Go to JKU Homepage
LIT Secure and Correct Systems Lab
What's that?

Institutes, schools, other departments, and programs create their own web content and menus.

To help you better navigate the site, see here where you are at the moment.

­

reSilienz vOn supPly cHaIns gegenüber kaskadEneffekten aus dem digitalen Raum (SOPHIE)
 
 

Project Description

The resilience of ICT infrastructures is fundamental to the functioning of supply chains. The reliability of these infrastructures increases the reliability of planning for production and supply chains, as well as for customers and demanders. The protection of such systems against threats from cyber space is central to the functioning of a "smart economy", which is based on the principle of "just in time", characterised by very short intermediate storage times and the optimization of supply routes. In the event of a cyber-attack, it is essential to be able to rely on established strategies and processes, effective early detection and adequate decision-making models in order to avoid or reduce disruptions to ICT systems as far as possible.

The SOPHIE project aims at increasing awareness of cyber security issues in the supply chain and incident response, especially for technical and non-technical core staff, as well as supporting and improving relevant processes by implementing suitable tools and reference processes for building resilience. The project has three main objectives:

  1. improving the understanding of impacts of cyber-attacks,
  2. reducing the number and criticality of successful cyber-attacks and
  3. raising the reconnaissance rate of cyber-attacks and significantly increasing the cost of attacks in a preventive manner.

SOPHIE will achieve these goals through corresponding measures, in particular:

  1. the analysis of processes, cascade effects and suitable procedures to create models for exercises and simulations of cyber incidents, to
  2. react promptly and effectively to IT security incidents within the framework of exercises and simulations, and ultimately to
  3. minimise the impact of security incidents, remedy vulnerabilities, and enhance the robustness and resilience of systems.

SOPHIE will use the analysis, modelling and simulation processes in training programmes and cyber security awareness exercises for this purpose. This shall help to reflect the behaviour of users in the case of an emergency, to analyse operational and decision-making processes and to define and validate appropriate response measures as well as to coordinate actors and their responsibilities. In addition, the simulation models also facilitate the identification of critical processes, as well as the recognition of possible resource and capacity bottlenecks, from which relevant opportunities for the tactical optimisation of processes are derived. This contributes to the proactive and reactive handling of cyber-attacks by companies along a supply chain.

Innovative tool for verifying human signatures using artificial intelligence (EMENTIO)
 

Project Description

The main objective of our development is a toolset for the fast, secure and automated verification of handwritten signatures. Statistical methods and artificial intelligence processes are to be evaluated and used for this purpose.

 

Computer-Aided Verification of Existing P/NP Proof Attempts (CAVE-PNP)

Project Description

The goal of the project is to select a sample of existing papers concerning the P/NP problem and to have the arguments contained therein checked by a (machine) proof assistant. The aim is not to find an answer to the open question itself, but to be capable to examine the "mass" of proposed proofs not only manually, but with machine support. If the number of suggested proofs grows faster than scientific peer review can assess the work and identify possible errors, then there is a possibility that the solution is actually found, but is lost in the mass of (incorrect) approaches. This situation should be counteracted with the support of computers, in particular proof assistants.

The publications examined (proof approaches) are selected with respect to the following aspects (i) the rigor of the argumentation, (ii) the proof techniques applied, (iii) "feasibility" of modeling in proof assistants, and (iv) the claimed result of the relation of P to NP (equivalent/indifferent/unprovable).

Expected results: Researchers who deal with the question should be given extended possibilities to subject their ideas and arguments to a mechanical, and thus objective/independent, examination (before publication). Independently of it the P/NP question serves thus as "study object", whose investigation is to advance the possibilities of mechanical proof verification, as an aid, simplification and objectification of scientific Peer reviews.

