@article{wenzl_hack_2019, title = {From {Hack} to {Elaborate} {Technique}—{A} {Survey} on {Binary} {Rewriting}}, volume = {52}, url = {https://doi.org/10.1145/3316415}, abstract = {Binary rewriting is changing the semantics of a program without having the source code at hand. It is used for diverse purposes, such as emulation (e.g., QEMU), optimization (e.g., DynInst), observation (e.g., Valgrind), and hardening (e.g., Control flow integrity enforcement). This survey gives detailed insight into the development and state-of-the-art in binary rewriting by reviewing 67 publications from 1966 to 2018. Starting from these publications, we provide an in-depth investigation of the challenges and respective solutions to accomplish binary rewriting. Based on our findings, we establish a thorough categorization of binary rewriting approaches with respect to their use-case, applied analysis technique, code-transformation method, and code generation techniques. We contribute a comprehensive mapping between binary rewriting tools, applied techniques, and their domain of application. Our findings emphasize that although much work has been done over the past decades, most of the effort was put into improvements aiming at rewriting general purpose applications but ignoring other challenges like altering throughput-oriented programs or software with real-time requirements, which are often used in the emerging field of the Internet of Things. To the best of our knowledge, our survey is the first comprehensive overview on the complete binary rewriting process.}, number = {3 / Artikel 49}, journal = {ACM Computing Surveys}, author = {Wenzl, Matthias and Merzdovnik, Georg and Ullrich, Johanna and Weippl, Edgar}, month = jun, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, best, peer-reviewed, ⛔ No DOI found}, } @inproceedings{rieger_readiness_2018, title = {A {Readiness} {Model} for {Measuring} the {Maturity} of {Cyber} {Security} {Incident} {Management}}, publisher = {Springer}, author = {Rieger, David and Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{tjoa_role_2016, title = {The {Role} of {ICT} to {Achieve} the {UN} {Sustainable} {Development} {Goals} ({SDG})}, url = {http://link.springer.com/chapter/10.1007/978-3-319-44447-5_1/fulltext.html}, doi = {10/gnt2t4}, booktitle = {{ICT} for {Promoting} {Human} {Development} and {Protecting} the {Environment}}, publisher = {Springer}, author = {Tjoa, A Min and Tjoa, Simon}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {3--13}, } @inproceedings{kieseberg_real-time_2017, title = {Real-time {Forensics} through {Endpoint} {Visibility}}, url = {https://www.sba-research.org/wp-content/uploads/publications/fleetForensics.pdf}, author = {Kieseberg, Peter and Neuner, Sebastian and Schrittwieser, Sebastian and Schmiedecker, Martin}, year = {2017}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{zamyatin_wild_2018, title = {A {Wild} {Velvet} {Fork} {Appears}! {Inclusive} {Blockchain} {Protocol} {Changes} in {Practice}}, url = {https://eprint.iacr.org/2018/087.pdf}, booktitle = {5th {Workshop} on {Bitcoin} and {Blockchain} {Research}}, author = {Zamyatin, Alexei and Stifter, Nicholas and Judmayer, Aljosha and Schindler, Philipp and Weippl, Edgar R.}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @techreport{luh_advanced_2019, type = {Dissertation}, title = {Advanced {Threat} {Intelligence}: {Interpretation} of {Anomalous} {Behavior} in {Ubiquitous} {Kernel} {Processes}}, url = {https://dora.dmu.ac.uk/handle/2086/18527}, abstract = {Targeted attacks on digital infrastructures are a rising threat against the confidentiality, integrity, and availability of both IT systems and sensitive data. With the emergence of advanced persistent threats (APTs), identifying and understanding such attacks has become an increasingly difficult task. