Floragasse 7 – 5th floor, 1040 Vienna

Johanna Ullrich

Johanna Ullrich

is key researcher at SBA Research and leads the Networks and Critical Infrastructures Security Research Group.

Research Interests

Based on Johanna’s interdisciplinary background, her research focuses on security at the intersection of computer science and classical engineering. Recently, she worked on attacks against the power grid and aspects of network security, in particular measuring experiments and IPv6. Among others, she has proven that the IPv6 Privacy Extension as specified in RFC 4941 and implemented in major operating systems is vulnerable.


Bio

Johanna received an BSc in Electrical Engineering and Information Technology, an MSc in Automation Engineering, and an PhD sub auspiciis praesidentis in Computer Science being among the top students of Austria. In addition, she was awarded the Research Prize of the Dr. Maria Schaumayer Foundation and was nominated for the Hedy Lamarr Prize 2019 by the Austrian Research Promotion Agency (FFG). Johanna teaches graduate courses at University of Applied Sciences Wiener Neustadt, FH Technikum Wien as well as FH Campus Wien.


Publications

Top Publications:

  • The Role and Security of Firewall in IaaS Cloud Computing (2015)
    • INPROCEEDINGS--
    • Jordan Cropper and Johanna Ullrich and Peter Fruehwirt and Edgar R. Weippl
    • Tenth International Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Cropper2015Role,
       author = {Jordan Cropper and Johanna Ullrich and Peter Fruehwirt and {Edgar R.} Weippl},
       title = {The Role and Security of Firewall in IaaS Cloud Computing},
       booktitle = {Tenth International Conference on Availability,
       Reliability and Security (ARES)},
       year = {2015},
       month = {8},
       pdf = {PID3762737.pdf},
    }
  • Cloudoscopy: Services Discovery and Topology Mapping (2013)
    • INPROCEEDINGS-true
    • Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl
    • Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013
    @INPROCEEDINGS{cv_workshop_229_2013_Cloudoscopy_weippl,
       author = {Amir Herzberg and Haya Shulman and Johanna Ullrich and {Edgar R.} Weippl},
       authorhotlist = {true},
       title = {Cloudoscopy: Services Discovery and Topology Mapping },
       booktitle = {Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013},
       year = {2013},
       month = {11},
       pdf = {cloud_final.pdf},
    }
  • QR - Inception: Barcode in Barcode Attacks (2014)
    • INPROCEEDINGS--
    • Adrian Dabrowski and Katharina Krombholz and Johanna Ullrich and Edgar R. Weippl
    • 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)
    @INPROCEEDINGS{Dabrowski2014Inception,
       author = {Adrian Dabrowski and Katharina Krombholz and Johanna Ullrich and {Edgar R.} Weippl},
       title = {QR - Inception: Barcode in Barcode Attacks},
       booktitle = {4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)},
       year = {2014},
       month = {11},
       pdf = {qrinception.pdf},
       link_slides = {http://www.slideshare.net/SBAResearch/qrinception-barcode-in-barcode-attacks},
    }
  • Poster NDSS 2014: Hardware Trojans--Detect and React? (2014)
    • ARTICLE--
    • Adrian Dabrowski and Peter Fejes and Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Edgar R. Weippl
    • Network and Distributed System Security (NDSS) Symposium 2014
    @ARTICLE{Dabrowski2014Poster,
       author = {Adrian Dabrowski and Peter Fejes and Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and {Edgar R.} Weippl},
       title = {Poster NDSS 2014: Hardware Trojans--Detect and React?},
       journal = {Network and Distributed System Security (NDSS) Symposium 2014},
       year = {2014},
       month = {2},
    }
  • Towards a Hardware Trojan Detection Cycle (2014)
    • INPROCEEDINGS--
    • Adrian Dabrowski and Heidelinde Hobel and Johanna Ullrich and Katharina Krombholz and Edgar R. Weippl
    • Second International Workshop on Emerging Cyberthreats and Countermeasures, ARES ECTCM 2014
    @INPROCEEDINGS{Dabrowski2014Towards,
       author = {Adrian Dabrowski and Heidelinde Hobel and Johanna Ullrich and Katharina Krombholz and {Edgar R.} Weippl},