 

Simulation and analysis of critical network infrastructures in cities (ODYSSEUS)

Project Description

Cities and their agglomerations are home to a large number of critical infrastructures (CI) that provide essential services in a geographically narrow space and are thus physically and logically dependent on one another. This results in a sensitive network of organizations and connections in which incidents within an infrastructure can have an impact on the entire system. In particular, critical infrastructures in the context of utilities (electricity, gas, water, etc.), communication (ICT), distribution (food, fuel, etc.) and transport (road, rail, etc.) operate extensive networks which have special requirements with regard to security measures. Thus, a detailed risk analysis with a strong focus on the interaction of these networks and on potential cascading effects for the population represents a central aspect for the protection of these critical supply infrastructures, especially when considering the Network and Information Security (NIS) Law. Further, also the so-called "soft targets", i.e. attractive targets in public spaces for terrorist attacks, would have an impact on the above mentioned networks in case of an attack. The goal of the ODYSSEUS project is to create a simulation-based, cross-domain risk model, based on the example of the City of Vienna, which describes the networks of the central supply infrastructures (electricity, gas, water, food and telecommunications, including ICT) as well as the transport networks (road and rail) up to a certain level of abstraction. This level should be kept as low as possible in order to achieve as real a representation as possible (depending on the quantity and quality of data available). Based on this model, potential threats (both natural disasters and man-made incidents) are simulated. In contrast to existing solutions from literature and practice, ODYSSEUS focuses on the dynamic relationships between networks and develops mathematical models from stochastics (e.g. Markov chains, probabilistic automata) for a realistic representation. The central output of ODYSSEUS is a framework that enables a detailed assessment of the effects of threats both on individual critical infrastructures and on possible cascading effects within the entire network of critical supply infrastructures, taking into account the urban population. The simulations describe which potential compensation and displacement mechanisms can be expected within the multi-layered network of supply infrastructures or on public spaces in the event of an incident (intentional, technical or natural hazard). From this knowledge, targeted preventive safety measures can be derived, presented and evaluated in order to minimize the effects in the event of an incident when implemented.

Development of an AI based ISMS and risk management system (KISMS)

Project Description

The scientific question in the project concerns machine learning, in particular with regard to the explainability and communicability of recommendations for risk treatment, which are determined or calculated by an artificial intelligence (AI). In this context, the approach considered in the project is a combination of deterministic rules (as in decision trees) with non-rule-based approaches such as regression models. Formally, this involves performing a regression with basis functions generated using fuzzy logic techniques from semantically meaningful defined if-then rules. In other words, the machine learning problem here consists of an optimized selection of if-then rules from a given pool of rules, so that the training data - in this case risk assessments, but alternatively also time series data for the prediction (e.g. via Markov models) of security incidents - are approximated as well as possible (in the sense of metrics or similarity measures to be defined).

  • Funding: KISMS is funded by the FFG Basisprogramme
  • Duration: 01.11.2020 - 31.10.2021
  • Keywords: Machine Learning, Risk Management, Artificial Intelligence 

Responsible Safe and Secure Robotic Systems Engineering (SEEROSE)

ABOUT

The Faculty of Technical Sciences and the Faculty of Humanities at the University of Klagenfurt (AAU) proposed an interdisciplinary Karl Popper Kolleg for the period from 2021-2024, organized by four professors (Security, Software Engineering, Psychology, and Ethics), which was approved by the AAU Rectorate in May 2020. Its title is “Responsible Safe and Secure Robotic Systems Engineering (SEEROSE)”.

Robot ethics demands programmers to write code that is not only functionally correct but also secure and safe to disallow any intended or accidental harm to humans. Hence, programmers bear a responsibility w.r.t. several instances (e.g., system customers, providers, end-users, etc.), for which awareness is required (likewise for questions of liability, which is a complex matter of contemporary research and legislation). SEEROSE aims at achieving usable robotic security by jointly addressing process ethical, psychological, and technical aspects of developing safe and secure robotics systems.

The following figure provides an overview of the four key areas and the main research questions addressed by SEEROSE.

seerose

SEEROSE features a Ph.D. project in each key area: The goal of the Ph.D. project DevSafe is to provide techniques and tools to support developers to responsibly develop and evolve safe and secure robotic systems. The goal of the Ph.D. project INBASE-GET is to provide mechanisms for incentivizing developers and robot collaborators to use and follow security precautions out of their own interests. The goal of the Ph.D. project SCoRE is to provide an instrument for the psychological assessment of the core qualifications relevant to robotics engineers. And finally, the goal of the Ph.D. project CERSE is to provide a guideline for the implementation of a process-ethical procedure for distributed assumption of responsibility in safe and secure robotic systems engineering.

