International Secure System Lab

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems and services.

The International Secure Systems Lab is the union of five systems security research labs and was originally founded in 2005 at the Technical University of Vienna. As of 2008, the Secure Systems Lab has became international and was initially distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. In 2010, Ruhr University in Bochum in Germany joined the iSecLab family, and in 2011, Northeastern University came on board. Lab members collaborate closely, apply for joint funding, share data, exchange ideas, and have fun together. iSecLab encourages and supports student and faculty mobility within the labs. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis.

Theses and Internships

Our lab is constantly looking for motivated TU Vienna students who want to do an internship ("Praktikum") or a thesis with us. If you think you have what it takes, please have a look at this page.

News

Twitter

03.12.2011 Our Team We_0wn_Y0u from Vienna scored first on the ictf2011!! Click here for the final scoreboard. Details follow.
08.11.2011 Forbes reports on our paper on the security of the Amazon Cloud services.
24.05.2011 We are attending IEEE S&P in Oakland to present a paper.
15.05.2011 The Register reports on our study on the privacy of file sharing services.
17.03.2011 Forbes reports on on our recent HPP work at Blackhat Europe.
07.03.2011 We attended Financial Crypto 2011 in St. Lucia to present a paper.
09.02.2011 We attended NDSS to present papers.
09.02.2011 NewScientist published an article on EXPOSURE.
25.01.2011 MIT Tech Review published an article on our iPhone app study.
23.12.2010 We attended ACSAC to present papers.
09.12.2010 We are online with PAPAS (currently in Beta), a system to scan websites for HTTP Parameter Pollution vulnerabilitites. Please refer to this blog post for more information.
14.10.2010 We now have an iSecLab blog.
29.09.2010 Next week, we are attending ACM CCS in Chicago to present a paper on system-centric malware protection.
14.09.2010 We are attending RAID 2010 to present a paper on the privacy of social-networks.
25.08.2010 Chris was named TR35 young innovator.
11.08.2010 We are attending USENIX Security 2010 to present a paper on web vulnerability detection.
30.07.2010 We are attending the Google faculty summit . Interesting talks on security, social nets, and cloud. Nice fit for our research
27.07.2010 We are attending the DEFCON Capture the Flag contest this weekend in Las Vegas. We are Team Shellphish.
14.07.2010 We are attending SOUPS 2010 to present a poster on our de-anonymization paper for social networks.
02.07.2010 Next week, we are attending DIMVA in Bonn, Germany to present a paper.
02.07.2010 We attended OWASP AppSec Research 2010 with a talk on Clickjacking.
01.07.2010 Thorsten Holz, one of our previous fellows has joined iSecLab as faculty. We welcome Ruhr University Bochum.
12.06.2010 Wow, two of our recent publications have been Slashdotted at the same time: Here and here.
12.06.2010 PC World published an article on our WEIS 2010 paper.
11.06.2010 BBC News published an article on our WEIS 2010 paper.
10.06.2010 DarkReading published an article on our LEET 2010 paper.
09.06.2010 We attended WEIS 2010 at Harvard University to present a paper.
19.05.2010 We just attended IEEE Security and Privacy to present papers.
19.04.2010 We just attended Asia CCS in Beijing, China to present a paper.
28.03.2010 We just attended ACM SAC 2010 in Sierre, Switzerland to present several papers.
23.03.2010 Brian Krebs blogged about our system FIRE.
05.03.2010 We just attended NDSS 2010 in San Diego to present a paper.
24.02.2010 DarkReading published an article on our deanonymization attack.

Old News

Press

The Austrian newspaper Standard reports about our Facebook paper and PiOS [link]

Austria national TV (ORF) interviews iSecLab on recent Anonymous activity [Stream]

Funkschau (12/2011) writes about iSecLab, iPhone and Appz [download]

Switzerland national TV reports about PiOS [Stream]

The Register reports on our study on the privacy of file sharing services.

Forbes reports on on our recent HPP work at Blackhat Europe.
NewScientist published an article on EXPOSURE.
MIT Tech Review published an article on our iPhone app study.
Two of our recent publications have been Slashdotted at the same time: Here and here.
PC World published an article on our WEIS 2010 paper.
BBC News published an article on our WEIS 2010 paper.
DarkReading published an article on our LEET 2010 paper.
Brian Krebs blogged about our system FIRE.
DarkReading published an article on our our deanonymization attack.
Our deanonymization attack has been Slashdotted
Spiegel Online has published an article on our deanonymization attack.
Heise.de published an article on our social network deanonymization attack.
We gave an interview to Nature related to our work that shows that profile cloning attacks are feasible in practice.

