@article{47296, author = {{Kohno, Tadayoshi and Acar, Yasemin and Loh, Wulf}}, journal = {{CoRR}}, title = {{{Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations}}}, doi = {{10.48550/arXiv.2302.14326}}, volume = {{abs/2302.14326}}, year = {{2023}}, } @inproceedings{47305, author = {{Amft, Sabrina and Höltervennhoff, Sandra and Huaman, Nicolas and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023}}, editor = {{Kelley, Patrick Gage and Kapadia, Apu}}, pages = {{171–190}}, publisher = {{USENIX Association}}, title = {{{"Would You Give the Same Priority to the Bank and a Game? I Do Not!" Exploring Credential Management Strategies and Obstacles during Password Manager Setup}}}, year = {{2023}}, } @inproceedings{47301, author = {{Höltervennhoff, Sandra and Klostermeyer, Philip and Wöhler, Noah and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023}}, editor = {{Calandrino, Joseph A. and Troncoso, Carmela}}, publisher = {{USENIX Association}}, title = {{{"I wouldn’t want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust}}}, year = {{2023}}, } @inproceedings{47298, author = {{Mink, Jaron and Kaur, Harjot and Schmüser, Juliane and Fahl, Sascha and Acar, Yasemin}}, booktitle = {{32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023}}, editor = {{Calandrino, Joseph A. and Troncoso, Carmela}}, publisher = {{USENIX Association}}, title = {{{"Security is not my field, I’m a stats guy": A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry}}}, year = {{2023}}, } @inproceedings{47842, author = {{Fourné, Marcel and Wermke, Dominik and Enck, William and Fahl, Sascha and Acar, Yasemin}}, booktitle = {{2023 IEEE Symposium on Security and Privacy (SP)}}, publisher = {{IEEE}}, title = {{{It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security}}}, doi = {{10.1109/sp46215.2023.10179320}}, year = {{2023}}, } @article{47295, author = {{Amft, Sabrina and Höltervennhoff, Sandra and Huaman, Nicolas and Krause, Alexander and Simko, Lucy and Acar, Yasemin and Fahl, Sascha}}, journal = {{CoRR}}, title = {{{Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication}}}, doi = {{10.48550/arXiv.2306.09708}}, volume = {{abs/2306.09708}}, year = {{2023}}, } @article{47294, author = {{Tran, Mindy and Acar, Yasemin and Cucker, Michel and Enck, William and Kapravelos, Alexandros and Kästner, Christian and Williams, Laurie A.}}, journal = {{CoRR}}, title = {{{S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit}}}, doi = {{10.48550/arXiv.2307.15642}}, volume = {{abs/2307.15642}}, year = {{2023}}, } @article{47293, author = {{Dunlap, Trevor and Acar, Yasemin and Cucker, Michel and Enck, William and Kapravelos, Alexandros and Kästner, Christian and Williams, Laurie A.}}, journal = {{CoRR}}, title = {{{S3C2 Summit 2023-02: Industry Secure Supply Chain Summit}}}, doi = {{10.48550/arXiv.2307.16557}}, volume = {{abs/2307.16557}}, year = {{2023}}, } @article{47292, author = {{Enck, William and Acar, Yasemin and Cukier, Michel and Kapravelos, Alexandros and Kästner, Christian and Williams, Laurie A.}}, journal = {{CoRR}}, title = {{{S3C2 Summit 2023-06: Government Secure Supply Chain Summit}}}, doi = {{10.48550/arXiv.2308.06850}}, volume = {{abs/2308.06850}}, year = {{2023}}, } @inproceedings{47300, author = {{Kohno, Tadayoshi and Acar, Yasemin and Loh, Wulf}}, booktitle = {{32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023}}, editor = {{Calandrino, Joseph A. and Troncoso, Carmela}}, publisher = {{USENIX Association}}, title = {{{Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations}}}, year = {{2023}}, } @inproceedings{47312, author = {{Neil, Lorenzo and Sri Ramulu, Harshini and Acar, Yasemin and Reaves, Bradley}}, booktitle = {{Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023}}, pages = {{283–299}}, publisher = {{USENIX Association}}, title = {{{Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice}}}, year = {{2023}}, } @article{47291, author = {{Klemmer, Jan H. and Gutfleisch, Marco and Stransky, Christian and Acar, Yasemin and Sasse, M. Angela and Fahl, Sascha}}, journal = {{CoRR}}, title = {{{"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication}}}, doi = {{10.48550/arXiv.2309.00744}}, volume = {{abs/2309.00744}}, year = {{2023}}, } @inproceedings{53362, author = {{Amft, Sabrina and Höltervennhoff, Sandra and Huaman, Nicolas and Krause, Alexander and Simko, Lucy and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023}}, editor = {{Meng, Weizhi and Jensen, Christian Damsgaard and Cremers, Cas and Kirda, Engin}}, pages = {{3138–3152}}, publisher = {{ACM}}, title = {{{"We’ve Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments}}}, doi = {{10.1145/3576915.3623180}}, year = {{2023}}, } @inproceedings{49438, author = {{Krüger, Stefan and Reif, Michael and Wickert, Anna-Katharina and Nadi, Sarah and Ali, Karim and Bodden, Eric and Acar, Yasemin and Mezini, Mira and Fahl, Sascha}}, booktitle = {{2023 IEEE Secure Development Conference (SecDev)}}, publisher = {{IEEE}}, title = {{{Securing Your Crypto-API Usage Through Tool Support - A Usability Study}}}, doi = {{10.1109/secdev56634.2023.00015}}, year = {{2023}}, } @article{53368, author = {{Fourné, Marcel and Wermke, Dominik and Fahl, Sascha and Acar, Yasemin}}, journal = {{IEEE Security & Privacy}}, number = {{6}}, pages = {{59–63}}, publisher = {{IEEE}}, title = {{{A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda}}}, volume = {{21}}, year = {{2023}}, } @inproceedings{53366, author = {{Tran, Mindy and Munyendo, Collins W and Sri Ramulu, Harshini and Rodriguez, Rachel Gonzalez and Schnell, Luisa Ball and Sula, Cora and Simko, Lucy and Acar, Yasemin}}, booktitle = {{2024 IEEE Symposium on Security and Privacy (SP)}}, pages = {{4–4}}, title = {{{Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study}}}, year = {{2023}}, } @article{53348, author = {{Fourné, Marcel and Wermke, Dominik and Fahl, Sascha and Acar, Yasemin}}, journal = {{IEEE Secur. Priv.}}, number = {{6}}, pages = {{59–63}}, title = {{{A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda}}}, doi = {{10.1109/MSEC.2023.3316569}}, volume = {{21}}, year = {{2023}}, } @article{53352, author = {{Simko, Lucy and Sri Ramulu, Harshini and Kohno, Tadayoshi and Acar, Yasemin}}, journal = {{Proc. ACM Hum. Comput. Interact.}}, number = {{CSCW2}}, pages = {{1–54}}, title = {{{The Use and Non-Use of Technology During Hurricanes}}}, doi = {{10.1145/3610215}}, volume = {{7}}, year = {{2023}}, } @inproceedings{46500, abstract = {{The security of Industrial Control Systems is relevant both for reliable production system operations and for high-quality throughput in terms of manufactured products. Security measures are designed, operated and maintained by different roles along product and production system lifecycles. Defense-in-Depth as a paradigm builds upon the assumption that breaches are unavoidable. The paper at hand provides an analysis of roles, corresponding Human Factors and their relevance for data theft and sabotage attacks. The resulting taxonomy is reflected by an example related to Additive Manufacturing. The results assist in both designing and redesigning Industrial Control System as part of an entire production system so that Defense-in-Depth with regard to Human Factors is built in by design.}}, author = {{Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}}, booktitle = {{2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}}, keywords = {{Defense-in-Depth, Human Factors, Production Engineering, Product Design, Systems Engineering}}, location = {{Delft, Netherlands}}, pages = {{379--385}}, publisher = {{IEEE}}, title = {{{Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}}}, doi = {{10.1109/eurospw59978.2023.00048}}, year = {{2023}}, } @inproceedings{47289, author = {{Huaman, Nicolas and Krause, Alexander and Wermke, Dominik and Klemmer, Jan H. and Stransky, Christian and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022}}, editor = {{Chiasson, Sonia and Kapadia, Apu}}, pages = {{313–330}}, publisher = {{USENIX Association}}, title = {{{If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers}}}, year = {{2022}}, }