Short Bio

Photo of Maria Leitner, (c) Zinner

Dr. Maria Leitner is scientist and project manager at AIT Austrian Institute of Technology, Center for Digital Safety & Security in Vienna, Austria. At AIT, she is working in and managing national and international research projects (see projects). Her research interests are situational awareness, cyber ranges, cyber security exercises, identity management, access control as well as security in process-aware information systems. Maria is also an external lecturer at University of Vienna and FH Campus Wien. She was a visiting researcher at the Center for Cybersecurity and Digital Forensics at Arizona State University in May 2017.

Before AIT, Dr. Leitner has worked at University of Vienna, Faculty of Computer Science, research group Workflow Systems and Technology as teaching and research assistant (between 2010 and 2013). Her research focused on security in process-aware information systems (PAIS), specification, design and modeling of security concepts in business processes as well as compliance and access control management for PAIS. At University of Vienna, she was also actively involved in the administrative committees within the faculty and gave several lectures such as on scientific writing and introduction to programming (see academic services). In 2014, Dr. Leitner worked as a researcher at SBA research, a IT security research cluster in Vienna where she focused on the detection of anomalies in access control systems.

Research interests

Situational awareness, cyber ranges and cyber security exercises

As threats and potential attackers are evolving continuously, modern information systems have to adapt and provide services that keep track of and identify potential threats. This signifies not only being aware (of the current situation and) what potential threats might try to do but also to detect potential misbehavior in order to provide responsive measures. Situational awareness is essential in the civil domain including critical infrastructure providers as well as other organizations. Marias research interests are the provision of methods, tools and environments for efficient the establishment as well as for the interpretation and reaction. Furthermore, training and education in this context will become more important in order to develop adequate skills. Marias research activities aim to establish and create realistic environments and tools (e.g., cyber ranges) that support a diverse training/education for various target groups from beginners to professionals.

Selected publications:

