Events

Upcoming

2024-06-03 Research Seminar
End-to-end Verification of Side Channel Properties

2024-06-24 Distinguished Lecture

Invited talk by Konrad Rieck (TU Berlin, Guest Professor at TU Wien) and discussion on сhallenges in defending against code stylometry.
Location: TU Wien, FAV Hörsaal 1 Helmut Veith (1040 Vienna, Favoritenstr. 9-11, Erdgeschoß, Room HEEG02)
Time: 16:00 – 17:00

Photo of Konrad Rieck

2024-07-06 Workshop
Asynchronous Hyperproperties: from Theory to Practice

Hyperproperties are a general framework to reason about properties requiring comparing multiple system executions, like security properties or robustness requirements. In this workshop, we want to bring together practitioners from different backgrounds with theoreticians developing frameworks for specifying hyperproperties.
The workshop format will focus on discussions and promoting the interchange of ideas between different communities. Find more information at the Workshop site

Workshop Logo

May 2024

2024-05-13 Research Seminar
Trapdoor Memory-Hard Functions

The first slide of the presentation

April 2024

2024-04-29 Research Seminar
VIRAS: A Conflict-Driven Descision Procedure for mixed Integer-Real Arithmetic

Johannes Schoisswohl is standing before the screen. On the screen the first slide of the presentation is displayed

2024-04-17 Distinguished Lecture

Invited talk by Byron Cook (UCL, TU Darmstadt, Amazon) and discussion on automated reasoning and internal proof projects of Amazon. Location: TU Wien, Campus Freihaus, Informatikhörsaal (1040 Vienna, Treitlstraße 3)
Time: 11:15 – 13:00

Photo of Byron Cook

2024-04-15 Research Seminar
Efficient and Secure Compression Functions for Arithmetization-Oriented Hashing

The first slide of Stefano Trevisani's presentation, and he as the speaker in the Zoom meeting
The Zoom view shows Stefano Trevisani standing before the screen, with the first slide of the presentation displayed on it

2024-04-02 Retreat
Retreat at the Institute of Science and Technology Austria

Retreat logo
Collage of photos from discussions in small groups
SPyCode community at Retreat at ISTA

2024-04-01 Outreach to society
Why We Will Never Get Rid of Side Channels.

In the April episode of the “What That Means” InTechnology Podcast, Daniel Gruss discusses with hosts Camille Morhardt and Anders Fogh (Intel) the balance between side channels and resource sharing, common challenges and how to manage them, the impact of AI on side channels, and securing critical infrastructure stored in space. Find more on YouTube .”

A frame from the broadcast showing Daniel Gruss talking during the live stream.

March 2024

2024-03-26 Distinguished Lecture

Invited talk by Reiner Hähnle (TU Darmstadt) and discussion on a program logic of context-aware trace contracts.

Photo of Reiner Hähnle

2024-03-18 Research Seminar
Rational protocol design

The first slide of Fabian Regen's presentation, and he as the speaker in the Zoom meeting

2024-03-04 Research Seminar
Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses

The first slide of Magdalena Steinböck's presentation, and she as the speaker in the Zoom meeting

February 2024

2024-02-26 Research Seminar
Secure Blockchains in Network Transition Periods

Jakob Rosenblattl is standing before the screen. On the screen the first slide of the presentation is displayed
In-person participants of the seminar

2024-02-19 Research Seminar
Secure and Verifiable Implementations of off-chains Protocols

Magdalena Solitro is standing before the screen. On the screen the first slide of the presentation is displayed

January 2024

2024-01-29 Research Seminar
Cryptanalysis Using Constraint Programming

Hosein Hadipour is standing before the screen. On the screen the first slide of the presentation is displayed

2024-01-22 Research Seminar
Software Fault Attacks and Energy Efficiency

Jonas Juffinger is standing before the screen. On the screen the first slide of the presentation is displayed
In-person participants of the seminar

2024-01-15 Research Seminar
Secure implementation of the masking countermeasure on different platforms

Barbara Gigerl is giving a presentation at the seminar. The first slide from the presentation is displayed on the screen behind her
Barbara Gigerl is giving a presentation at the seminar. On the screen, Krzysztof Pietrzak is displayed asking a question

December 2023

2023-12-13 Distinguished Lecture

Invited talk by Frank Leymann (Universität Stuttgart) and discussion on Post-Quantum Security.

