profile picture

Johanna Ullrich

Key Researcher

Education

PhD in Computer Science

TU Wien
2013 - 2016

MSc in Automation Engineering

TU Wien
2010 - 2013

BSc in Electrical Engineering

TU Wien
2007 - 2010

University Entrance Qualification

HTL Wien 3 Rennweg
2002 - 2007

Statement

Servus, I am key researcher at SBA Research, a research center for Information Security in Vienna, Austria, and leading the Networks and Critical Infrastructures Security Research Group (ERIS). I work on network security, in particular IPv6, the Internet’s transition towards IPv6 and measurement experiments. Among others, I have shown that the IPv6 Privacy Extension does not meet its goal of privacy protection. This led to the modification of a major client operating system eventually protecting millions of its users. Based on my interdisciplinary background, I also conduct research on security at the intersection of computer science and classical engineering. Recently, I worked on attacks against the power grid. In comparison to cyber-launched attacks, I aim to strike the grid at its electrical parts by increasing power demand at a high number of Internet-connected devices simultaneously.

Beyond research, I seriously care about knowledge transfer. I teach at multiple institutions, and have als been an interview partner for print and TV magazines. I am a strong supporter of equal opportunities (and in light of recent events particularly equal parenting). I am a cynophilist.

Experiences

Research and Teaching Associate

5/2020 - Present
Faculty of Computer Science, University of Vienna, Vienna

Key Researcher

1/2020 - Present
SBA Research, Vienna

Head of the Networks and Critical Infrastructures Security Group

4/2019 - Present
SBA Research, Vienna

Post-Doctoral Researcher

5/2020 - Present
Christian Doppler Laboratory for Security and Quality
Improvement in the Production System Lifecycle (CDL-SQI), University of Vienna

Senior Researcher

12/2016 - 12/2019
SBA Research, Vienna

Post-Doctoral Researcher

03/2018 - 12/2018
Christian Doppler Laboratory for Security and Quality
Improvement in the Production System Lifecycle (CDL-SQI), TU Wien, Vienna

Researcher

11/2012 - 11/2016
SBA Research, Vienna

Prizes and Awards

2nd in the Faculty of Computer Science's Best-of-the-Best Ranking

2024
Category Third Party Funding (Ass.-Prof./Postdocs)  

Nomination for the Hedy Lamarr Prize

2019 and 2020
nominated by Austrian Research Promotion Agency (FFG)  

Scholarship of Excellence

2018
awarded by the Austrian Federal Ministry of Science, Research and Economy  

Research Prize of the Dr. Maria Schaumayer Foundation

2018
 

Promotio Sub Auspiciis Praesidentis

2017
awarded by the President of Austria Dr. Alexander van der Bellen  

Diploma Thesis Award of the City of Vienna

2013
 

Scholarship for Engineering Students

2011/12
awarded by the Fuchs Foundation  

Merit-Based Scholarships

2008, 2009 and 2010
awarded by the Faculty of Electrical Enginering  

Teaching

Network Technologies

2024 - Present
Lecturer, Faculty of Computer Science, University of Vienna

Technical Foundations of Computer Science

2024 - Present
Lecturer, Faculty of Computer Science, University of Vienna

Foundations of Networked Systems

2022 - Present
Lecturer, Faculty of Computer Science, University of Vienna

Network Security

2020 - Present
Guest Lecturer, Faculty of Computer Science, University of Vienna

Introduction to Security and (Advanced) Internet Security

2017 - Present
Guest Lecturer, Faculty of Informatics, TU Wien

Principles of Computer Sciences

2017 - Present
Lecturer, FH Wr. Neustadt, Curriculum Industrial Engineering

Automotive IT-Security

2017 - 2023
Lecturer, FH Campus, Curriculum Green Mobility

Security Aspects of Cloud Computing

2014 - 2021
Lecturer, FH Technikum, Curriculum Information Mngt. and Security

Control Engineering and Electric Drivetrains

2013 - 2017
Engineering Educator instructing Teenagers, HTL Wien 10

Object-Oriented Programming and Software Engineering 1

2010 - 2011
Teaching Assistant, Faculty of Electrical Engineering, TU Wien

Research Projects

Quantum-Safe Critical Infrastructure for Austria (Q-Crit)

2024-2026
Co-Author & Co-Investigator
funded by Breitband Austria 2030 (GigaApp), Austrian Research Promotion Agency (FFG)

