SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Warum jeder Software Entwickler auch ein Hacker sein sollte.

“Früher war Sicherheit einfach Firewalls, und fertig.” Thomas Konrad berichtet im DigitalMondayBlog über einfache Fehler mit tausendfacher Auswirkung und die Verschmelzung zweier Welten.

Ganzer Artikel

sec4dev: Konferenz und Bootcamp

Um sich genau diesen Themen zu widmen, hat SBA Research, die sec4dev für Softwareentwickler*Innen geschaffen: Von 25. bis 27. Februar 2019 verwandelt sich der Campus Gußhaus der TU Wien in einen Hotspot für regen Austausch und Weiterbildung rund um das Thema sichere Softwareentwicklung. Die sec4dev-Konferenz bietet praxisorientierte Vorträge, Workshops und ganztägige Bootcamps zu den Bereichen sicheres Coding, sicherer Betrieb, Security-Testing und vieles mehr. Die Teilnehmer*Innen können dabei direkt auf das Wissen und die Erfahrung von Sicherheitsexpert*Innen, Softwareentwickler*Innen und Softwarearchitekt*Innen zugreifen.

3 Bridge Projects accepted for 2019

What better way to start the New Year than with three new Bridge Projects.

Wellfort is about secure storage, a trusted analysis environment, and combining data from different companies for analysis while respecting user privacy.

KnoP-2D (lead SCCH) is about creativity and AI. SBA will look at distributed learning and privacy as well as access control mechanisms that should evolve automatically.

ISaFe is about injecting security features into constrained embedded firmwares.

Paper accepted at IEEE S&P 2019

“If HTTPS Were Secure, I Wouldn’t Need 2FA – End User and Administrator Mental Models of HTTPS” by Katharina Krombholz (CISPA Helmholtz Center (i.G.)), Karoline Busse (University of Bonn), Katharina Pfeffer (SBA Research), Matthew Smith (University of Bonn) and Emanuel von Zezschwitz (University of Bonn) has been accepted at the 40th IEEE Symposium on Security and Privacy (IEEE S&P 2019). The paper investigates users’ and administrators’ mental models of HTTPS and how these interfere with secure configurations and usage behavior. The conference will be held from May 20-22, 2019 in San Francisco, CA.

Merry Christmas and a Happy New Year 2019

Looking back upon the past year, we would like to acknowledge those who have helped us transform ideas into projects and shape our business. Thank you for a successful year!

We wish you all the best as you embark on 2019!

Get the Infosec Basics Down First – SBA Security Meetup, January 17, 2019

While everyone seeks to be on the cutting edge of hacks and bugs, the number of rather basic issues remaining unsolved appears to flat line. The SBA Security Meetup on January 17, 2019 strives to explain why basic security measures have the potential to solve a good number of existing threats and which of them should be prioritized.

Link to Event:

Paper accepted at the 20th Passive and Active Measurements Conference (PAM)

“Measuring Cookies and Web Privacy in a Post-GDPR World” by Adrian Dabrowski, Georg Merzdovnik, Johanna Ullrich, Gerald Sendera and Edgar Weippl has been accepted at the 20th Passive and Active Measurements Conference (PAM). The paper investigates the impact of the General Data Protection Regulation (GDPR) on the use of browser cookies. The conference will be held March 27-29, 2019 in Puerto Varas, Chile.


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.