Bachelor | Master | PhD – Thesis Supervision

Education is a core activity of SBA Research, and complements and supports our core, research-intensive activities. We aim at providing high-quality of education in postgraduate and undergraduate studies as well as secondary education, continuing education and in trainings. SBA Research draws from the vast experience, knowledge, and expertise of our staff, the latest research developments in the broader field of cyber-security, and our highly-specialized research infrastructures.

SBA Research is strongly affiliated with the Institute of Software Technology and Interactive Systems of TU Wien. In collaboration with the Faculty of Informatics, SBA Research offers the following courses:

• Internet Security (jointly with the Secure Systems Lab)
• Advanced Internet Security (jointly with the Secure Systems Lab)
• Software Security
• Organizational Aspects of Security
• Digital Forensics
• Privacy Enhancing Technologies
• Security Seminar

Furthermore, SBA Research provides internships and part-time employment (4 to 10 hours per week) for undergraduate students.

SBA Research affiliates often teach advanced cybersecurity topics in higher education institutes like FH St. Pölten, FH Campus Wien, FH Oberösterreich, FH Technikum Wien, and Danube University Krems. Also, SBA Research contributes every year to the Intensive Programme on Information and Communication Security (IPICS academic summer school).

STUDENTS INTERESTED to do an INTERNSHIP or pursue a THESIS (B.Sc., DI, M.Sc., or Ph.D.) are advised to directly CONTACT OUR RESEARCHERS as listed below.

Digital Sustainability and Resilience

• Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes  components. Edgar Weippl
• Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes. Edgar Weippl
• Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository). Edgar Weippl
• Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using queuing theory. Edgar Weippl

Security for Cyber Physical Production Systems

• Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)? Edgar Weippl
• Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed? Edgar Weippl
• Secure Software Engineering Processes in CPPS. Edgar Weippl

Combinatorial Testing for Information Security

• Test case generation for security testing: Dimitris Simos
• Combinatorial testing for hardware malware detection: Dimitris Simos
• Linux kernel testing for security bugs: Dimitris Simos
• Security protocol testing: Dimitris Simos
• Web application security testing: Dimitris Simos
• Combinatorial Testing of Tor Network: Dimitris Simos
• Mathematical modelling and analysis of security vulnerabilities: Dimitris Simos
• Optimizations Algorithms for Combinatorial Testing: Dimitris Simos
• Discrete Structures for fault-localization in Combinatorial Testing: Dimitris Simos

Cryptocurrencies

• Bitcoin scalability simulations: Aljosha Judmayer
• P2P networking aspects of cryptocurrencies: Aljosha Judmayer
• Alternative consensus/mining methods: Aljosha Judmayer
• Alternative applications and designs of block chain based consensus Systems: Aljosha Judmayer
• Bitcoin wallet Security: Aljosha Judmayer
• Altcoin evaluation and categorisation: Aljosha Judmayer

Cryptography

• Cryptographic engineering for security applications: Dimitris Simos
• Hard problems for post-quantum cryptography: Dimitris Simos
• Mathematical properties for testing implementations of crypto schemes: Dimitris Simos
• Randomness extractors from discrete structures: Dimitris Simos
• Design Estimators for quantum protocols: Dimitris Simos

Fileformat Security

• File-format hacks (such as funky file formats): Edgar Weippl
• Hiding executable code in data files (such as Word, etc.): Edgar Weippl

Internet of Things (IoT) Security and Privacy

• Update mechanisms for constrained IoT systems
• Secure embedded operating systems for IoT applications: Georg Merzdovnik
• IoT network protocol security analysis
• Privacy leaks and protections for IoT devices and protocols
• Lightweight intrusion detection for IoT systems: Georg Merzdovnik
• Efficient implementation of security and cryptography for IoT
• Moving-target defenses in IoT environments
• Resilient communication protocols for IoT

Cyber-Physical System Security

• Power consumption modulation measurements (GPU, CPU, disk access, etc.): Johanna Ullrich
• Attacks on cyber-physical systems: Johanna Ullrich
• POSIX blackbox live forensic: Aljosha Judmayer

Mobile Security and Privacy

• Dynamic Instrumentation: Georg Merzdovnik
• Static code deobfuscation: Georg Merzdovnik
• Android native code analysis: Georg Merzdovnik
• Mobile OS Security (Firefox OS, Tizen,…): Georg Merzdovnik
• On-Device application analysis: Georg Merzdovnik

Network Security

• IPv4/IPv6 sibling detection: Johanna Ullrich
• Long term observations of IPv6 addresses: Johanna Ullrich
• Collection of public IPv6 address data sets: Johanna Ullrich
• Internet cartography: Johanna Ullrich
• Development of  covert and side channels: Johanna Ullrich
• IPv6-based network scanning and reconnaissance: Johanna Ullrich
• IPv6 address formats (analysis and redevelopment): Johanna Ullrich
• Perception of IPv4 vs. IPv6 addresses (user study): Johanna Ullrich
• Analyzing top Internet page lists e.g., Alexa: Wilfried Mayer
• Net neutrality measurements: Wilfried Mayer
• RIPE Atlas data analysis: Wilfried Mayer
• Transparency of Internet-based protocols: Wilfried Mayer

Privacy Enhancing Technologies

• Tor network measurements: Wilfried Mayer
• Tor relay operator transparency: Wilfried Mayer
• Impact of Certificate Transparency on non-HTTPS-based ecosystems: Wilfried Mayer
• Censorship measurement technologies: Wilfried Mayer

Cloud Security

• Modelling of networking capabilities of hypervisors (Xen, KVM, etc.):  Johanna Ullrich
• Modelling of networking capabilities of containers:  Johanna Ullrich
• Development of  covert and side channels: Johanna Ullrich
• Network cartography in clouds: Johanna Ullrich
• Network attacks in clouds: Johanna Ullrich

Research in Information Security

• Comparing military research and academic research – analysis of de-classified content: Edgar Weippl
• Analysis of security in standardization processes: Johanna Ullrich

Software Security

• Source code analysis in code repositories: Edgar Weippl

System Security

• x64 binary analysis and de-obfuscation: Georg Merzdovnik
• Binary decompilation: Georg Merzdovnik
• Automated exploitation: Georg Merzdovnik
• Binary rewriting & hardening: Georg Merzdovnik
• Container based virtualization Security: Aljosha Judmayer
• Linux based local privilege escalation attacks case study: Aljosha Judmayer

Usable Security

• Usable Security. Developing a guideline of how to do research correctly: Edgar Weippl

Links

• Basic Miktex
• TexnicCenter
• IEEE Template for LaTeX and Word
• TISS