Systems & Application Security

Software plays an essential role in the security of IT systems: Most attacks on IT systems are carried out with the help of malware, i.e. software; and this malware exploits weak points (from a security point of view: programming errors) in regularly installed software on the victim system. Systems Security must therefore deal with the detection of malware on the one hand and methods of developing secure software on the other.

Attacks with malware pose an ever-increasing threat to the IT infrastructure, not only in the private sphere, but above all in the business and government sectors. The number of newly discovered malware cases per year is already in the tens of millions. Therefore the importance of the analysis of suspicious codes and the development of defense measures (antivirus software and intrusion detection systems) is increasing more and more.

The research focus Systems & Application Security is primarily concerned with the dynamic analysis of malware: the suspicious code samples are executed in a secure environment and the activities logged. For these execution traces, patterns for certain (malicious) behaviors are defined. Data mining algorithms are used to find, categorize and classify these patterns. Another focus is the use of formal methods to describe malicious (or "normal") behavior patterns.

A further research topic of this focus is the topic of digital forensics: Digital forensics deals with the securing, evaluation and documentation of evidence on digital data carriers. Our fields of activity include file carving, mobile forensics, cloud forensics, eDiscovery, privacy and database forensics. Anti-forensics can be seen as an antithesis to forensics. The Institute's fields of activity in this area include the development of new steganographic methods, steganalysis and the topic of software obfuscation.

Key Focus Coordinator

  • Head of Research Institute
    Institute of IT Security Research
  • Head of Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • International Coordinator
  • Department of Computer Science and Security
P: +43/676/847 228 648

Research Staff

  • Junior Researcher
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
  • Junior Researcher Institute of IT Security Research
  • Department of Computer Science and Security
P: +43/2742/313 228 699
  • Research Assistant
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
  • Lecturer
  • Department of Computer Science and Security
  • Junior Researcher
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
  • Research Assistant
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
  • Researcher
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
P: +43/2742/313 228 690

Projects

MalwareDef– Recognition through description

Defining formal descriptions of potentially malicious actions to allow developing proactive defensive measures

Data Mining für Malware Klassifizierung

Das Projekt konzentriert sich auf diejenigen Samples, deren Zuordnung zu Clustern mit den bisherigen Methoden nicht oder nur mit großem Aufwand (manuelle Analyse und Zuordnung) zu bewerkstelligen is...

SmartMeterIDS

This project aims at improving the operational security of advanced metering infrastructures by the development of an innovative intrusion detection system tailored to the specific characteristics.

Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET)

The Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) is a research institution operated by the St. Pölten University of Applied Sciences. Its mission is to explore nov...

