--- _id: '62738' abstract: - lang: eng text: 'Vulnerability disclosures are necessary to improve the security of our digital ecosystem. However, they can also be challenging for researchers: it may be hard to find out who the affected parties even are, or how to contact them. Researchers may be ignored or face adversity when disclosing vulnerabilities. We investigate researchers'' experiences with vulnerability disclosures, extract best practices, and make recommendations for researchers, institutions that employ them, industry, and regulators to enable effective vulnerability disclosures.' author: - first_name: Harshini full_name: Sri Ramulu, Harshini id: '99000' last_name: Sri Ramulu orcid: 0000-0002-0000-5843 - first_name: Anna Lena full_name: Rotthaler, Anna Lena id: '97843' last_name: Rotthaler - first_name: Jost full_name: Rossel, Jost id: '58331' last_name: Rossel orcid: 0000-0002-3182-4059 - first_name: Rachel full_name: Gonzalez Rodriguez, Rachel last_name: Gonzalez Rodriguez - first_name: Dominik full_name: Wermke, Dominik last_name: Wermke - first_name: Sascha full_name: Fahl, Sascha last_name: Fahl - first_name: Tadayoshi full_name: Kohno, Tadayoshi last_name: Kohno - first_name: Juraj full_name: Somorovsky, Juraj id: '83504' last_name: Somorovsky orcid: 0000-0002-3593-7720 - first_name: Yasemin full_name: Acar, Yasemin id: '94636' last_name: Acar citation: ama: 'Sri Ramulu H, Rotthaler AL, Rossel J, et al. Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures. In: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2025. doi:10.1145/3719027.3760723' apa: 'Sri Ramulu, H., Rotthaler, A. L., Rossel, J., Gonzalez Rodriguez, R., Wermke, D., Fahl, S., Kohno, T., Somorovsky, J., & Acar, Y. (2025). Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures. Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/10.1145/3719027.3760723' bibtex: '@inproceedings{Sri Ramulu_Rotthaler_Rossel_Gonzalez Rodriguez_Wermke_Fahl_Kohno_Somorovsky_Acar_2025, title={Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures}, DOI={10.1145/3719027.3760723}, booktitle={Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security}, publisher={ACM}, author={Sri Ramulu, Harshini and Rotthaler, Anna Lena and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl, Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}, year={2025} }' chicago: 'Sri Ramulu, Harshini, Anna Lena Rotthaler, Jost Rossel, Rachel Gonzalez Rodriguez, Dominik Wermke, Sascha Fahl, Tadayoshi Kohno, Juraj Somorovsky, and Yasemin Acar. “Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures.” In Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2025. https://doi.org/10.1145/3719027.3760723.' ieee: 'H. Sri Ramulu et al., “Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures,” 2025, doi: 10.1145/3719027.3760723.' mla: 'Sri Ramulu, Harshini, et al. “Poster: Computer Security Researchers’ Experiences with Vulnerability Disclosures.” Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2025, doi:10.1145/3719027.3760723.' short: 'H. Sri Ramulu, A.L. Rotthaler, J. Rossel, R. Gonzalez Rodriguez, D. Wermke, S. Fahl, T. Kohno, J. Somorovsky, Y. Acar, in: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2025.' conference: end_date: 2025-10-17 start_date: 2025-10-13 date_created: 2025-12-02T08:48:00Z date_updated: 2025-12-02T08:54:18Z doi: 10.1145/3719027.3760723 keyword: - software vulnerabilities - vulnerability disclosure - security research language: - iso: eng main_file_link: - open_access: '1' url: https://dl.acm.org/doi/10.1145/3719027.3760723 oa: '1' publication: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security publication_status: published publisher: ACM status: public title: 'Poster: Computer Security Researchers'' Experiences with Vulnerability Disclosures' type: conference user_id: '58331' year: '2025' ... --- _id: '53811' abstract: - lang: eng text: Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement. author: - first_name: Samira full_name: Taaibi, Samira id: '55800' last_name: Taaibi - first_name: Stefan full_name: Dziwok, Stefan id: '3901' last_name: Dziwok orcid: http://orcid.org/0000-0002-8679-6673 - first_name: Lars full_name: Hermerschmidt, Lars last_name: Hermerschmidt - first_name: Thorsten full_name: Koch, Thorsten id: '13616' last_name: Koch - first_name: Sven full_name: Merschjohann, Sven id: '11394' last_name: Merschjohann - first_name: Mark full_name: Vollmary, Mark last_name: Vollmary citation: ama: 'Taaibi S, Dziwok S, Hermerschmidt L, Koch T, Merschjohann S, Vollmary M. Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report.' apa: 'Taaibi, S., Dziwok, S., Hermerschmidt, L., Koch, T., Merschjohann, S., & Vollmary, M. (n.d.). Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report. 