Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems and services.
The International Secure Systems Lab is a research lab that was originally founded in 2005 at the Technical University of Vienna. As of 2008, the Secure Systems Lab has become international and is distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis. The results of our research have been published in well-respected, international security conferences such as the IEEE Symposium on Security and Privacy, the Usenix Security Symposium, and the World Wide Web Conference. Furthermore, the Secure Systems Lab has released several security advisories that disclose previously unknown software vulnerabilities that we discovered. Currently funded projects of the International Secure Systems Lab include several Austrian Science Foundation (FWF) research projects, two European projects, three FIT-IT grants, two recent regional French-funded projects and several industry cooperations with Austrian banks and companies. Also, the lab maintains close ties with other well-known, international security institutions and industrial labs such as Symantec Research Europe.
The International Secure Systems Lab is a research lab that was originally founded in 2005 at the Technical University of Vienna. As of 2008, the Secure Systems Lab has become international and is distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis. The results of our research have been published in well-respected, international security conferences such as the IEEE Symposium on Security and Privacy, the Usenix Security Symposium, and the World Wide Web Conference. Furthermore, the Secure Systems Lab has released several security advisories that disclose previously unknown software vulnerabilities that we discovered. Currently funded projects of the International Secure Systems Lab include several Austrian Science Foundation (FWF) research projects, two European projects, three FIT-IT grants, two recent regional French-funded projects and several industry cooperations with Austrian banks and companies. Also, the lab maintains close ties with other well-known, international security institutions and industrial labs such as Symantec Research Europe.
News
- 28.11.2008 We are attending ACSAC and are taking part in a panel.
- 17.10.2008 On the d'Azur front, we started having paper reading sessions on this beach in Biot on Tuesdays ;-)
- 15.10.2008 Gilbert's project proposal, Spotlight, was awarded a grant. Read the ORF press report, the Standard report, and Pressetext Austria.
- 13.10.2008 Teaching has started. We are teaching Advanced Topics in Security / Advanced Internet Security this semester.
- 18.09.2008 We attended RAID in Boston and presented a paper.
- 10.08.2008 We attended DefCon in Las Vegas to take part in the Capture The Flag contest as Team Shellphish. Our performance was not glorious this year and we were not in the top 3 -- but hey, we had lots of fun ;-) Next time, we will work on our defenses.
- 01.08.2008 Thomas found a vulnerability in the Apple Safari browser while testing his tool that he is developing for his master's thesis. Here is the Apple advisory. Look for "CarbonCore".
- 04.07.2008 We are attending the DIMVA conference in Paris.
- 20.06.2008 We are watching the European Championship -- of course ;-)
- 02.06.2008 Shellphish (UCSB team with some participants from TU Vienna and Eurecom) qualifies for the DefCon CTF! See the final results. This was a tough one :-)
- 01.06.2008 We are taking part in the DefCon quals...
- 19.05.2008 We are attending the IEEE Security and Privacy Conference in Oakland and are presenting a paper.
- 16.02.2008 We attended the 15th Annual Network & Distributed System Security Symposium (NDSS) in San Diego and presented a paper.
- 01.02.2008 We will be attending the International Botnet Task Force Conference in Lyon.
- 21.12.2007 SecLab wishes a merry Christmas and a happy new year to our students and colleagues.
- 10.12.2007 We will be attending the ACSAC 2007 conference in Miami to present two papers.
- 08.12.2007 Team TU Wien (We 0wn You) captures 4th place at the UCSB Capture The Flag contest among 36 university teams! Thanks to this year's InetSec 2 students. Nice work! Read a summary
- 19.09.2007 We will be presenting a white paper entitled "Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment" at Black Hat Japan at the end of October.
- 05.08.2007 We will be attending the USENIX Security conference in Boston and present a WOOT 07 paper.
- 10.07.2007 We will be attending the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment in Lucerne, Switzerland to present a paper.
- 03.07.2007 We are glad to announce the following talk: "Overview of the PHP String Analyzer" by Yasuhiko Minamide (University of Tsukuba, Japan). Time: Wednesday, July 4th, 3:00 PM.
