Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!

Research Areas and Topics at a Glance

Research Areas and Topics in Detail

Combinatorial Testing for Information Security & Cryptography

Combinatorial Security Testing Topics

• Combinatorial testing for hardware malware detection
  • Combinatorial Testing of Hardware Trojans Horses (HTH)
• Linux kernel testing for security bugs
  • Sequence CAs for System Call Testing
• Security protocol testing
  • SecFuzz: A CT Reverse Engineering Approach
  • AFL Model Extraction for CT
  • Mathematical modelling and analysis of protocol security vulnerabilities
• Web application security testing
  • Generalized content-injections
  • Generation of security tests
• Cryptographic Combinatorial Testing
  • Combinatorial Testing of Tor Network
  • Combinatorial Security Testing for PGP
  • Testing of PQC Implementations submitted to NIST Competition

Contact: MATRIS Group

Covering Arrays, Algorithms and Optimization Topics

• Optimizations Algorithms for Combinatorial Testing
• Discrete Structures for fault-localization in Combinatorial Testing
• Complexity problems for discrete structures used in Security

Contact: MATRIS Group

Cryptography

• Cryptographic engineering for security applications
• Hard problems for post-quantum cryptography
• Mathematical properties for testing implementations of crypto schemes
• Randomness extractors from discrete structures
• Design Estimators for quantum protocols

Contact: Dimitris Simos

Cryptocurrencies

• Bitcoin scalability simulations
• P2P networking aspects of cryptocurrencies
• Alternative consensus/mining methods
• Alternative applications and designs of block chain based consensus Systems
• Bitcoin wallet Security
• Altcoin evaluation and categorisation

Contact: Aljosha Judmayer

Cyber Physical Production Systems

Security for Cyber Physical Production Systems

• Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)?
• Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed?
• Secure Software Engineering Processes in CPPS

Contact: Edgar Weippl

Attacks against cyber-physical systems

• Physics-based attack modelling
• Physics-based intrusion detection

Contact: Johanna Ullrich

• POSIX blackbox live forensic

Contact: Aljosha Judmayer

Digital Sustainability

Understanding runtime system behaviour

• How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?
  • Literature research and interviews on status quo
  • Implementation of a model e.g.
    • Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
    • Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
  • These topics can also be split into several thesis

Contact: Alexander Schatten

Understanding and Handling Complexity

• Complexity and software systems
  • Find indicators to quantify complexity in software systems and organisations
  • Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
  • Analyse typical software and architecture patterns with focus on complexity
  • Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).

• Mapping program language related complexity
  • Find useful dimensions of comparison
    • intrinsic complicatedness
    • extrinsic complexity

Contact: Alexander Schatten

Management and Organisational Dynamic

• Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001
  • find useful dimensions for comparison
  • outline overlaps and interfaces
  • describe conflicts and usage scenarios

• Analyse organisational hierarchies, setup and processes (cooperation of business partners required)
  • Interface between business and IT to derive factors that lead to success or failure
  • Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory

Contact: Alexander Schatten

Security and Privacy in Machine Learning

Adversarial Machine Learning

Contact: Rudolf Mayer

A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”

Adversarial Inputs (resp. robustness against adversarial inputs)

• Intro papers: “Explaining and Harnessing Adversarial Examples”, S&P 2017 paper on “Towards Evaluating the Robustness of Neural Networks”, “Making machine learning robust against adversarial inputs”
• Video: “Towards Evaluating the Robustness of Neural Networks”
• Goal: systematically analyse existing evasion attacks and defenses and develop new attacks/defenses in specific application domains (such as industrial productions systems (https://www.sqi.at)).

Backdoor (data poisoning) attacks & defenses

• Intro papers, e.g. “Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning” or “BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain”
• Video: A talk about one defense mechanism: “Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks”
• Goal: analyse and evaluate attack vectors for poisoning attacks, evaluate their effectiveness and side-effects, as well as existing defenses, and develop new detection/defense mechanisms

Membership inference attack

• Intro papers: “Membership Inference Attacks against Machine Learning Models”
• Video: Reza Shokri, “Membership Inference Attacks against Machine Learning Models”
• Goal: analyse and evaluate attack scenarios for membership inference, analyse existing attack and defense patterns, and develop new mechanisms

Other attacks, e.g.

