Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!
Research Areas and Topics at a Glance
Research Areas and Topics in Detail
Combinatorial Testing for Information Security & Cryptography
Combinatorial Security Testing Topics
- Combinatorial testing for hardware malware detection
- Combinatorial Testing of Hardware Trojans Horses (HTH)
- Linux kernel testing for security bugs
- Sequence CAs for System Call Testing
- Security protocol testing
- SecFuzz: A CT Reverse Engineering Approach
- AFL Model Extraction for CT
- Mathematical modelling and analysis of protocol security vulnerabilities
- Web application security testing
- Generalized content-injections
- Generation of security tests
- Cryptographic Combinatorial Testing
- Combinatorial Testing of Tor Network
- Combinatorial Security Testing for PGP
- Testing of PQC Implementations submitted to NIST Competition
Contact: MATRIS Group
Covering Arrays, Algorithms and Optimization Topics
- Optimizations Algorithms for Combinatorial Testing
- Discrete Structures for fault-localization in Combinatorial Testing
- Complexity problems for discrete structures used in Security
Contact: MATRIS Group
Cryptography
- Cryptographic engineering for security applications
- Hard problems for post-quantum cryptography
- Mathematical properties for testing implementations of crypto schemes
- Randomness extractors from discrete structures
- Design Estimators for quantum protocols
Contact: Dimitris Simos
Cryptocurrencies
- Bitcoin scalability simulations
- P2P networking aspects of cryptocurrencies
- Alternative consensus/mining methods
- Alternative applications and designs of block chain based consensus Systems
- Bitcoin wallet Security
- Altcoin evaluation and categorisation
Contact: Aljosha Judmayer
Cyber Physical Production Systems
Security for Cyber Physical Production Systems
- Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)?
- Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed?
- Secure Software Engineering Processes in CPPS
Contact: Edgar Weippl
Attacks against cyber-physical systems
- Physics-based attack modelling
- Physics-based intrusion detection
Contact: Johanna Ullrich
- POSIX blackbox live forensic
Contact: Aljosha Judmayer
Digital Sustainability
Understanding runtime system behaviour
- How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?
- Literature research and interviews on status quo
- Implementation of a model e.g.
- Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
- Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
- These topics can also be split into several thesis
Contact: Alexander Schatten
Understanding and Handling Complexity
- Complexity and software systems
- Find indicators to quantify complexity in software systems and organisations
- Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
- Analyse typical software and architecture patterns with focus on complexity
- Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).
- Mapping program language related complexity
- Find useful dimensions of comparison
- intrinsic complicatedness
- extrinsic complexity
- Find useful dimensions of comparison
Contact: Alexander Schatten
Management and Organisational Dynamic
- Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001
- find useful dimensions for comparison
- outline overlaps and interfaces
- describe conflicts and usage scenarios
- Analyse organisational hierarchies, setup and processes (cooperation of business partners required)
- Interface between business and IT to derive factors that lead to success or failure
- Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory
Contact: Alexander Schatten
Security and Privacy in Machine Learning
Adversarial Machine Learning
Contact: Rudolf Mayer
A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”
Adversarial Inputs (resp. robustness against adversarial inputs)
- Intro papers: “Explaining and Harnessing Adversarial Examples”, S&P 2017 paper on “Towards Evaluating the Robustness of Neural Networks”, “Making machine learning robust against adversarial inputs”
- Video: “Towards Evaluating the Robustness of Neural Networks”
- Goal: systematically analyse existing evasion attacks and defenses and develop new attacks/defenses in specific application domains (such as industrial productions systems (https://www.sqi.at)).
Backdoor (data poisoning) attacks & defenses
- Intro papers, e.g. “Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning” or “BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain”
- Video: A talk about one defense mechanism: “Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks”
- Goal: analyse and evaluate attack vectors for poisoning attacks, evaluate their effectiveness and side-effects, as well as existing defenses, and develop new detection/defense mechanisms
Membership inference attack
- Intro papers: “Membership Inference Attacks against Machine Learning Models”
- Video: Reza Shokri, “Membership Inference Attacks against Machine Learning Models”
- Goal: analyse and evaluate attack scenarios for membership inference, analyse existing attack and defense patterns, and develop new mechanisms
Other attacks, e.g.
- Model stealing: “Stealing Machine Learning Models via Prediction APIs” & video
- Model inversion: “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures”
Privacy-preserving Machine Learning / Data Mining
Contact: Rudolf Mayer
Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:Privacy-preserving data publishing
Privacy-preserving data publishing
- k-anonymity, l-diversity, etc.
