@inproceedings{62738, abstract = {{Vulnerability disclosures are necessary to improve the security of our digital ecosystem. However, they can also be challenging for researchers: it may be hard to find out who the affected parties even are, or how to contact them. Researchers may be ignored or face adversity when disclosing vulnerabilities. We investigate researchers' experiences with vulnerability disclosures, extract best practices, and make recommendations for researchers, institutions that employ them, industry, and regulators to enable effective vulnerability disclosures.}}, author = {{Sri Ramulu, Harshini and Rotthaler, Anna Lena and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl, Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}}, booktitle = {{Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security}}, keywords = {{software vulnerabilities, vulnerability disclosure, security research}}, publisher = {{ACM}}, title = {{{Poster: Computer Security Researchers' Experiences with Vulnerability Disclosures}}}, doi = {{10.1145/3719027.3760723}}, year = {{2025}}, } @inproceedings{53811, abstract = {{Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement.}}, author = {{Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark}}, keywords = {{Software security, maturity model}}, location = {{Salt Lake City}}, title = {{{Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}}}, year = {{2024}}, } @inproceedings{48012, abstract = {{3D printing is a well-established technology with rapidly increasing usage scenarios both in the industry and consumer context. The growing popularity of 3D printing has also attracted security researchers, who have analyzed possibilities for weakening 3D models or stealing intellectual property from 3D models. We extend these important aspects and provide the first comprehensive security analysis of 3D printing data formats. We performed our systematic study on the example of the 3D Manufacturing Format (3MF), which offers a large variety of features that could lead to critical attacks. Based on 3MF’s features, we systematized three attack goals: Data Exfiltration (dex), Denial of Service, and UI Spoofing (uis). We achieve these goals by exploiting the complexity of 3MF, which is based on the Open Packaging Conventions (OPC) format and uses XML to define 3D models. In total, our analysis led to 352 tests. To create and run these tests automatically, we implemented an open-source tool named 3MF Analyzer (tool), which helped us evaluate 20 applications.}}, author = {{Rossel, Jost and Mladenov, Vladislav and Somorovsky, Juraj}}, booktitle = {{Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses}}, keywords = {{Data Format Security, 3D Manufacturing Format, 3D Printing, Additive Manufacturing}}, location = {{Hongkong}}, publisher = {{ACM}}, title = {{{Security Analysis of the 3MF Data Format}}}, doi = {{10.1145/3607199.3607216}}, year = {{2023}}, } @phdthesis{29769, abstract = {{Wettstreit zwischen der Entwicklung neuer Hardwaretrojaner und entsprechender Gegenmaßnahmen beschreiten Widersacher immer raffiniertere Wege um Schaltungsentwürfe zu infizieren und dabei selbst fortgeschrittene Test- und Verifikationsmethoden zu überlisten. Abgesehen von den konventionellen Methoden um einen Trojaner in eine Schaltung für ein Field-programmable Gate Array (FPGA) einzuschleusen, können auch die Entwurfswerkzeuge heimlich kompromittiert werden um einen Angreifer dabei zu unterstützen einen erfolgreichen Angriff durchzuführen, der zum Beispiel Fehlfunktionen oder ungewollte Informationsabflüsse bewirken kann. Diese Dissertation beschäftigt sich hauptsächlich mit den beiden Blickwinkeln auf Hardwaretrojaner in rekonfigurierbaren Systemen, einerseits der Perspektive des Verteidigers mit einer Methode zur Erkennung von Trojanern auf der Bitstromebene, und andererseits derjenigen des Angreifers mit einer neuartigen Angriffsmethode für FPGA Trojaner. Für die Verteidigung gegen den Trojaner ``Heimtückische LUT'' stellen wir die allererste erfolgreiche Gegenmaßnahme vor, die durch Verifikation mittels Proof-carrying Hardware (PCH) auf der Bitstromebene direkt vor der Konfiguration der Hardware angewendet werden kann, und präsentieren ein vollständiges Schema für den Entwurf und die Verifikation von Schaltungen für iCE40 FPGAs. Für die Gegenseite führen wir einen neuen Angriff ein, welcher bösartiges Routing im eingefügten Trojaner ausnutzt um selbst im fertigen Bitstrom in einem inaktiven Zustand zu verbleiben: Hierdurch kann dieser neuartige Angriff zur Zeit weder von herkömmlichen Test- und Verifikationsmethoden, noch von unserer vorher vorgestellten Verifikation auf der Bitstromebene entdeckt werden.