The goals of SEEROSE are well aligned with the demands of the recent Vienna Manifesto on Digital Humanism, opens an external URL in a new window. This initiative calls for “Practitioners everywhere ought to acknowledge their shared responsibility for the impact of information technologies”, and “A vision is needed for new educational curricula, combining knowledge from the humanities, the social sciences, and engineering studies”, and “Students should learn to combine information-technology skills with awareness of the ethical and societal issues at stake.” SEEROSE addresses these demands directly.

 

Project: Collective Ethical Responsibility for Robotic Systems Engineering with Security & Safety (CERSE)

Robotic systems increasingly take part in many practices within everyday life. Technological development and innovation transform fields like industrial robotics, medical technology, up to the exploration of space. However, new sets of possibilities come with new forms of responsibilities.

Engineering itself is a process that is (per)formed by many; individuals, teams, systems, norms, cultures and legislations, only to name a few. This PhD project engages with the ethical challenges that arise within safe and secure robotic systems engineering. It investigates the subjectively felt responsibility and explores the perception, governance and distribution of the networking processes of many hybrid actors in multiple heterogeneous fields. A mixed methods approach within the research design of Grounded Theory and Actor-Network Theory enables to identify and follow how responsibilities are organized and shared. The research aims to discuss which new ethical questions emerge and what competencies and strategies of safe and secure robotics engineering are required.

 

Project: Security Conscious Robotics Engineering (SCoRE)

Software development is a highly complex task demanding multiple competencies from engineers in order to provide functional, safe, and secure systems. Customers’ sophisticated requirements combined with software engineers’ notoriously limited resources (e.g. time pressure) may result in systems falling short in safety and security. The subproject SCoRE addresses this issue by pursuing a twofold target: On the organisational level, we identify factors fostering or hindering safe and secure development, and on the individual level, we identify robotic system engineers’ abilities, personality traits, and/or attitudes facilitating the development of safe and secure robotic systems. Thereupon, we develop standardized assessments of both organisational and individual factors. This instrument will allow for detecting structural deficits and evaluating engineers’ needs, thus forming the ground for providing adequate support and foster personal improvement of robotic systems engineers.

 

Project: Developing and Evolving Safe and Secure Robotic Systems (DevSafe)

Robotic systems are among the most complex systems that humans built. In fact, they consist of distributed multiple hardware and software components that depend on each other and often such components represent complex systems or subsystems themselves. Maintaining and evolving robotic systems is challenging and each modification poses the risk to introduce vulnerabilities in the implementation or configuration of the robotic system that allow others to attack the robotic system. In this PhD project, we will design techniques and tools to extract detailed information about code changes in robotic systems with a focus on changes that introduce security vulnerabilities. Based on this information, we will investigate algorithms and techniques to analyze and determine the impact of code changes on the safety and security of robotic systems. They will be integrated into recommender systems that guide engineers to detect and fix vulnerabilities, and help them develop safe and secure robotics systems in a responsible way.

 

Project: Incentive-Based Security Engineering using Game Theory (INBAES-GET )

Safety requires Security in Robotic systems. Nontheless the latter is strongly neglected in robotic software engineering. Security is a costly, yet non-observable and non-functional part of software: it does not generate revenue – it „only“ prevents harm. Lacking economic incentives, security is neglected along the robotic systems supply chain. This caused a social dilemma, where the last link of the supply chain is left to secure most parts of system – despite limited knowledge on the components.

The key research questions are: How can the integration of (re)liable security be incentivized along the whole robotic supply chain to obtain a (socially) efficient outcome? And on a microscopic level: which mechanisms for developer teams install individual responsibility and (re)liability at a given point within the supply chain? The methodology to tackle these problems is the development of suitable (game theoretic) incentive mechanisms.

