Floragasse 7 – 5th floor, 1040 Vienna

Bachelor, Master & PhD – Thesis Supervision

Employees of SBA Research work and teach at Austrian universities and universities of applied sciences. We are supervising Bachelor, Master and PhD theses and are offering internships – for further details, please see below, and don’t hesitate to contact our researchers directly!

Research Areas and Topics at a Glance

Research Areas and Topics in Detail

Combinatorial Testing for Information Security & Cryptography

Combinatorial Security Testing Topics

  • Combinatorial testing for hardware malware detection
    • Combinatorial Testing of Hardware Trojans Horses (HTH)
  • Linux kernel testing for security bugs
    • Sequence CAs for System Call Testing
  • Security protocol testing
    • SecFuzz: A CT Reverse Engineering Approach
    • AFL Model Extraction for CT
    • Mathematical modelling and analysis of protocol security vulnerabilities
  • Web application security testing
    • Generalized content-injections
    • Generation of security tests
  • Cryptographic Combinatorial Testing
    • Combinatorial Testing of Tor Network
    • Combinatorial Security Testing for PGP
    • Testing of PQC Implementations submitted to NIST Competition

Contact: MATRIS Group

Covering Arrays, Algorithms and Optimization Topics

  • Optimizations Algorithms for Combinatorial Testing
  • Discrete Structures for fault-localization in Combinatorial Testing
  • Complexity problems for discrete structures used in Security

Contact: MATRIS Group


  • Cryptographic engineering for security applications
  • Hard problems for post-quantum cryptography
  • Mathematical properties for testing implementations of crypto schemes
  • Randomness extractors from discrete structures
  • Design Estimators for quantum protocols

Contact: Dimitris Simos


  • Bitcoin scalability simulations
  • P2P networking aspects of cryptocurrencies
  • Alternative consensus/mining methods
  • Alternative applications and designs of block chain based consensus Systems
  • Bitcoin wallet Security
  • Altcoin evaluation and categorisation

Contact: Aljosha Judmayer

Cyber Physical Production Systems

Security for Cyber Physical Production Systems

  • Network Security in CPPS. Which tools (like metasploit) are readily available for pentesting CPPS (instead of business systems)?
  • Forensics Analysis in CPPS. Which tools exist that can be used to analyse CPPS? Are there guidelines on how to proceed?
  • Secure Software Engineering Processes in CPPS

Contact: Edgar Weippl

Attacks against cyber-physical systems

  • Physics-based attack modelling
  • Physics-based intrusion detection

Contact: Johanna Ullrich

  • POSIX blackbox live forensic

Contact: Aljosha Judmayer

Digital Sustainability

Understanding runtime system behaviour

  • How can the runtime behaviour of a complex systems be described, modelled and monitored/checked?
    • Literature research and interviews on status quo
    • Implementation of a model e.g.
      • Demonstrate a complex yet resilient component based infrastructure by implementing a (Netflix) Chaos Monkey demonstration setup with Docker/Kubernetes components.
      • Runtime analysis of selected open source system(s): use debug interface of (Java) virtual machine to analyse runtime behaviour, draw a “code-landscape” and identify processes.
    • These topics can also be split into several thesis

Contact: Alexander Schatten

Understanding and Handling Complexity

  • Complexity and software systems
    • Find indicators to quantify complexity in software systems and organisations
    • Find and describe systemic patterns and complexity drivers that can help to understand problems in large software systems
    • Analyse typical software and architecture patterns with focus on complexity
    • Analyse the complexity of selected Open Source projects following established complexity- and entropy-indicators. This might include static code analysis and analysis of code changes (source code repository).
  • Mapping program language related complexity
    • Find useful dimensions of comparison
      • intrinsic complicatedness
      • extrinsic complexity

Contact: Alexander Schatten

Management and Organisational Dynamic

  • Map existing IT management frameworks and patterns like ITIL, COBIT, SAFE, ISO9001
    • find useful dimensions for comparison
    • outline overlaps and interfaces
    • describe conflicts and usage scenarios
  • Analyse organisational hierarchies, setup and processes (cooperation of business partners required)
    • Interface between business and IT to derive factors that lead to success or failure
    • Implement a dynamic simulation of an organisation and deduce efficiency “bottle-necks” using e.g. queuing theory

Contact: Alexander Schatten

Security and Privacy in Machine Learning

Adversarial Machine Learning

Contact: Rudolf Mayer

A good overview talk (in German) into Adversarial Machine Learning is given by Konrad Rieck: “Sicherheitslücken in der künstlichen Intelligenz”

Adversarial Inputs (resp. robustness against adversarial inputs)

Backdoor (data poisoning) attacks & defenses

Membership inference attack

Other attacks, e.g.