- Differential privacy, including local differential privacy
- Synthetic data generation
- Goal: evaluation of privacy protection, utility of the published data, novel attack mechanisms, application of differential privacy to machine learning models, …
Privacy-preserving computation
- Secure Multi-party computation (SMPC / MPC). Teaser video, more detailed explanation: “Secure Multiparty Computation – Tal Rabin Technion lecture – Part 1”
- Homomorphic encryption. Intro Video
- Federated learning (e.g. https://federated.withgoogle.com/)
- Goal: evaluation of effectiveness (e.g. accuracy) and efficiency of privacy-preserving approaches, compared to a base line of centralised learning. Application of approaches to new algorithms, data types, etc.
Watermarking / fingerprinting of datasets
- Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks
Networks & Critical Infrastructures Security
Power Consumption and Power Grid
- Power grid modelling (foreign languages beyond English helpful)
- Resilience analysis of the power grid
- Power consumption modulation measurements (GPU, CPU, disk access, etc.)
- Power consumption of Security Measures
- Power comsumption of TLS Implementations
- Power consumption of Secure Mailing
- Power consumption of SSH
- Impact of cryptocurrencies on power grid stability (statistical analysis)
- Power consumption of cryptocurrencies
Contact: Johanna Ullrich
Network Security
- Internet measurement experiments
- Internet cartography
- Fingerprinting over the network
- IPv6 deployment
- IPv4/IPv6 sibling detection
- Comparison of IPv4/IPv6 Internet characteristics
- IPv6 scanning and reconnaissance
- Methods against Internet measurement (Anti-Census-Approaches)
- Long term observations of IPv6 addresses
- Covert and side channel development
- Modelling of networking capabilities of hypervisors (Xen, KVM, etc.)
- Modelling of networking capabilities of containers
Contact: Johanna Ullrich
Cellular Networks & Relay Attacks
Cellular Networks
- MobileAtlas measurements and improvements on the measurement platform
- Net neutrality, zero-rating, and free-riding measurements
- Analyzing SIM APDUs and proactive SIM commands
- Extract a SIMs secret key via differential power analysis (e.g., via ChipWhisperer)
- Attacks on eSIM and remote SIM provisioning
Relay Attacks
- Relay traffic of various Smartcards (access tokens, RFID, NFC)
- Relay traffic of location tracking devices (e.g., Apple AirTag)
Contact: Gabriel K. Gegenhuber
Software & Mobile Security
Mobile Security and Privacy
- Dynamic Instrumentation
- Static code deobfuscation
- Android native code analysis
- Mobile OS Security (Firefox OS, Tizen,…)
- On-Device application analysis
Contact: Georg Merzdovnik
Software Security
- Source code analysis in code repositories
Contact: Edgar Weippl
- Gathering evidence from websites in insecure browser environments
Contact:
NetzBeweis GmbH
Philipp Omenitsch, MSc.
philipp@netzbeweis.com
Systems & (I)IoT Security
Internet of Things (IoT): Security and Privacy
- Update mechanisms for constrained IoT systems
- Secure embedded operating systems for IoT applications
- IoT network protocol security analysis
- Privacy leaks and protections for IoT devices and protocols
- Lightweight intrusion detection for IoT systems
- Efficient implementation of security and cryptography for IoT
- Moving-target defenses in IoT environments
- Resilient communication protocols for IoT
Contact: Georg Merzdovnik
Internet of Things (IoT): Constrained Networks
- Integration of RIOT OS into SecureWSN
- TinyIPFIX for Data Gathering
- Aggregation Support
- Implementation of security solutions
- Optimization of system lifetime using energy harvesting mechanisms
- Extention of visualization mechanisms
- Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
- Integration of “Trust-Check” for devices
- Establishment of bidirectional communication (e.g., for updating purposes of intervals)
Contact: Corinna Schmitt / More information
System Security
- x64 binary analysis and de-obfuscation
- Binary decompilation
- Automated exploitation
- Binary rewriting & hardening
Contact: Georg Merzdovnik
- Container based virtualization Security
- Linux based local privilege escalation attacks case study
Contact: Aljosha Judmayer
Fileformat Security
- File-format hacks (such as funky file formats)
- Hiding executable code in data files (such as Word, etc.)
Contact: Edgar Weippl
Usable Security
- Usable Security. Developing a guideline of how to do research correctly
Contact: Edgar Weippl