"Think Before U Click!" #ThinkB4UClick

Department for Computer Science and Security at St. Pölten University of Applied Sciences

Describe your initiative and the partners involved

The Department Computer Science and Security of St. Pölten University of Applied Sciences provides university education, both on bachelor and master level, as well as applied research in the domain of IT and information security. In order to response to the fast-changing requirements in the security domain, to ensure employability and to prioritize research problems the department set up an advisory board consisting of more than 20 companies of all sizes and across all industries[1].

The Bachelor program on IT Security is unique in Austria for various reasons. Firstly, it provides students with an integral, holistic view of IT infrastructure security. The course is one of the largest study programs dedicated to IT or information security in Austria and forms the basis for future security experts in commercial businesses. The course is divided into four main areas (IT operation, Network technology, Security technologies, Security management and organization) and provides students with the ability to specialize in the three areas Digital Forensics and Malware, Security Management and Consulting or IT Infrastructure Security.

The Master program on Information Security continues the Bachelor course on IT Security and deepens the knowledge in the main areas of the Bachelor course. Moreover it addresses further aspects of information security, such as cloud security, mobile security, security management and industrial security. The program offers 3 different areas of concentration and is closely working together with the Institute of IT security research to ensure up-to-date knowledge for the students.

For supporting lifelong learning the Department of Computer Science and Security yearly hosts the IT-Security Community Exchange (https://itsecx.fhstp.ac.at/) which created a forum for expert exchange for more than 600 participants in 2014. Furthermore, the university provides professional trainings on information security related topics to strengthen security capabilities in Austria. Additionally, increases awareness at high school students by annually organizing the IT-Security Day for more than 600 students. This year’s edition put an emphasis on smart phone security and social media risks.

The university hosts the Institute of IT Security Research which concentrates on research in the areas Biometrics, Security Management, Software Security, Privacy, IT-forensics/anti-forensics, and Industrial Security. The research institute participates in various research projects with stakeholders from industry and administration. In the following we provide a short overview of two representative projects of the research institute.

KIRAS SmartPhone Security: This research project addresses on more or less neglected topics of cyber security concerning smartphones, tablet-PCs and BYOD (bring your own device) and focuses on three objectives.

Firstly, the project aims at developing new biometric methods of user authentication via continuous verification of user specific dynamic behavior patterns, e.g. the user’s movement and manipulation patterns. As a further result, biometry-based data authentication should be made possible, augmenting e.g. the security of the well-known mTAN approach through a biometric component.

Secondly, the project pursues the goal to enhance data security, especially for externally stored data. Due to the characteristics of mobile devices complex computations and storage is often transferred to the cloud. Therefore, a novel cryptography-based system is developed in the project which allows users to preserve control of their data according to their requirements in a usable way.

Acknowledging the increasing problem of malware (malicious software) in mobile devices, especially BYOD (increase in 2012 of more than 4,000% for android OS), and being aware that classical virus scanners will become rather inefficient in the future, the third objective focuses on optimized and specific detection in this environment based on behavior. Furthermore, a method variant with hardware support will be investigated for all the project aims mentioned above.

e!MISSION.at SmartMeter IDS: European Union regulations state that member nations are to roll out advanced metering systems to a majority of households within the decade. This will not only fundamentally change the energy supply landscape but also constitutes major security challenges for energy providers. The goal of this project is the research of an integrated framework consisting of an Intrusion Detection System (IDS) and its organizational embedding. Conventional IDS do not meet the fundamentally different requirements in advanced metering infrastructures.

To accomplish this goal advanced metering infrastructures are modeled by a multi-agent simulation system. Based on this simulation model a set of monitoring rules is defined on different layers of the network to handle protocol anomalies as well as anomalies in the command transmissions and in the consumption profile.

Recently St. Pölten University of Applied Sciences opened its Research Center TARGET (Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks). The mission of the center is to explore novel techniques for threat intelligence on targeted attacks on different levels. The research objective is to develop a unified methodology for the detection and mitigation of this new class of cyber-threats.

Is there any link to the Digital Agenda policy documents or strategic level documents implemented in your country?

St. Pölten University of Applied Sciences as one of the largest information security education and research providers in Austria supports with its variety of activities in the IT and information security field, the aims of the Austrian Cyber Security Strategy[2] and priorities of the European Commission[3].

What is the outcome, impact and the outreach of your initiative? any metrics used?

Starting in 1996 with 30 available seats, the course held at St. Pölten University of Applied Sciences will increase in 2016 to 86 available seats per year. The situation is similar in the areas of department size (2 employees in 1996 to 34 employees 2016) or volume of research projects (2006: 40,000 €, 2015: 900,000€)

Recent events organized by St. Pölten University of Applied Sciences, such as the Security Day for high school students or the IT Security Exchange, in total attracted more than 1000 persons

Your approach towards partnership and coalition-building

In order to strengthen research and education the Department of Computer Science and Security works together with national and international security experts. Further, it is academic partner of the Austrian competence center on IT Security SBA Research. The afore mentioned Research Center TARGET is well backed by two industry partners: an information security service provider (SEC Consult) and an anti virus company (Ikarus).

The university hosts national and international security conferences, such as International Symposium for ICS & SCADA Cyber Security Research 2014 in order to facilitate the exchange between security researchers and practitioners.

St. Pölten University of Applied Science supports the interministerial initiative onlinesicherheit.gv.at[4] as cooperation partner. The initiative has the objective to create an information portal about security related themes for different stakeholders (e.g. employees, children, consumers, research). Further, the Department of Computer Science and Security supports the promotion of security at various European initiatives such as the European Researcher’s Night or the European Cyber Security Month.

What are your plans for medium term?

The Department of Computer Science and Security focuses on the following key priorities:

  • Firstly, it aims at increasing the competitiveness of Austria as a business location for security service providers by educating more IT and information security professionals through academic courses, professional trainings and security events.
  • Secondly, the department strives for closer networking with European and international research institutions.
  • Thirdly, the department plans to expand research and development capabilities for maximizing the impact for project partners through innovative products in emerging areas.