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. This thesis presents a multi-stage system able to detect and classify anomalous behavior within a user session by observing and analyzing ubiquitous kernel processes. Application candidates suitable for monitoring are initially selected through an adapted sentiment mining process using a score based on the log likelihood ratio (LLR). For transparent anomaly detection within a corpus of associated events, the author utilizes star structures, a bipartite representation designed to approximate the edit distance between graphs. Templates describing nominal behavior are generated automatically and are used for the computation of both an anomaly score and a report containing all deviating events. The extracted anomalies are classified using the Random Forest (RF) and Support Vector Machine (SVM) algorithms. Ultimately, the newly labeled patterns are mapped to a dedicated APT attacker–defender model that considers objectives, actions, actors, as well as assets, thereby bridging the gap between attack indicators and detailed threat semantics. This enables both risk assessment and decision support for mitigating targeted attacks. Results show that the prototype system is capable of identifying 99.8\% of all star structure anomalies as benign or malicious. In multi-class scenarios that seek to associate each anomaly with a distinct attack pattern belonging to a particular APT stage we achieve a solid accuracy of 95.7\%. Furthermore, we demonstrate that 88.3\% of observed attacks could be identified by analyzing and classifying a single ubiquitous Windows process for a mere 10 seconds, thereby eliminating the necessity to monitor each and every (unknown) application running on a system. With its semantic take on threat detection and classification, the proposed system offers a formal as well as technical solution to an information security challenge of great significance.}, institution = {De Monfort University Leicester}, author = {Luh, Robert}, month = jul, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, PhD, SP IT Sec Security Management \& Privacy, best rluh}, } @article{luh_penquest_2019, title = {{PenQuest}: a gamified attacker/defender meta model for cyber security assessment and education}, issn = {2263-8733}, url = {https://doi.org/10.1007/s11416-019-00342-x}, doi = {10/gh378z}, abstract = {Attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. At the same time, the complex interplay of attack techniques and possible countermeasures makes it difficult to appropriately plan, implement, and evaluate an organization’s defense. More often than not, the worlds of technical threats and organizational controls remain disjunct. In this article, we introduce PenQuest, a meta model designed to present a complete view on information system attacks and their mitigation while providing a tool for both semantic data enrichment and security education. PenQuest simulates time-enabled attacker/defender behavior as part of a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP 800-53. Attack patterns, vulnerabilities, and mitigating controls are mapped to counterpart strategies and concrete actions through practical, data-centric mechanisms. The gamified model considers and defines a wide range of actors, assets, and actions, thereby enabling the assessment of cyber risks while giving technical experts the opportunity to explore specific attack scenarios in the context of an abstracted IT infrastructure. We implemented PenQuest as a physical serious game prototype and successfully tested it in a higher education environment. Additional expert interviews helped evaluate the model’s applicability to information security scenarios.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian and Janicke, Helge}, month = nov, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Paper, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @misc{sramec_sicherheitsrisiken_2018, address = {St. Pölten, Austria}, title = {Sicherheitsrisiken und {Gegenmaßnahmen} für {DevOps}-{Umgebungen}}, url = {https://itsecx.fhstp.ac.at/content/download/166238/file/04_Dominik-Sramec_FH-St.-P%C3%B6lten.pdf}, author = {Sramec, Dominik}, month = nov, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy, Vortrag, Wiss. Beitrag}, } @inproceedings{amiri_machine_2018, address = {Porto, Portugal}, title = {A {Machine} {Learning} {Approach} for {Privacy}-preservation in {E}-business {Applications}:}, isbn = {978-989-758-319-3}, shorttitle = {A {Machine} {Learning} {Approach} for {Privacy}-preservation in {E}-business {Applications}}, url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006826304430452}, doi = {10/gh38cd}, language = {en}, urldate = {2019-01-23}, booktitle = {Proceedings of the 15th {International} {Joint} {Conference} on e-{Business} and {Telecommunications}}, publisher = {SCITEPRESS - Science and Technology Publications}, author = {Amiri, Fatemeh and Quirchmayr, Gerald and Kieseberg, Peter}, year = {2018}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, best, peer-reviewed}, pages = {443--452}, } @article{vitunskaite_smart_2019, title = {Smart cities and cyber security: {Are} we there yet?