SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT

SBA Research moved to a new location!

Our new address: Floragasse 7, 1040 Vienna, Austria Effective since: June 25, 2019 More at:


Bernhard Garn and Dimitris Simos @ InSTA 2019

Bernhard Garn and Dimitris Simos from SBA’s MaTRIS research group ( join the 6th International Workshop on Software Test Architecture (,  colocated with ICST 2019. 

Bernhard and Dimitris also present their paper ‘Practical Combinatorial Testing for XSS Detection using Locally Optimized Attack Models’ (Dimitris E. Simos (SBA Research), Bernhard Garn (SBA Research), Jovan Zivanovic (SBA Research) and Manuel Leithner (SBA Research)). The contributions of this paper include a new modelling scheme for test case generation of XSS attack vectors consisting of locally optimized attack models; a research prototype of an automated black-box security testing tool called XSSInjector for testing web applications for XSS vulnerabilites; and a new test oracle (included in XSSInjector) for detecting XSS during the testing process. This research lead to several real-world vulnerabilities, which were responsibly disclosed and have resulted in CVE entries.

Software test architecture includes analyses of system under test, approaches to design test cases, and notation of software testing. Designing better software test architectures is important for software testing, and the contributed paper’s notion of subgrammars conceptually fit well to topic of InSTA workshop.

Bernhard Garn and Dimitris Simos @ A-MOST 2019

Bernhard Garn and Dimitris Simos from SBA’s MaTRIS research group ( join the 15th Workshop on Advances in Model Based Testing (A-MOST) @ ICST 2019, 22nd April 2019 (

Bernhard and Dimitris also present their paper ‘Weighted Combinatorial Sequence Testing for the TLS Protocol’ (Bernhard Garn (SBA Research), Dimitris E. Simos (SBA Research), Feng Duan (University of Texas at Arlington), Yu Lei (University of Texas at Arlington), Josip Bozic (Graz University of Technology) and Franz Wotawa (Graz University of Technology)), which applies the notion of weighted t-way sequences to derive sequence test cases for security testing of TLS implementations.

A-MOST is a workshop of the ICST 2019 focussing on Model Based Testing (MBT), where new approaches, methods and tools make MBT techniques more useful and applicable in industry, contributing to improve the effectiveness and efficiency of the test process.

3rd SBA Security Meetup 2019

Stefan Jakoubi introduced ways to create and enhance the visibility of security at the SBA Security Meetup on April 24, 2019.

Christian Kudera presents “All your Fitness Data belongs to you” at Easterhegg 2019

Christian Kudera gave a talk “All your Fitness Data belongs to you: Reverse Engineering the Huawei Health Android App” on Easterhegg 2019. -> more Information

The talk described the reversing process of the Huawei Health App. In this context, the proprietary BLE Huawei Link Protocol v2 was disclosed, which allows the use of the Huawei fitness devices without the Health App and its accompanying ecosystem.


Slides: Download here

SBA Research @ Security Forum 2019

Alexandra Mai, Stephanie Jakoubi and Nicolas Petri had a good time at the Security Forum 2019, representing SBA Research. The Security Forum took place from April 11-12, 2019 at the Fachhochschule Oberösterreich, Campus Hagenberg.


Combinatorial security testing tutorial @ DATAWorks 2019, Springfield, VA, USA

Dimitris Simos (SBA Research, MaTRIS research group) and Rick Kuhn (NIST, Computer Security Division) were invited to jointly present a tutorial on combinatorial security testing at the Defense and Aerospace Test and Analysis workshop (DataWorks 2019) on April 11th, 2019.

The event takes place at Springfield, VA, USA and is organized by NASA, Institute for Defense Analyses (IDA) and the Office of the Secretary of Defense.

Tutorial: Combinatorial Methods for Testing and Analysis of Critical Software and Security Systems

Abstract: Combinatorial methods have attracted attention as a means of providing strong assurance at reduced cost, but when are these methods practical and cost-effective? This tutorial includes two sections on the basis and application of combinatorial test methods: The first section explains the background, process, and tools available for combinatorial testing, with illustrations from industry experience with the method. The focus is on practical applications, including an industrial example of testing to meet FAA-required standards for life-critical software for commercial aviation. Other example applications include modeling and simulation, mobile devices, network configuration, and testing for a NASA spacecraft. The discussion will also include examples of measured resource and cost reduction in case studies from a variety of application domains.

The second part explains combinatorial testing-based techniques for effective security testing of software components and large-scale software systems. It will develop quality assurance and effective re-verification for security testing of web applications and testing of operating systems. It will further address how combinatorial testing can be applied to ensure proper error-handling of network security protocols and provide the theoretical guarantees for detecting Trojans injected in cryptographic hardware. Procedures and techniques, as well as workarounds will be presented and captured as guidelines for a broader audience.

The tutorial can be download from here.

PDF Embedder requires a url attribute

Adrian Dabrowski presents “Hollywood Hacking” at IT Businesstalk in Salzburg

Adrian Dabrowski holds a “myth busters session” on hacking, tracking of IP addresses, secure data transfer and numerous other hot topics at the 10th IT Businesstalk in Salzburg on April 11, 2019.

More information

WU data-science project provides an analysis on how shootings and terror attacks affect social media communication behavior

A new study conducted by WU researchers that has been published in March 2019 provides novel insights how shootings and terror attacks affect the emotions and the corresponding communication behavior of social media users. For the study, five shootings and terror events have been analyzed that happened in three different countries (France, Germany, USA).


WU Research News

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.