  • [PDF] T. Pahi, M. Leitner, and F. Skopik, “Data exploitation at large: your way to adequate cyber common operating pictures,” in Proceedings of the 16th european conference on cyber warfare and security, Reading, UK, 2017, p. 307–315.
    address = {Reading, UK},
    title = {Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures},
    isbn = {978-1-911218-43-2},
    booktitle = {Proceedings of the 16th European Conference on Cyber Warfare and Security},
    publisher = {Academic Conferences and Publishing International Limited},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    month = jun,
    year = {2017},
    abstract = {Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.},
    url = {https://books.google.at/books?id=uFA8DwAAQBAJ&lpg=PA307&ots=YSo0jBZqYF&lr&pg=PA307#v=onepage&q&f=false},
    pages = {307--315}
  • [PDF] [DOI] M. Frank, M. Leitner, and T. Pahi, “Design considerations for cyber security testbeds: a case study on a cyber security testbed for education,” in 2017 ieee 3rd intl conf cyber science and technology congress, Orlando, Florida, 2017, p. 38–46.
    address = {Orlando, Florida},
    title = {Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education},
    publisher = {IEEE},
    doi = {10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23},
    booktitle = {2017 IEEE 3rd Intl Conf Cyber Science and Technology Congress},
    author = {Frank, Maximilian and Leitner, Maria and Pahi, Timea},
    month = nov,
    year = {2017},
    abstract = {Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed. },
    pages = {38--46}
  • M. Leitner, T. Pahi, and F. Skopik, “Situational awareness for strategic decision making on a national level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed., CRC Press, 2017, p. 225–276.
    title = {Situational Awareness for Strategic Decision Making on a National Level},
    isbn = {978-1-138-03182-1},
    booktitle = {Collaborative {Cyber} {Threat} {Intelligence}},
    publisher = {CRC Press},
    author = {Leitner, Maria and Pahi, Timea and Skopik, Florian},
    editor = {Skopik, Florian},
    year = {2017},
    abstract = {With highly interconnected stakeholders, IT networks, and systems, international cooperation and coordination is becoming essential for the protection of global and local networks and services. Conventional strategies require a global view for the stabilization and protection of IT networks and systems. Much effort and solutions have been proposed to establish situational awareness (SA) within organizations (i.e. their local ICT networks). In general, SA is the perception of the element in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Enabling SA in cyber space, further called cyber situational awareness (CSA), is becoming a key factor for governments or public bodies. For example, CSA entails establishing preventive measures, monitoring evolving threats and campaigns in diverse and distributed IT landscapes as well as mitigating threats and sharing the information in certain trust circles to stay up-to-date. Nowadays, most critical infrastructures are operated by private organizations. The evaluation and impact analysis of critical incidents (i.e. that affect national economy or health) can be conducted such as with private-public partnerships. This chapter focuses on how (cyber) situational awareness can be established at national level to enable strategic decision making processes. In this context, national cyber security strategies are examined and it is investigated how they contribute and provide tools to foster SA. Furthermore, cyber security centers and their main tasks and responsibilities are investigated. In addition, SA models for decision making processes at individual, organizational or national level are assessed as well as how information and sources can be used to establish SA on national level.},
    url = {https://www.crcpress.com/Collaborative-Cyber-Threat-Intelligence-Detecting-and-Responding-to-Advanced/Skopik/p/book/9781138031821},
    pages = {225--276}
  • T. Pahi, M. Leitner, and F. Skopik, “Preparation, modelling, and visualisation of cyber common operating pictures for national cyber security centres,” Journal of information warfare, vol. 4, iss. 16, 2017.
    title = {Preparation, Modelling, and Visualisation of Cyber Common Operating Pictures for National Cyber Security Centres},
    volume = {4},
    url = {https://www.jinfowar.com/journal/volume-16-issue-4/preparation-modelling-visualisation-cyber-common-operating-pictures-national-cyber-security-centres},
    number = {16},
    abstract = {Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. This paper describes the information types and sources required for an efficient information management process supporting CCOPs. Following an initial description of CCOPs, the paper next discusses potential decisions supported by them. Finally, it provides an example of the entire process—from the application of the information management process to national decision-making.},
    journal = {Journal of Information Warfare},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    month = dec,
    year = {2017}

Identity and access management

Ensuring individuals access to resources at the right moment for the adequate purpose is a critical challenge in distributed, heterogeneous and inter-connected environments. As various digital services (such as state-based or third-party) as well as electronic identities (serving different purposes and therefore entail different levels of quality) exist and are emerging, the adequate utilization and application is challenging. Dr. Leitners research centers on methods and tools for the cost-efficient and effective application and use of electronic identities while maintaining a certain level of privacy and security in various domains (e.g., e-government, e-commerce, e-participation). Furthermore, she is also working in the area of adequate application and operation of access control systems in order to prevent threats and detect anomalies.

Selected publications:

  • [DOI] M. Leitner and S. Rinderle-Ma, “Anomaly detection and visualization in rbac models,” in Proceedings of the 19th acm symposium on access control models and technologies (sacmat), New York, NY, USA, 2014, pp. 41-52.
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    title = {Anomaly Detection and Visualization in RBAC Models},
    booktitle = {Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT)},
    address = {New York, NY, USA},
    series = {{SACMAT} '14},
    year = {2014},
    abstract = {With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.},
    pages = {41-52},
    isbn = {978-1-4503-2939-2},
    url = {http://doi.acm.org/10.1145/2613087.2613105},
    doi = {10.1145/2613087.2613105},
    publisher = {{ACM}}
  • [PDF] [DOI] M. Leitner, A. Bonitz, B. Herzog, W. Hötzendorfer, C. Kenngott, T. Kuhta, O. Terbu, S. Vogl, and S. Zehetbauer, “A versatile, secure and privacy-aware tool for online participation,” in 20th IEEE international enterprise distributed object computing workshop, EDOC workshops 2016, vienna, austria, september 5-9, 2016, Vienna, Austria, 2016.
    address = {Vienna, Austria},
    title = {A versatile, secure and privacy-aware tool for online participation},
    booktitle = {20th {IEEE} International Enterprise Distributed Object Computing Workshop, {EDOC} Workshops 2016, Vienna, Austria, September 5-9, 2016},
    publisher = {IEEE},
    author = {Leitner, Maria and Bonitz, Arndt and Herzog, Bernd and H{\"{o}}tzendorfer, Walter and Kenngott, Christian and Kuhta, Thomas and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
    year = {2016},
    abstract = {Online participations have increased in recent years and various tools emerged to support participatory processes. However, often they support only one level of participation such as information, consultation or co-operation and definite security and privacy considerations seem to be not a priority. What is missing so far is a secure and flexible tool that can be used for multiple purposes and integrates security and privacy considerations from the beginning. In this paper, we propose a tool for online participation that supports multiple levels of participation, provides authentication with different electronic identities (eIDs), incorporates security and privacy by design and ensures interoperability to existing identity solutions. For example, with the use of different eIDs (if adequate to the level of participation), we expect to enable a low threshold for participation. Based on the aforementioned requirements, we expect to increase the trust between operators and participants in online participations in the long run.},
    doi = {10.1109/EDOCW.2016.7584342},
    url = {http://dx.doi.org/10.1109/EDOCW.2016.7584342}
  • [PDF] [DOI] C. Schuppler, M. Leitner, and S. Rinderle-Ma, “Privacy-aware data assessment of online social network registration processes,” in Proceedings of the eighth acm conference on data and application security and privacy, New York, NY, USA, 2018, p. 167–169.
    address = {New York, NY, USA},
    series = {{CODASPY} '18},
    title = {Privacy-aware Data Assessment of Online Social Network Registration Processes},
    isbn = {978-1-4503-5632-9},
    url = {http://doi.acm.org/10.1145/3176258.3176950},
    doi = {10.1145/3176258.3176950},
    booktitle = {Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy},
    publisher = {ACM},
    author = {Schuppler, Christine and Leitner, Maria and Rinderle-Ma, Stefanie},
    year = {2018},
    abstract = {Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they provide during registration. Depending on what information is provided in (public) OSN profiles, that data might be misused by attackers e.g., for cross-site profile cloning. This paper assesses data provided by the user during the registration of OSNs. Therefore, it is investigated how OSN registration processes are typically modeled, which information is needed to create a profile in OSNs and which attack scenarios can occur based on the provided data. The results contribute to the understanding of OSN registration process design as well as requested data and to replicate and reuse processes for further privacy and security investigations.},
    note ={Poster},
    pages = {167--169}
  • [DOI] M. Leitner, A. Bonitz, W. Hötzendorfer, O. Terbu, S. Vogl, and S. Zehetbauer, “Design und Entwicklung eines E-Partizipationsökosystems,” in Digitale Bürgerbeteiligung: Forschung und Praxis – Chancen und Herausforderungen der elektronischen Partizipation, M. Leitner, Ed., Wiesbaden: Springer Fachmedien Wiesbaden, 2018, p. 163–187.
    address = {Wiesbaden},
    title = {Design und {Entwicklung} eines {E}-{Partizipationsökosystems}},
    isbn = {978-3-658-21621-4},
    url = {https://doi.org/10.1007/978-3-658-21621-4_7},
    abstract = {Um elektronische Beteiligung generell zu ermöglichen, werden sozio-technische Informationssysteme, unabhängig von deren Ausprägung und Reichweite, entworfen und entwickelt. Die Auswahl und Gestaltung der Systeme kann maßgeblich am Erfolg oder Misserfolg von Bürgerbeteiligungen sein. Daher ist es von Beginn an wichtig, die Anforderungen und Funktionalitäten, die ein System unterstützen soll, zu kennen. Das System bildet die Basis für elektronische Beteiligung und ist Teil eines E-Partizipationsökosystems. Das Ökosystem umfasst auch die Gemeinschaft (z. B. StakeholderInnen, BürgerInnen, Wirtschaftstreibende etc.) und weitere Bedingungen (z. B. Gesetzesvorgaben etc.), die auch von der elektronischen Beteiligung direkt oder indirekt betroffen sind. Um dies vollständig zu erfassen, werden in diesem Kapitel das Design und die Entwicklung des Ökosystems analysiert, insbesondere unter dem Aspekt der Wahrung der Sicherheit und Privatsphäre.},
    booktitle = {Digitale {Bürgerbeteiligung}: {Forschung} und {Praxis} – {Chancen} und {Herausforderungen} der elektronischen {Partizipation}},
    publisher = {Springer Fachmedien Wiesbaden},
    author = {Leitner, Maria and Bonitz, Arndt and Hötzendorfer, Walter and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
    editor = {Leitner, Maria},
    year = {2018},
    doi = {10.1007/978-3-658-21621-4_7},
    pages = {163--187}