}}, author = {{Ahmed, Qazi Arbab}}, keywords = {{FPGA Security, Hardware Trojans, Bitstream-level Trojans, Bitstream Verification}}, publisher = {{ Paderborn University, Paderborn, Germany}}, title = {{{Hardware Trojans in Reconfigurable Computing}}}, doi = {{10.17619/UNIPB/1-1271}}, year = {{2022}}, } @inproceedings{37157, author = {{Eyilmez, Kaan and Basyurt, Ali Sercan and Stieglitz, Stefan and Fuchss, Christoph and Kaufhold, Marc-André and Reuter, Christian and Mirbabaie, Milad}}, booktitle = {{Australasian Conference on Information Systems (ACIS)}}, keywords = {{Student, Security, Projekt-CYWARN}}, publisher = {{AIS Electronic Library (AISel)}}, title = {{{A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication}}}, year = {{2022}}, } @inbook{21396, abstract = {{Verifiable random functions (VRFs) are essentially digital signatures with additional properties, namely verifiable uniqueness and pseudorandomness, which make VRFs a useful tool, e.g., to prevent enumeration in DNSSEC Authenticated Denial of Existence and the CONIKS key management system, or in the random committee selection of the Algorand blockchain. Most standard-model VRFs rely on admissible hash functions (AHFs) to achieve security against adaptive attacks in the standard model. Known AHF constructions are based on error-correcting codes, which yield asymptotically efficient constructions. However, previous works do not clarify how the code should be instantiated concretely in the real world. The rate and the minimal distance of the selected code have significant impact on the efficiency of the resulting cryptosystem, therefore it is unclear if and how the aforementioned constructions can be used in practice. First, we explain inherent limitations of code-based AHFs. Concretely, we assume that even if we were given codes that achieve the well-known Gilbert-Varshamov or McEliece-Rodemich-Rumsey-Welch bounds, existing AHF-based constructions of verifiable random functions (VRFs) can only be instantiated quite inefficiently. Then we introduce and construct computational AHFs (cAHFs). While classical AHFs are information-theoretic, and therefore work even in presence of computationally unbounded adversaries, cAHFs provide only security against computationally bounded adversaries. However, we show that cAHFs can be instantiated significantly more efficiently. Finally, we use our cAHF to construct the currently most efficient verifiable random function with full adaptive security in the standard model.}}, author = {{Jager, Tibor and Niehues, David}}, booktitle = {{Lecture Notes in Computer Science}}, isbn = {{9783030384708}}, issn = {{0302-9743}}, keywords = {{Admissible hash functions, Verifiable random functions, Error-correcting codes, Provable security}}, location = {{Waterloo, Canada}}, title = {{{On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions}}}, doi = {{10.1007/978-3-030-38471-5_13}}, year = {{2020}}, } @article{16249, abstract = {{Timing plays a crucial role in the context of information security investments. We regard timing in two dimensions, namely the time of announcement in relation to the time of investment and the time of announcement in relation to the time of a fundamental security incident. The financial value of information security investments is assessed by examining the relationship between the investment announcements and their stock market reaction focusing on the two time dimensions. Using an event study methodology, we found that both dimensions influence the stock market return of the investing organization. Our results indicate that (1) after fundamental security incidents in a given industry, the stock price will react more positively to a firm’s announcement of actual information security investments than to announcements of the intention to invest; (2) the stock price will react more positively to a firm’s announcements of the intention to invest after the fundamental security incident compared to before; and (3) the stock price will react more positively to a firm’s announcements of actual information security investments after the fundamental security incident compared to before. Overall, the lowest abnormal return can be expected when the intention to invest is announced before a fundamental information security incident and the highest return when actual investing after a fundamental information security incident in the respective industry.