       title = {Towards a Hardware Trojan Detection Cycle},
       booktitle = {Second International Workshop on Emerging Cyberthreats and Countermeasures,
       ARES ECTCM 2014},
       year = {2014},
       month = {9},
       pdf = {towards a hardware trojan _paper.pdf},
    }
  • Grid Shock: Coordinated Load-Changing Attacks on Power Grids (2017)
    • INPROCEEDINGStruetrue
    • Adrian Dabrowski and Johanna Ullrich and Edgar R. Weippl
    • Annual Computer Security Applications Conference (ACSAC) 2017
    @INPROCEEDINGS{Dabrowski2017Grid,
       author = {Adrian Dabrowski and Johanna Ullrich and {Edgar R.} Weippl},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {Grid Shock: Coordinated Load-Changing Attacks on Power Grids},
       booktitle = {Annual Computer Security Applications Conference (ACSAC) 2017},
       year = {2017},
       month = {12},
       pdf = {201712 - ADabrowski - Grid Shock.pdf},
       link_data = {https://www.sba-research.org/wp-content/uploads/publications/Simulink.zip},
    }
  • Botnets causing blackouts: how coordinated load attacks can destabilize the power grid (2018)
    • ARTICLE--
    • Adrian Dabrowski and Johanna Ullrich and Edgar R. Weippl
    • e & i Elektrotechnik und Informationstechnik
    @ARTICLE{Dabrowski2018Botnets,
       author = {Adrian Dabrowski and Johanna Ullrich and {Edgar R.} Weippl},
       title = {Botnets causing blackouts: how coordinated load attacks can destabilize the power grid},
       journal = {e & i Elektrotechnik und Informationstechnik},
       year = {2018},
       month = {6},
       pdf = {201806-Dabrowski-BotnetsCausingBlackoutsHowCoor.pdf},
    }
  • Measuring Cookies and Web Privacy in a Post-GDPR World (2019)
    • INPROCEEDINGS--
    • Adrian Dabrowski and Georg Merzdovnik and Johanna Ullrich and Gerald Sendera and Edgar R. Weippl
    • Passive and Active Measurement Conference 2019
    @INPROCEEDINGS{Dabrowski2019Measuring,
       author = {Adrian Dabrowski and Georg Merzdovnik and Johanna Ullrich and Gerald Sendera and {Edgar R.} Weippl},
       title = {Measuring Cookies and Web Privacy in a Post-GDPR World},
       booktitle = {Passive and Active Measurement Conference 2019},
       year = {2019},
       month = {3},
       pdf = {201903 - ADabrowski - Measuring Cookies.pdf},
    }
  • Lightweight Address Hopping for Defending the IPv6 IoT (2017)
    • INPROCEEDINGS--
    • Aljosha Judmayer and Johanna Ullrich and Georg Merzdovnik and Artemios G. Voyiatzis and Edgar R. Weippl
    • 12th International Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Judmayer2017Lightweight,
       author = {Aljosha Judmayer and Johanna Ullrich and Georg Merzdovnik and {Artemios G.} Voyiatzis and {Edgar R.} Weippl},
       title = {Lightweight Address Hopping for Defending the IPv6 IoT},
       booktitle = {12th International Conference on Availability,
       Reliability and Security (ARES)},
       year = {2017},
       month = {9},
       pdf = {201707 - JUDMAYER - LightweightAddressHopping.pdf},
    }
  • A Trust-based Resilient Routing Mechanism for the Internet of Things (2017)
    • INPROCEEDINGS--
    • Z. A. Khan and Johanna Ullrich and Artemios G. Voyiatzis and P. Hermann
    • Int. Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Khan2017Trustbased,
       author = {Z. A. Khan and Johanna Ullrich and {Artemios G.} Voyiatzis and P. Hermann},
       title = {A Trust-based Resilient Routing Mechanism for the Internet of Things},
       booktitle = {Int. Conference on Availability,
       Reliability and Security (ARES)},
       year = {2017},
       month = {8},
       pdf = {zeeshan.pdf},
    }
  • QR Code Security - How Secure and Usable Apps Can Protect Users Against Malicious QR Codes (2015)
    • INPROCEEDINGS--
    • Katharina Krombholz and Peter Fruehwirt and Thomas Rieder and Ioannis Kapsalis and Johanna Ullrich and Edgar R. Weippl
    • 2015 International Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Krombholz2015Code,
       author = {Katharina Krombholz and Peter Fruehwirt and Thomas Rieder and Ioannis Kapsalis and Johanna Ullrich and {Edgar R.} Weippl},
       title = {QR Code Security - How Secure and Usable Apps Can Protect Users Against Malicious QR Codes},