Automated Testbeds for the Evaluation of Intrusion Detection
Capabilities (testcat)

2024-2026
Co-Author & Co-Investigator
funded by KIRAS, Austrian Research Promotion Agency (FFG)

Semantic and Cryptographic Foundations of Security and Privacy
by Compositional Design (SPyCoDe)

2023-2026
Author & Principal Investigator of Subproject 10 (in total 14 subprojects)
funded by Special Research Programmes (SFB), Austrian Science Fund (FWF)

Integration von nationalen und regionalen Modellen für die Zukunft
der elektrischen Energieversorgung in Österreich (NurZu!)

2023-2025
Lead Author & Project Manager
funded by BRIDGE 1, Austrian Research Promotion Agency (FFG)

Security and Resilience for P2P Energy Trading

2022
Co-Author & Co-Investigator
funded by Austrian-Japanese Joint Seminars, Austrian Science Fund (FWF)

Adaptive AI/ML for Dynamic Cybersecurity Systems (DynAISEC)

2022 - 2023
Author & Project Manager
funded by ICT of the Future, Austrian Research Promotion Agency (FFG)

Gesamtstaatliche Erfassung der Resilienz im Kontext komplexer
Krisenszenarien (G-Star)

2021 - 2022
Project Manager
funded by KIRAS, Austrian Research Promotion Agency (FFG)

Area 1 Networked System Security, SBA Research K1

2021 - 2025
Lead Author and Key Researcher
funded by COMET K1, Austrian Research Promotion Agency (FFG)

Identification and Disintegration of
Single Points of Failure on the Internet (2big2fail)

2020 - 2022
Lead Author & Project Manager
funded by BRIDGE 1, Austrian Research Promotion Agency (FFG)

Handling Data from IPv6 Scanning

2020
Lead Author & Project Manager
funded by European Commission's Next Geneneration Internet (NGI) Programme Zero

Cyber Security Competence for Research and Innovation (CONCORDIA)

2019 - 2023
Project Member
funded by Horizon 2020 (Cybersecurity Pilot Project)

Secure Connected Trustable Things (SCOTT)

2017 - 2020
Project Member
funded by Electronic Component Systems for European Leadership (ECSEL) Joint Undertaking

Area 1 Networked System Security, SBA Research K1

2017 - 2021
Co-Author
funded by COMET K1, Austrian Research Promotion Agency (FFG)

Framework to Cyber-Physical System Security (CyPhySec)

2013 - 2017
Lead Author & Project Manager
funded by BRIDGE Frühphase, Austrian Research Promotion Agency (FFG)

Media

Ö1 Punkt Eins: Sicherheit durch Überwachung - Sicherheit vor Überwachung

Discussion with Audience Participation by Austrian Radio

ORF Themenmontag - Der Talk: Blackout! Wie geht's weiter, wenn nichts mehr geht?

2022
Discussion on blackouts by Austrian Broadcasting.

MeinBezirk: Wie sich die KUUSK-Region auf Blackouts vorbereitet

2022
Report on information event on blackouts in Tyrol.

FWF: Four New Special Research Programmes Starting in Austria.

2022
Press Release on Acceptance of Special Research Programm (SFB).

ORF: Rekordbilanz für ORF-TVthek.

Press Release ranking Documentary on Blackouts (Dok1) no.8 in the 2021 ORF video-on-demand ranking.

Ö1 Journal Panorama: Cybercrime - Wenn Hacker die Firmen übernehmen.

2021
Documentary by Austrian Radio on Recent Cyber Security Incident.

Report: Allzu einfach darf man es Angreifern nicht machen.

Interview on Cybersecurity by Austrian Business Magazin.

ORF Dok1: Nichts geht mehr. Sieben Tage ohne Strom.

Documentary by Austrian Broadcasting Corp. on Blackouts.

