Upload
doanhanh
View
308
Download
1
Embed Size (px)
Citation preview
Welcome to SBA Research!
NIST/ACTS Team Visit
Vienna, April 10th, 2015
SBA Research Overview
Markus D. KlemenManaging director
Basic facts
• Founded 2006• Research center (for applied information
security) & security service provider• Research-, audit-, consulting- and
implementation-know-how under a single roof• Over 100 heads (approx. 70 FTE) employed• Scientific partners all over the world
SBA ResearchFields of Action & Values
Science and applied
research
Responsibility for Austrian
economy
Competence / Experts / Training
SBA Research3 Main Areas
Research
Software Engineering
Information Security Services
SBA ResearchResearch
• Main task: cross-linking of science and industry
• 33 industry partners
• 5 ongoing EU projects
• 16 ongoing national research projects
We merge scientific excellence with industry expertise
• Academic institutions in the area of IT-Security Research:
• Some of our relevant partner companies:
P1.1: Risk Management and Analysis
P1.2: Secure BP Modeling, Simulation and Verification
P1.3: Computer Security Incident Response Team
P1.4: Awareness and E-Learning
Area 1 (GRC): Governance, Risk and
Compliance
P2.1: Privacy Enhancing Technologies
P2.2: Enterprise Rights Management
P2.3: Digital Preservation
Area 2 (DSP): Data Security and
Privacy
P3.1: Malware Detection and Botnet Economics
P3.2: Systems and Software Security
P3.3: Digital Forensics
Area 3 (SCA): Secure Coding and
Code Analysis
P4.1: Hardware Security and Differential Fault Analysis
P4.2: Pervasive Computing
P4.3: Network Security of the Future Internet
Area 4 (HNS): Hardware and
Network Security
SBA Research
Empirical Research
• Dropbox
Martin Mulazzani, Sebastian Schrittwieser, Manuel
Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds
on the horizon: Using cloud storage as attack vector and
online slack space. USENIX Security, 8/2011.
Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg,
Manuel Leithner, Martin Mulazzani, Markus Huber, and
Edgar R. Weippl. Guess who is texting you? evaluating the
security of smartphone messaging applications. In Network
and Distributed System Security Symposium (NDSS 2012),
Feb 2012.
Markus Huber, Sebastian Schrittwieser, Martin Mulazzani,
and Edgar Weippl. Appinspect: Large-scale evaluation of
social networking apps. In ACM Conference on Online
Social Networks (COSN), 2013.
• AmazonAmir Herzberg and Haya Shulman and Johanna Ullrichand Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, 2013.
• Tor Philipp Winter and Richard Koewer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays, in Proceedings of the 14th Privacy Enhancing Technologies Symposium, 2014
• GSMAdrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar R. Weippl, IMSI-Catch Me If You Can: IMSI-Catcher-Catchers in Proceedings of ACSAC, 2014
SBA ResearchNational Research Network
SBA
University of
Economics
University of Vienna
Vienna University of Techn.
Univ. Graz
FH OÖ / Hagen-
berg
FH Tech-nikumWien
Univ. Inns-bruck
FH CampusVienna
Universities of Applied Science
FH St. Pölten
Donau Univ.
Krems
AIT Salzburg Research
Joanneum
Univ. Linz
Universities
Non-Univ.Research Institutions
A-SIT
SBA ResearchInternational Research Network
SBA
U.C. Santa Barbara
USA
Darmstadt Germany
North Eastern
University USA
EURECOM, France
Vietnam
Purdue University,
Indiana
NII, Japan
University of
Regensburg
IPICS
Consortium
Imperial College
UK
Bar Ilan University
Israel
Silesian Univ. of Technology
Poland
University of Manheim
International Cooperation
Seite 17
Existing research cooperation
Cooperation in COMET LOC
Funding of SBA
• COMET grant (matching grant)
– 50% industry partners, 50% public funding
– 15 out of 42 centers received the grant
• National research funding
• EU funding
• Consulting for industry
SBA ResearchInformation Security Services
Security Management
Business Impact & Risk Analysis
IT/IS Audit
ISO 27001 GAP Analysis
ISO 27001 / ISMS Consulting
Security Awareness & Perception
Security Testing & Guidance
Penetration Testing
Cyber Security
SDLC Consulting
Source Code Analysis – A7700
Security Architecture Review
Trusted Services
Vulnerability Management
APT Protection/Response & Lastline
Control Review & IS ControlPoint
Source Code Review & Checkmarx
Training | Coaching | Talks
Incident Response
SBA ResearchInformation Security Services
Analysis & Design
Security Strategy
Security Organization
Business Impact Analysis
Risk Analysis
ISO27001 Gap Analysis
SDLC Gap Analysis
Security Architecture Review
Security Technology Review
Implementation
Security (Management) Processes
ISO27001 Consulting
SDLC Consulting
Continuous Jour-Fixe
Vulnerability Management Service
Lastline (APT Protection)
ISControlPoint (ISMS Support)
Incident Response
Improvement
Audit
Penetration Testing
Source Code Analysis
Control Review
Security Awareness
Trainings
Security Measures
Maturity Level Improvement