Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!
Research Areas and Topics at a Glance
Research Areas and Topics in Detail
Combinatorial Testing for Information Security & Cryptography
Combinatorial Security Testing Topics
- Combinatorial testing for hardware malware detection
- Combinatorial Testing of Hardware Trojans Horses (HTH)
- Linux kernel testing for security bugs
- Sequence CAs for System Call Testing
- Security protocol testing
- SecFuzz: A CT Reverse Engineering Approach
- AFL Model Extraction for CT
- Mathematical modelling and analysis of protocol security vulnerabilities
- Web application security testing
- Generalized content-injections
- Generation of security tests
- Cryptographic Combinatorial Testing
- Combinatorial Testing of Tor Network
- Combinatorial Security Testing for PGP
- Testing of PQC Implementations submitted to NIST Competition
Contact: MATRIS Group
Covering Arrays, Algorithms and Optimization Topics
- Optimizations Algorithms for Combinatorial Testing
- Discrete Structures for fault-localization in Combinatorial Testing
- Complexity problems for discrete structures used in Security
Contact: MATRIS Group
Cryptography Engineering
- Cryptography engineering for security applications
- Messenger security and privacy
- Digital identity security and privacy
- Implementation and testing of cryptographic protocols
- Cryptocurrencies and Wallet security
Contact: Aljosha Judmayer
Cyber Physical Production Systems
Attacks against cyber-physical systems
- Physics-based attack modelling
- Physics-based intrusion detection
Contact: Johanna Ullrich
Digital Sustainability
Understanding runtime system behaviour
- How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?
- Literature research and interviews on status quo
- Implementation of a model e.g.
- Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
- Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
- These topics can also be split into several thesis
Contact: Alexander Schatten
Complex Software Ecosystem Assessment
Software systems power our modern world, acting as its digital nervous system. Yet, their complexity is outpacing traditional engineering approaches.
To tackle this, we need fresh perspectives, like software gardening, ageing, and ecosystem management, to understand and shape their behavior.
We invite motivated students to explore these questions through Bachelor, Master, and PhD theses in our cutting-edge research program. Key research areas include, but are not limited to:
- How can we measure and describe software system complexity?
- Which metrics and patterns reveal strengths and weaknesses?
- Can AI predict and guide the evolution of large-scale codebases?
- How can humans and AI program effectively together
Join us to push the boundaries of software engineering!
Contact: Alexander Schatten
Distributed Systems
- Security and privacy of distributed systems
- Consensus protocols
- Implementation and testing of distributed systems
- Centrally Banked Digital Currencies (CBDCs)
- Cryptocurrencies and Smart Contracts
Contact: Aljosha Judmayer
Security and Privacy in Machine Learning
Adversarial Machine Learning
Contact: Rudolf Mayer
A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”
Adversarial Inputs (resp. robustness against adversarial inputs)
- Intro papers: “Explaining and Harnessing Adversarial Examples”, S&P 2017 paper on “Towards Evaluating the Robustness of Neural Networks”, “Making machine learning robust against adversarial inputs”
- Video: “Towards Evaluating the Robustness of Neural Networks”
- Goal: systematically analyse existing evasion attacks and defenses and develop new attacks/defenses in specific application domains (such as industrial productions systems (https://www.sqi.at).
Backdoor (data poisoning) attacks & defenses
- Intro papers, e.g. “Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning” or “BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain”
- Video: A talk about one defense mechanism: “Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks”
- Goal: analyse and evaluate attack vectors for poisoning attacks, evaluate their effectiveness and side-effects, as well as existing defenses, and develop new detection/defense mechanisms
Membership inference attack
- Intro papers: “Membership Inference Attacks against Machine Learning Models”
- Video: Reza Shokri, “Membership Inference Attacks against Machine Learning Models”
- Goal: analyse and evaluate attack scenarios for membership inference, analyse existing attack and defense patterns, and develop new mechanisms
Other attacks, e.g.