Security in process-aware information systems

As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, a holistic integration of security policies in PAIS is essential. Dr. Leitners PhD thesis entitled “Security policy integration and life cycle management in process-aware information systems” aimed at providing an integrated view on security policies in PAIS – thereby providing preventive, detective and reactive security measures in PAIS. Particularly, the security policy life cycle in combination with the business process life cycle was investigated. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. Her research focuses on methods and tools for the definition, enactment and management of security in PAIS that spans from process definition and modeling to process execution and audit.

Selected publications:

  • [PDF] [DOI] M. Leitner, M. Miller, and S. Rinderle-Ma, “An analysis and evaluation of security aspects in the business process model and notation,” in Proceedings of the 8th international conference on availability, reliability and security (ares), 2013, pp. 262-267.
    title = {An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation},
    publisher = {{IEEE}},
    booktitle = {Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES)},
    author = {Leitner, Maria and Miller, Michelle and Rinderle-Ma, Stefanie},
    abstract = {Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.},
    pages = {262-267},
    doi = {10.1109/ARES.2013.34},
    url = {http://dx.doi.org/10.1109/ARES.2013.34},
    pdf = {LeitnerMR_analysis_2013},
    year = {2013}
  • [DOI] M. Leitner and S. Rinderle-Ma, “A systematic review on security in process-aware information systems – constitution, challenges, and future directions,” Information and software technology, vol. 56, iss. 3, p. 273–293, 2014.
    title = {A systematic review on security in Process-Aware Information Systems – Constitution, challenges, and future directions},
    volume = {56},
    issn = {0950-5849},
    url = {http://www.sciencedirect.com/science/article/pii/S0950584913002334},
    doi = {10.1016/j.infsof.2013.12.004},
    number = {3},
    urldate = {2014-01-15},
    journal = {Information and Software Technology},
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    month = mar,
    abstract = {Context
    Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing.
    This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS.
    A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls.
    In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions.
    This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.},
    year = {2014},
    note = {Open Access},
    pages = {273--293}
  • [DOI] S. Kriglstein, M. Leitner, S. Kabicher-Fuchs, and S. Rinderle-Ma, “Evaluation Methods in Process-Aware Information Systems Research with a Perspective on Human Orientation,” Business & information systems engineering, vol. 58, iss. 6, p. 397–414, 2016.
    title = {Evaluation {Methods} in {Process}-{Aware} {Information} {Systems} {Research} with a {Perspective} on {Human} {Orientation}},
    volume = {58},
    issn = {1867-0202},
    url = {http://dx.doi.org/10.1007/s12599-016-0427-3},
    doi = {10.1007/s12599-016-0427-3},
    abstract = {Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.},
    number = {6},
    journal = {Business \& Information Systems Engineering},
    author = {Kriglstein, Simone and Leitner, Maria and Kabicher-Fuchs, Sonja and Rinderle-Ma, Stefanie},
    year = {2016},
    note = {Open Access},
    pages = {397--414}