}}, author = {{Szubartowicz, Eva and Schryen, Guido}}, journal = {{Journal of Information System Security}}, keywords = {{Event Study, Information Security, Investment Announcements, Stock Price Reaction, Value of Information Security Investments}}, number = {{1}}, pages = {{3 -- 31}}, publisher = {{Information Institute Publishing, Washington DC, USA}}, title = {{{Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements}}}, volume = {{16}}, year = {{2020}}, } @inproceedings{17667, abstract = {{Resolving distributed attacks benefits from collaboration between networks. We present three approaches for the same multi-domain defensive action that can be applied in such an alliance: 1) Counteract Everywhere, 2) Minimize Countermeasures, and 3) Minimize Propagation. First, we provide a formula to compute efficiency of a defense; then we use this formula to compute the efficiency of the approaches under various circumstances. Finally, we discuss how task execution order and timing influence defense efficiency. Our results show that the Minimize Propagation approach is the most efficient method when defending against the chosen attack.}}, author = {{Koning, Ralph and Polevoy, Gleb and Meijer, Lydia and de Laat, Cees and Grosso, Paola}}, booktitle = {{2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)}}, issn = {{null}}, keywords = {{computer network security, multinetwork environments, multidomain defensive action, task execution order, timing influence defense efficiency, distributed attacks, collaborative security defence approach, minimize propagation approach, minimize countermeasure approach, counteract everywhere approach, Conferences, Cloud computing, Computer crime, Edge computing, Security, Defense Approaches, Multi-Domain Defense, Collaborative Defense, Defense Algorithms, Computer Networks}}, pages = {{113--123}}, title = {{{Approaches for Collaborative Security Defences in Multi Network Environments}}}, doi = {{10.1109/CSCloud/EdgeCom.2019.000-9}}, year = {{2019}}, } @article{17666, abstract = {{Software Defined Networks (SDN) and Network Function Virtualisation (NFV) provide the basis for autonomous response and mitigation against attacks on networked computer infrastructures. We propose a new framework that uses SDNs and NFV to achieve this goal: Secure Autonomous Response Network (SARNET). In a SARNET, an agent running a control loop constantly assesses the security state of the network by means of observables. The agent reacts to and resolves security problems, while learning from its previous decisions. Two main metrics govern the decision process in a SARNET: impact and efficiency; these metrics can be used to compare and evaluate countermeasures and are the building blocks for self-learning SARNETs that exhibit autonomous response. In this paper we present the software implementation of the SARNET framework, evaluate it in a real-life network and discuss the tradeoffs between parameters used by the SARNET agent and the efficiency of its actions.}}, author = {{Koning, R. and de Graaff, B. and Polevoy, Gleb and Meijer, R. and de Laat, C. and Grosso, P.}}, issn = {{0167-739X}}, journal = {{Future Generation Computer Systems}}, keywords = {{Software defined networks, Network function virtualization, Cyber attacks, Cyber security, Defense efficiency, Overlay networks}}, title = {{{Measuring the efficiency of SDN mitigations against attacks on computer infrastructures}}}, doi = {{https://doi.org/10.1016/j.future.2018.08.011}}, year = {{2018}}, } @article{5586, abstract = {{The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, journal = {{Computers & Security}}, keywords = {{Information Security Investments, Multiple Case Study, Organizations, Single Loop Learning, Double Loop Learning}}, pages = {{807 -- 823}}, publisher = {{Elsevier}}, title = {{{Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}}}, volume = {{77}}, year = {{2018}}, } @inproceedings{20719, author = {{Holzinger, Philipp and Triller, Stefan and Bartel, Alexandre and Bodden, Eric}}, booktitle = {{Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}}, isbn = {{978-1-4503-4139-4}}, keywords = {{ATTRACT, access control, exploits, java security, security analysis, ITSECWEBSITE}}, pages = {{779--790}}, title = {{{An In-Depth Study of More Than Ten Years of Java Exploitation}}}, doi = {{http://doi.acm.org/10.1145/2976749.2978361}}, year = {{2016}}, } @inproceedings{5588, abstract = {{The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{International Conference on Information Systems}}, keywords = {{Information Security, Investment, Literature review, Resource-based View, Organi-zational Learning Theory, Multi-theoretical Perspective}}, title = {{{A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory}}}, year = {{2015}}, } @inproceedings{5590, abstract = {{Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview.}}, author = {{Weishäupl, Eva and Kunz, Michael and Yasasin, Emrah and Wagner, Gerit and Prester, Julian and Schryen, Guido and Pernul, Günther}}, booktitle = {{2nd International Workshop on Security in highly connected IT Systems (SHCIS?15)}}, keywords = {{Identity and Access Management, Economic Decision Making, Information Systems, Information Security Investment, Decision Theory}}, title = {{{Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory}}}, year = {{2015}}, } @article{5621, abstract = {{Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we examine the public record of three recent elections that used Internet voting. Our specific goal is to identify any potential flaws that security experts would recognize, but may have not been identified in the rush to implement technology. To do this, we present a multiple exploratory case study, looking at elections conducted between 2006 and 2007 in Estonia, Netherlands, and Switzerland. These elections were selected as particularly interesting and accessible, and each presents its own technical and security challenges. The electoral environment, technical design and process for each election are described, including reconstruction of details which are implied but not specified within the source material. We found that all three elections warrant significant concern about voter security, verifiability, and transparency. Usability, our fourth area of focus, seems to have been well-addressed in these elections. While our analysis is based on public documents and previously published reports, and therefore lacking access to any confidential materials held by electoral officials, this comparative analysis provides interesting insight and consistent questions across all these cases. Effective review of Internet voting requires an aggressive stance towards identifying potential security and operational flaws, and we encourage the use of third party reviews with critical technology skills during design, programming, and voting to reduce the changes of failure or fraud that would undermine public confidence.}}, author = {{Schryen, Guido and Rich, Eliot}}, journal = {{IEEE Transactions on Information Forensics \& Security}}, keywords = {{e-voting, Internet voting, Internet election, security, verifiability, RIES, Estonia, Neuch{\^a}tel}}, number = {{4 Part}}, pages = {{729--744}}, publisher = {{IEEE}}, title = {{{Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland}}}, volume = {{4}}, year = {{2009}}, } @inproceedings{5625, abstract = {{The increasing availability and deployment of open source software in personal and commercial environments makes open source software highly appealing for hackers, and others who are interested in exploiting software vulnerabilities. This deployment has resulted in a debate ?full of religion? on the security of open source software compared to that of closed source software. However, beyond such arguments, only little quantitative analysis on this research issue has taken place. We discuss the state-of-the-art of the security debate and identify shortcomings. Based on these, we propose new metrics, which allows to answer the question to what extent the review process of open source and closed source development has helped to fix vulnerabilities. We illustrate the application of some of these metrics in a case study on OpenOffice (open source software) vs. Microsoft Office (closed source software).}}, author = {{Schryen, Guido and Kadura, Rouven}}, booktitle = {{24th Annual ACM Symposium on Applied Computing}}, keywords = {{Open source software, Closed source software, Security, Metrics}}, title = {{{Open Source vs. Closed Source Software: Towards Measuring Security}}}, year = {{2009}}, } @inproceedings{5647, abstract = {{Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source.}}, author = {{Schryen, Guido}}, booktitle = {{15th Americas Conference on Information Systems}}, keywords = {{Vulnerabilities, security, open source software, closed source software, empirical comparison}}, title = {{{Security of open source and closed source software: An empirical comparison of published vulnerabilities}}}, year = {{2009}}, } @inproceedings{5649, abstract = {{The Estonian parliamentary election in 2007 is regarded as a success story of large-scale Internet elections. I use this election in a single case study on practical security to show that low quality of security and its management does not necessarily prevent large-scale Internet elections from being conducted. I also provide research propositions with regard to future challenges for large-scale Internet elections.