Katharina Krombholz defended her PhD

Better late than never: late last year already, Katharina defended her PhD thesis and graduated with distinction. Her thesis is substantial for the field of usable security and privacy. It spans user-centric research on a variety of topics such as smartphone authentication, Bitcoin and its user expectations, and TLS deployments. Kudos from all of us!

A full list of her published papers can be found here or on her Google Scholar Profile.

Talk at 33C3

Numerous members of SBA are at the CCC Congress in Hamburg. 33C3 takes place from December 27 – 30, 2017 in Hamburg, Germany and is the biggest non-commercial hacker conference worldwide with more than 11.000 people attending ever year. You can find the full schedule here.

Martin Schmiedecker gives a talk on “Everything you always wanted to know about Certificate Transparency (but were afraid to ask)”. The recordings are already available on media.ccc.de and on Youtube.

Security Rockstars – Final Pitching

@ European Cybersecurity Talks – boosting the Cybersecurity Industry – October 24, 2016 | Hofburg Vienna
hosted by BM.I, KSÖ & SBA Research

SCOTT project proposal favorably evaluated under the H2020-ECSEL-2016-2 call

ecsel-logoThe results for the H2020-ECSEL-2016-2-IA call of ECSEL JU are now out and we are glad that the project proposal “SCOTT: Secure Connected Trustable Things” is ranked the second best among all submitted and is retained for co-funding by the EU H2020 program.

The SCOTT consortium brings together 57 partners from 12 countries (Europe and Brazil), including SBA Research.

The project will be coordinated by VIRTUAL VEHICLE, an international research and development center located in Austria and supported by the COMET K2 research program “K2-Mobility – Sustainable Vehicle Technologies”, which is active in the field of application-oriented vehicle development.

More information:

  • ECSEL JU: Electronic Components and Systems for European Leadership Joint Undertaking, the public-private partnership keeping Europe at the forefront of technology development.
  • Official project page

Paper accepted @ ICST 2017

The paper “Coveringcerts: Combinatorial Methods for X.509 Certificate Testing” by Kristoffer Kleine and Dimitris Simos has been accepted for publication in the 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017). ICST is one of the leading conferences for software testing and validation. The results of this work establish a new application domain for combinatorial testing, i.e. protocol testing.

In total, 36 out of 135 submissions were accepted (acceptance rate: 26%). The 10th IEEE International Conference on Software Testing, Verification and Validation will be held on March 13-18, 2017 in Tokyo, Japan

Paper: Coveringcerts: Combinatorial Methods for X.509 Certificate Testing
Abstract: Correct behaviour of X.509 certificate validation code in SSL/TLS implementations is crucial to ensure secure communication channels. Recently there have been major efforts in testing these implementations, namely frankencerts and mucerts, which provide new ways to generate test certificates which are likely to reveal errors in the implementations of X.509 validation code. However, it remains a significant challenge to generate effective test certificates.

In this paper, we explore the applicability of a prominent combinatorial method, namely combinatorial testing, for testing of X.509 certificates. We demonstrate that combinatorial testing provides the theoretical guarantees for revealing errors in the certificate validation logic of SSL/TLS implementations. Our findings indicate that the introduced combinatorial testing constructs, coveringcerts,  compare favorably to existing testing methods by encapsulating the semantics of  the validation logic in the input model and employing combinatorial strategies that significantly reduce the number of tests needed. Besides the foundations of  our approach, we also report on experiments that indicate its practical use.

RuCTFe: top 10 position for We_0wn_Y0u

Last Saturday, students and faculty of SBA Research and the Vienna University of Technology participated as members of the team We_0wn_Y0u in the 2016 RuCTFe competition. The team scored 9th of 451 registered teams worldwide.

Students are primarily recruited from our “(Advanced) Internet Security” lecture series which is taught together with the Secure Systems Lab of TU Wien. The class is known as the “hacker lecture” at TU Wien. In this lecture students have to circumvent the security of an application apx. every two weeks in a safe environment. This prepares our students for security competitions like this one, as well as for securing commercial servers and networks in the future.

SBA supports this team financially and organizationally.

SBA Research at IT-SeCX 2016

SBA Research attended the IT-SeCX, the annual security exchange event of the FH St. Pölten, which took place on November 4th 2016. Researchers of SBA Research presented multiple talks at the IT-SeCX 2016, including Peter Kieseberg, Martin Schmiedecker, Damjan Buhov, and Adrian Dabrowski.

SBA@IT-SeCX2016

You can find the subset of the talks that have been recorded both here from the Großer Festsaal and here from the kleiner Festsaal.

Johanna Ullrich defended her PhD thesis

Johanna gave an excellent presentation and she’s our second PhD student who will graduate sub auspiciis Praesidentis.
img_5981

ACM CCS 2016 organized by SBA Research

Today is the official start of the ACM Conference on Computer and Communications Security (CCS’16) in the Hofburg, Vienna, Austria. The first keynote was held by Dr. Hellman, recipient of the 2015 ACM A.M. Turing Award. Numerous members of SBA are around as well as staffing our info desk on the ground floor – chat us up!

Media coverage:
OnlineStandard, Krone.at.

European Cybersecurity Talks and Security Rockstars Finals

The European Cybersecurity Talks – boosting the Cybersecurity Industry event took place during the ACM CCS Conference on October, 24 at Hofburg Vienna. The event was organized by SBA Research in cooperation with KSÖ and BM.I, supported by the City of Vienna (Vienna Business Agency) and a number of various sponsors, such as KPMG, University of Applied Sciences Upper Austria, Next Layer, Veracode and many more.

Congratulations to xorlab and all the finalists and winners of the start-up competition Security Rockstars!

Press:
Futurezone, Report, Kurier, Economy.at