Floragasse 7 – 5th floor, 1040 Vienna

Bachelor, Master & PhD – Thesis Supervision

Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!

Research Areas and Topics

Security and Privacy in Machine Learning

Below is a list of topics related to security and privacy aspects of Machine Learning / Data Mining / Artificial Intelligence. If you are interested, please contact Rudolf Mayer

Adversarial Machine Learning:

A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”: https://www.youtube.com/watch?v=j6nRPg2Y62w  

Privacy-preserving Machine Learning / Data Mining

Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:

Watermarking / fingerprinting of datasets

  • Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks

Digital Sustainability

  • Understanding runtime system behaviour: How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?: Alexander Schatten
    • Literature research and interviews on status quo
    • Implementation of a model e.g.
      • Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
      • Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
    • These topics can also be split into several thesis
  • Understanding and Handling Complexity: Complexity and software systems: Alexander Schatten
    • Find indicators to quantify complexity in software systems and organisations
    • Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
    • Analyse typical software and architecture patterns with focus on complexity
    • Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).
  • Understanding and Handling Complexity: Mapping program language related complexity: Alexander Schatten
    • Find useful dimensions of comparison
    • intrinsic complicatedness
    • extrinsic complexity
  • Management and Organisational Dynamic: Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001: Alexander Schatten
    • find useful dimensions for comparison
    • outline overlaps and interfaces
    • describe conflicts and usage scenarios
  • Management and Organisational Dynamic: Analyse organisational hierarchies, setup and processes (cooperation of business partners required): Alexander Schatten
    • Interface between business and IT to derive factors that lead to success or failure
    • Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory

Security for Cyber Physical Production Systems

  • Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)? Edgar Weippl
  • Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed? Edgar Weippl
  • Secure Software Engineering Processes in CPPS. Edgar Weippl

Combinatorial Testing for Information Security

For more details or additional topics please have a look at: https://matris.sba-research.org/positions/



Fileformat Security

Internet of Things (IoT) Security and Privacy

  • Update mechanisms for constrained IoT systems
  • Secure embedded operating systems for IoT applications: Georg Merzdovnik
  • IoT network protocol security analysis
  • Privacy leaks and protections for IoT devices and protocols
  • Lightweight intrusion detection for IoT systems: Georg Merzdovnik
  • Efficient implementation of security and cryptography for IoT
  • Moving-target defenses in IoT environments
  • Resilient communication protocols for IoT

Internet of Things (IoT) – Constrained Networks

  • Integration of RIOT OS into SecureWSN
    – TinyIPFIX for Data Gathering
    – Aggregation Support
  • Implementation of security solutions
  • Optimization of system lifetime using energy harvesting mechanisms
  • Extention of visualization mechanisms
  • Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
  • Integration of “Trust-Check” for devices
  • Establishment of bidirectional communication (e.g., for updating purposes of intervals)

Topic description available under https://corinna-schmitt.de/student-theses.html

Power Consumption and Power Grid

Attacks against cyber-physical systems

Mobile Security and Privacy

Network Security

Privacy Enhancing Technologies & Net Neutrality

Research in Information Security

  • Comparing military research and academic research – analysis of de-classified content: Edgar Weippl
  • Analysis of security in standardization processes: Johanna Ullrich

Software Security

System Security

Usable Security


This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.