Secure Systems Lab - Vienna Seclab


The Secure Systems Lab in Vienna is birthplace of the International Secure Systems Lab which is the union of five systems security research labs and was originally founded in 2005. As of 2008, the Secure Systems Lab has became international and was initially distributed over three geographical locations including the Institute Eurécom in the French Riviera and the University of California, Santa Barbara. In 2010, Ruhr University in Bochum in Germany joined the iSecLab family, and in 2011, Northeastern University came on board. In 2012 the Hardware Security Lab Vienna was founded to conduct in-depth security research on embedded devices and Integrated Circuits. Lab members collaborate closely, apply for joint funding, share data, exchange ideas, and have fun together. iSecLab encourages and supports student and faculty mobility within the labs. The research focus is on applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis.

Work in the labs is being sponsored by the European Commission, Austrian FWF, French ANR, Office of Naval Research, DARPA, and the National Science Foundation.

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems and services.

Practicals, Theses and Internships

Our lab is constantly looking for motivated TU Vienna students who want to do a practical ("Praktikum"), an internship or a thesis with us. If you think you have what it takes, please have a look at this page.



  • 10.04.2015 Our team "We_0wn_Y0u" ranked 3rd in this year's iCTF 2014-2015 contest.
  • 04.11.2014 We are attending CCS 2014 to present some of our work.
  • 22.03.2013 Our CTF team WE_0WN_Y0U scored the 2nd place at this year's iCTF (scoreboard)
  • 03.12.2012 Quite a number of us are attending ACSAC 2012 to present papers -- as iSecLab, we have 5-6 papers ;)
  • 07.11.2012 The Hardware Security Lab in Vienna in founded. We're looking forward to do some groundbreaking Hardware Security research in the future !
  • 25.11.2012 Our CTF team WE_0WN_Y0U scored the 3rd place at this year's RuCTFE.
  • 16.10.2012 We are presenting our paper Vanity, Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem at CCS 2012.
  • 29.07.2012 Our CTF team WE_0WN_Y0U participated in the 20th DEFCON CTF, ranking at place 16/20.
  • 19.07.2012 Our brandnew lecture environment is online.
  • 30.05.2012 We have released Andrubis our brand new extension for Anubis that allows analysis of Android APKs!
  • 05.02.2012 We attended NDSS 2012 to present a paper.
  • 03.12.2011 Our Team We_0wn_Y0u from Vienna scored first on the ictf2011!! Click here for the final scoreboard. Details follow.
  • 24.05.2011 We are attending IEEE S&P in Oakland to present a paper.
  • 15.05.2011 The Register reports on our study on the privacy of file sharing services.
  • 17.03.2011 Forbes reports on on our recent HPP work at Blackhat Europe.
  • 07.03.2011 We attended Financial Crypto 2011 in St. Lucia to present a paper.
  • 09.02.2011 We attended NDSS to present papers.
  • 09.02.2011 NewScientist published an article on EXPOSURE.
  • 25.01.2011 MIT Tech Review published an article on our iPhone app study.
  • 23.12.2010 We attended ACSAC to present papers.
  • 09.12.2010 We are online with PAPAS (currently in Beta), a system to scan websites for HTTP Parameter Pollution vulnerabilitites. Please refer to this blog post for more information.
  • 14.10.2010 We now have an iSecLab blog.
  • 29.09.2010 Next week, we are attending ACM CCS in Chicago to present a paper on system-centric malware protection.
  • 14.09.2010 We are attending RAID 2010 to present a paper on the privacy of social-networks.
  • 25.08.2010 Chris was named TR35 young innovator.
  • 11.08.2010 We are attending USENIX Security 2010 to present a paper on web vulnerability detection.
  • 30.07.2010 We are attending the Google faculty summit . Interesting talks on security, social nets, and cloud. Nice fit for our research
  • 27.07.2010 We are attending the DEFCON Capture the Flag contest this weekend in Las Vegas. We are Team Shellphish.
  • 14.07.2010 We are attending SOUPS 2010 to present a poster on our de-anonymization paper for social networks.
  • 02.07.2010 Next week, we are attending DIMVA in Bonn, Germany to present a paper.
  • 02.07.2010 We attended OWASP AppSec Research 2010 with a talk on Clickjacking.
  • 01.07.2010 Thorsten Holz, one of our previous fellows has joined iSecLab as faculty. We welcome Ruhr University Bochum.
  • 12.06.2010 Wow, two of our recent publications have been Slashdotted at the same time: Here and here.
Old News


  • The 3rd place of our join iCTF Team "We_0wn_Y0u" in the iCTF 2014-2015 contest was covered here:
    [TU-Wien], [Futurezone], [derStandard], [OE24], [], [Wirtschaftsblatt], [], [] and others.

  • We were interviewed by the 'Help' Magazin regarding the secure deletion of user data from smart phones: [link]

  • There was an interview with us concerning Smart Phone Application Security: [link]

  • The Austrian Futurezone covers our joint Smart Grid Security project SG2 and the critical infrastructure security research conducted at the Hardware Security Lab Vienna: [link]

  • Markus Kammerstetter is Studio Guest in 'Pro und Contra' concerning Edward Snowden and privacy: [Stream]

  • The TV Magazine "Newton" covered the Hardware Security Labs research on embedded system security for building fire alarm systems: [link]

  • The Austrian newspaper "der Standard" reported on our success at the iCTF 2013 [link]

  • The Austrian newspaper Standard reports about our Facebook paper and PiOS [link]

  • Austria national TV (ORF) interviews iSecLab on recent Anonymous activity [Stream]

  • Funkschau (12/2011) writes about iSecLab, iPhone and Appz [download]

  • Switzerland national TV reports about PiOS [Stream]

  • Our deanonymization attack has been Slashdotted

  • Spiegel Online has published an article on our deanonymization attack.

  • published an article on our social network deanonymization attack.

  • We gave an interview to Nature related to our work that shows that profile cloning attacks are feasible in practice.

Press Archive

Last Modified: Mon Apr 20 09:58:23 CEST 2015

Secure Systems Lab Vienna