Short BioDr. Maria Leitner

Dr. Maria Leitner is scientist and project manager at AIT Austrian Institute of Technology, Center for Digital Safety & Security in Vienna, Austria. At AIT, she is working in and managing national and international research projects (see projects). Her research interests are identity and access management, situational awareness and ICT security as well as security in process-aware information systems. Maria is also an external lecturer at University of Vienna. She was a visiting researcher at the Center for Cybersecurity and Digital Forensics at Arizona State University in May 2017.

Before AIT, Dr. Leitner has worked at University of Vienna, Faculty of Computer Science, research group Workflow Systems and Technology as teaching and research assistant (between 2010 and 2013). Her research focused on security in process-aware information systems (PAIS), specification, design and modeling of security concepts in business processes as well as compliance and access control management for PAIS. At University of Vienna, she was also actively involved in the administrative committees within the faculty and gave several lectures such as on scientific writing and introduction to programming (see academic services). In 2014, Dr. Leitner worked as a researcher at SBA research, a IT security research cluster in Vienna where she focused on the detection of anomalies in access control systems.

Research interests

Situational awareness, cyber ranges and cyber security exercises

As threats and potential attackers are evolving continuously, modern information systems have to adapt and provide services that keep track of and identify potential threats. This signifies not only being aware (of the current situation and) what potential threats might try to do but also to detect potential misbehavior in order to provide responsive measures. Situational awareness is essential in the civil domain including critical infrastructure providers as well as other organizations. Marias research interests are the provision of methods, tools and environments for efficient the establishment as well as for the interpretation and reaction. Furthermore, training and education in this context will become more important in order to develop adequate skills. Marias research activities aim to establish and create realistic environments and tools (e.g., cyber ranges) that support a diverse training/education for various target groups from beginners to professionals.

Selected publications:

  • T. Pahi, M. Leitner, and F. Skopik, “Data exploitation at large: your way to adequate cyber common operating pictures,” in Proceedings of the 16th european conference on cyber warfare and security, Reading, UK, 2017, p. 307–315.
    address = {Reading, UK},
    title = {Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures},
    isbn = {978-1-911218-43-2},
    booktitle = {Proceedings of the 16th European Conference on Cyber Warfare and Security},
    publisher = {Academic Conferences and Publishing International Limited},
    author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
    month = jun,
    year = {2017},
    keywords = {situational awareness},
    url = {https://books.google.at/books?id=uFA8DwAAQBAJ&lpg=PA307&ots=YSo0jBZqYF&lr&pg=PA307#v=onepage&q&f=false},
    pages = {307--315}
  • [DOI] M. Frank, M. Leitner, and T. Pahi, “Design considerations for cyber security testbeds: a case study on a cyber security testbed for education,” in 2017 ieee 3rd intl conf cyber science and technology congress, Orlando, Florida, 2017, p. 38–46.
    address = {Orlando, Florida},
    title = {Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education},
    publisher = {IEEE},
    doi = {10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23},
    booktitle = {2017 IEEE 3rd Intl Conf Cyber Science and Technology Congress},
    author = {Frank, Maximilian and Leitner, Maria and Pahi, Timea},
    month = nov,
    year = {2017},
    pages = {38--46},
    keywords = {situational awareness}
  • M. Leitner, T. Pahi, and F. Skopik, “Situational awareness for strategic decision making on a national level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed., CRC Press, 2017, p. 225–276.
    title = {Situational Awareness for Strategic Decision Making on a National Level},
    isbn = {978-1-138-03182-1},
    booktitle = {Collaborative {Cyber} {Threat} {Intelligence}},
    publisher = {CRC Press},
    author = {Leitner, Maria and Pahi, Timea and Skopik, Florian},
    editor = {Skopik, Florian},
    keywords = {situational awareness},
    year = {2017},
    url = {https://www.crcpress.com/Collaborative-Cyber-Threat-Intelligence-Detecting-and-Responding-to-Advanced/Skopik/p/book/9781138031821},
    pages = {225--276}

Identity and access management

Ensuring individuals access to resources at the right moment for the adequate purpose is a critical challenge in distributed, heterogeneous and inter-connected environments. As various digital services (such as state-based or third-party) as well as electronic identities (serving different purposes and therefore entail different levels of quality) exist and are emerging, the adequate utilization and application is challenging. Dr. Leitners research centers on methods and tools for the cost-efficient and effective application and use of electronic identities while maintaining a certain level of privacy and security in various domains (e.g., e-government, e-commerce, e-participation). Furthermore, she is also working in the area of adequate application and operation of access control systems in order to prevent threats and detect anomalies.