30th Americas Conference on Information Systems, Salt Lake City.' bibtex: '@inproceedings{Taaibi_Dziwok_Hermerschmidt_Koch_Merschjohann_Vollmary, title={Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}, author={Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark} }' chicago: 'Taaibi, Samira, Stefan Dziwok, Lars Hermerschmidt, Thorsten Koch, Sven Merschjohann, and Mark Vollmary. “Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of Their Product - An Experience Report,” n.d.' ieee: 'S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, and M. Vollmary, “Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report,” presented at the 30th Americas Conference on Information Systems, Salt Lake City.' mla: 'Taaibi, Samira, et al. Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of Their Product - An Experience Report.' short: 'S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, M. Vollmary, in: n.d.' conference: end_date: 2024-08-17 location: Salt Lake City name: ' 30th Americas Conference on Information Systems' start_date: 2024-08-15 date_created: 2024-05-02T08:57:52Z date_updated: 2024-08-09T08:55:49Z ddc: - '000' department: - _id: '662' file: - access_level: closed content_type: application/pdf creator: staaibi date_created: 2024-05-02T08:54:21Z date_updated: 2024-05-02T08:54:21Z file_id: '53812' file_name: AMCIS2024_final_submission_maturity model security belt paper.pdf file_size: 540990 relation: main_file success: 1 file_date_updated: 2024-05-02T08:54:21Z has_accepted_license: '1' keyword: - Software security - maturity model language: - iso: eng publication_status: accepted status: public title: 'Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report' type: conference user_id: '55800' year: '2024' ... --- _id: '48012' abstract: - lang: eng text: '3D printing is a well-established technology with rapidly increasing usage scenarios both in the industry and consumer context. The growing popularity of 3D printing has also attracted security researchers, who have analyzed possibilities for weakening 3D models or stealing intellectual property from 3D models. We extend these important aspects and provide the first comprehensive security analysis of 3D printing data formats. We performed our systematic study on the example of the 3D Manufacturing Format (3MF), which offers a large variety of features that could lead to critical attacks. Based on 3MF’s features, we systematized three attack goals: Data Exfiltration (dex), Denial of Service, and UI Spoofing (uis). We achieve these goals by exploiting the complexity of 3MF, which is based on the Open Packaging Conventions (OPC) format and uses XML to define 3D models. In total, our analysis led to 352 tests. To create and run these tests automatically, we implemented an open-source tool named 3MF Analyzer (tool), which helped us evaluate 20 applications.' author: - first_name: Jost full_name: Rossel, Jost id: '58331' last_name: Rossel orcid: 0000-0002-3182-4059 - first_name: Vladislav full_name: Mladenov, Vladislav last_name: Mladenov - first_name: Juraj full_name: Somorovsky, Juraj id: '83504' last_name: Somorovsky orcid: 0000-0002-3593-7720 citation: ama: 'Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216' apa: Rossel, J., Mladenov, V., & Somorovsky, J. (2023). Security Analysis of the 3MF Data Format. Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hongkong. https://doi.org/10.1145/3607199.3607216 bibtex: '@inproceedings{Rossel_Mladenov_Somorovsky_2023, title={Security Analysis of the 3MF Data Format}, DOI={10.1145/3607199.3607216}, booktitle={Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses}, publisher={ACM}, author={Rossel, Jost and Mladenov, Vladislav and Somorovsky, Juraj}, year={2023} }' chicago: Rossel, Jost, Vladislav Mladenov, and Juraj Somorovsky. “Security Analysis of the 3MF Data Format.” In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM, 2023. https://doi.org/10.1145/3607199.3607216. ieee: 'J. Rossel, V. Mladenov, and J. Somorovsky, “Security Analysis of the 3MF Data Format,” presented at the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hongkong, 2023, doi: 10.1145/3607199.3607216.' mla: Rossel, Jost, et al. “Security Analysis of the 3MF Data Format.” Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023, doi:10.1145/3607199.3607216. short: 'J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.' conference: end_date: 2023-10-18 location: Hongkong name: 26th International Symposium on Research in Attacks, Intrusions and Defenses start_date: 2023-10-16 date_created: 2023-10-11T13:42:09Z date_updated: 2025-07-16T11:06:49Z ddc: - '000' department: - _id: '632' doi: 10.1145/3607199.3607216 file: - access_level: open_access content_type: application/pdf creator: jrossel date_created: 2023-10-16T03:48:08Z date_updated: 2024-09-05T11:14:40Z file_id: '48065' file_name: Security_Analysis_of_the_3mf_Data_Format.pdf file_size: 1054999 relation: main_file file_date_updated: 2024-09-05T11:14:40Z