SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Martin Mulazzani now works on Trudie

Martin Mulazzani now works on Trudie (TRUDIE – Trust Relationships in the Underground Economy, Sponsor: FIT-IT Trust in IT-Systems 3. Call, Austria)

USENIX Security ’11: Paper accepted

Our paper Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space was accepted. Unfortunately we cannot provide a preprint because the affected vendor(s) still need the time to fix some things…

SBA master student discovers flaw in Ruby on Rails

Rails 3.0.5 doesn’t validate the input for the X-Forwarded-For field in the header sent by clients with a class C remote-addr. (see: TRUSTED_PROXIES). (Security Focus, more details…)

Gilbert Wondracek joined SBA research as senior researcher

We are happy to have Gilbert Wondracek as a senior researcher on our team.

His last two IEEE S&P papers:

  • Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. 2010. A Practical Attack to De-anonymize Social Network Users. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP ’10). IEEE Computer Society, Washington, DC, USA, 223-238. DOI=10.1109/SP.2010.21
  • Paolo Milani Comparetti, Gilbert Wondracek, Christopher Kruegel, and Engin Kirda. 2009. Prospex: Protocol Specification Extraction. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP ’09). IEEE Computer Society, Washington, DC, USA, 110-125. DOI=10.1109/SP.2009.14

INMOTOS website online

Interdependencies among Critical Infrastructures, both inside the ICT domain and between ICT and other sectors (e.g. Oil&Gas and Transport), are complex to be understood. Critical Infrastructures risks always change due to new threats, interdependencies and possible scenarios.

ADV Seminar on Virtualization

ADV organized a seminar on virtualization at SBA Research. Edgar Weippl gave a presentation on security foundations.

Markus Huber received grant for Einsteins in the City 2011

Markus Huber received a grant from the Vienna University of Technology to attend the Einsteins in the City 2011 conference in New York. He will present our latest research results on social network forensic.

Gilbert Wondracek in the Economist

Gilbert Wondracek at the Vienna University of Technology in Austria and his colleagues built a history-stealing website aimed at groups on Xing, a business-orientated social network. Mr Wondracek’s analysis of over 6,500 Xing groups, containing a total of more than 1.8m users, suggested that his rogue site would be able to determine the identity of around four in ten visitors. A trial run, in which Mr Wondracek invited colleagues who use Xing to visit his history-stealing site, showed this estimate to be about right. The vulnerability he exploited has since been addressed by the engineers behind several browsers, including Firefox and Safari, but has so far not been fixed in Microsoft’s Internet Explorer.” (verbatim quote from The Economist, Monitor: Anonymous no more, May 10, 2010,

Sebastian Schrittwieser post graduate research at NII

Sebastian will stay 5 months at the National Institute of Informatics (NII) in Tokyo, Japan.

Invited Talk at NII

Edgar Weippl gives an invited talk at NII.

Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and restore deleted data. While this fact is well known for computer forensic and multiple tools to forensically analyze data exist, the systematic analysis of
data sources such as Web 2.0 services and their underlying database systems has only recently begun.

Clearly, database system are bound to leave more extensive traces since they not only store a file but, in addition, need indexes, rollback segments and log files. In this talk I will cover the basics of forensic analysis particularly focusing on database systems.

During the past few years, a huge number of online file storage services have been introduced. While some provide very basic functionality, e.g., uploading and retrieving files by a specific user, more advanced services offer features like shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. In this talk we closely look at Dropbox, in particular the Dropbox client software as well as the transmission protocol, and describe an attack that results in the unauthorized access to files stored with Dropbox. This attack can be used effectively for forensic investigations.

Österreichs Rolle im IT-Markt der Dach-Region (Future Networks)

Markus Klemen and Edgar Weippl are panelists at Future-Network’s event on “Austria’s role in IT markets in Germany, Austria and Switzerland”.

IEEE Internet Computing Special Issue on Security and Privacy in Social Networks

Our manuscript “Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam” has been accepted for the upcoming special issue on Security and Privacy in Social Networks in the IEEE Journal of Internet Computing in May/Jun 2011. Preprint is available here.

In this article we have introduced friend-in-the-middle (FITM) attacks which are active eavesdropping attacks against social networking sites. By cloning a user’s authentication cookie which is transmitted in an unencrypted way, it becomes possible to completely impersonate the user. This can then be used to collect sensitive information in an automated fashion which ultimately enables large context-aware spam campaigns that propagate via social phishing. FITM attacks are applicable to the great majority of currently deployed SNSs, such as Facebook, Friendster, and Orkut. Based on FITM attacks we described three subsequent exploits: (1) Friend injection, (2) Application injection, and (3) Social engineering. We furthermore evaluated the impact of a large-scale spam attack on basis of FITM attacks. We therefore set-up a Tor exit node and analyzed the passing through HTTP traffic. Our experiments showed that finding possible FITM attack seeds for spam campaigns is cheap regarding time and hardware resources. Our attack simulation results furthermore suggest that based on the 4000 possible Facebook attack seeds we observed within two weeks, ~300.000 users could have been targeted with context-aware spam.