Photo of Frank Leymann

2023-12-04 Research Seminar
Efficient Multi-tuple Leakage Detection Testing in Side-channel

The first slide of Aakash Chowdhury's presentation, and he as the speaker in the Zoom meeting

2023-12-01 Networking

Invited talk by Michele Orrù (Sorbonne Université) and discussion on elastic SNARKs.

Photo of Michele Orrù

November 2023

2023-11-28 Presentation
SpyCoDe researchers participate in ACM CCS 2023.

Five representatives from SpyCoDe actively contributed to the ACM Conference on Computer and Communications Security (CCS) held in Copenhagen, Denmark, from November 26 to 30, 2023. This conference serves as the annual flagship event of the Special Interest Group on Security, Audit, and Control (SIGSAC) within the Association for Computing Machinery (ACM), attracting information security researchers, practitioners, developers, and users worldwide to explore cutting-edge ideas and results.

During November 27-29, the conference featured the presentation of the following research contributions:

These insightful presentations showcase SpyCoDe’s commitment to advancing knowledge and innovation in the realm of computer and communications security.

Sophie Rain  is giving a presentation at the conference. A slide from the presentation is displayed on the screen, showing the workflow diagram of CheckMate
Photo of the group of TUW researchers in front of the banner of the ACM Conference on Computer and Communications Security featuring Martina Lindorfer, Elena Andreeva, Carlotta Tagliaro, Sophie Rain, and David Schmidt from left to right

2023-11-26 Public Lecture
Martina Lindorfer joined as a speaker for the iMentor Workshop.

Individualized Cybersecurity Research Mentoring (iMentor ) Workshop co-located with the ACM Conference on Computer and Communications Security (ACM CCS) virtually. It is dedicated to attracting, mentoring, and providing career guidance to early-stage graduate students from underrepresented communities who aspire to pursue a career in computer security.

Martina gave a talk titled “IoTFlow the Making-Of: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis.” Using the preparation of her article presented at ACM CCS 2023 as an example, she shared with the iMentor cohort the behind-the-scenes journey of the IoTFlow paper — from its initial conception to the different iterations and revisions it underwent.

Abstract. The number of “smart” devices, that is, devices making up the Internet of Things (IoT), is steadily growing. They suffer from vulnerabilities just as other software and hardware. Automated analysis techniques can detect and address weaknesses before attackers can misuse them. Applying existing techniques or developing new approaches that are sufficiently general is challenging though. Contrary to other platforms, the IoT ecosystem features various software and hardware architectures. We introduce IoTFlow, a new static analysis approach for IoT devices that leverages their mobile companion apps to address the diversity and scalability challenges. IoTFlow combines Value Set Analysis (VSA) with more general data-flow analysis to automatically reconstruct and derive how companion apps communicate with IoT devices and remote cloud-based backends, what data they receive or send, and with whom they share it. We analyzed 9,889 manually verified companion apps with IoT-Flow to understand and characterize the current state of security and privacy in the IoT ecosystem. We discovered various IoT security and privacy issues, such as abandoned domains, hard-coded credentials, expired certificates, and sensitive personal information being shared.

Photo of the iMentor Workshop panelists sitting in chairs on a stage, with Martina Lindorfer in the center of the group

2023-11-24 Achievement
Maria Eichlseder received the Hedy Lamarr Prize from the City of Vienna.

Prof. Eichlseder was honored for her contributions to the development of new methods for cryptanalysis. She is one of the designers who developed the Ascon algorithm, which earlier this year was selected by the US National Institute of Standards and Technology (NIST) as the standard for lightweight cryptography. It also won the 2019 CAESAR competition for authenticated encryption in the lightweight applications category.

Lightweight cryptography deals with cryptographic methods that are particularly suitable for use in resource-constrained environments, such as RFID tags or sensors, due to their low resource requirements. This applies in particular to the Internet of Things with its numerous small sensors and actuators, as only little energy and power are available here. Ascon is also suitable for miniature technologies such as medical implants or keyless car openers.