{A} comparative study on the role of standards, third party risk management and security ownership}, volume = {83}, issn = {0167-4048}, url = {http://www.sciencedirect.com/science/article/pii/S0167404818310423}, doi = {10/gh378x}, abstract = {Smart cities have brought a variety of benefits aiming to revolutionise people’s lives. Those include but are not limited to, increasing economic efficiency, reducing cost and decreasing environmental output. However, the smart city itself is still in its infancy. As it heavily relies on technologies, it opens up doors to cyber attackers and criminals, which can lead to significant losses. An outstanding problem concerns the social and organisational aspects of smart cities security resulting from competing interests of different parties, high levels of interdependence, and social and political complexity. Our review shows that current standards and guidelines have not clearly defined roles and responsibilities of different parties. A common understanding of key security requirements is not shared between different parties. This research assessed the smart cities and their cyber security measures, with a particular focus on technical standards and the regulatory framework. It comprehensively reviewed 93 security standards and guidance. It then performed a comparative case study of Barcelona, Singapore and London smart cities on their governance models, security measures, technical standards and third party management. Based on the review and the case study, this research concluded on a recommended framework encompassing technical standards, governance input, regulatory framework and compliance assurance to ensure that security is observed at all layers of the smart cities.}, journal = {Computers \& Security}, author = {Vitunskaite, Morta and He, Ying and Brandstetter, Thomas and Janicke, Helge}, month = jun, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {313--331}, } @inproceedings{geko_ontology_2018, address = {Ljubljana, Slovenia}, title = {An {Ontology} {Capturing} the {Interdependence} of the {General} {Data} {Protection} {Regulation} ({GDPR}) and {Information} {Security}}, doi = {10/gfxqw4}, booktitle = {{CECC} 2018: {Proceedings} of the {Central} {European} {Cybersecurity} {Conference} 2018}, publisher = {ACM}, author = {Geko, Melisa and Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @article{kauspadiene_high-level_2017, title = {High-{Level} {Self}-{Sustaining} {Information} {Security} {Management} {Framework}}, volume = {5}, doi = {10/gh372r}, journal = {Baltic J. Modern Computing}, author = {KAUSPADIENE, Laima and CENYS, Antanas and GORANIN, Nikolaj and TJOA, Simon and RAMANAUSKAITE, Simona}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publiktationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {107--123}, } @incollection{holzinger_explainable_2018, address = {Cham}, title = {Explainable {AI}: {The} {New} 42?}, volume = {11015}, isbn = {978-3-319-99739-1 978-3-319-99740-7}, shorttitle = {Explainable {AI}}, url = {http://link.springer.com/10.1007/978-3-319-99740-7_21}, abstract = {Explainable AI is not a new field. Since at least the early exploitation of C.S. Pierce’s abductive reasoning in expert systems of the 1980s, there were reasoning architectures to support an explanation function for complex AI systems, including applications in medical diagnosis, complex multi-component design, and reasoning about the real world. So explainability is at least as old as early AI, and a natural consequence of the design of AI systems. While early expert systems consisted of handcrafted knowledge bases that enabled reasoning over narrowly well-defined domains (e.g., INTERNIST, MYCIN), such systems had no learning capabilities and had only primitive uncertainty handling. But the evolution of formal reasoning architectures to incorporate principled probabilistic reasoning helped address the capture and use of uncertain knowledge.