2023W

• Introduction to Security / 194.157 / VU

2022

• Abusing Trust: Mobile Kernel Subversion via TrustZone Rootkits / Marth, D., Hlauschek, C., Schanes, C., & Grechenig, T. (2022). Abusing Trust: Mobile Kernel Subversion via TrustZone Rootkits. In 2022 IEEE Security and Privacy Workshops (SPW) (pp. 265–276). https://doi.org/10.1109/SPW54247.2022.9833891

2015

• Dataset of Developer-Labeled Commit Messages / Mauczka, A., Brosch, F., Schanes, C., & Grechenig, T. (2015). Dataset of Developer-Labeled Commit Messages. In 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories. The 12th Working Conference on Mining Software Repositories (MSR), Florenz, Italien, EU. IEEE. https://doi.org/10.1109/msr.2015.71
• Global VoIP security threats - large scale validation based on independent honeynets / Gruber, M., Hoffstadt, D., Aziz, A., Fankhauser, F., Schanes, C., Rathgeb, E., & Grechenig, T. (2015). Global VoIP security threats - large scale validation based on independent honeynets. In 2015 IFIP Networking Conference (IFIP Networking). IFIP Networking Conference (IFIP Networking 2015), Toulouse, Frankreich, EU. IEEE Conference Publications. https://doi.org/10.1109/ifipnetworking.2015.7145329
• KCI-based Man-in-the-Middle Attacks against TLS / Hlauschek, C., Gruber, M., Fankhauser, F., & Schanes, C. (2015). KCI-based Man-in-the-Middle Attacks against TLS. BSidesVienna 2015, Wien, Austria. http://hdl.handle.net/20.500.12708/86221
• Prying open Pandora's box: KCI attacks against TLS / Hlauschek, C., Gruber, M., Fankhauser, F., & Schanes, C. (2015). Prying open Pandora’s box: KCI attacks against TLS. 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington D.C., Non-EU. http://hdl.handle.net/20.500.12708/86209
• Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios. / Kier, C., Madlmayr, G., Nawratil, A., Schafferer, M., Schanes, C., & Grechenig, T. (2015). Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios. In Proceedings of the 9th International Conference on IT Security Incident Management & IT Forensics (IMF) (pp. 68–76). IEEE. http://hdl.handle.net/20.500.12708/56361
• Aktive Bewußtseinsbildung / Schanes, C., Fankhauser, F., & Grechenig, T. (2015). Aktive Bewußtseinsbildung. Workshop Internationale Wirtschafts- und Industriespionage, Wien, Austria. http://hdl.handle.net/20.500.12708/86225
• Ein realer Cyber-Angriff und seine Abwehr: Struktur und Live-Demo / Grechenig, T., & Schanes, C. (2015). Ein realer Cyber-Angriff und seine Abwehr: Struktur und Live-Demo. Österreichische Fachtagung zum Thema Industrie 4.0, Zell am See, Austria. http://hdl.handle.net/20.500.12708/86224
• Absicherung gegen IT-Angriffe von außen und innen. Vom Konzept zum dauerhaften Sicherheitsgrad / Schanes, C. (2015). Absicherung gegen IT-Angriffe von außen und innen. Vom Konzept zum dauerhaften Sicherheitsgrad. ARS Jahrestagung Datenschutz, Wien, Austria. http://hdl.handle.net/20.500.12708/86222

2014

• Chaotic ad-hoc data network - A bike based system for city networks / Isemann, B., Gruber, M., Grünberger, J., Schanes, C., & Grechenig, T. (2014). Chaotic ad-hoc data network - A bike based system for city networks. In 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE). The Fifth International Conference on Communications and Electronics (ICCE 2014), Da Nang, Vietnam, Non-EU. IEEE. https://doi.org/10.1109/cce.2014.6916711
• Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls / Gruber, M., Maier, M., Schafferer, M., Schanes, C., & Grechenig, T. (2014). Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls. In Proceedings of the International Conference on Advanced Networking, Distributed Systems and Applications (pp. 58–61). INDS. http://hdl.handle.net/20.500.12708/55942
• Data retention services with soft privacy impacts: Concept and implementation / Schafferer, M., Gruber, M., Schanes, C., & Grechenig, T. (2014). Data retention services with soft privacy impacts: Concept and implementation. In 2014 IEEE 5th International Conference on Software Engineering and Service Science. 5th IEEE International Conference on Software Engineering and Service Science (ICSESS 2014), Beijing, China, EU. IEEE. https://doi.org/10.1109/icsess.2014.6933540