 

Machine Learning for Decision Support in Risk Management (4conform-C)

Project Description

Goal of the project is the development of a new, self-learning software module for the identification, control and handling of information security risks and enhancement with documentation tools in the context of an Information Security Management System (ISMS) according to ISO 27001 as well as the development of necessary processes in the software in further consequence by using artificial intelligence. AI is intended to ensure that the software can provide technical and qualified recommendations on risk controlling decisions and derive measures implementing the recommendation.

  • Funding: 4conform-C is funded by the FFG Innovationsscheck
  • Duration: 01.07.2020 - 31.10.2020
  • Keywords: Machine Learning, Risk Management, Artificial Intelligence

security for cyber-physical value networks Exploiting smaRt Grid sYstems (synERGY)

Project Description

The degree of sophistication of modern cyber-attacks has increased in recent years - in the future, these attacks will increasingly target CPS. Unfortunately, today's security solutions that are used for enterprise IT infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is very much shaped to specific physical processes. The objective of synERGY is to develop new methods, tools and processes for cross-layer Anomaly Detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To achieve this, synERGY will develop novel machine learning approaches to understand a system's normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY will flexibly adapt itself to specific CPS layers, thus improving its detection capabilities. Moreover, synERGY will interface with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach will be evaluated in real smart grid vendor environments – a societally important CPS. We propose, because of the approach taken in the project, the synERGY results will be readily applicable to a wide range of CPS in value networks, and will thus result in broader impact on future CPS security solutions.

  • Funding: synERGY is funded by FFG IKT der Zukunft (855457)
  • Duration: 01.01.2017 - 30.06.2019
  • Keywords: Critical Infrastructures, Security, Safety, Risk Management, Energy Management

 

Cross Sectoral Risk Management for Object Protection of Critical Infrastructures (CERBERUS)

Project Description

The main goal of this project is the structured collection and representation of security-relevant information regarding facility protection. As a core aspect, the interdependencies among the critical infrastructures are observed to analyze the propagation of threats as well as their cascading effects. In this context, the underlying assessment models are discussed in detail, focusing in particular on balancing the assessment patterns of different risk types. The resulting analyses are conflated across several infrastructures, resulting in a cross sectoral (up to a national) representation of the risks. Furthermore, a reference guideline for critical infrastructures is compiled, which is based on international standards and guidelines and can be used to identify specific security measures for the infrastructures.

  • Funding: CERBERUS is funded by the FFG/KIRAS (854766)
  • Duration: 01.09.2016 - 31.08.2018
  • Coordinator: AIT Austrian Institute of Technology GmbH; contact: Dr. DI Stefan Schauer
  • Keywords: Critical Infrastructures, Security, Safety, Risk Management

Customer Rating (CreditRating)

Project Description

The conception of a method for classifying persons or businesses. Upon predefined attributes, a method is developed to create an assessment of the quality of a person as a customer or to quantify the risk of business failures.

  • Duration: 27.09.2017 - 24.02.2018
  • Keywords: Credit Scoring, Classification, Statistics

Value-Network Süd - IT-enabled Eco Systems (V-NET)

Project Description

The qualification network "V-Net - IT enabled Eco Systems" makes staff of southern Austrian companies fit for new ones challenges in key competencies "IT as commodity", "modernity, value-based software development and "consumerization".

Secure Storage of Keys in Software (Secure-Secrets-Store)

Project Description

The aim of the project is to analyze the extent to which cryptographic keys and sensitive data can be securely (striving for CIA +) stored without the use of dedicated hardware. Based on this analysis, a concept is developed for re-encryption based authentication, accompanied by a recommendation for a secure cryptographic key storage architecture in software.

  • Duration: 01.06.2016 - 30.08.2016
  • Keywords: Key-Management, Secure Storage, IT-Security, Re-Encryption, Authentication

MEDUSA Consulting

Project Description

Consulting services in the context of the EU project MEDUSA (Multi-order Dependency approaches for managing cascading effects in port's global supply chain and their integration in risk assessment frameworks), grant no. 4000005093, project related to risk management and port security.