       booktitle = {2015 International Conference on Availability,
       Reliability and Security (ARES)},
       year = {2015},
       month = {8},
       pdf = {http://ieeexplore.ieee.org/document/7299920/},
    }
  • IPv6 Security: Attacks and Countermeasures in a Nutshell (2014)
    • INPROCEEDINGS--
    • Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and Edgar R. Weippl
    • 8th USENIX Workshop on Offensive Technologies (WOOT)
    @INPROCEEDINGS{Ullrich2014IPv6,
       author = {Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and {Edgar R.} Weippl},
       title = {IPv6 Security: Attacks and Countermeasures in a Nutshell},
       booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT)},
       year = {2014},
       month = {8},
       pdf = {Johanna IPv6.pdf},
       link_slides = {http://de.slideshare.net/SBAResearch/ipv6-security-attacks-and-countermeasures-in-a-nutshell},
    }
  • CyPhySec: Defending Cyber-Physical Systems  (2015)
    • ARTICLE--
    • Johanna Ullrich and Edgar R. Weippl
    • ERCIM News 102
    @ARTICLE{Ullrich2015CyPhySec,
       author = {Johanna Ullrich and {Edgar R.} Weippl},
       title = {CyPhySec: Defending Cyber-Physical Systems },
       journal = {ERCIM News 102},
       year = {2015},
       month = {7},
       pdf = {https://ercim-news.ercim.eu/en102/special/cyphysec-defending-cyber-physical-systems},
    }
  • IPv6 Security: Attacks and Countermeasures in a Nutshell (2015)
    • ARTICLE--
    • Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and Edgar R. Weippl
    • Magdeburger Journal zur Sicherheitsforschung
    @ARTICLE{Ullrich2015IPv6,
       author = {Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and {Edgar R.} Weippl},
       title = {IPv6 Security: Attacks and Countermeasures in a Nutshell},
       journal = {Magdeburger Journal zur Sicherheitsforschung},
       year = {2015},
       month = {3},
       pdf = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_035_Ullrich_IPv6.pdf},
       volume = {1},
    }
  • Privacy is Not an Option: Attacking the IPv6 Privacy Extension (2015)
    • INPROCEEDINGStruetrue
    • Johanna Ullrich and Edgar R. Weippl
    • International Symposium on Recent Advances in Intrusion Detection (RAID)
    @INPROCEEDINGS{Ullrich2015Privacy,
       author = {Johanna Ullrich and {Edgar R.} Weippl},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {Privacy is Not an Option: Attacking the IPv6 Privacy Extension},
       booktitle = {International Symposium on Recent Advances in Intrusion Detection (RAID)},
       year = {2015},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Ullrich2015Privacy.pdf},
       link_slides = {http://www.slideshare.net/SBAResearch/privacy-is-not-an-option-attacking-the-ipv6-privacy-extension},
    }
  • Protection through Isolation: Virtues and Pitfalls (2015)
    • INBOOK--
    • Johanna Ullrich and Edgar R. Weippl
    @INBOOK{Ullrich2015Protection,
       author = {Johanna Ullrich and {Edgar R.} Weippl},
       title = {Protection through Isolation: Virtues and Pitfalls},
       booktitle = {The Cloud Security Ecosystem},
       year = {2015},
       month = {5},
       pdf = {https://www.safaribooksonline.com/library/view/the-cloud-security/9780128017807/B9780128015957000069.xhtml},
    }
  • On Reconnaissance with IPv6: A Pattern-Based Scanning Approach (2015)
    • INPROCEEDINGS--
    • Johanna Ullrich and Peter Kieseberg and Katharina Krombholz and Edgar R. Weippl
    • International Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Ullrich2015Reconnaissance,
       author = {Johanna Ullrich and Peter Kieseberg and Katharina Krombholz and {Edgar R.} Weippl},
       title = {On Reconnaissance with IPv6: A Pattern-Based Scanning Approach},
       booktitle = {International Conference on Availability,
       Reliability and Security (ARES)},
       year = {2015},
       month = {8},
       pdf = {PID3762727.pdf},
    }
  • The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor (2016)
    • INPROCEEDINGStruetrue
    • Johanna Ullrich and Edgar R. Weippl
    • European Symposium on Research in Computer Security (ESORICS)
    @INPROCEEDINGS{Ullrich2016Beauty,