2013

• Extraction of ABNF Rules from RFCs to Enable Automated Test Data Generation / Gruber, M., Wieser, P., Nachtnebel, S., Schanes, C., & Grechenig, T. (2013). Extraction of ABNF Rules from RFCs to Enable Automated Test Data Generation. In L. Janczewski (Ed.), Security and Privacy Protection in Information Processing Systems (pp. 111–124). Springer IFIP Advances in Information and Communication Technology. https://doi.org/10.1007/978-3-642-39218-4_9
• Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach / Gruber, M., Schanes, C., Fankhauser, F., Moutran, M., & Grechenig, T. (2013). Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach. In J. Lopez, X. Huang, & R. Sandhu (Eds.), Network and System Security (pp. 628–634). Springer Lecture Notes in Computer Science. http://hdl.handle.net/20.500.12708/55054
• Voice calls for free: How the black market establishes free phone calls - Trapped and uncovered by a VoIP honeynet / Gruber, M., Schanes, C., Fankhauser, F., & Grechenig, T. (2013). Voice calls for free: How the black market establishes free phone calls - Trapped and uncovered by a VoIP honeynet. In J. Castellà-Roca (Ed.), Proceedings of the International Conference on Privacy, Security and Trust (pp. 205–212). IEEE. http://hdl.handle.net/20.500.12708/55055
• Scope and depth efficient testing approach and framework for enhancing the detection of IT security bugs / Schanes, C. (2013). Scope and depth efficient testing approach and framework for enhancing the detection of IT security bugs [Dissertation, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/159694
• Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models / Schanes, C., Fankhauser, F., Hübler, A., & Grechenig, T. (2013). Improving the Accuracy of Automated Security Tests Based on Learned System Behavior Models. In Proceedings of the Fourth International Workshop on Security Testing (SECTEST 2013). The Fourth International Workshop on Security Testing (SECTEST 2013), Luxembourg, EU. IEEE. http://hdl.handle.net/20.500.12708/55059
• Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests / Schanes, C., Hübler, A., Fankhauser, F., & Grechenig, T. (2013). Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests. In Proceedings of the Sixth IEEE International Conference on Software Testing, Verification and Validation (pp. 453–460). IEEE. http://hdl.handle.net/20.500.12708/55058

2012

• Tracing Your Maintenance Work – A Cross-Project Validation of an Automated Classification Dictionary for Commit Messages / Mauczka, A., Huber, M., Schanes, C., Schramm, W., Bernhart, M., & Grechenig, T. (2012). Tracing Your Maintenance Work – A Cross-Project Validation of an Automated Classification Dictionary for Commit Messages. In Fundamental Approaches to Software Engineering (pp. 301–315). Springer-Verlag. https://doi.org/10.1007/978-3-642-28872-2_21

2011

• Security status of voip based on the observation of real-world attacks on a honeynet / Gruber, M., Fankhauser, F., Taber, S., Schanes, C., & Grechenig, T. (2011). Security status of voip based on the observation of real-world attacks on a honeynet. In Proceedings of the Third IEEE International Conference on Information Privacy, Security, Risk and Trust (pp. 1041–1047). IEEE. http://hdl.handle.net/20.500.12708/54039
• Trapping and analyzing malicious voip traffic using a honeynet approach. / Gruber, M., Fankhauser, F., Taber, S., Schanes, C., & Grechenig, T. (2011). Trapping and analyzing malicious voip traffic using a honeynet approach. In Proceedings of the 6th International Conference on Internet Technology and Secured Transactions (pp. 442–447). IEEE. http://hdl.handle.net/20.500.12708/54037
• Security test environment for voip research / Fankhauser, F., Ronniger, M., Schanes, C., & Grechenig, T. (2011). Security test environment for voip research. International Journal for Information Security Research, 1(1), 53–60. http://hdl.handle.net/20.500.12708/163157
• Security test approach for automated detection of vulnerabilities of sip-based voip softphones. / Schanes, C., Taber, S., Popp, K., Fankhauser, F., & Grechenig, T. (2011). Security test approach for automated detection of vulnerabilities of sip-based voip softphones. International Journal On Advances in Security, 4(1 & amp;2), 95–105. http://hdl.handle.net/20.500.12708/163156
• Generic data format approach for generation of security test data / Schanes, C., Fankhauser, F., Taber, S., & Grechenig, T. (2011). Generic data format approach for generation of security test data. In Proceedings of the Third International Conference on Advances in System Testing and Validation Lifecycle (pp. 103–108). IARIA. http://hdl.handle.net/20.500.12708/54038

