@inproceedings{DBLP:conf/acsac/WermkeHARTF18, author = {Dominik Wermke and Nicolas Huaman and Yasemin Acar and Bradley Reaves and Patrick Traynor and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/acsac/WermkeHARTF18.bib}, booktitle = {Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018}, doi = {10.1145/3274694.3274726}, pages = {222--235}, publisher = {ACM}, title = {A Large Scale Investigation of Obfuscation Use in Google Play}, url = {https://doi.org/10.1145/3274694.3274726}, year = {2018} } @inproceedings{DBLP:conf/ccs/AcerSFFBDBST17, author = {Mustafa Emre Acer and Emily Stark and Adrienne Porter Felt and Sascha Fahl and Radhika Bhargava and Bhanu Dev and Matt Braithwaite and Ryan Sleevi and Parisa Tabriz}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/AcerSFFBDBST17.bib}, booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017}, doi = {10.1145/3133956.3134007}, editor = {Bhavani M. Thuraisingham and David Evans and Tal Malkin and Dongyan Xu}, pages = {1407--1420}, publisher = {ACM}, title = {Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors}, url = {https://doi.org/10.1145/3133956.3134007}, year = {2017} } @inproceedings{DBLP:conf/ccs/DerrBFA017, author = {Erik Derr and Sven Bugiel and Sascha Fahl and Yasemin Acar and Michael Backes}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/DerrBFA017.bib}, booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017}, doi = {10.1145/3133956.3134059}, editor = {Bhavani M. Thuraisingham and David Evans and Tal Malkin and Dongyan Xu}, pages = {2187--2200}, publisher = {ACM}, title = {Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android}, url = {https://doi.org/10.1145/3133956.3134059}, year = {2017} } @inproceedings{DBLP:conf/ccs/FahlAPS14, author = {Sascha Fahl and Yasemin Acar and Henning Perl and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/FahlAPS14.bib}, booktitle = {9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '14, Kyoto, Japan - June 03 - 06, 2014}, doi = {10.1145/2590296.2590341}, editor = {Shiho Moriai and Trent Jaeger and Kouichi Sakurai}, pages = {507--512}, publisher = {ACM}, title = {Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations}, url = {https://doi.org/10.1145/2590296.2590341}, year = {2014} } @inproceedings{DBLP:conf/ccs/FahlDPFSS14, author = {Sascha Fahl and Sergej Dechand and Henning Perl and Felix Fischer and Jaromir Smrcek and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/FahlDPFSS14.bib}, booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014}, doi = {10.1145/2660267.2660311}, editor = {Gail-Joon Ahn and Moti Yung and Ninghui Li}, pages = {1143--1155}, publisher = {ACM}, title = {Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers}, url = {https://doi.org/10.1145/2660267.2660311}, year = {2014} } @inproceedings{DBLP:conf/ccs/FahlHMSBF12, author = {Sascha Fahl and Marian Harbach and Thomas Muders and Matthew Smith and Lars Baumgärtner and Bernd Freisleben}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/FahlHMSBF12.bib}, booktitle = {the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012}, doi = {10.1145/2382196.2382205}, editor = {Ting Yu and George Danezis and Virgil D. Gligor}, pages = {50--61}, publisher = {ACM}, title = {Why eve and mallory love android: an analysis of android SSL (in)security}, url = {https://doi.org/10.1145/2382196.2382205}, year = {2012} } @inproceedings{DBLP:conf/ccs/FahlHPKS13, author = {Sascha Fahl and Marian Harbach and Henning Perl and Markus Koetter and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/FahlHPKS13.bib}, booktitle = {2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013}, doi = {10.1145/2508859.2516655}, editor = {Ahmad-Reza Sadeghi and Virgil D. Gligor and Moti Yung}, pages = {49--60}, publisher = {ACM}, title = {Rethinking SSL development in an appified world}, url = {https://doi.org/10.1145/2508859.2516655}, year = {2013} } @inproceedings{DBLP:conf/ccs/HarbachFMS12, author = {Marian Harbach and Sascha Fahl and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/HarbachFMS12.bib}, booktitle = {the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012}, doi = {10.1145/2382196.2382301}, editor = {Ting Yu and George Danezis and Virgil D. Gligor}, pages = {989--991}, publisher = {ACM}, title = {Towards measuring warning readability}, url = {https://doi.org/10.1145/2382196.2382301}, year = {2012} } @inproceedings{DBLP:conf/ccs/NguyenWA0WF17, author = {Duc Cuong Nguyen and Dominik Wermke and Yasemin Acar and Michael Backes and Charles Weir and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/NguyenWA0WF17.bib}, booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017}, doi = {10.1145/3133956.3133977}, editor = {Bhavani M. Thuraisingham and David Evans and Tal Malkin and Dongyan Xu}, pages = {1065--1077}, publisher = {ACM}, title = {A Stitch in Time: Supporting Android Developers in WritingSecure Code}, url = {https://doi.org/10.1145/3133956.3133977}, year = {2017} } @inproceedings{DBLP:conf/ccs/PerlD0AYRFA15, author = {Henning Perl and Sergej Dechand and Matthew Smith and Daniel Arp and Fabian Yamaguchi and Konrad Rieck and Sascha Fahl and Yasemin Acar}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/PerlD0AYRFA15.bib}, booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015}, doi = {10.1145/2810103.2813604}, editor = {Indrajit Ray and Ninghui Li and Christopher Kruegel}, pages = {426--437}, publisher = {ACM}, title = {VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits}, url = {https://doi.org/10.1145/2810103.2813604}, year = {2015} } @inproceedings{DBLP:conf/ccs/UtzDFSH19, author = {Christine Utz and Martin Degeling and Sascha Fahl and Florian Schaub and Thorsten Holz}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ccs/UtzDFSH19.bib}, booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019}, doi = {10.1145/3319535.3354212}, editor = {Lorenzo Cavallaro and Johannes Kinder and XiaoFeng Wang and Jonathan Katz}, pages = {973--990}, publisher = {ACM}, title = {(Un)informed Consent: Studying GDPR Consent Notices in the Field}, url = {https://doi.org/10.1145/3319535.3354212}, year = {2019} } @inproceedings{DBLP:conf/chi/GorskiAIF20, author = {Peter Leo Gorski and Yasemin Acar and Luigi Lo Iacono and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/chi/GorskiAIF20.bib}, booktitle = {CHI '20: CHI Conference on Human Factors in Computing Systems, Honolulu, HI, USA, April 25-30, 2020}, doi = {10.1145/3313831.3376142}, editor = {Regina Bernhaupt and Florian 'Floyd' Mueller and David Verweij and Josh Andres and Joanna McGrenere and Andy Cockburn and Ignacio Avellino and Alix Goguey and Pernille Bjøn and Shengdong Zhao and Briane Paul Samson and Rafal Kocielnik}, pages = {1--13}, publisher = {ACM}, title = {Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs}, url = {https://doi.org/10.1145/3313831.3376142}, year = {2020} } @inproceedings{DBLP:conf/csfw/HarbachFS14, author = {Marian Harbach and Sascha Fahl and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/csfw/HarbachFS14.bib}, booktitle = {IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19-22 July, 2014}, doi = {10.1109/CSF.2014.15}, pages = {97--110}, publisher = {IEEE Computer Society}, title = {Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness}, url = {https://doi.org/10.1109/CSF.2014.15}, year = {2014} } @inproceedings{DBLP:conf/dest/FahlH012, author = {Sascha Fahl and Marian Harbach and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/dest/FahlH012.bib}, booktitle = {6th IEEE International Conference on Digital Ecosystems and Technologies, DEST 2012, Campione d'Italia, Italy, June 18-20, 2012}, doi = {10.1109/DEST.2012.6227927}, pages = {1--8}, publisher = {IEEE}, title = {Human-centric visual access control for clinical data management}, url = {https://doi.org/10.1109/DEST.2012.6227927}, year = {2012} } @inproceedings{DBLP:conf/fc/FahlHOMS13, author = {Sascha Fahl and Marian Harbach and Marten Oltrogge and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/fc/FahlHOMS13.bib}, booktitle = {Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers}, doi = {10.1007/978-3-642-39884-1_12}, editor = {Ahmad-Reza Sadeghi}, pages = {144--161}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, title = {Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers}, url = {https://doi.org/10.1007/978-3-642-39884-1_12}, volume = {7859}, year = {2013} } @inproceedings{DBLP:conf/fc/HarbachFYS13, author = {Marian Harbach and Sascha Fahl and Polina Yakovleva and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/fc/HarbachFYS13.bib}, booktitle = {Financial Cryptography and Data Security - FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers}, doi = {10.1007/978-3-642-41320-9_7}, editor = {Andrew A. Adams and Michael Brenner and Matthew Smith}, pages = {94--111}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, title = {Sorry, I Don't Get It: An Analysis of Warning Message Texts}, url = {https://doi.org/10.1007/978-3-642-41320-9_7}, volume = {7862}, year = {2013} } @inproceedings{DBLP:conf/fc/PerlFS14, author = {Henning Perl and Sascha Fahl and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/fc/PerlFS14.bib}, booktitle = {Financial Cryptography and Data Security - 18th International Conference, FC 2014, Christ Church, Barbados, March 3-7, 2014, Revised Selected Papers}, doi = {10.1007/978-3-662-45472-5_20}, editor = {Nicolas Christin and Reihaneh Safavi-Naini}, pages = {307--315}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, title = {You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores}, url = {https://doi.org/10.1007/978-3-662-45472-5_20}, volume = {8437}, year = {2014} } @inproceedings{DBLP:conf/ht/FahlHMS12, author = {Sascha Fahl and Marian Harbach and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ht/FahlHMS12.bib}, booktitle = {23rd ACM Conference on Hypertext and Social Media, HT '12, Milwaukee, WI, USA, June 25-28, 2012}, doi = {10.1145/2309996.2310022}, editor = {Ethan V. Munson and Markus Strohmaier}, pages = {145--154}, publisher = {ACM}, title = {TrustSplit: usable confidentiality for social network messaging}, url = {https://doi.org/10.1145/2309996.2310022}, year = {2012} } @inproceedings{conf/oakland/gutfleisch22, author = {Marco Gutfleisch and Jan H. Klemmer and Niklas Busch and Yasemin Acar and M. Angela Sasse and Sascha Fahl}, booktitle = {43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 22-26, 2022}, month = {May}, preprint = {https://publications.teamusec.de/2022-oakland-usec-in-sdps/pdf/conf-oakland-gutfleisch22-preprint.pdf}, publisher = {IEEE Computer Society}, title = {How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study}, year = {2022} } @inproceedings{conf/oakland/huaman21, author = {Nicolas Huaman and Sabrina Amft and Marten Oltrogge and Yasemin Acar and Sascha Fahl}, booktitle = {42nd IEEE Symposium on Security and Privacy, IEEE S&P 2021, May 24-27, 2021}, month = {Mar}, publisher = {IEEE Computer Society}, title = {They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites}, url = {https://www.ieee-security.org/TC/SP2021/program-papers.html}, year = {2021} } @inproceedings{conf/oakland/stransky22, author = {Christian Stransky and Oliver Wiese and Volker Roth and Yasemin Acar and Sascha Fahl}, booktitle = {43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 22-26, 2022}, month = {May}, preprint = {https://publications.teamusec.de/2022-oakland-email/pdf/2022_oakland_email_stransky_preprint.pdf}, publisher = {IEEE Computer Society}, title = {27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University}, year = {2022} } @inproceedings{conf/oakland/wermke22, author = {Dominik Wermke and Noah Wöhler and Jan H. Klemmer and Marcel Fourné and Yasemin Acar and Sascha Fahl}, booktitle = {43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 22-26, 2022}, month = {May}, publisher = {IEEE Computer Society}, title = {Commited to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects}, year = {2022} } @inproceedings{DBLP:conf/pdp/SchmidtFSF11, author = {Matthias Schmidt and Sascha Fahl and Roland Schwarzkopf and Bernd Freisleben}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/pdp/SchmidtFSF11.bib}, booktitle = {Proceedings of the 19th International Euromicro Conference on Parallel, Distributed and Network-based Processing, PDP 2011, Ayia Napa, Cyprus, 9-11 February 2011}, doi = {10.1109/PDP.2011.44}, editor = {Yiannis Cotronis and Marco Danelutto and George Angelos Papadopoulos}, pages = {635--639}, publisher = {IEEE Computer Society}, title = {TrustBox: A Security Architecture for Preventing Data Breaches}, url = {https://doi.org/10.1109/PDP.2011.44}, year = {2011} } @inproceedings{DBLP:conf/pet/HarbachFRS13, author = {Marian Harbach and Sascha Fahl and Matthias Rieger and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/pet/HarbachFRS13.bib}, booktitle = {Privacy Enhancing Technologies - 13th International Symposium, PETS 2013, Bloomington, IN, USA, July 10-12, 2013. Proceedings}, doi = {10.1007/978-3-642-39077-7_13}, editor = {Emiliano De Cristofaro and Matthew K. Wright}, pages = {245--264}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, title = {On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards}, url = {https://doi.org/10.1007/978-3-642-39077-7_13}, volume = {7981}, year = {2013} } @inproceedings{DBLP:conf/pst/HarbachFBMS12, author = {Marian Harbach and Sascha Fahl and Michael Brenner and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/pst/HarbachFBMS12.bib}, booktitle = {Tenth Annual International Conference on Privacy, Security and Trust, PST 2012, Paris, France, July 16-18, 2012}, doi = {10.1109/PST.2012.6297915}, editor = {Nora Cuppens-Boulahia and Philip Fong and Joaquín García-Alfaro and Stephen Marsh and Jan-Philipp Steghöfer}, pages = {17--24}, publisher = {IEEE Computer Society}, title = {Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions}, url = {https://doi.org/10.1109/PST.2012.6297915}, year = {2012} } @inproceedings{DBLP:conf/secdev/AcarFM16, author = {Yasemin Acar and Sascha Fahl and Michelle L. Mazurek}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/secdev/AcarFM16.bib}, booktitle = {IEEE Cybersecurity Development, SecDev 2016, Boston, MA, USA, November 3-4, 2016}, doi = {10.1109/SecDev.2016.013}, pages = {3--8}, publisher = {IEEE Computer Society}, title = {You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users}, url = {https://doi.org/10.1109/SecDev.2016.013}, year = {2016} } @inproceedings{DBLP:conf/secdev/AcarSWWMF17, author = {Yasemin Acar and Christian Stransky and Dominik Wermke and Charles Weir and Michelle L. Mazurek and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/secdev/AcarSWWMF17.bib}, booktitle = {IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, September 24-26, 2017}, doi = {10.1109/SecDev.2017.17}, pages = {22--26}, publisher = {IEEE Computer Society}, title = {Developers Need Support, Too: A Survey of Security Advice for Software Developers}, url = {https://doi.org/10.1109/SecDev.2017.17}, year = {2017} } @inproceedings{DBLP:conf/soups/AcarSWMF17, author = {Yasemin Acar and Christian Stransky and Dominik Wermke and Michelle L. Mazurek and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/soups/AcarSWMF17.bib}, booktitle = {Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017}, pages = {81--95}, publisher = {USENIX Association}, title = {Security Developer Studies with GitHub Users: Exploring a Convenience Sample}, url = {https://www.usenix.org/conference/soups2017/technical-sessions/presentation/acar}, year = {2017} } @inproceedings{DBLP:conf/soups/FahlHAS13, author = {Sascha Fahl and Marian Harbach and Yasemin Acar and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/soups/FahlHAS13.bib}, booktitle = {Symposium On Usable Privacy and Security, SOUPS '13, Newcastle, United Kingdom, July 24-26, 2013}, doi = {10.1145/2501604.2501617}, editor = {Lujo Bauer and Konstantin Beznosov and Lorrie Faith Cranor}, pages = {13:1--13:13}, publisher = {ACM}, title = {On the ecological validity of a password study}, url = {https://doi.org/10.1145/2501604.2501617}, year = {2013} } @inproceedings{DBLP:conf/soups/FahlHMSS12, author = {Sascha Fahl and Marian Harbach and Thomas Muders and Matthew Smith and Uwe Sander}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/soups/FahlHMSS12.bib}, booktitle = {Symposium On Usable Privacy and Security, SOUPS '12, Washington, DC, USA - July 11 - 13, 2012}, doi = {10.1145/2335356.2335371}, editor = {Lorrie Faith Cranor}, pages = {11}, publisher = {ACM}, title = {Helping Johnny 2.0 to encrypt his Facebook conversations}, url = {https://doi.org/10.1145/2335356.2335371}, year = {2012} } @inproceedings{DBLP:conf/soups/GorskiIWSMAF18, author = {Peter Leo Gorski and Luigi Lo Iacono and Dominik Wermke and Christian Stransky and Sebastian Möller and Yasemin Acar and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/soups/GorskiIWSMAF18.bib}, booktitle = {Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018}, editor = {Mary Ellen Zurko and Heather Richter Lipford}, pages = {265--281}, publisher = {USENIX Association}, title = {Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse}, url = {https://www.usenix.org/conference/soups2018/presentation/gorski}, year = {2018} } @inproceedings{conf/soups/haering21, author = {Maximilian Häring and Eva Gerlitz and Christian Tiefenau and Matthew Smith and Dominik Wermke and Sascha Fahl and Yasemin Acar}, booktitle = {Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, isbn = {978-1-939133-25-0}, month = {Aug}, pages = {77--98}, publisher = {USENIX Association}, title = {Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany}, url = {https://www.usenix.org/conference/soups2021/presentation/acar}, year = {2021} } @inproceedings{conf/soups/huaman22, address = {Boston, MA}, author = {Nicolas Huaman and Alexander Krause and Dominik Wermke and Jan H. Klemmer and Christian Stransky and Yasemin Acar and Sascha Fahl}, booktitle = {Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston MA, USA, August 8-9, 2022}, month = {Aug}, publisher = {USENIX Association}, title = {If You Can\textquoterightt Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers}, url = {https://www.usenix.org/conference/soups2022/presentation/huaman}, year = {2022} } @inproceedings{conf/soups/stransky21, author = {Christian Stransky and Dominik Wermke and Johanna Schrader and Nicolas Huaman and Yasemin Acar and Anna Lena Fehlhaber and Miranda Wei and Blase Ur and Sascha Fahl}, booktitle = {Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, isbn = {978-1-939133-25-0}, month = {Aug}, pages = {437--454}, publisher = {USENIX Association}, title = {On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security}, url = {https://www.usenix.org/conference/soups2021/presentation/stransky}, year = {2021} } @inproceedings{conf/soups/wermke20, author = {Dominik Wermke and Christian Stransky and Nicolas Huaman and Niklas Busch and Yasemin Acar and Sascha Fahl}, booktitle = {Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 12-14, 2020}, month = {Aug}, title = {Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites}, url = {https://www.usenix.org/conference/soups2020/presentation/wermke}, year = {2020} } @inproceedings{DBLP:conf/soups/WermkeHSBAF20, author = {Dominik Wermke and Nicolas Huaman and Christian Stransky and Niklas Busch and Yasemin Acar and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/soups/WermkeHSBAF20.bib}, booktitle = {Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020}, editor = {Heather Richter Lipford and Sonia Chiasson}, pages = {359--377}, publisher = {USENIX Association}, title = {Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites}, url = {https://www.usenix.org/conference/soups2020/presentation/wermke}, year = {2020} } @inproceedings{DBLP:conf/sp/Acar0BFM016, author = {Yasemin Acar and Michael Backes and Sven Bugiel and Sascha Fahl and Patrick D. McDaniel and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/Acar0BFM016.bib}, booktitle = {IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016}, doi = {10.1109/SP.2016.33}, pages = {433--451}, publisher = {IEEE Computer Society}, title = {SoK: Lessons Learned from Android Security Research for Appified Software Platforms}, url = {https://doi.org/10.1109/SP.2016.33}, year = {2016} } @inproceedings{DBLP:conf/sp/Acar0FGKMS17, author = {Yasemin Acar and Michael Backes and Sascha Fahl and Simson L. Garfinkel and Doowon Kim and Michelle L. Mazurek and Christian Stransky}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/Acar0FGKMS17.bib}, booktitle = {2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017}, doi = {10.1109/SP.2017.52}, pages = {154--171}, publisher = {IEEE Computer Society}, title = {Comparing the Usability of Cryptographic APIs}, url = {https://doi.org/10.1109/SP.2017.52}, year = {2017} } @inproceedings{DBLP:conf/sp/AcarBFKMS16, author = {Yasemin Acar and Michael Backes and Sascha Fahl and Doowon Kim and Michelle L. Mazurek and Christian Stransky}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/AcarBFKMS16.bib}, booktitle = {IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016}, doi = {10.1109/SP.2016.25}, pages = {289--305}, publisher = {IEEE Computer Society}, title = {You Get Where You're Looking for: The Impact of Information Sources on Code Security}, url = {https://doi.org/10.1109/SP.2016.25}, year = {2016} } @inproceedings{DBLP:conf/sp/FischerBXSA0F17, author = {Felix Fischer and Konstantin Böttinger and Huang Xiao and Christian Stransky and Yasemin Acar and Michael Backes and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/FischerBXSA0F17.bib}, booktitle = {2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017}, doi = {10.1109/SP.2017.31}, pages = {121--136}, publisher = {IEEE Computer Society}, title = {Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security}, url = {https://doi.org/10.1109/SP.2017.31}, year = {2017} } @inproceedings{DBLP:conf/sp/OltroggeDSAFRPB18, author = {Marten Oltrogge and Erik Derr and Christian Stransky and Yasemin Acar