}, language = {en}, urldate = {2019-01-23}, booktitle = {Machine {Learning} and {Knowledge} {Extraction}}, publisher = {Springer International Publishing}, author = {Goebel, Randy and Chander, Ajay and Holzinger, Katharina and Lecue, Freddy and Akata, Zeynep and Stumpf, Simone and Kieseberg, Peter and Holzinger, Andreas}, editor = {Holzinger, Andreas and Kieseberg, Peter and Tjoa, A Min and Weippl, Edgar}, year = {2018}, doi = {10.1007/978-3-319-99740-7_21}, keywords = {Center for Artificial Intelligence, Center for Digital Health Innovation, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, best, peer-reviewed}, pages = {295--303}, } @misc{schrittwieser_sicherheit_2019, address = {Wien}, type = {Invited {Talk}}, title = {Sicherheit von {Container}-{Virtualisierung}}, url = {https://idcitsecurity.com/2019/vienna/}, author = {Schrittwieser, Sebastian}, month = sep, year = {2019}, note = {Projekt: TARGET}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{riegler_internet_2019, address = {FH St. Pölten}, title = {Internet {Privacy}}, author = {Riegler, Bernhard}, month = jan, year = {2019}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{piller_hochsichere_2019, address = {Wien}, type = {Konferenz}, title = {Hochsichere, langzeitige {Kryptografie} für kabellose {Kommunikation} mit {Integration} von {Funkmessdaten}}, url = {https://www.kiras.at/aktuelles/veranstaltungen/?tx_yag_pi1%5Bc710%5D%5BalbumUid%5D=10&tx_yag_pi1%5Bc710%5D%5BgalleryUid%5D=4&tx_yag_pi1%5BitemListc710%5D%5BpagerCollection%5D%5Bpage%5D=1&tx_yag_pi1%5Baction%5D=list&tx_yag_pi1%5Bcontroller%5D=ItemList&cHash=48055c39eb2e0eda5c01585f88fdfc01}, author = {Piller, Ernst}, month = jun, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_keynote_2019, address = {Canterbury, United Kingdom}, type = {invited talk}, title = {Keynote: {Authentication} of the future - a challenge to privacy?}, author = {Kieseberg, Peter}, month = aug, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_dsgvo_2019, address = {FH Wiener Neustadt}, title = {Die {DSGVO} und das {Problem} der {Löschung} von {Daten} in {Datenbanken}}, author = {Kieseberg, Peter}, month = apr, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @misc{kieseberg_darknet_2019, address = {Planetarium Wien}, title = {Das {Darknet}}, author = {Kieseberg, Peter}, month = mar, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_privacy_2019, address = {FH St. Pölten}, title = {Privacy {Diskussion}: {Wie} viel sind {Sie} wert?}, author = {Kieseberg, Peter}, month = jan, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{gafic_analyse_2019, address = {FH Wiener Neustadt}, title = {Analyse der {Wechselwirkungen} von {Datenschutz} und {Informationssicherheit} unter {Verwendung} einer {DSGVO} {Ontologie}}, author = {Gafic, Melisa}, month = apr, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @misc{weippl_wie_2017, address = {Vienna}, title = {Wie funktioniert eine {Blockchain} wirklich}, url = {http://idcitsecurity.com/vienna_de/agenda}, abstract = {Anhand von Bitcoin erklärt Edgar Weippl wie öffentliche Blockchains funktionieren und diskutiert einige wichtige Grundlagen, die notwendig sind, um das Hype-Thema besser zu verstehen.}, author = {Weippl, Edgar R.}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_peter_security_2018, address = {TU Wien}, title = {Security \& {Reproducibility} in {Health} {System} {Research}}, author = {Kieseberg, Peter}, month = apr, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{weippl_bitcoins_2017, address = {Klagenfurt}, title = {Bitcoins, {Crypocurrencies} und {Smart} {Contracts}}, url = {https://www.syssec.at/sitag2017prog/}, author = {Weippl, Edgar}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @inproceedings{haslinger_business_2016, address = {St. Pölten}, title = {Business {Continuity} \& {Desaster} {Recovery} als {Planspiel} umgesetzt}, isbn = {978-3-99023-450-1}, booktitle = {Kompetenzorientiert {Lehren} und {Prüfen}}, publisher = {ikon Verlag}, author = {Haslinger, Daniel and Lang-Muhr, Christoph}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @techreport{travnicek_enterprise_2016, title = {Enterprise {Mobility} - {Market}, products and technical approaches; relevant organisational and legal aspects}, url = {https://www.eurocloud.at/projekte/publikationen/leitfaeden.html}, abstract = {Almost exactly three years ago, EuroCloud published the first Mobility \& Cloud handbook – only a few years after the first iPad was introduced. As usual, Steve Jobs knew before anyone else what functionality many people would appreciate. And although this new type of device was initially criticised and even ridiculed, with many finding it difficult to imagine what such a device could be good for, we are now buying more of these practical little gadgets than we are PCs or laptops. Despite their small size, consumers have now come to expect convenience and ease of use combined with high performance for professional and personal use from tablets. Indeed, the distinction between occupational and private use of devices is becoming more and more blurred – which simultaneously means that the associated technical, organisational and legal challenges are becoming ever more complex. This handbook covers all topics relevant to mobile computing (technology, legislation, organisation and processes) and provides checklists and procedure models as well as a market overview. This “Enterprise Mobility Management” handbook was compiled by the following authors: Reinhard Travniček, Gerald Haidvogl and Christoph Lang-Muhr (technology), Árpád Geréd (legal aspects), and Tobias Höllwarth (organisation and processes). If you are considering an Enterprise Mobility project for your company, we would be happy to welcome you at one of our introductory planning workshops.}, institution = {EuroCloud}, author = {Travniček, Reinhard and Höllwarth, Tobias and Árpád, Geréd and Haidvogl, Gerald and Lang-Muhr, Christoph}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @inproceedings{osterreicher_moderne_2016, title = {Moderne {Beschaffung} mit {Berücksichtigung} von {IT}-{Security}}, author = {Österreicher, Gabor and Pötzelsberger, Gerhard and Piller, Ernst}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {214--223}, } @misc{brandstetter_schlachtfeld_2015, title = {Schlachtfeld {Internet} – {Wenn} das {Netz} zur {Waffe} wird}, author = {Brandstetter, Thomas}, month = jan, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{brandstetter_vielgehacktes_2015, address = {St. Pölten, Austria}, type = {Podiumsdiskussion}, title = {Vielgehacktes Österreich vs. {Regulatorien}: {Das} neue {Cybersicherheitsgesetz}}, author = {Brandstetter, Thomas}, month = nov, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{reisinger_studie_2015, address = {St. Pölten, Austria}, title = {Studie {Informationssicherheit} in {Deutschland}, Österreich und der {Schweiz} 2015}, author = {Reisinger, Philipp}, month = nov, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{haslinger_jahresruckblick_2015, address = {St. Pölten, Austria}, title = {Jahresrückblick}, author = {Haslinger, Daniel and Fischer, Bernhard}, month = nov, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{piller_blockchains:_2017, title = {Blockchains: {Von} den {Potentialen} der {IT}-{Sicherheit} für den {Unternehmenserfolg}}, author = {Piller, Ernst}, year = {2017}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Vortrag, SP IT Sec Security Management \& Privacy}, } @misc{piller_sicherheit_2017, address = {Villach}, title = {Sicherheit bei {Geschäftsmodellen} von {Anfang} an mitdenken}, author = {Piller, Ernst}, year = {2017}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Vortrag, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_datenschutzmanagement_2018, address = {Donau-Uni Krems}, title = {Datenschutzmanagement und - organisation}, author = {Kieseberg, Peter}, month = apr, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_digitale_2018, address = {FH Wr. Neustadt}, title = {Digitale {Forensik}}, author = {Kieseberg, Peter}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @article{kieseberg_data_2018, title = {Data {Literacy}}, journal = {ÖKZ}, author = {Kieseberg, Peter}, month = jan, year = {2018}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_peter_big_2018, title = {Big {Data} {Analytics} - {Datenschutz} in der automatisierten {Analyse}}, author = {Kieseberg, Peter}, month = apr, year = {2018}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Poster, SP IT Sec Security Management \& Privacy}, } @misc{kieseberg_peter_darknet_2018, address = {Fachhochschule St. Pölten}, title = {Darknet „how to“}, author = {Kieseberg, Peter}, month = jun, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_peter_datenschutz_2018, address = {Fachhochschule St. Pölten}, title = {Datenschutz}, author = {Kieseberg, Peter}, month = apr, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_peter_alles_2018, address = {Cinema Paradiso, St. Pölten}, title = {Alles unter {Kontrolle}}, author = {Kieseberg, Peter}, month = may, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_peter_coin_2018, address = {Fachhochschule St. Pölten}, title = {{COIN} – {Big} {Data} {Analytics}}, author = {Kieseberg, Peter}, month = sep, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_peter_underground_2018, address = {Fachhochschule St. Pölten}, title = {Underground {Marketplaces}}, author = {Kieseberg, Peter}, month = jun, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_darknet_2018, address = {Vienna, VHS Urania}, title = {Das {Darknet}}, author = {Kieseberg, Peter}, month = nov, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{osterreicher_internet_2018, address = {FH St. Pölten}, title = {Internet {Privacy}}, author = {Österreicher, Gabor}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{kieseberg_privacy_2018, address = {FH St. Pölten}, title = {Privacy {Diskussion}: {Wie} viel sind {Sie} wert?}, author = {Kieseberg, Peter}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, Vortrag}, } @misc{weippl_thema_2018, type = {Keynote}, title = {Thema „{Sicherer} {Entwicklungsprozess} für {Produktionssysteme}“}, author = {Weippl, Edgar}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @book{piller_beschaffung_2017, title = {Beschaffung unter {Berücksichtigung} der {IT}-{Sicherheit}, {Piller} {Ernst}}, publisher = {Springer Vieweg Verlag}, author = {Piller, Ernst}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @misc{tjoa_big_2018, address = {Seoul, South Korea}, title = {Big {Challenges} – {Future} cyber-security challenges and the role of software security and assurance in the era of {IoT}, industry 4.0 and big data}, abstract = {In our modern society, every company is dependent on correct and reliable operation of information systems. The wide application of software products in critical processes can result in serious risks when vulnerabilities are exploited. Software security and assurance are therefore vital to ensure certain level of security and confidence of written software artefacts. In his talk, Prof. Tjoa will highlight future challenges in cyber-security and how the relate to the conference themes software security and assurance.}, author = {Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Vortrag, SP IT Sec Applied Security \& Data Science, SP IT Sec Security Management \& Privacy, SP IT Sec System \& Application Security}, } @inproceedings{amiri_sensitive_2018, address = {Venice, Italy}, title = {Sensitive {Data} {Anonymization} {Using} {Genetic} {Algorithms} for {SOM}-based {Clustering}}, isbn = {978-1-61208-661-3}, abstract = {Improving privacy protection by using smart methods has become a major focus in current research. However, despite all the technological compensations through analyzing privacy concerns, the literature does not yet provide evidence of frameworks and methods that enable privacy protection from multiple perspectives and take into account the privacy of sensitive data with regard to accuracy and efficiency of the general processes in the system. In our work, we focus on sensitive data protection based on the idea of a Self-Organizing Map (SOM) and try to anonymize sensitive data with Genetic Algorithms (GAs) techniques in order to improve privacy without significantly deteriorating the accuracy and efficiency of the overall process. We organize the dataset in subspaces according to their information theoretical distance to each other in distributed local servers and then generalize attribute values to the minimum extent required so that both the data disclosure probability and the information loss are kept to a negligible minimum. Our analysis shows that our protocol offers clustering without greatly exposing individual privacy and causes only negligible superfluous costs and information loss because of privacy requirements.