Ö1 Punkt Eins: Cyberattacken und Hackerangriffe

Discussion with Audience Participation by Austrian Radio

TU Wien: Digitale Kompetenzen im Parlament

Press Release on Digital Skill Training for Members of the Austrian Parliament

City of Vienna: Acht Forscherinnen auf den Spuren Hedy Lamarrs

2020
Press Release on Nomination for Hedy Lamarr Prize

ORF Wien heute: Hackerangriffe auf Büchereien

2019
News Magazine on Attack against Vienna Library

Wiener Bezirkzeitung: Büchereien Wien - Daten von 10.000 Nutzern online

Report on Attack against Vienna Library

ORF Eco: Risiko Blackout - Der teure Schutz der Stromnetze

Economic Magazine by Austrian Broadcasting Corp. on Blackouts

Austrian Business Woman: Wir brauchen Role Models

Austrian Female Business Magazine on Women in Research and Technology

ORF Eco: Intelligente Stromzähler - Wie sicher sind sie, was bringen sie

Economic Magazine by Austrian Broadcasting Corp. on Smart Meter Security and Privacy

demographieberatung.at: Das Alter entscheidet nicht darüber, ob jemand gut in Informatik ist

Interview on Diversity in Information Technology

Die Presse: Cyber-Security vs. Convenience - was gewinnt die Oberhand?

2018
Participation in Panel Discussion

heise online: Botnetze können das Stromnetz sabotieren

2017
Report on my Power Grid Research

TU Wien: Sub auspiciis Promotionen am 5. Dezember 2017 an der TU Wien

Press Release on Promotio Sub Auspiciis

ORF Newton: Die Tricks der Motorenbauer

2015
Science Magazine by Austrian Broadcasting Corp. on Diesel Emissions scandal

Publications

Holzbauer F., Maier, M., Ullrich, J.
Destination Reachable: What ICMPv6 Error Messages Reveal About Their Sources
Internet Measurement Conference (IMC), 2024.
Klauzer A., Maier, M., Ullrich, J.
Fostering security research in the energy sector: A validation of open source intelligence for power grid model data
Computers & Security, 2024.
Gegenhuber G., Maier, M., Holzbauer, F., Mayer, W., Merzdovnik, G., Weippl, E., Ullrich, J.
An Extended View on Measuring Tor AS-level adversaries
Computers & Security, 2023.
Maier, M., Ullrich, J.
In the loop: A measurement study of persistent routing loops on the IPv4/IPv6 Internet
Computer Networks, 2023.
Nowak, V., Ullrich, J., Weippl, E.
Cybersecurity is more than a Technological Matter - Towards Considering Critical Infrastructures as Socio-Technical Systems
Applied Cybersecurity & Internet Governance, 2022.
Casas, P., Vaneria, J., Ullrich, J., Findrik, M., Barlet-Ros, P.
GRAPHSEC - Advancing the Application of AI/ML to Network Security through Graph Neural Networks
International Conference on Machine Learning for Networking (MLN), 2022.
Holzbauer, F., Ullrich, J., Lindorfer, M., Fiebig, T.
Not that Simple: Email Delivery in the 21st Century
USENIX Annual Technical Conference (ATC), 2022.
Wenzl, M., Merzdovnik, G., Ullrich, J., Weippl, E.
From hack to elaborate technique - A survey on binary rewriting
ACM Computing Surveys, 2019.
Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., Weippl, E.
Measuring Cookies and Web Privacy in a Post-GDPR World
Passive and Active Measurement Conference (PAM), 2019.
Ullrich, J., Stifter, N., Judmayer, A., Dabrowski, A., Weippl, E.
Proof-of-Blackouts? How Proof-of-Work Cryptocurrencies Could Affect Power Grids
International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2018.
Dabrowski, A., Ullrich, J., Weippl, E.
Botnets causing blackouts: how coordinated load attacks can destabilize the power grid
e&i Elektrotechnik und Informationstechnik, 2018.
Dabrowski, A., Ullrich, J., Weippl, E.
Grid Shock: Coordinated Load-Change Attacks on Power Grids
Annual Computer Security Applications Conference (ACSAC), 2017.
Ullrich, J., Zseby, T., Fabini,T., Weippl, E.
Network-Based Secret Communication in Clouds: A Survey
IEEE Communications Surveys & Tutorials, 2017.
Khan, Z., Ullrich, J., Voyiatzis, A., Herrmann, P.
A Trust-based Resilient Routing Mechanism for the Internet of Things
International Conference on Availability, Reliability and Security (ARES), 2017.
Judmayer, A., Ullrich, J., Merzdovnik, G., Voyiatzis, A., Weippl, E.
Lightweight Address Hopping for Defending the IPv6 IoT
International Conference on Availability, Reliability and Security (ARES), 2017.
Ullrich, J., Weippl, E.
The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor
European Symposium on Research in Computer Security (ESORICS), 2016.
Ullrich, J., Cropper, J., Frühwirt, P., Weippl, E.
The Role and Security of Firewalls in Cyber-Physical Cloud Computing
EURASIP Journal on Information Security, 2016.
Ullrich, J., Voyiatzis, A., Weippl, E.
Secure Cyber-Physical Production Systems: Solid Steps towards Realization
International Workshop on Cyber-Physical Production Systems (CPPS), 2016.
Ullrich, J., Voyiatzis, A., Weippl, E.
The Quest for Privacy in Consumer IoT
International Workshop on Consumers and the Internet of Things (ConsIoT), 2016.
Ullrich, J., Weippl, E.
Privacy Is Not an Option: Attacking the IPv6 Privacy Extension
International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2015.
Cropper, J., Ullrich, J., Frühwirt, P., Weippl, E.
The Role and Security of Firewalls in IaaS Cloud Computing
International Conference on Availability, Reliability and Security (ARES), 2015.
Ullrich, J., Kieseberg, P., Krombholz, K., Weippl, E.
On Reconnaissance with IPv6: A Pattern-Based Scanning Approach
International Conference on Availability, Reliability and Security (ARES), 2015.
Krombholz, K., Frühwirt, P., Rieder, T., Kapsalis, I., Ullrich, J., Weippl, E.
QR Code Security - How Secure and Usable Apps Can Protect Users Against Malicious QR Codes
International Conference on Availability, Reliability and Security (ARES), 2015.
Dabrowski A., Krombholz K., Ullrich J., Weippl, E.
QR Inception: Barcode-in-Barcode Attacks
ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 2014.
Ullrich, J., Krombholz, K., Hobel, H., Dabrowski, A., Weippl, E.
IPv6 Security: Attacks and Countermeasures in a Nutshell
USENIX Workshop on Offensive Technologies (WOOT), 2014.
Herzberg, A., Shulman, H., Ullrich, J., Weippl, E.
Cloudoscopy: Services Discovery and Topology Mapping
ACM Workshop on Cloud Computing Security (CCSW), 2013.

