This was ARES 2015!

ARES 2015 was held from 24 – 28 August 2015 in Toulouse, France.
Thanks to 140 participants from 34 countries for participating!

All pictures of ARES 2015 can be found here.
Website ARES Conference

Paper accepted @ RAID 2015

The paper “Privacy is Not an Option: Attacking the IPv6 Privacy Extension” by Johanna Ullrich, Edgar Weippl (both SBA Research) has been accepted for publication in the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

RAID 2015 takes place from November, 2nd – 4th, 2015 in Kyoto, Japan. RAID is ranked as A conference in CORE.


Paper accepted @ ISSRE 2015

The paper “Exciting FPGA Cryptographic Trojans using Combinatorial Testing” by Paris Kitsos (TEI of Western Greece and Industrial Systems Institute/RC ‘Athena’), Dimitris. E. Simos (SBA Research), Jose Torres-Jimenez (CINVESTAV-Tamaulipas) and Artemios G. Voyiatzis (SBA Research and Industrial Systems Institute/RC ‘Athena’) has been accepted for publication in the 26th IEEE International Symposium on Software Reliability Engineering (ISSRE 2015). ISSRE is one of the leading conferences for software reliability and testing. The results of this work establish a new research field for combinatorial testing and hardware malware detection.

ISSRE 2015 takes place from November 2 to November 5, 2015 in Gaithersburg, MD, USA and is ranked as A-Conference in CORE.


Today is the first day of SACMAT 2015, which takes place from June 1 – 3, 2015 at the TU Wien and is hosted by SBA Research. Bart Preneel (KU Leuven, Belgium) holds today his keynote about Post-Snowden Threat Models.


Adrian Dabrowski @ IEEE S&P

Adrian Dabrowski presents his paper “Error-Correcting Codes as Source for Decoding Ambiguity” at LangSec Workshop, which is held in conjunction with IEEE Security & Privacy on Thursday May 21, 2015.

Abstract: Data decoding, format, or language ambiguities have been long known for amusement purposes. Only recently, it came to attention that they also pose a security risk. In this paper, we present decoder manipulations based on deliberately caused ambiguities facilitating the error correction mechanisms used in several popular applications. This can be used to encode data in multiple formats or even the same format with different content. Implementation details of the decoder or environmental differences decide which data the decoder locks on. This leads to different users receiving different content based on a language decoding ambiguity. In general, ambiguity is not desired, however in special cases it can be particularly harmful. Format dissectors can make wrong decisions: e.g. a firewall scans based on one format but the user decodes different harmful content. We demonstrate this behavior with popular barcodes and argue that it can be used to deliver exploits based on the software installed, or use probabilistic effects to divert a small percentage of users to fraudulent sites.

Website Paper Slides








Edgar Weippl, Adrian Dabrowksi, Martina Lindorfer and Stefan Brunthaler @ IEEE S&P

Paper accepted @ RTA 2015

The paper “Constructing Orthogonal Designs in Powers of Two: Groebner Bases Meet Equational Unification” by Dimitris E. Simos (SBA Research, Austria), Ilias Kotsireas (Wilfrid Laurier University, Canada), Temur Kutsia (RISC – Johannes Kepler University, Austria) has been accepted for publication in 26th International Conference on Rewriting Techniques and Applications (RTA 2015). RTA is the premium venue for rewriting techniques on computation theory and mathematics.

RTA 2015 takes place from June 29 – July 1, 2015 in Warsaw, Poland and is ranked as A-Conference in CORE.

Conference Website

3rd place with Team We0wnY0u at iCTF

Students of SBA Research participated as members of the team We0wnY0u of the Vienna University of Technology in the international capture-the-flag contest iCTF. In an 8 hours timeframe, 42 (in words: forty two) services were to exploit from previous iCTF competitions.




Overall We0wnY0u reached the 3rd rank, from more than 80 participating universities.

Joint NIST/SBA Workshop on Combinatorial Security Testing

The first joint NIST/ SBA Research Workshop on Combinatorial Security Testing took place today in Vienna where Dr. Raghu Kacker and Prof. Jeff Lei were invited as speakers. The scope of the workshop was to facilitate the cooperation between the Combinatorial Security Testing team of SBA Research and the ACTS project team of US NIST on research fields of mutual interest. The workshop was highly successful as it established a common vision for combinatorial security testing in the following years and its results will be made available to the public soon.

Detailed information about the workshop can be found here.

SBA Research with Start-Up Program at KSÖ Security Congress

As the biggest non-university research center for information security, SBA Research participated yesterday in the 4th security congress of the „Kuratorium sicheres Österreich“ (KSÖ) in Vienna.

SBA Research CEO Markus Klemen discussed with top-class representatives from economics and politics about opportunities, challenges and strategies to build a competitive Austrian cybersecurity sector. Thereby he provided for the first time insight into the Accelerator program through which SBA Research will nurture national cybersecurity start-ups during their development process.

Press Release: SBA Research presents its Start-up program for the first time

“Markus Klemen erläutert, weshalb ausgerechnet ein Forschungszentrum ein Accelerator-Programm startet” Artikel im Techzoom

SBA Research @ TU Ball

SBA Research invited Key Researchers and members of the Scientific Board to join us for the ball of the Vienna University of Technology on January 29, 2015 at Hofburg.
Stefan Katzenbeisser, Volkmar Lotz, Davide Balzarotti, Engin Kirda and Christopher Kruegel spent this wonderful evening with us.