}, language = {en}, publisher = {IARIA}, author = {Amiri, Fatemeh and Quirchmayr, Gerald and Kieseberg, Peter}, month = sep, year = {2018}, keywords = {Center for Artificial Intelligence, Center for Digital Health Innovation, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {9}, } @article{tjoa_formal_2011, title = {A {Formal} {Approach} {Enabling} {Risk}-aware {Business} {Process} {Modeling} and {Simulation}}, volume = {4}, doi = {10/cg8knv}, language = {Englisch}, number = {2}, journal = {IEEE Transactions on Services Computing}, author = {Tjoa, Simon and Jakoubi, Stefan and Goluch, Gernot and Kitzler, Gerhard and Goluch, Sigrun and Quirchmayr, Gerald}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {153--166}, } @article{kieseberg_algorithm_2014, title = {An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata}, journal = {Special Issue on Security and Privacy in Business Networking}, author = {Kieseberg, Peter and Schrittwieser, Sebastian and Mulazzani, Martin and Echizen, Isao and Weippl, Edgar}, year = {2014}, keywords = {Center for Artificial Intelligence, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{rybnicek_simulation-based_2014, address = {Thessaloniki, Griechenland}, title = {Simulation-based {Cyber}-{Attack} {Assessment} of {Critical} {Infrastructures}}, doi = {10/gnt2vb}, booktitle = {Lecture {Notes} in {Business} {Information} {Processing}}, publisher = {Springer}, author = {Rybnicek, Marlies and Tjoa, Simon and Poisel, Rainer}, year = {2014}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @inproceedings{koinig_contrology_2015, address = {Larcana, Cyprus}, title = {Contrology - an ontology-based cloud assurance approach}, doi = {10/gnt2vc}, booktitle = {{IEEE} {International} {Conference} on {Enabling} {Technologies}: {Infrastructure} for {Collaborative} {Enterprises} ({WETICE})}, publisher = {IEEE}, author = {Koinig, Ulrich and Tjoa, Simon and Ryoo, Jungwoo}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{hellwig_towards_2015, title = {Towards a {CERT}-{Communication} {Model} as {Basis} to {Software} {Assurance}}, doi = {10/ghhvpq}, booktitle = {10th {International} {Conference} on {Availability}, {Reliability} and {Security} ({ARES})}, author = {Hellwig, Otto and Quirchmayr, Gerald and Huber, Edith and Mischitz, Timo and Huber, Markus}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @inproceedings{fischer_onioncat_2009, address = {Dresden, Germany}, title = {{OnionCat} - {An} anonymous {Internet} {Overlay}}, booktitle = {Privacy {Enhancing} {Technologies} {Convention}}, author = {Fischer, Bernhard}, year = {2009}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {1--8}, } @inproceedings{jakoubi_formal_2010, address = {Krakow, Poland}, title = {A {Formal} {Approach} {Towards} {Risk}-{Aware} {Service} {Level} {Analysis} and {Planning}}, language = {Englisch}, booktitle = {International {Conference} on {Availability}, {Reliability}, and {Security} ({ARES}'10)}, publisher = {IEEE Computer Society}, author = {Jakoubi, Stefan and Tjoa, Simon and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {180--187}, } @inproceedings{fischer_onioncat_2008, address = {Berlin, Germany}, title = {{OnionCat} - {A} {Tor}-based {Anonymous} {VPN}}, language = {Englisch}, booktitle = {25th {Chaos} {Communication} {Congress}-{Nothing} to hide}, author = {Fischer, Bernhard}, year = {2008}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {1--6}, } @inproceedings{jakoubi_roadmap_2009, address = {Biopolis, Singapore}, title = {A roadmap to risk-aware business process management.