Community Service

Reviewer for Applied Mathematical Modeling (Journal)
Reviewer for Computer Communications (Journal)
Reviewer for Transactions on Network Science and Engineering (Journal)
Reviewer for Computer Networks (Journal)
Reviewer for Computers & Security (Journal)
Reviewer for Computers Science Review (Journal)
Reviewer for IEEE Transactions on Cloud Computing (Journal)
Reviewer for Transactions on Privacy and Security
External Reviewer for Usenix Security 2021
External Reviewer for Conference on Computer and Communication Security (CCS) 2016
External Reviewer for European Symposium on
Research in Computer Security (ESORICS) 2015, 2019
External Reviewer for International Workshop on Security and Trust Management (STM) 2019
External Reviewer for IFIP Sec 2020
Steering Committee Member of Network Traffic Measurement and Analysis Conference (TMA) Since 2024
Program Comittee Member of IEEE Symposium on Security and Privacy (S&P) 2024
Technical Programm Chair of Network Traffic Measurement and Analysis Conference (TMA) 2023
Program Comittee Member of Annual Computer Security Applications Conference (ACSAC) 2023 - 2024
Program Comittee Member of European Workshop on System Security (EuroSys) 2023
Program Comittee Member of
International Conference on Availability, Reliability and Security (ARES) 2020-2024
Program Comittee Member of International Workshop on Cyber-Physical Security for Critical Infrastructure Protection (CPS4CIP) 2021-2022
Program Comittee Member of IEEE Euro S&P Poster Session 2021
Program Comittee Member of ACM Cyber-Physical System Security Workshop (CPSS) 2021-2023
Program Comittee Member of GI Sicherheit 2020
Program Comittee Member of International Workshop on Security of Mobile Applications (IWSMA) 2014-2019
PhD Thesis Reviewer of Antonia Affinito (Università degli Studi di Napoli Federico II) 2024
Member of Habilitation Committee for Dr. Katerina Schindlerova (University of Vienna) 2024
Member of Study Conference for Doctorate of Informatics and Business Informatics (University of Vienna) 2020 - Present
Substitute Member of Working Group on Study Curriculum (University of Vienna) 2021 - Present