SBA Research. Angewandte Forschung Angewandtes Wissen. UBIT Club IT, 12. Mai 2015 Best of Cybersecurity

Size: px

Start display at page:

Download "SBA Research. Angewandte Forschung Angewandtes Wissen. UBIT Club IT, 12. Mai 2015 Best of Cybersecurity"

Jacob Gordon
8 years ago
Views:

1 SBA Research Angewandte Forschung Angewandtes Wissen

2 SBA Die Fakten gegründet 2006 größtes Forschungszentrum für IT-Sicherheit und einer der größten Sicherheitsdienstleister in der DACH-Region Know-how in Forschung, Audits, Consulting, Implementierung und Betrieb unter einem Dach über 90 Personen und ca. 70+ VZÄs angestellt

DACH-Region Know-how in Forschung, Audits, Consulting,

3 3 Main Areas Research Information Security Services Software Engineering

4 Research Area 1 (GRC): Governance, Risk and Compliance Area 2 (DSP): Data Security and Privacy Area 3 (SCA): Secure Coding and Code Analysis Area 4 (HNS): Hardware and Network Security P1.1: Risk Management and Analysis P1.2: Secure BP Modeling, Simulation and Verification P1.3: Computer Security Incident Response Team P1.4: Awareness and E-Learning P2.1: Privacy Enhancing Technologies P2.2: Enterprise Rights Management P2.3: Digital Preservation P3.1: Malware Detection and Botnet Economics P3.2: Systems and Software Security P3.3: Digital Forensics P4.1: Hardware Security and Differential Fault Analysis P4.2: Pervasive Computing P4.3: Network Security of the Future Internet

4: Awareness and E-Learning P2.1: Privacy Enhancing Technologies P2.2: Enterprise Rights Management P2.3: Digital Preservation P3.

WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you?

5 Empirical Research Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011. WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), Feb Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN), Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, Tor Philipp Winter and Richard Koewer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays, in Proceedings of the 14th Privacy Enhancing Technologies Symposium, 2014 GSM Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar R. Weippl, IMSI-Catch Me If You Can: IMSI-Catcher-Catchers in Proceedings of ACSAC, 2014

6 Research Network Universities of Applied Science FH Technikum Wien FH Campus Vienna FH OÖ / Hagenberg FH St. Pölten Donau Univ. Krems Non-Univ. Research Institutions AIT A-SIT SBA Salzburg Research Joanneum University of Economics University of Vienna Vienna University of Techn. Univ. Graz Univ. Innsbruck Univ. Linz Universities

Research Institutions AIT A-SIT SBA Salzburg Research Joanneum University of

7 Research Network Imperial College UK Bar Ilan University Israel IPICS Consortium U.C. Santa Barbara USA University of Manheim NII, Japan SBA EURECOM, France North Eastern University USA Vietnam Purdue University, Indiana University of Regensburg Darmstadt Germany Silesian Univ. of Technology Poland

EURECOM, France North Eastern University USA Vietnam Purdue University,

8 Information Security Services Security Management Security Testing & Guidance Trusted Services Business Impact & Risk Analysis IT/IS Audit ISO GAP Analysis ISO / ISMS Consulting Security Awareness & Perception Penetration Testing Cyber Security SDLC Consulting Source Code Analysis A7700 Security Architecture Review Vulnerability Management APT Protection/Response & Lastline Control Review & IS ControlPoint Source Code Review & Checkmarx Incident Response Training Coaching Talks

Cyber Security SDLC Consulting Source Code Analysis A7700 Security Architecture Review Vulnerability Management APT

9 Information Security Services Analysis & Design Security Strategy Security Organization Business Impact Analysis Risk Analysis ISO27001 Gap Analysis SDLC Gap Analysis Security Architecture Review Security Technology Review Implementation Security (Management) Processes ISO27001 Consulting SDLC Consulting Continuous Jour-Fixe Vulnerability Management Service Lastline (APT Protection) ISControlPoint (ISMS Support) Incident Response Improvement Audit Penetration Testing Source Code Analysis Control Review Security Awareness Trainings Security Measures Maturity Level Improvement

Consulting SDLC Consulting Continuous Jour-Fixe Vulnerability Management Service Lastline (APT Protection) ISControlPoint (ISMS Support) Incident

10 Software Engineering Consulting Implementation Research Development Life Cycle Architecture Development Concepts System Migration Secure Software Development SharePoint Development (.Net & Java) SQL Analytics / Reporting Mobile Applications Support/Automization/Scripting Prototypes Algorithms Machine Learning Community Versions (ISContolPoint) Evaluations Training Coaching Speeches & Talks

Net & Java) SQL Analytics / Reporting Mobile Applications Support/Automization/Scripting

11 Partner und Kunden Government: Financial Institutions:

12 Partner und Kunden

13 Forschungskooperation

14 Auftragsforschung Innovationsscheck (PLUS) Feasibility Studie Basisprogramm Einzelprojekt Competence Headquarters

15 Forschungsprojekte Kooperative Forschungsprojekte im Rahmen von nationalen und internationalen Ausschreibungen FFG: IKT der Zukunft, Produktion der Zukunft, Mobilität der Zukunft, Energieforschung KIRAS: Nationale Sicherheitsforschung H2020: Europäische Forschungsprojekte

Zukunft, Produktion der Zukunft, Mobilität der Zukunft,

16 sbaprime

17 Leistungsüberblick Quartalsweise Events Regelmäßige Informationsupdates Zwei Kurse pro Jahr Analystengespräch Evaluierte Security-Lösungen Entwicklungen aus dem Forschungsumfeld ohne zusätzliche Lizenzkosten

Analystengespräch Evaluierte Security-Lösungen

18 SBA Accelerator Programm

19 Strategische Ziele Unterstützung von Gründern, die Lösungen im Informationssicherheitsumfeld entwicklen Förderung von Europäischen Security Lösungen & Forschung Fokussierung auf die DACH Region & angrenzende Länder

Förderung von Europäischen Security Lösungen &

20 3 Phasen 1. Security Ideen Wettbewerb 2. Forschung & Entwicklung 3. Business Development & Support

21 Timeline Start des Wettbewerbs: Ende Mai 2015 Einreichungen bis: 1. Oktober Ideen/Start-Ups bekommen die Möglichkeit zu einem 1-wöchigen Workshop in Wien im Oktober Jurysitzung & Ergebnisse: Ende Oktober

22 Daniela Friedl SBA Research ggmbh Favoritenstraße 16, 1040 Wien

Welcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015

Welcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015 SBA Research Overview Markus D. Klemen Managing director Basic facts Founded 2006 Research center (for applied information security)