SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Guest talks and visiting researchers from the university of Deusto.

Pablo García Bringas and Igor Santos Grueiro visited SBA Research and we plan to collaborate in the area of privacy and forensics in social networks.

New Key Researcher: Prof. Stefanie Rinderle-Ma

We are happy to have a new key research who focuses on workflow systems and security: Prof. Stefanie Rinderle-Ma (at the University of Vienna)

ARES 2010 Keynotes online

This year’s ARES conference was a great success. We really enjoyed our two keynotes; the videos of Gene Spafford and Ross Anderson are now online! (more on keynotes…)

May 6, 2010: Impact 2010

Our annual event for partners, researchers and everyone who is interested in the research of our center (more…)

Best Paper Award: Context Oriented Analysis of Web 2.0 Social Network Contents

ACIIDS 2010: Context Oriented Analysis of Web 2.0 Social Network Contents (Amin Anjomshoaa, Vo Sao Khue, AMin Tjoa, Edgar Weippl, Michael Hollauf)

ADV Forum IT-Management: Statistische Sicherheitsanalyse von SecLookOn

April 13, 2010 Passwort war gestern – SecLookOn ist heute! Statistische Sicherheitsanalyse von SecLookOn

Forensic Workshop: Memory analysis with Andreas Schuster

Andreas Schuster will present a special forensics workshop ragarding memory analysis. The workshop will take place on the 22/23 of april, 2010 and will focus on:

  • Intel x86 hardware platform
  • Random Access Memory (RAM)
  • Techniques of adressing
  • Forensic backup of the RAM, methods and tools
  • Windows memory management
  • Objects of the system kernel
  • Applied techniques for analysis
  • Use of the Microsoft debugger and the volatility framework
  • Excercises on memory dumps

The course will be held in German.

ADV Seminar: 20. April 2010 SaaS (ASP) – „EDV aus der Steckdose“

ADV Seminar 8. April 2010 Virtualisierung: Storage und Applications

Guest Talk Prof. Müller: Does the Current Security Research only Solve Known Problems?

Guest Talk Prof. Müller: Does the Current Security Research only Solve Known Problems?

So far, security meant access control. Statistics show that this paradigm becomes less sufficient, therefore applications of cloud computing and service orientation are at risk. One wants not only to have access, but also the assurance that agreements will be fulfilled at any time. This so-called „usage control“ is understood as the known reliability complemented with security and the accuracy of the services. Vulnerabilities allow via an inevitable interference the deriving of information, made possible only through unreliable information flows. The lecture presents the current starting and security situation based on statistics about security breaches. Especially due to the shortcomings of the security research vulnerabilities have occurred which today can be summarized under the term “compliance” and are very difficult to combat. This involves security problems in processes. Therefore, the DFG (German Research Foundation) has established a priority program entitled “Reliably Secure Systems” for which the lecturer is also responsible. The point is to expand the security question beyond access control by incorporating reliability. The practical and technical challenges are in the focus of this presentation.

ACM SAC 2010

Today, Stefan Fenz presents the paper “Ontology-based Generation of IT-Security Metrics” at the 25th ACM Symposium on Applied Computing.

Security Ontology online

Click here to browse and edit the security ontology online.

ADV zu Gast bei SBA Research zum Thema “Cloud & Virtualization Security”

Mar 2, 2010 @SBA:

17:30 – 17:50, SBA: “Cloud-Tools” und Auswirkungen auf Sicherheitsanforderungen
17:50 – 18:25, SBA-Partner Security Research: Sicherheit und Virtualisierung
18:25 – 19:00, SBA-Partner factline: Bedeutung der Verlässlichkeit und Sicherheit für Zusammenarbeit über Web-Plattformen

Guest talk by Grant Osborne

The ‘Explore, Investigate and Correlate’ (EIC) Conceptual Framework for Digital Forensics Information Visualisation
by Grant Osborne, University of  Adelaide, South Australia

Martin Mulazzani at Purdue

From March to May and from August to December 2010 Martin Mulazzani will work on his research in Privacy and Forensics at Purdue University in Elisa Bertino’s group.

Mar 29, 2010, Guest lecture (Prof. Günter Müller): Löst die aktuelle Sicherheitsforschung nur die bekannten Probleme?


Titel: Löst die aktuelle Sicherheitsforschung nur die bekannten Probleme?


Sicherheit war bisher Zugangskontrolle. Statistiken zeigen, dass dieses Paradigma immer weniger ausreicht und dass dadurch die Anwendungen des Cloud Computing und der Service-orientierung gefährdet sind. Man will n icht nur Zugang haben, sondern auch die Gewissheit, dass Vereinbarungen zu jeder Zeit eingehalten werden. Diese so geannte Nutzungskontrolle ist eigentlich die bekannte Zuverlässigkeit verstanden als die Sicherheit ergänzt um die Korrektheit der Dienste. Sicherheitslücken ermöglichen durch die unvermeidlichen Interferenzen die Ableitung von Informationen, die nur durch unzulässige Informationsflüsse möglich sind.

Der Vortrag stellt die gegenwärtige Ausgangs- und Sicherheitslage anhand von Statistiken über Sicherheitsverletzungen vor. Gerade durch die Defizite der Sicherheitsforschung ist es zu Schwachstellen gekommen, die man heute unter dem Begriff “Compliance” zusammengefasst nur sehr aufwändig bekämpfen kann. Es handelt sich dabei um Sicherheitsprpobleme bei Prozessen. Hierzu hat die DFG (Deutsche Forschungsgemeinschaft) unter dem Titel “zuverlässig sichere Systeme” ein Schwerpunktprogramm eingerichtet, das den Vortragende mitverantwortet. Es geht darum die Sicherheitsfrage über die Zugangskontrolle hinaus um die Zuverlässigkeit zu erweitern. Die praktischen und technischen Herausforderungen dazu stehen im Mittelpunkt des Vortrages.

Guest lecture by Prof. Rinderle-Ma

Guest lecture by Prof. Rinderle-Ma on “Evolution von organisatorischen Strukturen und deren Effekte in prozessorientierten Informationssystemen”  (Feb 2, 10 am, SBA)

KIRAS Project: Forensics

SBA Research received a research grant to develop guidelines for forensic analysis of Web 2.0 technologies.

Stanford University

From January to March 2010, Stefan Fenz will work as a visiting scholar at the Stanford Center for Biomedical Informatics Research at Stanford University. He will develop and implement novel methods for the ontology-based generation of Bayesian networks.

D-A-CH Security

SBA Research co-organizes the conference with the University of Klagenfurt. See for more details.

European Security Round Table

Today, Stefan Fenz attends the European Security Round Table in Brussels. The European Security Round Table is a neutral platform between the EU Institutions, NATO and other relevant actors to discuss European security and defence issues.

Talk on Applications Security

Edgar Weippl presents the opening talk at this year’s ADV security event (IT-Sicherheit für Fortgeschrittene).

Lange Nacht der Forschung 2009 – Review


112 People visited our information security-specific program at Lange Nacht der Forschung 2009. The program hosted by Secure Business Austria comprised privacy issues, wireless security, password security, and forensics. EVVA supported our program by presenting the latest lock innovations to our visitors.

COMET Decision: Secure Business Austria extended till 2014

We are happy to announce that our SBA2 proposal has been accepted by the jury. The research grants enable us to continue our research till 2014. German press releases can be found at APA and FFG.

Krems Security Conference – Talk on Database Forensics

Martin Mulazzani & Edgar Weippl, Aktuelle Herausforderungen in der Datenbankforensik (more information)