2010

• Mining security changes in freebsd / Mauczka, A., Schanes, C., Fankhauser, F., Bernhart, M., & Grechenig, T. (2010). Mining security changes in freebsd. In Proceedings of 7th IEEE Working Conference on Mining Software Repositories (MSR) (pp. 90–93). IEEE. http://hdl.handle.net/20.500.12708/53545
• Work in progress: Black-Box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service. / Steinbacher, P., Fankhauser, F., Schanes, C., & Grechenig, T. (2010). Work in progress: Black-Box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service. In Proceedings of IPTComm 2010 Principles, Systems and Applications of IP Telecommunications (pp. 107–116). Technische Universität München, Germany. http://hdl.handle.net/20.500.12708/53544
• A Robust and Flexible Test Environment for VoIP Security Tests. / Ronniger, M., Fankhauser, F., Schanes, C., & Grechenig, T. (2010). A Robust and Flexible Test Environment for VoIP Security Tests. In Proceedings of The 5th International Conference for Internet Technology and Secured Transactions (pp. 96–101). Infonomics Society, UK. http://hdl.handle.net/20.500.12708/53543
• Automated Security Test Approach for SIP based VoIP Softphones / Taber, S., Schanes, C., Hlauschek, C., Fankhauser, F., & Grechenig, T. (2010). Automated Security Test Approach for SIP based VoIP Softphones. In Proceedings of The Second International Conference on Advances in System Testing and Validation Lifecycle (pp. 114–119). IEEE Computer Society Press. http://hdl.handle.net/20.500.12708/53539

2009

• Nationwide PKI Testing - Ensuring Interoperability of OCSP Server and Client Implementations Early During Component Tests / Schanes, C., Mauczka, A., Kirchengast, U., & Grechenig, T. (2009). Nationwide PKI Testing - Ensuring Interoperability of OCSP Server and Client Implementations Early During Component Tests. In Proceedings of the Sixth European Workshop on Public Key Services, Applications and Infrastructures (pp. 115–130). Springer. http://hdl.handle.net/20.500.12708/53069
• Problem space and special characteristics of security testing in live and operational environments of large systems exemplified by a nationwide IT infrastructure / Schanes, C., Fankhauser, F., Grechenig, T., Schafferer, M., Behning, K., & Hovemeyer, D. (2009). Problem space and special characteristics of security testing in live and operational environments of large systems exemplified by a nationwide IT infrastructure. In Advances in System Testing and Validation Lifecycle (pp. 161–166). IEEE. http://hdl.handle.net/20.500.12708/53068

2008

• Durchführungskonzept eines Penetrationstests anhand einer IT- Infrastruktur eines Unternehmens mit mobilen Clients / Schanes, C. (2008). Durchführungskonzept eines Penetrationstests anhand einer IT- Infrastruktur eines Unternehmens mit mobilen Clients [Master Thesis, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/183793

• Spannungsfeld Digitalisierung vs. Datenschutz im Gesundheitswesen : Deanonymisierung von Patientendaten durch Anwendung von Seitenkanalangriffen auf die Sicherheitsarchitektur von e-Health Infrastrukturen / Kirchengast, U. (2016). Spannungsfeld Digitalisierung vs. Datenschutz im Gesundheitswesen : Deanonymisierung von Patientendaten durch Anwendung von Seitenkanalangriffen auf die Sicherheitsarchitektur von e-Health Infrastrukturen [Diploma Thesis, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/79363
• Automated detection of security vulnerabilities using machine learning for automated testing / Hübler, A. (2014). Automated detection of security vulnerabilities using machine learning for automated testing [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2014.26310
  Download: PDF (3.72 MB)
• An approach of software quality estimation using automated generation of test cases / Wieser, P. (2012). An approach of software quality estimation using automated generation of test cases [Diploma Thesis, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/160571
• Analyse und Optimierung von Sicherheitstestergebnissen durch Anwendung von Data-Mining-Methoden / Brunner, H. (2011). Analyse und Optimierung von Sicherheitstestergebnissen durch Anwendung von Data-Mining-Methoden [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-51421
  Download: PDF (906 KB)
• Identifizierung und Evaluierung von Wireless-Protokollen in der sicherheitskritischen Gebäudeautomation / Mund, T. (2008). Identifizierung und Evaluierung von Wireless-Protokollen in der sicherheitskritischen Gebäudeautomation [Diploma Thesis, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/179779