Hedy Lamarr Prize recognizes female researchers in Austria for their outstanding achievements in the field of information technology. The prize is named after the Vienna-born Hollywood actress and scientist Hedy Lamarr. The award winners serve as role models for the next generation and motivate young women to pursue a career in the IT industry.

Photo of Maria Eichlseder standing in front of a whiteboard with formulas and schematics

2023-11-24 Networking

Invited talk by Christof Ferreira Torres (ETH Zurich) and discussion on the privacy aspects of Web3 wallets

Photo of Christof Ferreira Torres

2023-11-15 Achievement
Maria Eichlseder has been awarded a prize for excellence in teaching

Maria Eichlseder, an assistant professor at IAIK, was one of the four recipients honored with a prize for excellence in teaching 2022/23 at Graz University of Technology. She received the accolade for her outstanding lecture in Cryptography.

Maria Eichlseder standing before a whiteboard, holding an award

2023-11-13 Public Lecture
Krzysztof Pietrzak gave a talk on “Sustainable Blockchains“

Tha talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria .

Abstract. The Bitcoin blockchain achieves consensus in an open setting, i.e., where everyone can participate. This was believed to be impossible, the key idea to make this possible was to use computing power rather than some kind of identities for voting through “proofs of work”. Unfortunately, this approach is not sustainable: the Bitcoin blockchain burns roughly as much electricity as a country like Austria. We will outline sustainable alternatives for achieving a Bitcoin-like blockchain, with a focus on using disk-space instead of computation and how this is realized in the Chia Network blockchain."

Photo of Krzysztof Pietrzak

2023-11-06 Research Seminar
Software-based Microarchitectural CPU Attacks

The first slide of the presentation and Stefan Gast as a speaker

2023-11-02 Presentation
Jonas Juffinger presented “CSI:Rowhammer“ at the Hardwear.io Security Trainings and Conference 2023 .

The research addresses Rowhammer, a severe security problem in DRAM that allows an unprivileged adversary to gain kernel privileges by inducing electrical disturbance errors. CSI:Rowhammer is a hardware-software co-designed Rowhammer mitigation with principled cryptographic security and integrity guarantees, intentionally avoiding a focus on specific Rowhammer properties. Due to its generic design, the system provides protection against all Rowhammer attacks.

The presentation delved into the comprehensive details of designing a system like CSI:Rowhammer, covering aspects such as implementing low-latency hardware correction, maximizing software correction potential, securing correction routines in software against bit flips, managing possible race conditions, ensuring compatibility with virtual machines, evaluating the entire system, and more.

Slides Video

October 2023

2023-10-25 Outreach to society
Engaging school children and young people in STEM activities.

In two articles featured in the release of doIT 2/2023 in “Der Standard,” SpyCoDe members explore the significance of involving children in STEM activities and investigate the opportunities available in IT for the younger generation.

Sophie Rain introduces the “Abenteuer Informatik für Volksschule” initiative, where elementary school children visit the university to playfully delve into the world of algorithms. While programming education is now accessible to 8-year-old children, adapting content and delivery methods to align with their developmental needs and capabilities is essential. The TU Wien team is dedicated to creating an educational playground for primary and secondary school classes, fostering their interest in STEM. Sophie underscores the initiative’s crucial role in empowering girls to overcome stereotypes suggesting that technology is not for them.

Professor Maria Eichlseder shares her journey in establishing a successful career in IT. A small holiday project involving an encryption algorithm revealed to her the truly exciting nature of cryptography. Despite having limited prior knowledge in informatics from school, her fascination with cryptoanalysis led her to co-author Ascon, an authenticated encryption and hashing algorithm that has become an international standard. Today, Maria characterizes IT as an inspiring environment where individuals can initiate diverse projects, collaborate in dynamic teams, and contribute to their unique interests. The job landscape is expansive, featuring numerous companies and startups in Austria with promising earning potential. Addressing young people, she encourages them by stating, “Getting involved is fun and helps you develop personally!”