  • Duration: 01.05.2015 - 31.05.2016
  • Keywords: Risk Management, Supply Chain, Security, Port, Harbour

Key-Management in the Context of Smart Metering (SmartMeter)

Project Description

The subject of the study is a concept for the management of cryptographic key management in the context of smart meter data processing through a central meter data management system. The study discusses security measures and relevant (organisational) processes in the context of various implementation alternatives (e.g., using symmetric or asymmetric cryptography). The aim of the study is the identification of necessary system properties for maximum safety and flexibility of the application.

  • Duration: 01.06.2014 - 31.07.2014
  • Keywords: Key Management, Smart Metering, Security, Privacy

Secure IT-Services on mobile devices (SeCom)

Project Description

Project Description

The aim of the study is to analyze the possible uses of mobile devices such as smartphones and tablets in the high-security sector. On the one hand, the focus is on secure data transmission and storage of text and image material, and on the other hand on the special conditions of the operating system environments of current platforms (Android, iOS, Blackberry) and their suitability and potential for highly secure communication. Another focus is on the application possibilities of virtualization and VPN access on mobile devices. Content of the study are technical and organizational requirements and framework conditions, which allow the most user-friendly handling of access to and transmission of highly sensitive documents. The consideration is based on the security requirements, which the standard "EU Confidential" prescribes.

  • Duration: 01.03.2014 - 25.06.2015
  • Keywords: Security, EU Confidential
  • Funding: SeCom is funded by the FFG KIRAS (840813)

Secure Speed Limit Enforcement (SectionControl)

Project Description

Development of a speed-limit enforcement system with particular care for driver privacy and anonymity. Based on an application of identity-based encryption and homomorphic commitments, a driver's identity can be processed in a way that is implicitly constrained to the mere detection of a speed limit violation. Using shared information that is distributed over the components of the system, we can assure protection of an identity even against insider attacks, up to the point where evidence of a speed limit violation is available.

  • Duration: 15.07.2011 - 01.03.2012
  • Keywords: Anonymous data processing, Section control, Speed-limit enforcement, Privacy

Risk Management for Simultaneous Threats (RSB)

Project Description

Risk management is a core task in the security of critical infrastructures. Nowadays available risk management tools usually provide only a one-dimensional analysis, in the sense of being focused on a single security goal. Although standard methods permit quantification of risk related to arbitrary security goals, a simultaneous consideration taking the interplay and potential conflicts between different goals into account is yet missing. Hence, many approaches to risk management offer only limited support for decision-making, as they miss out on conflict management between goals. A simple example is confidentiality versus availability. While confidentiality is easily achieved by encryption, careless key-management and loss of keys can inhibit decryption so that confidentiality directly counteracts availability. Existing solutions usually employ catalogues like the German Federal Office for Information Security. However, such analysis practices are often limited in the sense of not giving many clues on how to account for interdependencies between goals, as exemplified above.

The goal of the project is the development of a method for risk management in communication networks within or among critical infrastructures for several security goals that explicitly takes interdependencies into account. Contrary to other methods of risk management that are focused on a single goal, the new method uses game-theory to go for a combined analysis, in particular regarding authenticity, availability and confidentiality. Using techniques from multi-criteria game-theory, we obtain simultaneously optimal (i.e. not uniformly improvable) strategies for infrastructure utilization and risk estimation that accounts for dependencies in a natural way.

The method yields quantitative risk estimates that can be cast into any unit of convenience and specific for the application at hand. For instance, risk can be measured via probabilities (of failure) or in monetary terms (expected loss of business assets). The results therefore can naturally be integrated in reporting tools for a compact and comprehensive risk picture. This is believed to offer better support for a decision-maker, when it comes to extensions or enhancements of the security with in a critical infrastructure.

