Welcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015

Transcription

1 Welcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015

2 SBA Research Overview Markus D. Klemen Managing director

3 Basic facts Founded 2006 Research center (for applied information security) & security service provider Research-, audit-, consulting- and implementation-know-how under a single roof Over 100 heads (approx. 70 FTE) employed Scientific partners all over the world

4 SBA Research Fields of Action & Values Science and applied research Competence / Experts / Training Responsibility for Austrian economy

5 SBA Research 3 Main Areas Research Information Security Services Software Engineering

6 SBA Research Research Main task: cross-linking of science and industry 33 industry partners 5 ongoing EU projects 16 ongoing national research projects

7 We merge scientific excellence with industry expertise Academic institutions in the area of IT-Security Research: Some of our relevant partner companies:

8 SBA Research Area 1 (GRC): Governance, Risk and Compliance Area 2 (DSP): Data Security and Privacy Area 3 (SCA): Secure Coding and Code Analysis Area 4 (HNS): Hardware and Network Security P1.1: Risk Management and Analysis P1.2: Secure BP Modeling, Simulation and Verification P1.3: Computer Security Incident Response Team P1.4: Awareness and E-Learning P2.1: Privacy Enhancing Technologies P2.2: Enterprise Rights Management P2.3: Digital Preservation P3.1: Malware Detection and Botnet Economics P3.2: Systems and Software Security P3.3: Digital Forensics P4.1: Hardware Security and Differential Fault Analysis P4.2: Pervasive Computing P4.3: Network Security of the Future Internet

9 Empirical Research Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011. WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), Feb Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN), Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, Tor Philipp Winter and Richard Koewer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays, in Proceedings of the 14th Privacy Enhancing Technologies Symposium, 2014 GSM Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar R. Weippl, IMSI-Catch Me If You Can: IMSI-Catcher-Catchers in Proceedings of ACSAC, 2014

10 SBA Research National Research Network Universities of Applied Science FH Technikum Wien FH Campus Vienna FH OÖ / Hagenberg FH St. Pölten Donau Univ. Krems Non-Univ. Research Institutions AIT A-SIT SBA Salzburg Research Joanneum University of Economics University of Vienna Vienna University of Techn. Univ. Graz Univ. Innsbruck Univ. Linz Universities

11 SBA Research International Research Network Imperial College UK Bar Ilan University Israel IPICS Consortium U.C. Santa Barbara USA University of Manheim NII, Japan SBA EURECOM, France North Eastern University USA Vietnam Purdue University, Indiana University of Regensburg Darmstadt Germany Silesian Univ. of Technology Poland

12 International Cooperation Existing research cooperation Cooperation in COMET LOC Seite 17

13 Funding of SBA COMET grant (matching grant) 50% industry partners, 50% public funding 15 out of 42 centers received the grant National research funding EU funding Consulting for industry

14 SBA Research Information Security Services Security Management Security Testing & Guidance Trusted Services Business Impact & Risk Analysis IT/IS Audit ISO GAP Analysis ISO / ISMS Consulting Security Awareness & Perception Penetration Testing Cyber Security SDLC Consulting Source Code Analysis A7700 Security Architecture Review Vulnerability Management APT Protection/Response & Lastline Control Review & IS ControlPoint Source Code Review & Checkmarx Incident Response Training Coaching Talks

15 SBA Research Information Security Services Analysis & Design Security Strategy Security Organization Business Impact Analysis Risk Analysis ISO27001 Gap Analysis SDLC Gap Analysis Security Architecture Review Security Technology Review Implementation Security (Management) Processes ISO27001 Consulting SDLC Consulting Continuous Jour-Fixe Vulnerability Management Service Lastline (APT Protection) ISControlPoint (ISMS Support) Incident Response Improvement Audit Penetration Testing Source Code Analysis Control Review Security Awareness Trainings Security Measures Maturity Level Improvement

16