Two pages of the magazine doIT feature the text of the interview with Sophie Rain and her portrait
Two pages of the magazine doIT feature the text of the interview with Maria Eichlseder and her portrait

2023-10-12 Networking

Invited talk by Chrysoula Stathakopoulou (Chainlink Labs) and discussion on BBCA

Photo of Chrysoula Stathakopoulou

2023-10-12 Achievement
Giulia Scaffino listed amongst Top 30 @ TU Wien Under 30.

In 2023, Giulia Scaffino (27) is listed amongst the “TUW Under 30”, a list of selected TU Wien students and employees. Similar to the” Forbes Under 30”, this list features young and extraordinary researchers and entrepreneurs from the TUW, being able to present exceptional achievements in their area of research. Giulia graduated in nuclear physics and is doing her PhD at the Security& Privacy Research Group of Matteo Maffei. She specializes on Blockchain-protocols and is currently working on a blockchain bridge called “Glimpse”, enabling cross-currency transaction between Krypto-currencies. Giulia presented her results at the renowned IT conference USENIX Security Symposium. For more details see the article featured in the current print issue of the TUW Magazine #02-2023 “Schwerpunkt: Under 30” (pages 26-28) and also her bio online .

Photo of Giulia Scaffino

2023-10-12 Achievement
Sophie Rain listed amongst Top 30 @ TU Wien Under 30.

Sophie Rain (28) is amongst the “TUW Under 30” in 2023, a list of selected TU Wien students and employees. Similar to the “Forbes Under 30”, this list features young and extraordinary researchers and entrepreneurs from the TUW, being able to present exceptional achievements in their area of research. Sophie is a PhD student in Laura Kovacs’ Research Unit of Formal Methods in Systems Engineering. Her work focuses on the security verification of Blockchain applications by applying mathematical concepts such as game theory, logic and most importantly automated reasoning. Her work was presented at major security conferences such as CAV 2021 and CSF 2023. Furthermore, she is leading the TU Wien initiative “Abenteuer Informatik für Volksschule”, organizing workshops for pupils. For more details see the article featured in the current print issue of the TUW Magazine #02-2023 “Schwerpunkt: Under 30” and also her bio online .

Photo of Sophie Rain

2023-10-09 Research Seminar
Information-Flow Interfaces

The first slide of Ana Oliveira da Costa's presentation, and she as the speaker in the Zoom meeting

2023-10-09 Public Lecture
Daniel Gruss gave a talk on “Sustainable Security.“

The talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria . This lecture series, a pioneering initiative in Austria, unites all Austrian CS departments and faculties to emphasize the vital role of sustainability in computer science. It showcases research solutions for real-world challenges and inspires progress towards a sustainable future.

Abstract. Global ICT electricity consumption is already beyond 11 percent of the worldwide electricity production and still increasing. By 2030 it may reach around 25 percent. Previous approaches to improve efficiency and performance have often sacrificed security, leading to disastrous security issues like Meltdown and Spectre. Patching just these two vulnerabilities increases power consumption on affected computers by a seemingly harmless 5 percent. By 2030, this may be more than 1 percent of the global electricity production by just a single out of thousands of patches. This development is not sustainable, and in this talk, we will discuss both the problem and potential revolutionary solutions."

Slides

Photo of Daniel Gruss.

September 2023

2023-09-25 Research Seminar
Computationally Sound Cryptographic Protocol Automated Verification

The first slide of Simon Jeanteur's presentation, and he as the speaker in the Zoom meeting

2023-09-14 Documentary

The TU Wien cryptography expert Prof. Elena Andreeva was featured in the Puls4 documentary Angriff aus dem Internet (Attack from the Internet).

Prof. Andreeva opens the doors to her research space and group at TU Wien, explaining the role of cryptography in today’s digital world. She also discusses how everyday devices like mobile phones can be vulnerable to cyber attacks.

The documentary sheds light on the importance of preventing cyber attacks, given their ubiquitous growth worldwide, and more specifically, in Austria. As the attackers range from criminals to state-run organizations, the targets vary from public administration and states to critical infrastructure and, not least, private individuals. The documentary presents several cyber attacks and discusses directions for prevention.

The interview with Elena Andreeva is available for reading in TU Wien Informatics News.

