SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Security Advisory: CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files.

Full security advisory

Edgar Weippl Invited Talk on Blockchains at Cryptacus Conference

After Srdjan Capkun’s opening keynote on ‘Secure Positioning and Location-Based Security’ and Bart Preneel’s presentation on ‘Challenges for Embedded Cryptography’, Edgar Weippl gave his invited talk on “Distributed Ledger Technology, Blockchain & Crypto Currencies – Hype & an Opportunity for Interdisciplinary Research” at the Cryptacus Conference.

Tomasz Miksa co-organised workshop on Domain specific extensions for machine-actionable Data Management Plans at the TPDL conference in Porto

The workshop entitled “Domain specific extensions for machine-actionable Data Management Plans” was held during the 22nd International Conference on Theory and Practice of Digital Libraries in Porto, Porugal.

In the workshop participants focused on the common data model for machine-actionable DMPs and seek to identify which domain specific extensions must be implemented to fulfil requirements of stakeholders, such as digital libraries and repositories. Discussion also focused on which information they can provide and which information they can expect, and how existing and future systems and services can support and potentially automate this information flow.

The results of the workshop contribute to the work of the RDA DMP Common Standards working group.

Bernhard Garn presents paper at 2nd IMA Conference on Theoretical and Computational Discrete Mathematics

Today, at the 2nd IMA Conference on Theoretical and Computational Discrete Mathematics [IMA], Bernhard Garn gives a talk titled ‘Algebraic Techniques for Covering Arrays and Related Structures’ (joint work with Dimitris Simos). The conference showcases theoretical and computational advances in the general field of discrete mathematics.


Tomasz Miksa on Research Data Preservation Using Process Engines and Machine-Actionable Data Management Plans at the TPDL conference in Porto

Tomasz Miksa presented a paper entitled “Research Data Preservation Using Process Engines and Machine-Actionable Data Management Plans” at the 22nd International Conference on Theory and Practice of Digital Libraries (TPDL 2018) which was held 10-13 September in Porto, Portugal.

The paper demonstrates how systems used for managing data during research can be extended with preservation functions using process engines that run pre-defined preservation workflows. It also shows a prototype of a machine-actionable data management plan that is automatically generated during this process to document actions performed.

The full text of the paper can be found here: [click].

Nicholas Stifter presents paper at RAID 2018

Yesterday, Nicholas Stifter presented their paper:

Johanna Ullrich, Nicholas Stifter, Aljosha Judmayer, Adrian Dabrowski and Edgar Weippl, “Proof-of-Blackouts? How Proof-of-Work Cryptocurrencies Could Affect Power Grids” at RAID 2018 in Heraklion, Crete

The paper analyzes the potential impact cryptocurrency mining and its large power consumption could have on the reliable operation of synchronous power grids. For this, estimates of both the worldwide power consumption of Bitcoin and Ethereum, as well as their power consumption in different European power grids, are presented and discussed.

Read full paper

Edgar’s Keynote at SIN’18 on Distributed Ledger Technology, Blockchain & Crypto Currencies

Edgar's Opening Keynote
Photo by Atilla Elçi

The morning session started with Edgar’s Opening Keynote on Distributed Ledger Technology, Blockchain & Crypto Currencies. The topic is not only a hype area but also well-suited for graduate students to start with focused research. In the presentation Edgar showed three aspects that are important in SBA’s research: (1) theoretical foundations, (2) understanding real world phenomena, and (3) impact.

Edgar Weippl Keynote on Distributed Ledger Technology, Blockchain & Crypto Currencies
Cardiff University

Security Rockstars Wettbewerb geht in die dritte Runde

KSÖ, SBA Research und KPMG suchen die besten Ideen rund um Security

Zum Artikel

Aljosha Judmayer to present full paper at CBT 2018

Aljosha Judmayer will be presenting his full paper at CBT 2018 in Barcelona:
Aljosha Judmayer, Nicholas Stifter, Philipp Schindler and Edgar Weippl. “Enforcing rule changes through offensive forking- and consensus techniques

Full paper

Moreover Alexei Zamyatin had his poster accepted at the CBT´18 workshop, held as part as the ESORICS 2018:
Alexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais and William J. Knottenbelt. “Multisignatures for Cryptocurrency-Backed Tokens”

ARES 2018 (Hamburg) breaks all previous records

With a total of 308 participants from over 50 countries this year´s ARES & CD-MAKE broke all previous records. An acceptance rate of 22,3% along with 18 workshops, 6 of them held within the EU Projects Symposium, and 14 keynote speakers reflect the obtained success and impact.

In proper ARES style the productive days were complemented by wonderful evening events like the welcome reception inspired by the motto “fish buns and local traditions”, a harbor cruise and a laid-back conference dinner following a peak into the Miniature Wonderland.


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.