}}, author = {{Schryen, Guido}}, booktitle = {{7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business)}}, keywords = {{Internet voting, large-scale election, Estonian parliamen- tary election, security, security management}}, title = {{{Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia}}}, year = {{2008}}, } @article{5658, abstract = {{Email communication is encumbered with a mass of email messages which their recipients have neither requested nor require. Even worse, the impacts of these messages are far from being simply an annoyance, as they also involve economic damage. This manuscript examines the resource ?email addresses?, which is vital for any potential bulk mailer and spammer. Both a methodology and a honeypot conceptualization for implementing an empirical analysis of the usage of email addresses placed on the Internet are proposed here. Their objective is to assess, on a quantitative basis, the extent of the current harassment and its development over time. This ?framework? is intended to be extensible to measuring the effectiveness of address-obscuring techniques. The implementation of a pilot honeypot is described, which led to key findings, some of them being: (1) Web placements attract more than two-thirds (70\%) of all honeypot spam emails, followed by newsgroup placements (28.6\%) and newsletter subscriptions (1.4\%), (2) the proportions of spam relating to the email addresses? top-level domain can be statistically assumed to be uniformly distributed, (3) More than 43\% of addresses on the web have been abused, whereas about 27\% was the case for addresses on newsgroups and only about 4\% was the case for addresses used for a newsletter subscription, (4) Regarding the development of email addresses? attractiveness for spammers over time, the service ?web sites? features a negative linear relationship, whereas the service ?Usenet? hows a negative exponential relationship. (5) Only 1.54\% of the spam emails showed an interrelation between the topic of the spam email and that of the location where the recipient?s address was placed, so that spammers are assumed to send their emails in a ?context insensitive? manner. The results of the empirical analysis motivate the need for the protection of email addresses through obscuration. We analyze this need by formulating requirements for address obscuring techniques and we reveal to which extent today?s most relevant approaches fulfill these requirements.}}, author = {{Schryen, Guido}}, journal = {{Computers & Security}}, keywords = {{Address-obfuscating techniques, email, empirical analysis, honeypot, security by design, security by obscurity, spam}}, number = {{5}}, pages = {{361--372}}, publisher = {{Elsevier}}, title = {{{The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis}}}, volume = {{2}}, year = {{2007}}, } @inproceedings{39050, abstract = {{Currently, middleware for smart home networks with embedded and mobile devices are in the focus of several investigations. In this paper, we propose a middleware for secure management of device and user profiles by integrating a profile database with a generic authentication scheme for an X.509 enabled ticket management in the context of the OSGi framework. After the introduction of the individual system components and their interaction, we also discuss potential system attacks.}}, author = {{Ziegler, Max and Müller, Wolfgang and Schäfer, Robbie and Loeser, Chris}}, booktitle = {{Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005)}}, isbn = {{0-7695-2424-9}}, keywords = {{Intelligent networks, Smart homes, Middleware, Project management, Data security, Ubiquitous computing, Context-aware services, Computer architecture, Home automation, Environmental management}}, location = {{Copenhagen, Denmark }}, publisher = {{IEEE}}, title = {{{Secure Profile Management in Smart Home Networks}}}, doi = {{10.1109/DEXA.2005.171}}, year = {{2005}}, } @inbook{5667, abstract = {{Voting via the Internet is part of electronic government and electronic democracy. However, there are many obstacles which have to be overcome, especially legal restrictions have to be transformed into technical and security solutions. In the first part the article discusses advantages and disadvantages of Internet elections, shows different application fields, and presents important international pilot schemes (political and business ones). in the second part, due to democratic basic principles, technological security aspects are worked out.}}, author = {{Schryen, Guido}}, booktitle = {{Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2}}, keywords = {{Internet Voting, Online polls, E-Democracy, Security}}, pages = {{1017--1021}}, publisher = {{IADIS Press}}, title = {{{E-Democracy: Internet Voting}}}, year = {{2003}}, }