by Edgar Weippl, Research Director. SBA Research. Vienna
Applied research in network security is becoming increasingly important as many large scale cloud systems and complex decentralized networked systems are used today by millions of people. Often, the systems’ characteristics cannot be observed directly, either because the operators of centralized services do not provide this information (e.g. Facebook, Amazon) or because the decentralized nature does not allow doing so (e.g. crypto protocols used on servers, Tor). In addition, software development becomes more complex as software is developed in large, globally distributed teams so that one has to operate under the assumption that within any large team there are people trying to incorporate malicious code into the code base. Up to date there is little work that provides any empirical evidence on how widespread such problems are and whether there are effective means (and which) to mitigate this risk. Research methodology in information security is evolving and many of the earlier well- known empirical research findings are hard to reproduce for two main reasons: First, the original data is not or no longer available or may have been altered. Second, research ethics have changed and some experiments are no longer an acceptable practice. In this tutorial, I will (1) highlight the impact of our past research in the field, (2) show how promising theoretical concepts can be explored and applied to important empirical problems, and (3) explore future research paths in the field.
After graduating with a Ph.D. from the TU Wien, Edgar Weippl worked in a research startup for two years. He then spent one year teaching as an Assistant Professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York, NY and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the TU Wien and founded the research center SBA Research together with A Min Tjoa and Markus Klemen. Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is member of the editorial board of Computers & Security (COSE), organizes the ARES conference and is General Chair of SACMAT 2015, PC Chair of Esorics 2015 and General Chair of ACM CCS 2016.