Publications

Neuner, S., Voyiatzis, A., Fotopoulos, S., Mulliner, C., & Weippl, E. (2018). Blocking usb-based keypress injection attacks. Presented at the 32nd IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec).
Fiedor, T., Holík, L., Rogalewicz, A., Sinn, M., & Vojnar, T. (2017). From Shapes to Amortized Complexity. In International Conference on Verification, Model Checking, and Abstract Interpretation (pp. 205–225). Springer.
Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., & Weippl, E. (2016). Protecting software through obfuscation: Can it keep pace with progress in code analysis. Computing Surveys, 49(1).
Schröder, S., Huber, M., Wind, D., & Rottermanner, C. (2016). When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging. Presented at the EuroUSEC.
Schrittwieser, S. (2015, November). Regin - Chronologie eines gezielten IT-Angriffs. Presented at the IT-SeCX, St. Pölten, Austria.
Meindorfer, A. (2015, November). System Exploitation - Wie Hacker Systeme gezielt angreifen. Workshop presented at the IT-SeCX, St. Pölten, Austria.
Tjoa, S., Kochberger, P., Malin, C., & Schmoll, A. (2015). An Open Source Code Analyzer and Reviewer (OSCAR) Framework. In 2nd International Workshop on Software Assurance. Toulouse, France: IEEE.
Mueller, R., Schrittwieser, S., Fruehwirt, P., Kieseberg, P., & Weippl, E. (2015). Security and privacy of smartphone messaging applications. In International Journal of Pervasive Computing and Communications (Vol. 11).
Kieseberg, P., Fruehwirt, P., Schrittwieser, S., & Weippl, E. R. (2015). Security tests for mobile applications - Why using TLS or SSL is not enough. In 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).
Fadai, T., Schrittwieser, S., Kieseberg, P., & Mulazzani, M. (2015). Trust me, I am a Root CA! Analyzing SSL Root CAs in modern Browsers and Operating Systems. In International Conference on Availability, Reliability and Security (ARES).
Neuner, S., Mulazzani, M., Schrittwieser, S., & Weippl, E. R. (2015). Gradually Improving the Forensic Process. In International Workshop on Cyber Crime (IWCC).
Kaiser, M. (2015, November). Remote Browser-Based Fingerprinting of Local Network Devices. Presented at the DeepSec.
Haslinger, D. (2015, October). Softwareentwicklung für (absolute) Beginner. Presented at the EU Code Week.
Haslinger, D., & Luh, R. (2015, September). Alltagsspuren von dir und mir. Presented at the 6. Science Day.
Poisel, R., Rybnicek, M., & Tjoa, S. (2014). Taxonomy of Data Fragment Classification Technique. In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (Vol. 132, pp. 67–85). Moscow, Russia: Springer.
Fruehwirt, P., Kieseberg, P., Hochreiner, C., Schrittwieser, S., & Weippl, E. (2014). InnoDB Datenbank Forensik – Rekonstruktion von Abfragen über Datenbank-interne Logfiles. In GI Sicherheit 2014.
Beyer, S., Mulazzani, M., Schrittwieser, S., Huber, M., & Weippl, E. (2014). Towards Fully Automated Digital Alibis with Social Interaction. In Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics.
Poisel, R., Rybnicek, M., Schildendorfer, B., & Tjoa, S. (2013). Classification and Recovery of Fragmented Multimedia Files using the File Carving Approach. International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 5(3).
Poisel, R., Malzer, E., & Tjoa, S. (2013). Evidence and Cloud Computing: The Virtual Machine Introspection Approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 4(1), 135–152.
Poisel, R., Rybnicek, M., & Tjoa, S. (2013). Game-based Simulation of Distributed Denial of Service (DDoS) Attack and Defense Mechanisms of Critical Infrastructures. In International Conference on Advanced Information Networking and Applications (AINA). Barcelona, Spain: IEEE.
Poisel, R., & Tjoa, S. (2012). Discussion on the Challenges and Opportunities of Cloud Forensics. In Multidisciplinary Research and Practice for Information Systems (Vol. 7465, pp. 593–608). Springer.
Poisel, R., & Tjoa, S. (2012). Discussion on the Challenges and Opportunities of Cloud Forensics. In Multidisciplinary Research and Practice for Information Systems (Vol. 7465, pp. 593–608). Springer.
Poisel, R., & Tjoa, S. (2012). Inhaltsbasierte Wiederherstellung multimedialer Dateien. In 6. Forschungsforum der Österreichischen Fachhochschulen - Tagungsband 1 Informationstechnologie als Produktionsfaktor (pp. 119–123). Graz, Österreich: Eigenverlag FH Joanneum GmbH.
Poisel, R., Tjoa, S., & Tavolato, P. (2011). Advanced File Carving Approaches for Multimedia Files. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2(4), 40–57.
Balaz, M., Becker, B., Beham, G., Eckhardt, J., Fiala, W., Flemming, S., … Wöhrer, A. (2011). Cloud Migration: Technische, wirtschaftliche, steuerliche und juristische Aspekte. mitp.
Poisel, R., & Nutzinger, M. (2011). Starkes Gespann - Py Side: Programmieren mit Python und Qt. Linux-Magazin, (11), 24–29.
Poisel, R. (2011). File Carving: The Next Generation. Presented at the Symposium neue Technologien, Wiesbaden, Deutschland.
Poisel, R., Moser, A., Ramer, K., & Schrattenholzer, M. (2011). Objekt erkannt - Python-Skript erkennt Gesichter, Haut und Texte. Linux-Magazin, (7), 112–116.
Poisel, R., & Tjoa, S. (2011). Forensics Investigations of Multimedia Data: A Review of the State-of-the-Art. In Proceedings of the 6th International Conference on IT Security Incident Management & IT Forensics (pp. 48–61). Stuttgart, Germany: IEEE Computer Society.
Poisel, R., & Tjoa, S. (2011). Roadmap to Approaches for Carving of Fragmented Multimedia Files. In Proceedings of The Fourth International Workshop on Digital Forensics (WSDF"11) (pp. 752–757). Wien, Austria: IEEE.
Schrenk, G., & Poisel, R. (2011). A Discussion of Visualization Techniques for the Analysis of Digital Evidence. In Proceedings of The Fourth International Workshop on Digital Forensics (WSDF"11) (pp. 758–763). Wien, Austria: IEEE.
Tjoa, S., & Poisel, R. (2011). A reference architecture for a scalable digital forensics toolkit. In 5. Forschungsforum der Österreichischen Fachhochschulen. Wien, Austria: FH Campus Wien.
Poisel, R., & Nutzinger, M. (2010). Ready, Set, Go! - Google invents a new programming language. Linux-Magazine, 116, 54–59.
Poisel, R., & Nutzinger, M. (2010). Ready, Set, Go! - Googles Go. Linux-Magazin, (6), 118–123.
Nutzinger, M., & Poisel, R. (2009). Paketwarteschlangen im Userspace bearbeiten. LINUX Magazin, (9), 36–40.
Poisel, R., & Nutzinger, M. (2009). Schlangenbeschwörer - Paketwarteschlangen im Userspace bearbeiten. Linux-Magazin, (9), 36–40.
Nutzinger, M. (2008). Richtiger Umgang mit Sicherheitszertifikaten. PHP Solutions Magazin, (5), 46–50.
Nutzinger, M. (2008). Der Linux-Zufallszahlengenerator - Wie zufällig ist der Zufall? hakin9, (1), 20–26.
Nutzinger, M. (2008). PCI DSS - Der Sicherheitsstandard für Kreditkartengeschäfte. PHP Solutions Magazin, (5), 30–33.
Nutzinger, M. (2007). Der Schlüssel zum Tor. hakin9, (11), 48–55.
Classification and Recovery of Fragmented Multimedia Files using the File Carving Approach | IGI Global. (n.d.).