Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

Bachelor, Master & PhD – Thesis Supervision

Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!

Research Areas and Topics at a Glance

Research Areas and Topics in Detail

Combinatorial Testing for Information Security & Cryptography

Combinatorial Security Testing Topics

  • Combinatorial testing for hardware malware detection
    • Combinatorial Testing of Hardware Trojans Horses (HTH)
  • Linux kernel testing for security bugs
    • Sequence CAs for System Call Testing
  • Security protocol testing
    • SecFuzz: A CT Reverse Engineering Approach
    • AFL Model Extraction for CT
    • Mathematical modelling and analysis of protocol security vulnerabilities
  • Web application security testing
    • Generalized content-injections
    • Generation of security tests
  • Cryptographic Combinatorial Testing
    • Combinatorial Testing of Tor Network
    • Combinatorial Security Testing for PGP
    • Testing of PQC Implementations submitted to NIST Competition

Contact: MATRIS Group

Covering Arrays, Algorithms and Optimization Topics

  • Optimizations Algorithms for Combinatorial Testing
  • Discrete Structures for fault-localization in Combinatorial Testing
  • Complexity problems for discrete structures used in Security

Contact: MATRIS Group


  • Cryptographic engineering for security applications
  • Hard problems for post-quantum cryptography
  • Mathematical properties for testing implementations of crypto schemes
  • Randomness extractors from discrete structures
  • Design Estimators for quantum protocols

Contact: Dimitris Simos


  • Bitcoin scalability simulations
  • P2P networking aspects of cryptocurrencies
  • Alternative consensus/mining methods
  • Alternative applications and designs of block chain based consensus Systems
  • Bitcoin wallet Security
  • Altcoin evaluation and categorisation

Contact: Aljosha Judmayer

Cyber Physical Production Systems

Security for Cyber Physical Production Systems

  • Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)?
  • Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed?
  • Secure Software Engineering Processes in CPPS

Contact: Edgar Weippl

Attacks against cyber-physical systems

  • Physics-based attack modelling
  • Physics-based intrusion detection

Contact: Johanna Ullrich

  • POSIX blackbox live forensic

Contact: Aljosha Judmayer

Digital Sustainability

Understanding runtime system behaviour

  • How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?
    • Literature research and interviews on status quo
    • Implementation of a model e.g.
      • Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
      • Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
    • These topics can also be split into several thesis

Contact: Alexander Schatten

Understanding and Handling Complexity

  • Complexity and software systems
    • Find indicators to quantify complexity in software systems and organisations
    • Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
    • Analyse typical software and architecture patterns with focus on complexity
    • Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).
  • Mapping program language related complexity
    • Find useful dimensions of comparison
      • intrinsic complicatedness
      • extrinsic complexity

Contact: Alexander Schatten

Management and Organisational Dynamic

  • Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001
    • find useful dimensions for comparison
    • outline overlaps and interfaces
    • describe conflicts and usage scenarios
  • Analyse organisational hierarchies, setup and processes (cooperation of business partners required)
    • Interface between business and IT to derive factors that lead to success or failure
    • Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory

Contact: Alexander Schatten

Security and Privacy in Machine Learning

Adversarial Machine Learning

Contact: Rudolf Mayer

A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”

Adversarial Inputs (resp. robustness against adversarial inputs)

Backdoor (data poisoning) attacks & defenses

Membership inference attack

Other attacks, e.g.

Privacy-preserving Machine Learning / Data Mining

Contact: Rudolf Mayer

Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:Privacy-preserving data publishing

Privacy-preserving data publishing

  • k-anonymity, l-diversity, etc.
  • Differential privacy, including local differential privacy
  • Synthetic data generation
  • Goal: evaluation of privacy protection, utility of the published data, novel attack mechanisms, application of differential privacy to machine learning models, …

Privacy-preserving computation

Watermarking / fingerprinting of datasets

  • Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks

Networks & Critical Infrastructures Security

Power Consumption and Power Grid

  • Power grid modelling (foreign languages beyond English helpful)
  • Resilience analysis of the power grid
  • Power consumption modulation measurements (GPU, CPU, disk access, etc.)
  • Power consumption of Security Measures
  • Power comsumption of TLS Implementations
  • Power consumption of Secure Mailing
  • Power consumption of SSH
  • Impact of cryptocurrencies on power grid stability (statistical analysis)
  • Power consumption of cryptocurrencies

Contact: Johanna Ullrich

Network Security

  • Internet measurement experiments
  • Internet cartography
  • Fingerprinting over the network
  • IPv6 deployment
  • IPv4/IPv6 sibling detection
  • Comparison of IPv4/IPv6 Internet characteristics
  • IPv6 scanning and reconnaissance
  • Methods against Internet measurement (Anti-Census-Approaches)
  • Long term observations of IPv6 addresses
  • Covert and side channel development
  • Modelling of networking capabilities of hypervisors (Xen, KVM, etc.)
  • Modelling of networking capabilities of containers

Contact: Johanna Ullrich

Cellular Networks & Relay Attacks

Cellular Networks

  • MobileAtlas measurements and improvements on the measurement platform
    • Net neutrality, zero-rating, and free-riding measurements
    • Analyzing SIM APDUs and proactive SIM commands
    • Extract a SIMs secret key via differential power analysis (e.g., via ChipWhisperer)
    • Attacks on eSIM and remote SIM provisioning

Relay Attacks

  • Relay traffic of various Smartcards (access tokens, RFID, NFC)
  • Relay traffic of location tracking devices (e.g., Apple AirTag)

Contact: Gabriel K. Gegenhuber

Software & Mobile Security

Mobile Security and Privacy

  • Dynamic Instrumentation
  • Static code deobfuscation
  • Android native code analysis
  • Mobile OS Security (Firefox OS, Tizen,…)
  • On-Device application analysis

Contact: Georg Merzdovnik

Software Security

  • Source code analysis in code repositories

Contact: Edgar Weippl

  • Gathering evidence from websites in insecure browser environments


NetzBeweis GmbH
Philipp Omenitsch, MSc.

Systems & (I)IoT Security

Internet of Things (IoT): Security and Privacy

  • Update mechanisms for constrained IoT systems
  • Secure embedded operating systems for IoT applications
  • IoT network protocol security analysis
  • Privacy leaks and protections for IoT devices and protocols
  • Lightweight intrusion detection for IoT systems
  • Efficient implementation of security and cryptography for IoT
  • Moving-target defenses in IoT environments
  • Resilient communication protocols for IoT

Contact: Georg Merzdovnik

Internet of Things (IoT): Constrained Networks

  • Integration of RIOT OS into SecureWSN
    • TinyIPFIX for Data Gathering
    • Aggregation Support
  • Implementation of security solutions
  • Optimization of system lifetime using energy harvesting mechanisms
  • Extention of visualization mechanisms
  • Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
  • Integration of “Trust-Check” for devices
  • Establishment of bidirectional communication (e.g., for updating purposes of intervals)

Contact: Corinna Schmitt / More information

System Security

  • x64 binary analysis and de-obfuscation
  • Binary decompilation
  • Automated exploitation
  • Binary rewriting & hardening

Contact: Georg Merzdovnik

  • Container based virtualization Security
  • Linux based local privilege escalation attacks case study

Contact: Aljosha Judmayer

Fileformat Security

  • File-format hacks (such as funky file formats)
  • Hiding executable code in data files (such as Word, etc.)

Contact: Edgar Weippl

Usable Security

  • Usable Security. Developing a guideline of how to do research correctly

Contact: Edgar Weippl

Further Links