There are a number of limited protection strategies available to social networking users, such as using browser extensions such as EFF HTTPS Everywhere. The Tor browser bundles include the EFF HTTPS Everywhere extension since May 2010. Social networking providers ultimately have to protect their users against FITM attacks by securing the communication channels of their services with HTTPS. At the time of writing Facebook has announced that they will offer optional HTTPS support for their web service. We strongly advice users to make use of this option once it will become available to everyone.

Entry in IEEE Xplore

IPhone privacy

Our partners at ISecLab have a nice paper on privacy and IPhones (German heise Article)

Guest talk / Seminar: John Tait

Guest talk: John Tait

The term Semantic Search is becoming fashionable, but there are a number of problems with the term.

1) There are at least two forms of semantic search. One is based more-or-less hand programmed knowledge sources, like domain ontologies or thesauri. The other is based on emergent properties of the data being searched, using technques like Latent Semantic Analysis or clustering. It is far from clear that the results of applying the two approaches are similar or even compatible.
2) It is often assumed that semantic search is in some sense different from surface text search: which implies that normal old-fashioned Google search (for example) is equivalent to randon string search, when of course the underlying statistics depend critically on the fact that both the queries and copora are natural language (English or German) words with underlying semantics.
3) Semantic Search depends critically on text annotation processes during indexing: but these are potentially corruptable by malefactors. How can this be prevented?

The seminar will explore these three issues, and attempt to find a better definition of the term semantic search and to identify soem ways forward.

Timbus projects starts March 1, 2011

The digital preservation problem is well-understood for query-centric information scenarios but has been less explored for scenarios where the important digital information to be preserved is the execution context within which data is processed, analysed, transformed and rendered. Furthermore, preservation is often considered as a set of activities carried out in the isolation of a single domain, without considering the dependencies on third-party services, information and capabilities that will be necessary to validate digital information in a futureusage context.
TIMBUS will endeavour to enlarge the understanding of DP to include the set of activities, processes and tools that ensure continued access to services and software necessary to produce the context within which information can be accessed, properly rendered, validated and transformed into knowledge. One of the fundamental requirements is to preserve the functional and non-functional specifications of services and software, along with their dependencies.

SBA Research
SQS Software Quality systems AG
Westfälische Wilhelms-Universität Münster
INESC ID – Instituto de engenharia de sistemas e computadores, investigacao e desenvolvimento em Lisboa
iPharro Media GmbH
Intel Performance learning solutions limited
Caixa Magica Software lda
Laboratorio Nacional de Engenharia Civil
Karlsruher Institut für Technologie
Laboratorio de Instrumentacao e Fisica Experimental de Particulas
Digital Preservation Coalition limited by guarantee*DPC


SBA is via AARIT part of the ABCDE project and will accept follows that want to join the research center.

Initiated in 1992 and open to PhD holders from Europe and all over the world, the Alain Bensoussan Fellowship Programme (ABFP) is designed for ICT students, researchers and professionals. Funded entirely by ERCIM members, the ABFP yields about 20 fellows per year on average.
Focusing on inter-sectoral ICT research and lasting generally 18 months, the fellowships are composed of two 9-month periods (9+9) to be spent in two different ERCIM institutes (located in two European countries) to foster trans-national mobility. Fellowships of 12 months hosted by one single ERCIM institution are also considered. In such cases, short research visits to other institutes are required in order to meet the training and mobility objectives of the programme.
Throughout the programme, the fellows are supported by the ERCIM Human Resource Task Force in driving their personal development scheme and to assist them in their future career plans, whether in European research institutions or in European Industry.
We believe ABCDE will provide a real opportunity to further develop and improve the already robust and self-sustainable Alain Bensoussan Fellowship Programme. Moreover, given the strategic nature of this training scheme focusing on ICT and novel technologies, COFUND support in up-scaling this Fellowship Programme would also enhance its impact over European research and competitiveness at large.

Information Security Knowledge Management Survey

We kindly ask you to participate in our information security knowledge management survey. The survey is conducted by publicly-funded research institutions SBA Research (AT), Newcastle University (UK), and Vienna University of Technology (AT). We conduct the survey to explore potential ways of enabling companies and professionals to share information security knowledge through the application of collaborative semantic web technologies. The aggregated survey results will be published within publically-accessible research publications.


Thank you for your support.

APARSEN project starts on Jan 1, 2011

Digital preservation (DP) offers the economic and social benefits associated with the long-term preservation of information, knowledge and know-how for re-use by current as well as later generations. However, digital preservation has a great problem, namely that preservation support structures are built on projects which are short lived and is fragmented. The unique feature of APARSEN is that it is building on the already established Alliance for Permanent Access (APA), a membership organization of major European stakeholders in digital data and digital preservation. These stakeholders have come together to create a shared vision and framework for a sustainable digital information infrastructure providing permanent access to digitally encoded information. To this self-sustaining grouping APARSEN will add a wide range of other experts in digital preservation including academic, and commercial researchers, as well as researchers in other cross-European organizations. The members of the consortium already undertake research in digital preservation individually but even here the effort is fragmented despite smaller groupings of these organizations working together in specific EU and national projects. APARSEN will help to combine and integrate these programes into a shared program of work, thereby creating the pre-eminent virtual research center in digital preservation in Europe, if not the World. The Joint Programme of Activity will lead to:

