Dr. Maria Leitner is scientist and project manager at AIT Austrian Institute of Technology, Center for Digital Safety & Security in Vienna, Austria. At AIT, she is working in and managing national and international research projects (see projects). Her research interests are identity and access management, situational awareness and ICT security as well as security in process-aware information systems. Maria is also an external lecturer at University of Vienna. She was a visiting researcher at the Center for Cybersecurity and Digital Forensics at Arizona State University in May 2017.
Before AIT, Dr. Leitner has worked at University of Vienna, Faculty of Computer Science, research group Workflow Systems and Technology as teaching and research assistant (between 2010 and 2013). Her research focused on security in process-aware information systems (PAIS), specification, design and modeling of security concepts in business processes as well as compliance and access control management for PAIS. At University of Vienna, she was also actively involved in the administrative committees within the faculty and gave several lectures such as on scientific writing and introduction to programming (see academic services). In 2014, Dr. Leitner worked as a researcher at SBA research, a IT security research cluster in Vienna where she focused on the detection of anomalies in access control systems.
Situational awareness, cyber ranges and cyber security exercises
As threats and potential attackers are evolving continuously, modern information systems have to adapt and provide services that keep track of and identify potential threats. This signifies not only being aware (of the current situation and) what potential threats might try to do but also to detect potential misbehavior in order to provide responsive measures. Situational awareness is essential in the civil domain including critical infrastructure providers as well as other organizations. Marias research interests are the provision of methods, tools and environments for efficient the establishment as well as for the interpretation and reaction. Furthermore, training and education in this context will become more important in order to develop adequate skills. Marias research activities aim to establish and create realistic environments and tools (e.g., cyber ranges) that support a diverse training/education for various target groups from beginners to professionals.
- T. Pahi, M. Leitner, and F. Skopik, “Data exploitation at large: your way to adequate cyber common operating pictures,” in Proceedings of the 16th european conference on cyber warfare and security, Reading, UK, 2017, p. 307–315. [URL]
- M. Frank, M. Leitner, and T. Pahi, “Design considerations for cyber security testbeds: a case study on a cyber security testbed for education,” in 2017 ieee 3rd intl conf cyber science and technology congress, Orlando, Florida, 2017, p. 38–46.
- M. Leitner, T. Pahi, and F. Skopik, “Situational awareness for strategic decision making on a national level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed., CRC Press, 2017, p. 225–276. [URL]
Identity and access management
Ensuring individuals access to resources at the right moment for the adequate purpose is a critical challenge in distributed, heterogeneous and inter-connected environments. As various digital services (such as state-based or third-party) as well as electronic identities (serving different purposes and therefore entail different levels of quality) exist and are emerging, the adequate utilization and application is challenging. Dr. Leitners research centers on methods and tools for the cost-efficient and effective application and use of electronic identities while maintaining a certain level of privacy and security in various domains (e.g., e-government, e-commerce, e-participation). Furthermore, she is also working in the area of adequate application and operation of access control systems in order to prevent threats and detect anomalies.
- M. Leitner and S. Rinderle-Ma, “Anomaly detection and visualization in rbac models,” in Proceedings of the 19th acm symposium on access control models and technologies (sacmat), New York, NY, USA, 2014, pp. 41-52. [URL]
- M. Leitner, A. Bonitz, B. Herzog, W. Hötzendorfer, C. Kenngott, T. Kuhta, O. Terbu, S. Vogl, and S. Zehetbauer, “A versatile, secure and privacy-aware tool for online participation,” in 20th IEEE international enterprise distributed object computing workshop, EDOC workshops 2016, vienna, austria, september 5-9, 2016, Vienna, Austria, 2016. [URL]
- C. Schuppler, M. Leitner, and S. Rinderle-Ma, “Privacy-aware data assessment of online social network registration processes,” in Proceedings of the eighth acm conference on data and application security and privacy, New York, NY, USA, 2018, p. 167–169. [URL]
Security in process-aware information systems
As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, a holistic integration of security policies in PAIS is essential. Dr. Leitners PhD thesis entitled “Security policy integration and life cycle management in process-aware information systems” aimed at providing an integrated view on security policies in PAIS – thereby providing preventive, detective and reactive security measures in PAIS. Particularly, the security policy life cycle in combination with the business process life cycle was investigated. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. Her research focuses on methods and tools for the definition, enactment and management of security in PAIS that spans from process definition and modeling to process execution and audit.
- M. Leitner, M. Miller, and S. Rinderle-Ma, “An analysis and evaluation of security aspects in the business process model and notation,” in Proceedings of the 8th international conference on availability, reliability and security (ares), 2013, pp. 262-267. [URL]
- M. Leitner and S. Rinderle-Ma, “A systematic review on security in process-aware information systems – constitution, challenges, and future directions,” Information and software technology, vol. 56, iss. 3, p. 273–293, 2014. [URL]
- S. Kriglstein, M. Leitner, S. Kabicher-Fuchs, and S. Rinderle-Ma, “Evaluation Methods in Process-Aware Information Systems Research with a Perspective on Human Orientation,” Business & information systems engineering, vol. 58, iss. 6, p. 397–414, 2016. [URL]