that SBA-K1, our main strategic research endeavor, has been granted continued funding for the period 2017-2025 under the FFG COMET (Competence Centers for Excellent Technologies) K1-Centres program line, with an intermediary evaluation in 2021. This funding will allow us to continue our successful joint research with both our academic and industry partners and we strive to carry on making a difference for academia and our partner companies. We would like to thank all our partners who supported us in the past and we are looking forward to continuing these excellent collaborations.

Read the press release here.
The fact sheet about SBA-K1 can be found here.

Press conference with Minister of Interior Wolfgang Sobotka, KSÖ and SBA: Security Rockstars

Er hoffe auf “frische und unkonventionelle Herangehensweisen an Cybersicherheitsthemen, sagte Innenminister Wolfgang Sobotka (ÖVP) am Mittwoch bei einem Pressegespräch in Wien zu dem vom Innenministerium gemeinsam mit dem  Kuratorium Sicheres Österreich (KSÖ) und SBA Research veranstalteten Start-up-Wettbewerb Security Rockstars: “Start-ups stellen andere Überlegungen an, als etablierte Betriebe.”

Noch rund zwei Wochen lang können Personen und Gründerteams aus ganz Europa ihre Ideen bei dem Sicherheits-Wettbewerb einreichen. Den Siegern winken insgesamt 35.000 Euro Preisgeld sowie  Beratungsleistungen und Hilfestellungen von Experten. 

Read the whole article here:
More about Security Rockstars – apply now until July 15, 2016

Copyright: BMI / Alexander Tuma, 28.06.2016 Wien, Erwin Hameseder, Wolfgang Sobtoka, Andreas Tomek , Pressekonferenz Cyber
Copyright: BMI / Alexander Tuma, 28.06.2016 Wien, Erwin Hameseder, Wolfgang Sobotka, Andreas Tomek , Pressekonferenz Cyber

Dimitris Simos @ Institute for Software Technology, Graz University of Technology

Dimitris Simos is invited to the Graz University of Technology on 20 June 2016 to give a colloquium talk “Combinatorial Methods for Quality Assurance of Secure Software: Recent Results and Challenges Ahead” at the Institute for Software Technology in Graz.

The Abstract can be found here.

How Bitcoin-users tick

Edgar Weippl and Aljosha Judmayr are talking about our study “The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy”, which was published at Financial Crypto 2016.

Read several articles about the topic here:,, Wirtschaftsblatt,, Wiener Zeitung,