Press Archive

Last Modified: Thu Jan 19 15:53:43 CET 2012

	International Secure Systems Lab
	Homepage	People	Research	Teaching	About	Blog	Twitter


Tools Anubis Exposure (Beta) PAPAS FIRE Wepawet	Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems and services. The International Secure Systems Lab is the union of five systems security research labs and was originally founded in 2005 at the Technical University of Vienna. As of 2008, the Secure Systems Lab has became international and was initially distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. In 2010, Ruhr University in Bochum in Germany joined the iSecLab family, and in 2011, Northeastern University came on board. Lab members collaborate closely, apply for joint funding, share data, exchange ideas, and have fun together. iSecLab encourages and supports student and faculty mobility within the labs. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis. Theses and Internships Our lab is constantly looking for motivated TU Vienna students who want to do an internship ("Praktikum") or a thesis with us. If you think you have what it takes, please have a look at this page. News Twitter 03.12.2011 Our Team We_0wn_Y0u from Vienna scored first on the ictf2011!! Click here for the final scoreboard. Details follow. 08.11.2011 Forbes reports on our paper on the security of the Amazon Cloud services. 24.05.2011 We are attending IEEE S&P in Oakland to present a paper. 15.05.2011 The Register reports on our study on the privacy of file sharing services. 17.03.2011 Forbes reports on on our recent HPP work at Blackhat Europe. 07.03.2011 We attended Financial Crypto 2011 in St. Lucia to present a paper. 09.02.2011 We attended NDSS to present papers. 09.02.2011 NewScientist published an article on EXPOSURE. 25.01.2011 MIT Tech Review published an article on our iPhone app study. 23.12.2010 We attended ACSAC to present papers. 09.12.2010 We are online with PAPAS (currently in Beta), a system to scan websites for HTTP Parameter Pollution vulnerabilitites. Please refer to this blog post for more information. 14.10.2010 We now have an iSecLab blog. 29.09.2010 Next week, we are attending ACM CCS in Chicago to present a paper on system-centric malware protection. 14.09.2010 We are attending RAID 2010 to present a paper on the privacy of social-networks. 25.08.2010 Chris was named TR35 young innovator. 11.08.2010 We are attending USENIX Security 2010 to present a paper on web vulnerability detection. 30.07.2010 We are attending the Google faculty summit . Interesting talks on security, social nets, and cloud. Nice fit for our research 27.07.2010 We are attending the DEFCON Capture the Flag contest this weekend in Las Vegas. We are Team Shellphish. 14.07.2010 We are attending SOUPS 2010 to present a poster on our de-anonymization paper for social networks. 02.07.2010 Next week, we are attending DIMVA in Bonn, Germany to present a paper. 02.07.2010 We attended OWASP AppSec Research 2010 with a talk on Clickjacking. 01.07.2010 Thorsten Holz, one of our previous fellows has joined iSecLab as faculty. We welcome Ruhr University Bochum. 12.06.2010 Wow, two of our recent publications have been Slashdotted at the same time: Here and here. 12.06.2010 PC World published an article on our WEIS 2010 paper. 11.06.2010 BBC News published an article on our WEIS 2010 paper. 10.06.2010 DarkReading published an article on our LEET 2010 paper. 09.06.2010 We attended WEIS 2010 at Harvard University to present a paper. 19.05.2010 We just attended IEEE Security and Privacy to present papers. 19.04.2010 We just attended Asia CCS in Beijing, China to present a paper. 28.03.2010 We just attended ACM SAC 2010 in Sierre, Switzerland to present several papers. 23.03.2010 Brian Krebs blogged about our system FIRE. 05.03.2010 We just attended NDSS 2010 in San Diego to present a paper. 24.02.2010 DarkReading published an article on our deanonymization attack. Old News Press The Austrian newspaper Standard reports about our Facebook paper and PiOS [link] Austria national TV (ORF) interviews iSecLab on recent Anonymous activity [Stream] Funkschau (12/2011) writes about iSecLab, iPhone and Appz [download] Switzerland national TV reports about PiOS [Stream] The Register reports on our study on the privacy of file sharing services. Forbes reports on on our recent HPP work at Blackhat Europe. NewScientist published an article on EXPOSURE. MIT Tech Review published an article on our iPhone app study. Two of our recent publications have been Slashdotted at the same time: Here and here. PC World published an article on our WEIS 2010 paper. BBC News published an article on our WEIS 2010 paper. DarkReading published an article on our LEET 2010 paper. Brian Krebs blogged about our system FIRE. DarkReading published an article on our our deanonymization attack. Our deanonymization attack has been Slashdotted Spiegel Online has published an article on our deanonymization attack. Heise.de published an article on our social network deanonymization attack. We gave an interview to Nature related to our work that shows that profile cloning attacks are feasible in practice. Press Archive Last Modified: Thu Jan 19 15:53:43 CET 2012