• Model stealing: “Stealing Machine Learning Models via Prediction APIs” & video
• Model inversion: “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures”

Privacy-preserving Machine Learning / Data Mining

Contact: Rudolf Mayer

Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:Privacy-preserving data publishing

Privacy-preserving data publishing

• k-anonymity, l-diversity, etc.
• Differential privacy, including local differential privacy
• Synthetic data generation
• Goal: evaluation of privacy protection, utility of the published data, novel attack mechanisms, application of differential privacy to machine learning models, …

Privacy-preserving computation

• Secure Multi-party computation (SMPC / MPC). Teaser video, more detailed explanation: “Secure Multiparty Computation – Tal Rabin Technion lecture – Part 1”
• Homomorphic encryption. Intro Video
• Federated learning (e.g. https://federated.withgoogle.com/)
• Goal: evaluation of effectiveness (e.g. accuracy) and efficiency of privacy-preserving approaches, compared to a base line of centralised learning. Application of approaches to new algorithms, data types, etc.

Watermarking / fingerprinting of datasets

• Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks

Networks & Critical Infrastructures Security

Power Consumption and Power Grid

• Power grid modelling (foreign languages beyond English helpful)
• Resilience analysis of the power grid
• Power consumption modulation measurements (GPU, CPU, disk access, etc.)
• Power consumption of Security Measures
• Power comsumption of TLS Implementations
• Power consumption of Secure Mailing
• Power consumption of SSH
• Impact of cryptocurrencies on power grid stability (statistical analysis)
• Power consumption of cryptocurrencies

Contact: Johanna Ullrich

Network Security

• Internet measurement experiments
• Internet cartography
• Fingerprinting over the network
• IPv6 deployment
• IPv4/IPv6 sibling detection
• Comparison of IPv4/IPv6 Internet characteristics
• IPv6 scanning and reconnaissance
• Methods against Internet measurement (Anti-Census-Approaches)
• Long term observations of IPv6 addresses
• Covert and side channel development
• Modelling of networking capabilities of hypervisors (Xen, KVM, etc.)
• Modelling of networking capabilities of containers

Contact: Johanna Ullrich

Privacy Enhancing Technologies & Net Neutrality

• Tor network measurements
• Tor relay operator transparency
• Impact of Certificate Transparency on non-HTTPS-based ecosystems
• Censorship measurement technologies
• Net neutrality measurements
• Transparency of Internet-based protocols
• DoH & DoT measurements
• Measuring the impact of legislative changes in the Internet

Contact: Wilfried Mayer

Software & Mobile Security

Mobile Security and Privacy

• Dynamic Instrumentation
• Static code deobfuscation
• Android native code analysis
• Mobile OS Security (Firefox OS, Tizen,…)
• On-Device application analysis

Contact: Georg Merzdovnik

Software Security

• Source code analysis in code repositories

Contact: Edgar Weippl

Systems & (I)IoT Security

Internet of Things (IoT): Security and Privacy

• Update mechanisms for constrained IoT systems
• Secure embedded operating systems for IoT applications
• IoT network protocol security analysis
• Privacy leaks and protections for IoT devices and protocols
• Lightweight intrusion detection for IoT systems
• Efficient implementation of security and cryptography for IoT
• Moving-target defenses in IoT environments
• Resilient communication protocols for IoT

Contact: Georg Merzdovnik

Internet of Things (IoT): Constrained Networks

• Integration of RIOT OS into SecureWSN
  • TinyIPFIX for Data Gathering
  • Aggregation Support
• Implementation of security solutions
• Optimization of system lifetime using energy harvesting mechanisms
• Extention of visualization mechanisms
• Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
• Integration of “Trust-Check” for devices
• Establishment of bidirectional communication (e.g., for updating purposes of intervals)

Contact: Corinna Schmitt / More information

System Security

• x64 binary analysis and de-obfuscation
• Binary decompilation
• Automated exploitation
• Binary rewriting & hardening

Contact: Georg Merzdovnik

• Container based virtualization Security
• Linux based local privilege escalation attacks case study

Contact: Aljosha Judmayer

Fileformat Security

• File-format hacks (such as funky file formats)
• Hiding executable code in data files (such as Word, etc.)

Contact: Edgar Weippl

Usable Security

• Usable crypography
• Usability of cryptographic protocols
• Usability of privacy enhancing technologies
• Trust in technology. How do humans form tust in technology artifacts?
• Incorporating trust in usability guidelines for secure software development

Contact: Matthias Gusenbauer (remote)

• Usable Security. Developing a guideline of how to do research correctly

Contact: Edgar Weippl

Further Links

• TexnicCenter
• IEEE Template for LaTeX and Word
• TISS