SBA @IT-SECX 2024 – Recap
In October, Zoe Herzig and Reinhard Kugler, security expert from SBA Research, were invited to have a talk at IT-SECX 2024.
Talk: Observing Clouds: container attacks for embedded use cases
by Reinhard Kugler.
© Niklas Schnaubelt
Abstract
Cyber-physical systems in the industrial and automotive domains employ containers to manage and run software. Recently, significant efforts have been directed towards edge computing, aiming to achieve a safety-certified Linux. While Linux in the embedded domain is not new, the current use cases introduce complex security challenges, particularly in on-board communication for software updates and industrial communication protocols. This raises the question: how can an embedded system be effectively defended and monitored for security incidents without sacrificing performance?
Containers offer new defensive capabilities, leveraging the extensive features of the Linux Kernel. eBPF technology, often referred to as “JavaScript for the Kernel,” opens new avenues for extending the system without altering the software itself.
This talk provided an overview of weaknesses in containers on embedded systems and showcased defense techniques using eBPF.
Talk: Code analysis in open-source projects within the healthcare sector
by Zoe Herzig.
© FH St, Pölten
Abstract
Zoe Herzig’s research focuses on software development in the medical field, particularly sustainable development and long-term management of medical software. In collaboration with SBA Research, she explores how software evolves and ages over time, and what measures are needed to ensure its functionality and security in the long run.
Her work offers valuable insights into software aging and solutions that help improve the quality and reliability of medical applications. These findings are particularly relevant to developers and IT managers in healthcare, who must ensure that their systems remain reliable in an ever-changing technological landscape.
Zoe Herzig, a Medical Informatics student at TU Vienna, presented her bachelor’s thesis at this year’s conference. She plans to pursue a master’s degree at the Medical University of Vienna, specializing in medical informatics.
Keynote speaker Daniel Fabian from Google Zurich discussed “Red Teaming in an AI World,” highlighting the importance of adversarial testing in securing AI systems. Fabian delved into approaches for identifying vulnerabilities, from content security evaluations to adversarial simulations, offering insights into attacker tactics against AI.
© SBA Research
About the Conference
The renowned IT Security Community Exchange (IT-SECX) was held at St. Pölten University of Applied Sciences, uniting over 750 participants under the theme “AI & Security.” This year’s event brought together students, professionals, and security enthusiasts to explore the intersection of artificial intelligence and cybersecurity, featuring expert presentations on current research, industry practices, and the emerging challenges AI introduces in cyber defense.