Privacy-preserving Machine Learning / Data Mining

Contact: Rudolf Mayer

Privacy-preserving analysis of data is becoming more relevant with the increasing amount of personal data being gathered. Several different approaches aiming at this problem exist, e.g.:Privacy-preserving data publishing

Privacy-preserving data publishing

  • k-anonymity, l-diversity, etc.
  • Differential privacy, including local differential privacy
  • Synthetic data generation
  • Goal: evaluation of privacy protection, utility of the published data, novel attack mechanisms, application of differential privacy to machine learning models, …

Privacy-preserving computation

Watermarking / fingerprinting of datasets

  • Goal: evaluation of schemes for their robustness of attacks, vs. their data utility, e.g. measured by effectiveness in machine learning tasks

Networks & Critical Infrastructures Security

Power Consumption and Power Grid

  • Power grid modelling (foreign languages beyond English helpful)
  • Resilience analysis of the power grid
  • Power consumption modulation measurements (GPU, CPU, disk access, etc.)
  • Power consumption of Security Measures
  • Power comsumption of TLS Implementations
  • Power consumption of Secure Mailing
  • Power consumption of SSH
  • Impact of cryptocurrencies on power grid stability (statistical analysis)
  • Power consumption of cryptocurrencies

Contact: Johanna Ullrich

Network Security

  • Internet measurement experiments
  • Internet cartography
  • Fingerprinting over the network
  • IPv6 deployment
  • IPv4/IPv6 sibling detection
  • Comparison of IPv4/IPv6 Internet characteristics
  • IPv6 scanning and reconnaissance
  • Methods against Internet measurement (Anti-Census-Approaches)
  • Long term observations of IPv6 addresses
  • Covert and side channel development
  • Modelling of networking capabilities of hypervisors (Xen, KVM, etc.)
  • Modelling of networking capabilities of containers

Contact: Johanna Ullrich

Privacy Enhancing Technologies & Net Neutrality

  • Tor network measurements
  • Tor relay operator transparency
  • Impact of Certificate Transparency on non-HTTPS-based ecosystems
  • Censorship measurement technologies
  • Net neutrality measurements
  • Transparency of Internet-based protocols
  • DoH & DoT measurements
  • Measuring the impact of legislative changes in the Internet

Contact: Wilfried Mayer

Software & Mobile Security

Mobile Security and Privacy

  • Dynamic Instrumentation
  • Static code deobfuscation
  • Android native code analysis
  • Mobile OS Security (Firefox OS, Tizen,…)
  • On-Device application analysis

Contact: Georg Merzdovnik

Software Security

  • Source code analysis in code repositories

Contact: Edgar Weippl

Systems & (I)IoT Security

Internet of Things (IoT): Security and Privacy

  • Update mechanisms for constrained IoT systems
  • Secure embedded operating systems for IoT applications
  • IoT network protocol security analysis
  • Privacy leaks and protections for IoT devices and protocols
  • Lightweight intrusion detection for IoT systems
  • Efficient implementation of security and cryptography for IoT
  • Moving-target defenses in IoT environments
  • Resilient communication protocols for IoT

Contact: Georg Merzdovnik

Internet of Things (IoT): Constrained Networks

  • Integration of RIOT OS into SecureWSN
    • TinyIPFIX for Data Gathering
    • Aggregation Support
  • Implementation of security solutions
  • Optimization of system lifetime using energy harvesting mechanisms
  • Extention of visualization mechanisms
  • Integration of warning system for unnormal behavior (e.g., wrong values or to high packet loss rate)
  • Integration of “Trust-Check” for devices
  • Establishment of bidirectional communication (e.g., for updating purposes of intervals)

Contact: Corinna Schmitt / More information

System Security

  • x64 binary analysis and de-obfuscation
  • Binary decompilation
  • Automated exploitation
  • Binary rewriting & hardening

Contact: Georg Merzdovnik

  • Container based virtualization Security
  • Linux based local privilege escalation attacks case study

Contact: Aljosha Judmayer

Fileformat Security

  • File-format hacks (such as funky file formats)
  • Hiding executable code in data files (such as Word, etc.)

Contact: Edgar Weippl

Usable Security

  • Usable crypography
  • Usability of cryptographic protocols
  • Usability of privacy enhancing technologies
  • Trust in technology. How do humans form tust in technology artifacts?
  • Incorporating trust in usability guidelines for secure software development

Contact: Matthias Gusenbauer (remote)

  • Usable Security. Developing a guideline of how to do research correctly

Contact: Edgar Weippl

Further Links

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.