SBA Security Meetup @ Dynatrace

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

March 26, 2025

On February 25th we had our SBA Security Meetup @ Dynatrace in Vienna.

Catherine Easdon gave a talk on Security and Privacy by Design in the SDLC: Why, When, How?. She talked about security and privacy and why they are so important but tricky to get right.

Abstract:
Security and privacy: so important, but so tricky to get right! You’ve likely encountered some common security controls in the software development lifecycle, such as code scanning, penetration testing, and threat modeling. But why do we use these controls, when are they most effective, and how do you roll them out efficiently at scale? And what even is a privacy control, anyway? In this session, we’ll explore what security by design and privacy by design mean in practice for software development and discuss the unique challenges of each.

The second talk of this evening was on KomMKonLLM – How to combinatorially generate consistency tests for LLMs by our colleagues Bernhard Garn and Ludwig Kampel, both senior researcher at SBA Research.

Abstract:
Consistency testing of Large Language Models (LLMs) targets the problem how to test whether LLMs react reliably to different inputs which have the same semantics. Given that LLMs are quite complex and their internal structure oftentimes is hard to understand, novel innovative ways are required to assess and test their behavior with regard to consistency. To this end, we present the project KomMKonLLM (https://www.netidee.at/kommkonllm), funded as netidee project (2024, call #19), which uses combinatorial black-box testing methods to generate consistency tests for LLMs. In this talk, we will present the underlying methodology of KomMKonLLM, its technical architecture and also give a demo.

The third talk by our colleague Florian Holzbauer, researcher at SBA Research, delphed deep into Active Measurements on Internet Disruptions in Ukraine Kherson – From Ping to Blackout.

Abstract:
In this talk, we explore the motivation, methodology, and findings of our Internet measurement campaign, initiated in response to the war between Russia and Ukraine. Our goal is to assess the conflict’s impact on Internet connectivity, particularly in war-affected regions. We begin by discussing different types of Internet outages and the methods used to detect them. Next, we examine various outage signals and how they can be inferred from active measurements. Finally, we present real-world data on Internet disruptions affecting Ukrainian ISPs operating in the Kherson region – an oblast that has been at the frontline of war for three years.

About the Speakers

Catherine Easdon
Cat is an engineer and researcher exploring the intersection of privacy, security, and tech policy. At Dynatrace, she translates law and policy into code to protect users and integrates privacy controls into the SDLC. She also engages on tech policy issues, most recently as a fellow at the Internet Society and at Virtual Routes. Previously, she hacked CPUs for a living in academia, investigating how hardware behavior leaks sensitive data within software. When she’s not coding, you’ll usually find her knee-deep in snow in the mountains!

Ludwig Kampel and Bernhard Garn (senior researchers of the MATRIS Research Group at SBA Research):
Their research evolves around all aspects of combinatorial testing, ranging from theoretical works to implementing test generation tools. In particular, they have been working on applying combinatorial methods in security testing. Ludwig and Bernhard have both received doctoral degrees in technical sciences (informatics) from TU Wien. Contact them at KomMKonLLM@sba-research.org and visit https://matris.sba-research.org/ for more information.

Florian Holzbauer (Researcher at SBA Research):
Florian is currently working towards his PhD degree at University of Vienna. During his bachelor studies he focused on penetration testing, evaluating antivirus solutions by writing custom malware and network scanning. In his bachelor thesis he adapted ZMAP to internetwide IPv6 scanning and measured active subnets in austrian IPv6 allocations. During his master studies he joined Team ERIS as a junior researcher. With his supervisor Johanna, they founded an entry point for Internet-measurements in Austria (aim.sba-research.org). He is now pursuing a PhD in that field with the focus on measuring Internet standard adoption and compliance.

News