- Model stealing: “Stealing Machine Learning Models via Prediction APIs” & video
- Model inversion: “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures”
Privacy-preserving Machine Learning / Data Mining
Contact: Rudolf Mayer
Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:Privacy-preserving data publishing
Privacy-preserving data publishing
- k-anonymity, l-diversity, etc.
- Differential privacy, including local differential privacy
- Synthetic data generation
- Goal: evaluation of privacy protection, utility of the published data, novel attack mechanisms, application of differential privacy to machine learning models, …
Privacy-preserving computation
- Secure Multi-party computation (SMPC / MPC). Teaser video, more detailed explanation: “Secure Multiparty Computation – Tal Rabin Technion lecture – Part 1”
- Homomorphic encryption. Intro Video
- Federated learning (e.g. https://federated.withgoogle.com/)
- Goal: evaluation of effectiveness (e.g. accuracy) and efficiency of privacy-preserving approaches, compared to a base line of centralised learning. Application of approaches to new algorithms, data types, etc.
Watermarking / fingerprinting of datasets
- Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks
Networks & Critical Infrastructures Security
Power Consumption and Power Grid
- Power grid modelling (foreign languages beyond English helpful)
- Resilience analysis of the power grid
- Power consumption modulation measurements (GPU, CPU, disk access, etc.)
- Power consumption of Security Measures
- Power comsumption of TLS Implementations
- Power consumption of Secure Mailing
- Power consumption of SSH
- Impact of cryptocurrencies on power grid stability (statistical analysis)
- Power consumption of cryptocurrencies
Contact: Johanna Ullrich
Network Security
- Internet measurement experiments
- Internet cartography
- Fingerprinting over the network
- IPv6 deployment
- IPv4/IPv6 sibling detection
- Comparison of IPv4/IPv6 Internet characteristics
- IPv6 scanning and reconnaissance
- Methods against Internet measurement (Anti-Census-Approaches)
- Long term observations of IPv6 addresses
- Covert and side channel development
- Modelling of networking capabilities of hypervisors (Xen, KVM, etc.)
- Modelling of networking capabilities of containers
Contact: Johanna Ullrich
Cellular Networks
- MobileAtlas measurements and improvements on the measurement platform
- Net neutrality, zero-rating, and free-riding measurements
- Analyzing SIM APDUs and proactive SIM commands
- Extract a SIMs secret key via differential power analysis (e.g., via ChipWhisperer)
- Attacks on eSIM and remote SIM provisioning
Relay Attacks
- Relay traffic of various Smartcards (access tokens, RFID, NFC)
- Relay traffic of location tracking devices (e.g., Apple AirTag)
Contact: Gabriel K. Gegenhuber
Software & Mobile Security
Software Security
- Source code analysis in code repositories
Contact: Edgar Weippl
Systems & (I)IoT Security
Internet of Things (IoT): Security and Privacy
- Update mechanisms for constrained IoT systems
- Secure embedded operating systems for IoT applications
- IoT network protocol security analysis
- Privacy leaks and protections for IoT devices and protocols
- Lightweight intrusion detection for IoT systems
- Efficient implementation of security and cryptography for IoT
- Moving-target defenses in IoT environments
- Resilient communication protocols for IoT
Contact: Georg Merzdovnik
Internet of Things (IoT): Constrained Networks
- Integration of RIOT OS into SecureWSN
- TinyIPFIX for Data Gathering
- Aggregation Support
- Implementation of security solutions
- Optimization of system lifetime using energy harvesting mechanisms
- Extention of visualization mechanisms
- Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
- Integration of “Trust-Check” for devices
- Establishment of bidirectional communication (e.g., for updating purposes of intervals)
Contact: Corinna Schmitt / More information
System Security
- x64 binary analysis and de-obfuscation
- Binary decompilation
- Automated exploitation
- Binary rewriting & hardening
Contact: Georg Merzdovnik
Fileformat Security
- File-format hacks (such as funky file formats)
- Hiding executable code in data files (such as Word, etc.)
Contact: Edgar Weippl
Usable Security
- Usable Security. Developing a guideline of how to do research correctly
Contact: Edgar Weippl