and Sascha Fahl and Christian Rossow and Giancarlo Pellegrino and Sven Bugiel and Michael Backes}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/OltroggeDSAFRPB18.bib}, booktitle = {2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA}, doi = {10.1109/SP.2018.00005}, pages = {634--647}, publisher = {IEEE Computer Society}, title = {The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators}, url = {https://doi.org/10.1109/SP.2018.00005}, year = {2018} } @inproceedings{DBLP:conf/sp/UngerDBFPG015, author = {Nik Unger and Sergej Dechand and Joseph Bonneau and Sascha Fahl and Henning Perl and Ian Goldberg and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/sp/UngerDBFPG015.bib}, booktitle = {2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015}, doi = {10.1109/SP.2015.22}, pages = {232--249}, publisher = {IEEE Computer Society}, title = {SoK: Secure Messaging}, url = {https://doi.org/10.1109/SP.2015.22}, year = {2015} } @inproceedings{DBLP:conf/trustcom/FahlHMS12, author = {Sascha Fahl and Marian Harbach and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/trustcom/FahlHMS12.bib}, booktitle = {11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012, Liverpool, United Kingdom, June 25-27, 2012}, doi = {10.1109/TrustCom.2012.112}, editor = {Geyong Min and Yulei Wu and Lei (Chris) Liu and Xiaolong Jin and Stephen A. Jarvis and Ahmed Yassin Al-Dubai}, pages = {153--162}, publisher = {IEEE Computer Society}, title = {Confidentiality as a Service - Usable Security for the Cloud}, url = {https://doi.org/10.1109/TrustCom.2012.112}, year = {2012} } @inproceedings{conf/usec/busse19, author = {Karoline Busse and Dominik Wermke and Sabrina Amft and Sascha Fahl and Emanuel von Zezschwitz and Matthew Smith}, booktitle = {Proceedings of the 2019 Workshop on Usable Security (USEC), USEC 2019, San Diego, CA, USA, February 24, 2019}, doi = {10.14722/usec.2019.23001}, month = {Feb}, title = {Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies}, url = {https://dx.doi.org/10.14722/usec.2019.23001}, year = {2019} } @inproceedings{conf/usenix/huaman21, author = {Nicolas Huaman and Bennet von Skarczinski and Dominik Wermke and Christian Stransky and Yasemin Acar and Arne Dreißigacker and Sascha Fahl}, booktitle = {In 30th USENIX Security Symposium, USENIX Security '21, Vancouver, B.C., Canada, August 11-13, 2021}, month = {Aug}, publisher = {USENIX Association}, title = {A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/huaman}, year = {2021} } @inproceedings{conf/usenix/kaur22, author = {Harjot Kaur and Sabrina Amft and Daniel Votipka and Yasemin Acar and Sascha Fahl}, booktitle = {In 31st USENIX Security Symposium, USENIX Security '22, Boston MA, USA, August 10-12, 2022}, month = {Aug}, publisher = {USENIX Association}, title = {Where to Recruit for Security Development Studies from: Comparing Six Software Developer Samples}, url = {https://www.usenix.org/conference/usenixsecurity22/summer-accepted-papers}, year = {2022} } @inproceedings{conf/usenix/oltrogge21, author = {Marten Oltrogge and Nicolas Huaman and Sabrina Amft and Yasemin Acar and Michael Backes and Sascha Fahl}, booktitle = {In 30th USENIX Security Symposium, USENIX Security '21, Vancouver, B.C., Canada, August 11-13, 2021}, month = {Aug}, publisher = {USENIX Association}, title = {Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/oltrogge}, year = {2021} } @inproceedings{DBLP:conf/uss/DechandSBAF016, author = {Sergej Dechand and Dominik Schürmann and Karoline Busse and Yasemin Acar and Sascha Fahl and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/uss/DechandSBAF016.bib}, booktitle = {25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016}, editor = {Thorsten Holz and Stefan Savage}, pages = {193--208}, publisher = {USENIX Association}, title = {An Empirical Study of Textual Key-Fingerprint Representations}, url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/dechand}, year = {2016} } @inproceedings{DBLP:conf/uss/LyastaniSF0B18, author = {Sanam Ghorbani Lyastani and Michael Schilling and Sascha Fahl and Michael Backes and Sven Bugiel}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/uss/LyastaniSF0B18.bib}, booktitle = {27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018}, editor = {William Enck and Adrienne Porter Felt}, pages = {203--220}, publisher = {USENIX Association}, title = {Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse}, url = {https://www.usenix.org/conference/usenixsecurity18/presentation/lyastani}, year = {2018} } @inproceedings{DBLP:conf/uss/OltroggeAD0F15, author = {Marten Oltrogge and Yasemin Acar and Sergej Dechand and Matthew Smith and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/uss/OltroggeAD0F15.bib}, booktitle = {24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015}, editor = {Jaeyeon Jung and Thorsten Holz}, pages = {239--254}, publisher = {USENIX Association}, title = {To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections}, url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/oltrogge}, year = {2015} } @inproceedings{DBLP:conf/uss/StranskyANWKR0G17, author = {Christian Stransky and Yasemin Acar and Duc Cuong Nguyen and Dominik Wermke and Doowon Kim and Elissa M. Redmiles and Michael Backes and Simson L. Garfinkel and Michelle L. Mazurek and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/uss/StranskyANWKR0G17.bib}, booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017}, editor = {José M. Fernandez and Mathias Payer}, publisher = {USENIX Association}, title = {Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers}, url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/stransky}, year = {2017} } @inproceedings{DBLP:conf/uss/WeirHF20, author = {Charles Weir and Ben Hermann and Sascha Fahl}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/uss/WeirHF20.bib}, booktitle = {29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020}, editor = {Srdjan Capkun and Franziska Roesner}, pages = {289--305}, publisher = {USENIX Association}, title = {From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/weir}, year = {2020} } @inproceedings{DBLP:conf/www/HarbachFMS12, author = {Marian Harbach and Sascha Fahl and Thomas Muders and Matthew Smith}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/www/HarbachFMS12.bib}, booktitle = {Proceedings of the 21st World Wide Web Conference, WWW 2012, Lyon, France, April 16-20, 2012 (Companion Volume)}, doi = {10.1145/2187980.2188106}, editor = {Alain Mille and Fabien Gandon and Jacques Misselis and Michael Rabinovich and Steffen Staab}, pages = {519--520}, publisher = {ACM}, title = {All our messages are belong to us: usable confidentiality in social networks}, url = {https://doi.org/10.1145/2187980.2188106}, year = {2012} } @inproceedings{DBLP:conf/www/WuGWAFU18, author = {Yuxi Wu and Panya Gupta and Miranda Wei and Yasemin Acar and Sascha Fahl and Blase Ur}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/www/WuGWAFU18.bib}, booktitle = {Proceedings of the 2018 World Wide Web Conference on World Wide Web, WWW 2018, Lyon, France, April 23-27, 2018}, doi = {10.1145/3178876.3186088}, editor = {Pierre-Antoine Champin and Fabien Gandon and Mounia Lalmas and Panagiotis G. Ipeirotis}, pages = {217--226}, publisher = {ACM}, title = {Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode}, url = {https://doi.org/10.1145/3178876.3186088}, year = {2018} } @article{journals/icom/BusseAHZ19, author = {Karoline Busse and Sabrina Amft and Daniel Hecker and Emanuel von Zezschwitz}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/journals/icom/BusseAHZ19.bib}, doi = {10.1515/icom-2019-0012}, journal = {i-com}, month = {Nov}, number = {3}, pages = {217--236}, preprint = {https://arxiv.org/abs/1910.07269}, title = {"Get a Free Item Pack with Every Activation!"}, url = {https://doi.org/10.1515/icom-2019-0012}, volume = {18}, year = {2019} } @article{DBLP:journals/ieeesp/AcarBFKMS17, author = {Yasemin Acar and Michael Backes and Sascha Fahl and Doowon Kim and Michelle L. Mazurek and Christian Stransky}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/journals/ieeesp/AcarBFKMS17.bib}, doi = {10.1109/MSP.2017.24}, journal = {IEEE Secur. Priv.