- 20.06.2007 We have released a new version of Pixy, our open-source scanner for detecting vulnerabilities in PHP programs.
- 05.06.2007 We will be attending the Annual USENIX Technical Conference in Santa Clara to present a paper.
- 14.05.2007 We will be attending the IEEE Security and Privacy Conference in Oakland to present a paper.
- 10.03.2007 Our project Anubis: Analyzing Unknown Binaries is online. Anubis is an online malware analysis service that analyzes Windows executables for you.
- 09.03.2007 We attended NDSS and visited the UCSB folks in Santa Barbara. The weather was great and Giovanni and Davide took us surfing ;-) Check out the pictures. We are not really surfers, but it was great fun.
- 09.02.2007 We will attend NDSS in San Diego to present a paper.
- 09.12.2006 Team TU Wien (We 0wn You) wins the UCSB Capture The Flag contest! Thanks to this year's InetSec 2 students. Great work! Read a summary
- 25.11.2006 We attended the EU IST 2006 conference in Helsinki.
- 20.10.2006 The UCSB CTF will take place on December the 8th. We will participate :)
- 09.10.2006 InetSec 2 (i.e., Advanced Internet Security) course has started.
- 21.09.2006 We are attending the 9th International Symposium On Recent Advances In Intrusion Detection (RAID) in Hamburg, Germany.
- 10.09.2006 We attended the 9th Information Security Conference in Samos, Greece.
- 09.08.2006 We participated in the DefCon Capture The Flag security contest in Las Vegas with the University of California Santa Barbara team, Shellphish, and got third place (among 8 teams). According to Kenshoto, our team obtained the most and the best breakthroughs.
- 31.07.2006 We are attending the USENIX Security 2006 conference in Vancouver, Canada.
- 29.07.2006 Our HoneyNet project was launched yesterday. Thanks to the TU ZID (Dr. Demel and Mr. Kainrath) for providing us with more than 4000 IP addresses. Nepenthes is now up and running and we are collecting malware.
- 17.07.2006 We attended the DIMVA conference in Berlin.
- 05.07.2006 The development release of Qdig fixes a vulnerability that was discovered by Nenad's tool Pixy. For other vulnerability reports, check this page.
- 03.07.2006 The summer holidays have started ;) We wish all InetSec participants a great summer!
Press
Gilbert's project proposal, Spotlight, was awarded a grant. Read the ORF press report, the Standard report, and Pressetext Austria.Heise reports on our EU project WOMBAT. Symantec is one of our partners.
Der Standard reported on Anubis, our malware analysis platform. However, note that we actually developed Anubis and did not only "improve" it as the report says ;-) Yes, it hurts :-)
A team of InetSec 2 candidates participated in the International Capture The Flag Security Contest in December 2007 and managed to capture 4th place. Not bad! You can read the report here.
You can also check out some press reports [in German] ;-) Chris recently gave two interviews to "Die Presse" and "der Standard" about Trojans and our research project Pathfinder. You can read the first interview here. The second is here.
A team of InetSec 2 candidates participated in the International Capture The Flag Security Contest in December 2006 and managed to win. Congratulations! You can read the report here.
You can also check out some partially exaggerated press reports [in German] ;-) We would like to thank every one for taking note of this fun contest:
- Die Presse
- Heise News
- Pressetext
- Computerwelt
- Wien Web
- Inside IT
- Telekom Press
- ORF
- Der Standard
- Wiener Zeitung
- Kronen Zeitung
Secubat was launched in March 2006. You can check out some press reports:
A team of InetSec 2 candidates participated
in the
International Capture The Flag Security Contest in December 2005 and managed to
"secure" second place. Congratulations! You can read the report here.
You can also check out some press reports [in German] (yeah, we know, the press likes to exaggerate a little ;-) Nevertheless, we would like to thank them for taking note of this contest):
You can also check out some press reports [in German] (yeah, we know, the press likes to exaggerate a little ;-) Nevertheless, we would like to thank them for taking note of this contest):
Last Modified: Wed Dec 24 12:57:47 CET 2008