Selected publications:

  • [DOI] M. Leitner and S. Rinderle-Ma, “Anomaly detection and visualization in rbac models,” in Proceedings of the 19th acm symposium on access control models and technologies (sacmat), New York, NY, USA, 2014, pp. 41-52.
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    title = {Anomaly Detection and Visualization in RBAC Models},
    booktitle = {Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT)},
    address = {New York, NY, USA},
    series = {{SACMAT} '14},
    year = {2014},
    pages = {41-52},
    isbn = {978-1-4503-2939-2},
    url = {http://doi.acm.org/10.1145/2613087.2613105},
    doi = {10.1145/2613087.2613105},
    keywords = {identity management},
    publisher = {{ACM}}
  • [DOI] M. Leitner, A. Bonitz, B. Herzog, W. Hötzendorfer, C. Kenngott, T. Kuhta, O. Terbu, S. Vogl, and S. Zehetbauer, “A versatile, secure and privacy-aware tool for online participation,” in 20th IEEE international enterprise distributed object computing workshop, EDOC workshops 2016, vienna, austria, september 5-9, 2016, Vienna, Austria, 2016.
    address = {Vienna, Austria},
    title = {A versatile, secure and privacy-aware tool for online participation},
    booktitle = {20th {IEEE} International Enterprise Distributed Object Computing Workshop, {EDOC} Workshops 2016, Vienna, Austria, September 5-9, 2016},
    publisher = {IEEE},
    author = {Leitner, Maria and Bonitz, Arndt and Herzog, Bernd and H{\"{o}}tzendorfer, Walter and Kenngott, Christian and Kuhta, Thomas and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
    year = {2016},
    doi = {10.1109/EDOCW.2016.7584342},
    url = {http://dx.doi.org/10.1109/EDOCW.2016.7584342},
    keywords = {e-participation, identity management}
  • [DOI] C. Schuppler, M. Leitner, and S. Rinderle-Ma, “Privacy-aware data assessment of online social network registration processes,” in Proceedings of the eighth acm conference on data and application security and privacy, New York, NY, USA, 2018, p. 167–169.
    address = {New York, NY, USA},
    series = {{CODASPY} '18},
    title = {Privacy-aware Data Assessment of Online Social Network Registration Processes},
    isbn = {978-1-4503-5632-9},
    url = {http://doi.acm.org/10.1145/3176258.3176950},
    doi = {10.1145/3176258.3176950},
    booktitle = {Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy},
    publisher = {ACM},
    author = {Schuppler, Christine and Leitner, Maria and Rinderle-Ma, Stefanie},
    year = {2018},
    keywords = {privacy, identity management},
    note ={Poster},
    pages = {167--169}

Security in process-aware information systems

As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, a holistic integration of security policies in PAIS is essential. Dr. Leitners PhD thesis entitled “Security policy integration and life cycle management in process-aware information systems” aimed at providing an integrated view on security policies in PAIS – thereby providing preventive, detective and reactive security measures in PAIS. Particularly, the security policy life cycle in combination with the business process life cycle was investigated. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. Her research focuses on methods and tools for the definition, enactment and management of security in PAIS that spans from process definition and modeling to process execution and audit.

Selected publications:

  • [DOI] M. Leitner, M. Miller, and S. Rinderle-Ma, “An analysis and evaluation of security aspects in the business process model and notation,” in Proceedings of the 8th international conference on availability, reliability and security (ares), 2013, pp. 262-267.
    title = {An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation},
    publisher = {{IEEE}},
    booktitle = {Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES)},
    author = {Leitner, Maria and Miller, Michelle and Rinderle-Ma, Stefanie},
    pages = {262-267},
    doi = {10.1109/ARES.2013.34},
    url = {http://dx.doi.org/10.1109/ARES.2013.34},
    keywords = {security in PAIS},
    year = {2013}
  • [DOI] M. Leitner and S. Rinderle-Ma, “A systematic review on security in process-aware information systems – constitution, challenges, and future directions,” Information and software technology, vol. 56, iss. 3, p. 273–293, 2014.
    title = {A systematic review on security in Process-Aware Information Systems – Constitution, challenges, and future directions},
    volume = {56},
    issn = {0950-5849},
    url = {http://www.sciencedirect.com/science/article/pii/S0950584913002334},
    doi = {10.1016/j.infsof.2013.12.004},
    number = {3},
    urldate = {2014-01-15},
    journal = {Information and Software Technology},
    author = {Leitner, Maria and Rinderle-Ma, Stefanie},
    month = mar,
    year = {2014},
    note = {Open Access},
    keywords = {security in PAIS},
    pages = {273--293}
  • [DOI] S. Kriglstein, M. Leitner, S. Kabicher-Fuchs, and S. Rinderle-Ma, “Evaluation Methods in Process-Aware Information Systems Research with a Perspective on Human Orientation,” Business & information systems engineering, vol. 58, iss. 6, p. 397–414, 2016.
    title = {Evaluation {Methods} in {Process}-{Aware} {Information} {Systems} {Research} with a {Perspective} on {Human} {Orientation}},
    volume = {58},
    issn = {1867-0202},
    url = {http://dx.doi.org/10.1007/s12599-016-0427-3},
    doi = {10.1007/s12599-016-0427-3},
    abstract = {Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.},
    number = {6},
    journal = {Business \& Information Systems Engineering},
    author = {Kriglstein, Simone and Leitner, Maria and Kabicher-Fuchs, Sonja and Rinderle-Ma, Stefanie},
    year = {2016},
    keywords = {security in PAIS},
    note = {Open Access},
    pages = {397--414}