}, number = {2}, pages = {50--60}, title = {How Internet Resources Might Be Helping You Develop Faster but Less Securely}, url = {https://doi.org/10.1109/MSP.2017.24}, volume = {15}, year = {2017} } @misc{poster/eurosp/acar16a, author = {Yasemin Acar and Michael Backes and Sascha Fahl and Maximilian Koch and Christian Stransky}, howpublished = {In 1st IEEE European Symposium on Security and Privacy, IEEE EuroS&P 2016, Saarbrücken, Germany, March 21-24, 2016}, month = {March}, title = {Towards Ecological Validity for Password Alternative User Studies}, url = {https://www.ieee-security.org/TC/EuroSP2016/posters/number17.pdf}, year = {2016} } @misc{poster/eurosp/acar16b, author = {Yasemin Acar and Michael Backes and Sascha Fahl and Christian Stransky}, howpublished = {In 1st IEEE European Symposium on Security and Privacy, IEEE EuroS&P 2016, Saarbrücken, Germany, March 21-24, 2016}, month = {March}, title = {When Laziness Snaps Back – The Impact of Code Generators on App (In)Security}, url = {https://www.ieee-security.org/TC/EuroSP2016/posters/number16.pdf}, year = {2016} } @misc{poster/ndss/wermke19a, author = {Dominik Wermke and Nicolas Huaman and Christian Stransky and Yasemin Acar and Sascha Fahl}, howpublished = {In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019}, month = {Feb}, title = {Project Leine - A Virtualized Study Infrastructure}, url = {https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019posters_paper_41.pdf}, year = {2019} } @misc{poster/ndss/wermke19b, author = {Dominik Wermke and Nicolas Huaman and Yasemin Acar and Bradley Reaves and Patrick Traynor and Sascha Fahl}, howpublished = {In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019}, month = {Feb}, title = {A Large Scale Investigation of Obfuscation Use in Google Play}, url = {https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019posters_paper_40.pdf}, year = {2019} } @misc{poster/oakland/fehlhaber20, author = {Anna Lena Fehlhaber and Marco Gutfleisch and Daniel Theis and Florian Wallkoetter and Yasemin Acar and Sascha Fahl}, howpublished = {In 41st IEEE Symposium on Security and Privacy, IEEE S&P 2020, May 18-20, 2020}, month = {May}, title = {Poster: When Brave Hurts Privacy: Why Too Many Choices do More Harm Than Good}, url = {https://www.ieee-security.org/TC/SP2020/program-posters.html}, year = {2020} } @misc{poster/oakland/wermke20, author = {Dominik Wermke and Christian Stransky and Nicolas Huaman and Niklas Busch and Alexander Krause and Yasemin Acar and Sascha Fahl}, howpublished = {In 41st IEEE Symposium on Security and Privacy, IEEE S&P 2020, May 18-20, 2020}, month = {May}, title = {Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications}, url = {https://www.ieee-security.org/TC/SP2020/program-posters.html}, year = {2020} } @misc{poster/soups/busse18, author = {Karoline Busse and Dominik Wermke and Sabrina Amft and Sascha Fahl and Emanuel von Zezschwitz and Matthew Smith}, howpublished = {In Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018}, month = {Aug}, title = {Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies}, url = {https://www.usenix.org/sites/default/files/soups2018posters-busse.pdf}, year = {2018} } @misc{poster/soups/huaman21a, author = {Nicolas Huaman and Alexander Krause and Bennet von Skarczinski and Christian Stransky and Dominik Wermke and Yasemin Acar and Arne Dreißigacker and Sascha Fahl}, howpublished = {In Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, month = {Aug}, publisher = {USENIX Association}, title = {Poster: Cybercrime in Small and Medium-sized Enterprises}, url = {https://www.usenix.org/conference/soups2021/presentation/huaman-cybercrime}, year = {2021} } @misc{poster/soups/huaman21b, author = {Nicolas Huaman and Sabrina Amft and Marten Oltrogge and Yasemin Acar and Sascha Fahl}, howpublished = {In Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, month = {Aug}, publisher = {USENIX Association}, title = {Poster: They Would do Better if They Worked Together The Case of Interaction Problems Between Password Managers and Websites}, url = {https://www.usenix.org/conference/soups2021/presentation/huaman-interaction}, year = {2021} } @misc{poster/sp/gorski18, author = {Peter Leo Gorski and Luigi Lo Iacono and Yasemin Acar and Sebastian Moeller and Christian Stransky and Sascha Fahl}, howpublished = {In 39th IEEE Symposium on Security and Privacy, IEEE S&P 2018, San Francisco, CA, USA, May 21-23, 2018}, month = {May}, title = {On the Effect of Security Warnings on Cryptographic API Misuse}, url = {https://www.ieee-security.org/TC/SP2018/poster-abstracts/oakland2018-paper51-poster-abstract.pdf}, year = {2018} } @misc{poster/usenix/stransky19, author = {Christian Stransky and Dominik Wermke and Johanna Schrader and Nicolas Huaman and Anna Lena Fehlhaber and Yasemin Acar and Sascha Fahl}, howpublished = {In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019}, month = {Sep}, title = {Towards Understanding the WhatsApp Dilemma}, url = {https://www.usenix.org/conference/usenixsecurity19/poster-session}, year = {2019} }