The goal of the project is the development of a software-solution for risk quantification. This will provide a tool for a security officer, which permits a quantitative rather than qualitative assessment of the security system at hand. Moreover, the method lets us directly link costs for a security system to its expected benefits within the overall system. Contrary to many competing solutions, we can therefore directly quantify – in monetary terms – the tradeoff between investment and benefit when implementing new security mechanisms. So, the pros and cons of a new security system can be weighed against each other effectively and easily.

IT-Security-Risk-Management based on Decision Theory (SERIMA)

Project Description

Risk management is an essential task in nowadays information infrastructures. Letting security exclusively rest on qualitative assertions regarding cryptographic primitives can be misleading towards missing possible vulnerabilities arising from imperfect combinations of different security measures. The goal of this project is designing tools aiding the quantitative assessment of security in a given information infrastructure.

Risk management is an essential task in nowadays information infrastructures. Letting security exclusively rest on qualitative assertions regarding cryptographic primitives can be misleading towards missing possible vulnerabilities arising from imperfect combinations of different security measures. The goal of this project is designing tools aiding the quantitative assessment of security in a given information infrastructure.

Game-theory can provide us with risk measures that can be set up in any unit or context suitable for the application at hand. In fact, by using non-cooperative competitions for a security assessment, we obtain risk measures, optimal network provisioning strategies and pointers towards the most severe attack scenarios in a single blow. Neither the theory nor its results employ any computational intractability assumptions, such as most state-of-the-art cryptosystems hinge on. Thus, it applies to classical cryptography, as well as quantum cryptography or other security primitives equally well. This brings considerable advantages over other models, because the context and unit of any subjective trust estimate (such as discrete risk classifications or other methods) is directly carried over to the results of the analysis. Hence, interpretability of any result is ensured at all times, especially for a decision-maker.

The ultimate goal of system security is to protect the value tied to secret information. Risk management appears as a natural cover framework in which cryptographic primitives for secret transmission act as basic building blocks. A decision-theoretic (game-theoretic) communication risk assessment enables a decision-maker to estimate the (monetary) loss that can be expected from a given communication infrastructure due to secret information leakage. It thus provides a benchmark to compare and assess the security performance of the infrastructure at hand

In addition to this, a cost-optimized design or extension of an infrastructure towards minimal risk is possible. Network security is an endless cycle consisting of securing, monitoring, testing and improving. The project's goal is automating this cycle to a wider extend than currently, thus saving costs on human resources for security evaluation and monitoring. Those latter two can be handled by game-theoretic models, as well as cost-optimized improvements can be facilitated on mathematically justified grounds.

Collision-free Number Generation

Project Desription 

Universally Unique Identifiers (UUIDs) -- standardized in ISO/IEC 9834-8:2005 -- are widely used to uniquely identify entities in modern IT-systems. Apart from what promised in the standard, UUIDs are not guaranteed to be unique while preserving the issuer's privacy. In this project we introduce a novel concept called collision-free number generation (CFNG) that can be used to locally generate UUIDs which are provably globally unique. Moreover, if the presented techniques are instanced carefully, a poly-bounded adversary is not able to efficiently identify the issuer of a UUID. Our approach is efficient in terms of communication, time and space. As a by-product, it can be applied in other areas where collisions have to be avoided (e.g. key generation, pseudonym systems and interactive proofs).

Especially when concerning key generation for the RSA encryption or signature schemes, CFNGs may be used to avoid common prime factors or poor randomness of the employed primes. Both, common primes and poor randomness, put the security of the RSA system at risk. One might arue, that the chance of duplicates when using 1024- or 2048-bit RSA keys is quite low, but ... see "Ron was wrong, Whit is right" at the Cryptology ePrint Archive.

  • Keywords: UUID, GUID, uniqueness, duplicates, collisions, prime number generation, RSA, ElGamal, interactive proofs, key management, cryptographic keys, cryptographic parameters, digital identifier, digital pseudonyms, nyms.
  • Team:
    • Peter Schartner (Project Leader)
    • Martin Schaffer (Project Leader, now at NXP Semiconductors)
    • Stefan Rass
    • Mario Pivk (former Research Student - Programming Project)
    • Philipp Fleiss (former Research Student - Programming Project)