@article{53368, author = {{Fourné, Marcel and Wermke, Dominik and Fahl, Sascha and Acar, Yasemin}}, journal = {{IEEE Security & Privacy}}, number = {{6}}, pages = {{59–63}}, publisher = {{IEEE}}, title = {{{A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda}}}, volume = {{21}}, year = {{2023}}, } @inproceedings{53366, author = {{Tran, Mindy and Munyendo, Collins W and Sri Ramulu, Harshini and Rodriguez, Rachel Gonzalez and Schnell, Luisa Ball and Sula, Cora and Simko, Lucy and Acar, Yasemin}}, booktitle = {{2024 IEEE Symposium on Security and Privacy (SP)}}, pages = {{4–4}}, title = {{{Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study}}}, year = {{2023}}, } @article{53348, author = {{Fourné, Marcel and Wermke, Dominik and Fahl, Sascha and Acar, Yasemin}}, journal = {{IEEE Secur. Priv.}}, number = {{6}}, pages = {{59–63}}, title = {{{A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda}}}, doi = {{10.1109/MSEC.2023.3316569}}, volume = {{21}}, year = {{2023}}, } @article{53352, author = {{Simko, Lucy and Sri Ramulu, Harshini and Kohno, Tadayoshi and Acar, Yasemin}}, journal = {{Proc. ACM Hum. Comput. Interact.}}, number = {{CSCW2}}, pages = {{1–54}}, title = {{{The Use and Non-Use of Technology During Hurricanes}}}, doi = {{10.1145/3610215}}, volume = {{7}}, year = {{2023}}, } @inproceedings{46500, abstract = {{The security of Industrial Control Systems is relevant both for reliable production system operations and for high-quality throughput in terms of manufactured products. Security measures are designed, operated and maintained by different roles along product and production system lifecycles. Defense-in-Depth as a paradigm builds upon the assumption that breaches are unavoidable. The paper at hand provides an analysis of roles, corresponding Human Factors and their relevance for data theft and sabotage attacks. The resulting taxonomy is reflected by an example related to Additive Manufacturing. The results assist in both designing and redesigning Industrial Control System as part of an entire production system so that Defense-in-Depth with regard to Human Factors is built in by design.}}, author = {{Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}}, booktitle = {{2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}}, keywords = {{Defense-in-Depth, Human Factors, Production Engineering, Product Design, Systems Engineering}}, location = {{Delft, Netherlands}}, pages = {{379--385}}, publisher = {{IEEE}}, title = {{{Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}}}, doi = {{10.1109/eurospw59978.2023.00048}}, year = {{2023}}, } @inproceedings{47289, author = {{Huaman, Nicolas and Krause, Alexander and Wermke, Dominik and Klemmer, Jan H. and Stransky, Christian and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022}}, editor = {{Chiasson, Sonia and Kapadia, Apu}}, pages = {{313–330}}, publisher = {{USENIX Association}}, title = {{{If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers}}}, year = {{2022}}, } @inproceedings{47844, author = {{Jancar, Jan and Fourné, Marcel and Braga, Daniel De Almeida and Sabt, Mohamed and Schwabe, Peter and Barthe, Gilles and Fouque, Pierre-Alain and Acar, Yasemin}}, booktitle = {{2022 IEEE Symposium on Security and Privacy (SP)}}, publisher = {{IEEE}}, title = {{{“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks}}}, doi = {{10.1109/sp46214.2022.9833713}}, year = {{2022}}, } @inproceedings{47286, author = {{Gutfleisch, Marco and Klemmer, Jan H. and Busch, Niklas and Acar, Yasemin and Sasse, M. Angela and Fahl, Sascha}}, booktitle = {{43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022}}, pages = {{893–910}}, publisher = {{IEEE}}, title = {{{How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study}}}, doi = {{10.1109/SP46214.2022.9833756}}, year = {{2022}}, } @inproceedings{47287, author = {{Stransky, Christian and Wiese, Oliver and Roth, Volker and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022}}, pages = {{860–875}}, publisher = {{IEEE}}, title = {{{27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University}}}, doi = {{10.1109/SP46214.2022.9833755}}, year = {{2022}}, } @inproceedings{47283, author = {{Kaur, Harjot and Amft, Sabrina and Votipka, Daniel and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022}}, editor = {{Butler, Kevin R. B. and Thomas, Kurt}}, pages = {{4041–4058}}, publisher = {{USENIX Association}}, title = {{{Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples}}}, year = {{2022}}, } @article{47290, author = {{Huaman, Nicolas and Amft, Sabrina and Oltrogge, Marten and Acar, Yasemin and Fahl, Sascha}}, journal = {{IEEE Secur. Priv.