Elena Andreeva is discussing with a group of students

2023-09-11 Research Seminar
A Forkcipher-based Pseudo-Random Number Generator

The first slide of Andreas Weninger's presentation

2023-09-04 Summer School

Graz Security Week 2023 , organized by the Institute of Applied Information Processing and Communication (IAIK) at Graz University of Technology, is set to take place. This event is specifically tailored for graduate students who are enthusiastic about delving into the intricacies of security and correctness in computing devices. The school will cover a diverse range of topics, including Runtime Security, Side-Channels, Privacy, Secure Cryptographic Implementations, and Security Verification. It offers a unique opportunity for participants to deepen their knowledge and engage in discussions surrounding these critical aspects of computer security.

Announcement of Graz Security Week 2023
Topics and speakers of Graz Security Week 2023

June 2023

2023-06-26 Presentation
Giulia Scaffino presented “Glimpse“ at the the prestigious “USENIX Security Symposium“

Glimpse stands out as an innovative protocol, facilitating secure cross-chain token transfers in a fully decentralized manner, eliminating the need for large commercial crypto-depots. This accomplishment is the result of collaborative efforts by Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, and Matteo Maffei.

Notably, the Glimpse protocol is compatible with blockchains that have limited scripting languages. The authors provide a specific implementation of Glimpse for the Liquid Network, a Bitcoin pegged sidechain. The protocol’s security is proven within the Universal Composability (UC) framework, instilling a high level of confidence in its security guarantees. The researchers conducted an economic analysis of the Glimpse protocol, revealing that verifying a simple transaction on Bitcoin-like chains using Glimpse incurs a maximum of 700 bytes of on-chain overhead, resulting in a one-time fee of $3. This fee is only twice as much as a standard Bitcoin transaction, highlighting the cost efficiency of Glimpse. Overall, the presented advancements unlock exciting possibilities for the world of cryptocurrencies.

Slides Video

Giulia Scaffino on the stage at the USENIX Security Symposium.

2023-06-19 Research Seminar
Verification of Game-Theoretic Security Properties for Blockchain Protocols

The first slide of Sophie Rain's presentation

2023-06-05 Research Seminar
SMT or a Shelter for Theory and Logics

The first slide of Clemens Eisenhofer's presentation, and he as the speaker in the Zoom meeting

May 2023

2023-05-22 Research Seminar
PYTHIA: Supercharging Parallel Smart Contract Execution with the help of Optimistic Predictions

The first slide of Ray Neiheiser's presentation, and he as the speaker in the Zoom meeting

April 2023

2023-04-18 Kick-off event

On April 18, the Technical University of Vienna (TUW) hosted the highly anticipated kick-off event of SPyCoDe, a groundbreaking research program focused on the Semantic and Cryptographic Foundations of Security and Privacy through Composite Design. Generously funded by the Austrian Science Fund (FWF), this initiative aims to delve into the complexities of security and privacy in the digital landscape. The event successfully brought together a diverse group of project participants, fostering an atmosphere of collaboration and innovation.

The presentation of the SPyCoDe program covered its purpose, methodology, research plans, 14 projects, and expected results. It captivated not only the students but also garnered approval from esteemed members of the Advisory Board, including Prof. Véronique Cortier (French National Scientific Research Center (CNRS)), Prof. Bart Preneel (Research group COSIC, KU Leuven), and Prof. Christoph Paar (Ruhr-Universität Bochum). The ensuing discussion proved fruitful, providing invaluable insights and advice crucial to the program’s success in achieving its goals.

Throughout the day, participants seized the opportunity to connect with one another, engaging in informal conversations, knowledge exchange, and thought-provoking discussions. These interactions delved into the complex topics underlying the research activities of the program. A series of cross-cutting sessions facilitated collaborative efforts between the PIs and students, fostering interdisciplinary cooperation and kick-starting joint research. These sessions focused on studying various aspects of security analysis, compositionality, reasoning, and other pertinent subjects, fostering intensive and illuminating dialogue.

The Kickoff event marked a promising beginning for the SPyCoDe research program, which aims to shed light on the intricate world of security and privacy in the digital realm. With a diverse array of projects and a dedicated team of researchers, the program is poised to make significant strides in advancing our understanding and addressing the challenges of this ever-evolving field.

Group photo of participants

September 2022

2022-09-06 Start of the 1st Call for 14 PhD positions