       author = {Johanna Ullrich and {Edgar R.} Weippl},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor},
       booktitle = {European Symposium on Research in Computer Security (ESORICS)},
       year = {2016},
       pdf = {botb paper.pdf},
    }
  • The Quest for Privacy in Consumer IoT (2016)
    • INPROCEEDINGS--
    • Johanna Ullrich and Artemios G. Voyiatzis and Edgar R. Weippl
    • 1st International Workshop on Consumers and the Internet of Things (ConsIoT 2016)
    @INPROCEEDINGS{Ullrich2016Quest,
       author = {Johanna Ullrich and {Artemios G.} Voyiatzis and {Edgar R.} Weippl},
       title = {The Quest for Privacy in Consumer IoT},
       booktitle = {1st International Workshop on Consumers and the Internet of Things (ConsIoT 2016)},
       year = {2016},
       month = {4},
       pdf = {consiot.pdf},
    }
  • The role and security of firewalls in cyber-physical cloud computing (2016)
    • ARTICLE--
    • Johanna Ullrich and Jordan Cropper and Peter Fruehwirt and Edgar R. Weippl
    • EURASIP Journal on Information Security
    @ARTICLE{Ullrich2016role,
       author = {Johanna Ullrich and Jordan Cropper and Peter Fruehwirt and {Edgar R.} Weippl},
       title = {The role and security of firewalls in cyber-physical cloud computing},
       journal = {EURASIP Journal on Information Security},
       year = {2016},
       month = {8},
       pdf = {http://jis.eurasipjournals.springeropen.com/articles/10.1186/s13635-016-0042-3},
    }
  • Secure Cyber-Physical Production Systems: Solid Steps towards Realization (2016)
    • INPROCEEDINGS--
    • Johanna Ullrich and Artemios G. Voyiatzis and Edgar R. Weippl
    • 1st International Workshop on Cyber-Physical Production Systems (CPPS 2016)
    @INPROCEEDINGS{Ullrich2016Secure,
       author = {Johanna Ullrich and {Artemios G.} Voyiatzis and {Edgar R.} Weippl},
       title = {Secure Cyber-Physical Production Systems: Solid Steps towards Realization},
       booktitle = {1st International Workshop on Cyber-Physical Production Systems (CPPS 2016)},
       year = {2016},
       month = {4},
       pdf = {cpps.pdf},
    }
  • Network-Based Secret Communication in Clouds: A Survey (2017)
    • ARTICLE-true
    • Johanna Ullrich and Tanja Szeby and Joachim Fabini and Edgar R. Weippl
    • IEEE Communications Surveys & Tutorials
    @ARTICLE{Ullrich2017NetworkBased,
       author = {Johanna Ullrich and Tanja Szeby and Joachim Fabini and {Edgar R.} Weippl},
       authorhotlist = {true},
       title = {Network-Based Secret Communication in Clouds: A Survey},
       journal = {IEEE Communications Surveys & Tutorials},
       year = {2017},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/secretCloud_2017.pdf},
    }
  • Proof-of-Blackouts? How Proof-of-Work Cryptocurrencies Could Affect Power Grids (2018)
    • INPROCEEDINGStruetrue
    • Johanna Ullrich and Nicholas Stifter and Aljosha Judmayer and Adrian Dabrowski and Edgar R. Weippl
    • International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
    @INPROCEEDINGS{Ullrich2018ProofofBlackouts,
       author = {Johanna Ullrich and Nicholas Stifter and Aljosha Judmayer and Adrian Dabrowski and {Edgar R.} Weippl},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {Proof-of-Blackouts? How Proof-of-Work Cryptocurrencies Could Affect Power Grids},
       booktitle = {International Symposium on Research in Attacks,
       Intrusions and Defenses (RAID)},
       year = {2018},
       month = {9},
       pdf = {https://www.sqi.at/resources/RAID2018.pdf},
    }
  • From hack to elaborate technique - A survey on binary rewriting (2019)
    • ARTICLEtruetrue
    • Matthias Wenzl and Georg Merzdovnik and Johanna Ullrich and Edgar R. Weippl
    • ACM Computing Surveys
    @ARTICLE{Wenzl2019From,
       author = {Matthias Wenzl and Georg Merzdovnik and Johanna Ullrich and {Edgar R.} Weippl},
       authorhotlist = {true},
       sbahotlist = {true},
       title = {From hack to elaborate technique - A survey on binary rewriting},
       journal = {ACM Computing Surveys},
       year = {2019},
       month = {6},
       pdf = {201906 - GMerzdovnik - From hack to elaborate technique.pdf},
    }

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close