}}, number = {{2}}, pages = {{49–60}}, title = {{{They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web}}}, doi = {{10.1109/MSEC.2021.3123795}}, volume = {{20}}, year = {{2022}}, } @inproceedings{47843, author = {{Wermke, Dominik and Wohler, Noah and Klemmer, Jan H. and Fourné, Marcel and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{2022 IEEE Symposium on Security and Privacy (SP)}}, publisher = {{IEEE}}, title = {{{Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects}}}, doi = {{10.1109/sp46214.2022.9833686}}, year = {{2022}}, } @inproceedings{47288, author = {{Jancar, Jan and Fourné, Marcel and Braga, Daniel De Almeida and Sabt, Mohamed and Schwabe, Peter and Barthe, Gilles and Fouque, Pierre-Alain and Acar, Yasemin}}, booktitle = {{43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022}}, pages = {{632–649}}, publisher = {{IEEE}}, title = {{{"They’re not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks}}}, doi = {{10.1109/SP46214.2022.9833713}}, year = {{2022}}, } @inproceedings{47285, author = {{Wermke, Dominik and Wöhler, Noah and Klemmer, Jan H. and Fourné, Marcel and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022}}, pages = {{1880–1896}}, publisher = {{IEEE}}, title = {{{Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects}}}, doi = {{10.1109/SP46214.2022.9833686}}, year = {{2022}}, } @inproceedings{47284, author = {{Munyendo, Collins W. and Acar, Yasemin and Aviv, Adam J.}}, booktitle = {{43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022}}, pages = {{2304–2319}}, publisher = {{IEEE}}, title = {{{"Desperate Times Call for Desperate Measures": User Concerns with Mobile Loan Apps in Kenya}}}, doi = {{10.1109/SP46214.2022.9833779}}, year = {{2022}}, } @article{47281, author = {{Krause, Alexander and Klemmer, Jan H. and Huaman, Nicolas and Wermke, Dominik and Acar, Yasemin and Fahl, Sascha}}, journal = {{CoRR}}, title = {{{Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories}}}, doi = {{10.48550/arXiv.2211.06213}}, volume = {{abs/2211.06213}}, year = {{2022}}, } @inproceedings{47265, author = {{Huaman, Nicolas and von Skarczinski, Bennet and Stransky, Christian and Wermke, Dominik and Acar, Yasemin and Dreißigacker, Arne and Fahl, Sascha}}, booktitle = {{30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021}}, editor = {{Bailey, Michael and Greenstadt, Rachel}}, pages = {{1235–1252}}, publisher = {{USENIX Association}}, title = {{{A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises}}}, year = {{2021}}, } @inproceedings{47268, author = {{Stransky, Christian and Wermke, Dominik and Schrader, Johanna and Huaman, Nicolas and Acar, Yasemin and Fehlhaber, Anna Lena and Wei, Miranda and Ur, Blase and Fahl, Sascha}}, booktitle = {{Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}}, editor = {{Chiasson, Sonia}}, pages = {{437–454}}, publisher = {{USENIX Association}}, title = {{{On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security}}}, year = {{2021}}, } @inproceedings{47267, author = {{Huaman, Nicolas and Amft, Sabrina and Oltrogge, Marten and Acar, Yasemin and Fahl, Sascha}}, booktitle = {{2021 IEEE Symposium on Security and Privacy (SP)}}, publisher = {{IEEE}}, title = {{{They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites}}}, doi = {{10.1109/sp40001.2021.00094}}, year = {{2021}}, } @inproceedings{47266, author = {{Haney, Julie M. and Acar, Yasemin and Furman, Susanne}}, booktitle = {{30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021}}, editor = {{Bailey, Michael and Greenstadt, Rachel}}, pages = {{411–428}}, publisher = {{USENIX Association}}, title = {{{"It’s the Company, the Government, You and I": User Perceptions of Responsibility for Smart Home Privacy and Security}}}, year = {{2021}}, }