}, booktitle = {{IEEE} {Asia}-{Pacific} {Services} {Computing} {Conference} ({IEEE} {APSCC}'09)}, publisher = {IEEE Computer Society}, author = {Jakoubi, Stefan and Neubauer, Thomas and Tjoa, Simon}, year = {2009}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, Studiengang Physiotherapie, ⛔ No DOI found}, pages = {23--27}, } @inproceedings{tjoa_planning_2010, address = {Krakow, Poland}, title = {Planning {Dynamic} {Activity} and {Resource} {Allocations} {Using} a {Risk}-{Aware} {Business} {Process} {Management} {Approach}}, booktitle = {International {Conference} on {Availability}, {Reliability}, and {Security} ({ARES}'10)}, publisher = {IEEE Computer Society}, author = {Tjoa, Simon and Jakoubi, Stefan and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {268--274}, } @inproceedings{rybnicek_generic_2012, address = {Washington, DC}, title = {A {Generic} {Approach} to {Critical} {Infrastructures} {Modeling} and {Simulation}}, doi = {10/gnt2tt}, booktitle = {{ASE} {International} {Conference} on {Cyber} {Security}}, publisher = {IEEE}, author = {Rybnicek, Marlies and Poisel, Rainer and Ruzicka, Manfred and Tjoa, Simon}, year = {2012}, keywords = {2012\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{schrattenholzer_wer_2013, address = {Nürnberg, Deutschland}, title = {Wer spielt gewinnt}, language = {Deutsch}, booktitle = {D-{A}-{CH} {Security}}, author = {Schrattenholzer, Matthias and Ruzicka, Manfred and Rybnicek, Marlies and Poisel, Rainer and Tjoa, Simon}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{wohrer_modding_2013, address = {Rome, Italy}, title = {Modding and {Cloud} {Gaming}: {Business} {Considerations} and {Technical} {Aspects}}, language = {Deutsch}, booktitle = {International {Conference} on {Internet} and {Web} {Applications} and {Services} ({ICIW})}, author = {Wöhrer, A. and Kaniovskyi, Y. and Kobler, M.}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, } @article{fischer_anonymes_2010, title = {Ein {Anonymes} {Internet}}, language = {Deutsch}, number = {2}, journal = {Hackin9}, author = {Fischer, Bernhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @article{fischer_anonymes_2010-1, title = {Ein anonymes {Service} sicher betreiben mit {OnionCat}}, language = {Deutsch}, number = {3}, journal = {Hackin9}, author = {Fischer, Bernhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @incollection{jakoubi_risk-aware_2010, series = {Springer {Optimization} and {Its} {Applications}}, title = {Risk-{Aware} {Business} {Process} {Management} - {Establishing} the {Link} {Between} {Business} and {Security}}, volume = {41}, language = {Englisch}, booktitle = {Complex {Intelligent} {Systems} and {Their} {Applications}}, publisher = {Springer-Verlag}, author = {Jakoubi, Stefan and Tjoa, Simon and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {109--135}, } @incollection{huber_prozesse_2015, title = {Prozesse und {Werkzeuge} zur {Veröffentlichung} von {Sicherheitsempfehlungen}}, isbn = {978-3-658-09057-9}, booktitle = {Sicherheit in {Cyber}-{Netzwerken}}, publisher = {Springer Verlag}, author = {Huber, Markus}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {91--106}, } @misc{piller_gezielte_2015, type = {Key {Note}}, title = {Gezielte {Cyberangriffe} - der {Schutz} fängt schon bei der {Beschaffung} an}, author = {Piller, Ernst}, month = oct, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{piller_gezielte_2015-1, title = {Gezielte {Cyberangriffe} auf {Unternehmen}}, author = {Piller, Ernst}, month = jun, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{piller_herausforderungen_2015, type = {Festrede}, title = {Herausforderungen der {Digitalisierung}}, author = {Piller, Ernst}, month = sep, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @misc{piller_sachverstandigengutachten_2015, title = {Sachverständigengutachten laut {Registrierkassensicherheitsverordnung}}, author = {Piller, Ernst}, month = nov, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, SP IT Sec Security Management \& Privacy}, } @incollection{tjoa_modellierung_2015, series = {Xpert.press}, title = {Modellierung und {Simulation} kritischer {IKT} {Infrastrukturen} und deren {Abhängigkeiten}}, booktitle = {Cyber {Attack} {Information} {System} - {Erfahrungen} und {Erkenntnisse} aus der {IKT}-{Sicherheitsforschung}}, publisher = {Vieweg+Teubner Verlag}, author = {Tjoa, Simon and Rybnicek, Marlies}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @incollection{piller_netzbasierte_2012, title = {Netzbasierte {Infrastrukturleistungsmodelle} und deren Übertragbarkeit auf {IP}-{Infrastrukturn}}, booktitle = {Netzneutralität und {Netzbewirtschaftung} - {Multimedia} in {Telekommunikationsnetzwerken}}, publisher = {Nomos Verlag}, author = {Piller, Ernst}, year = {2012}, keywords = {2012\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {137--147}, }