• The integration of the majority of the research activities in DP within a common vision and common terminology and evidence standard
• A common agreement of the services needed for preservation, access and most importantly re-use of data holdings over the whole lifecycle;
• Embedding of legal and economic issues, including costs, governance issues and digital rights in digital preservation
• A discipline of data curators with appropriate qualifications recognized across Europe, and well defined support services

Science and Technology Facilities Council
Stichting European Alliance for Permanent Access
European Organization for Nuclear Research
Stichting Secretariaat van de International Association of Scientific, Technical and Medical Publishers
FTK Forschungsinstitut für Telekommunikation e.V
CSC – Tieteen tietotekniikan keskus Oy
Deutsche Nationalbibliothek
Digital Preservation Coalition limited by Guarantee*DPC
Alfred-Wegener-Institut fuer Polar- und Meeresforschung
The British Library
European Space Agency
Koninklijke nederlandse Akademie van Wetenschappen-Knaw
Koninklijke Bibliotheek
Stichting LIBER Foundation
Consorzio interuniversitario nazionale per l’informatica
InConTec GmbH
Foundation for Research and Technology – Hellas
Globit – Global Information Technology GmbH
Microsoft Research (Cambridge Lab)
Philips Consumer Lifestyle B.V.
Airbus Operations SAS
INMARK Estudios y Estrategias S.A.
Fondazione Rinascimento Digitale-nuove tecnologie per i beni culturali
Luleå University of Technology
University degli studi di Trento
Tessella PLC
IBM Israel – Science and technology ltd
SBA Research
Space Research Institute of the Russian Academy of Sciences
Österreichische Nationalbibliothek
University of Patras

Mumia project

The tremendous power and speed of current search engines to respond, almost instantaneously to millions of user queries on a daily basis is one of the greatest successes of the past decade. While this technology empowers users need to extract relevant information from the hundreds of thousands of terabytes of existing data available on the web, the next decade presents many new grand challenges. This next wave of search technology is faced with even greater demands, not only in terms of volume of requests, but also in terms of the changes to the content available, and the dynamics of Web 2.0+ data being produced. These increased and new demands mean that search technology must be able to search, filter, extract, combine, integrate, and process multiple and distributed sources of multilingual content, delivered to an even wider global audience and variety of population. Inevitably, Multilingual and Multifaceted Interactive Information Access (MUMIA) research and development will be a key part of the next generation of search technology. Machine Translation (MT), Information Retrieval (IR) and Multifaceted Interactive Information Access (MIIA) are three disciplines which address the main components of MUMIA. However, relevant research, which is vitally important for the development of next generation search systems, is fragmented. This Action will launch a much needed initiative to coordinate the collaboration between these disciplines, fostering research and technology transfer in these areas and play an important role in the definition of the future of search. To form a common basis for collaboration the domain of patent retrieval has been selected as it provides highly sophisticated and information intensive search tasks that have significant economic ramifications; as well as providing a large scale unifying test bed of multilingual and dynamic data. This Action will explore innovative frameworks to empower the synergies from the disparate research fields of MT/IR/MIIA within the specific context of patent search and other next generation Web applications.

Alexander Technological Educational Institute of Thessaloniki
Information Retrieval Facility
Dublin City University
Univ. of Duissburg-Essen
Univ. of Sheffield
Univ. “Al.I.Cuza” Iasi
University of Santiago de Compostela
University of Amsterdam
Norwegian University of Science and Technology
Swedish Institute of Computer Science (SICS)
Institute for Parallel Processing, Bulgarian Academy of Sciences
LIG (laboatoire d’Inforamtique de Grenoble), University of Grenoble
Centrum voor Wiskunde & Informatica
INRIA Futurs
University of Tampere, Department of Information Studies and Interactive Media
University of Glasgow
Barcelona Media Innovation Centre (FBM-UPF)
Information Science and Technology Institute (ISTI) of the Italian National Research Council

EU projects!

Andreas Rauber has been very successful. He brought several new EU projects to the center: APARSEN, TIMBUS and Mumia. Moreover, we will start with INMOTOS and we hope to attract one or two ERCIM fellows.
…more information will be posted soon…

Martin Mulazzani at Purdue University

Martin Mulazzani will work the next months at Purdue University in Lafayette, IN with Prof. Elisa Bertino and Prof. Christina Nita-Rotaru.


We are attending CCS 2010 in Chicago and present a poster and a paper at the AISec Workshop.

Japan‐Austria Joint Workshop on ‘ICT’

Edgar Weippl gives a talk on information security at the joint workshop organized by FWF and JST in Tokyo.

ISecLab Blog

The researchers of ISecLab, among them Engin Kirda, just launched a nice blog;

D-A-CH Security

On Sep 21 and 22, SBA and the Vienna University of Technology host the D-A-CH Security conference. The proceedings have been edited by Peter Schartner and Edgar Weippl (more…)