has_accepted_license: '1' keyword: - Data Format Security - 3D Manufacturing Format - 3D Printing - Additive Manufacturing language: - iso: eng main_file_link: - url: https://dl.acm.org/doi/abs/10.1145/3607199.3607216 oa: '1' publication: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses publication_status: published publisher: ACM quality_controlled: '1' status: public title: Security Analysis of the 3MF Data Format type: conference user_id: '58331' year: '2023' ... --- _id: '29769' abstract: - lang: eng text: 'Wettstreit zwischen der Entwicklung neuer Hardwaretrojaner und entsprechender Gegenmaßnahmen beschreiten Widersacher immer raffiniertere Wege um Schaltungsentwürfe zu infizieren und dabei selbst fortgeschrittene Test- und Verifikationsmethoden zu überlisten. Abgesehen von den konventionellen Methoden um einen Trojaner in eine Schaltung für ein Field-programmable Gate Array (FPGA) einzuschleusen, können auch die Entwurfswerkzeuge heimlich kompromittiert werden um einen Angreifer dabei zu unterstützen einen erfolgreichen Angriff durchzuführen, der zum Beispiel Fehlfunktionen oder ungewollte Informationsabflüsse bewirken kann. Diese Dissertation beschäftigt sich hauptsächlich mit den beiden Blickwinkeln auf Hardwaretrojaner in rekonfigurierbaren Systemen, einerseits der Perspektive des Verteidigers mit einer Methode zur Erkennung von Trojanern auf der Bitstromebene, und andererseits derjenigen des Angreifers mit einer neuartigen Angriffsmethode für FPGA Trojaner. Für die Verteidigung gegen den Trojaner ``Heimtückische LUT'''' stellen wir die allererste erfolgreiche Gegenmaßnahme vor, die durch Verifikation mittels Proof-carrying Hardware (PCH) auf der Bitstromebene direkt vor der Konfiguration der Hardware angewendet werden kann, und präsentieren ein vollständiges Schema für den Entwurf und die Verifikation von Schaltungen für iCE40 FPGAs. Für die Gegenseite führen wir einen neuen Angriff ein, welcher bösartiges Routing im eingefügten Trojaner ausnutzt um selbst im fertigen Bitstrom in einem inaktiven Zustand zu verbleiben: Hierdurch kann dieser neuartige Angriff zur Zeit weder von herkömmlichen Test- und Verifikationsmethoden, noch von unserer vorher vorgestellten Verifikation auf der Bitstromebene entdeckt werden.' - lang: eng text: The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to assist the attacker to perform a successful malfunctioning or information leakage attack. This thesis mainly focuses on the two aspects of hardware Trojans in reconfigurable systems, the defenders perspective which corresponds to the bitstream-level Trojan detection technique, and the attackers perspective which corresponds to a novel FPGA Trojan attack. From the defender's perspective, we introduce a first-ever successful pre-configuration countermeasure against the ``Malicious LUT''-hardware Trojan, by employing bitstream-level Proof-Carrying Hardware (PCH) and present the complete design-and-verification flow for iCE40 FPGAs. Likewise, from an attackers perspective, we present a novel attack that leverages malicious routing of the inserted Trojan circuit to acquire a dormant state even in the generated and transmitted bitstream. Since the Trojan is injected in a post-synthesis step and remains unconnected in the bitstream, the presented attack can currently neither be prevented by conventional testing and verification methods nor by bitstream-level verification techniques. author: - first_name: Qazi Arbab full_name: Ahmed, Qazi Arbab id: '72764' last_name: Ahmed orcid: 0000-0002-1837-2254 citation: ama: Ahmed QA. Hardware Trojans in Reconfigurable Computing. Paderborn University, Paderborn, Germany; 2022. doi:10.17619/UNIPB/1-1271 apa: Ahmed, Q. A. (2022). Hardware Trojans in Reconfigurable Computing. Paderborn University, Paderborn, Germany. https://doi.org/10.17619/UNIPB/1-1271 bibtex: '@book{Ahmed_2022, place={Paderborn}, title={Hardware Trojans in Reconfigurable Computing}, DOI={10.17619/UNIPB/1-1271}, publisher={ Paderborn University, Paderborn, Germany}, author={Ahmed, Qazi Arbab}, year={2022} }' chicago: 'Ahmed, Qazi Arbab. Hardware Trojans in Reconfigurable Computing. Paderborn: Paderborn University, Paderborn, Germany, 2022. https://doi.org/10.17619/UNIPB/1-1271.' ieee: 'Q. A. Ahmed, Hardware Trojans in Reconfigurable Computing. Paderborn: Paderborn University, Paderborn, Germany, 2022.' mla: Ahmed, Qazi Arbab. Hardware Trojans in Reconfigurable Computing. Paderborn University, Paderborn, Germany, 2022, doi:10.17619/UNIPB/1-1271. short: Q.A. Ahmed, Hardware Trojans in Reconfigurable Computing, Paderborn University, Paderborn, Germany, Paderborn, 2022. date_created: 2022-02-07T14:02:36Z date_updated: 2022-11-30T13:39:01Z ddc: - '004' department: - _id: '78' doi: 10.17619/UNIPB/1-1271 has_accepted_license: '1' keyword: - FPGA Security - Hardware Trojans - Bitstream-level Trojans - Bitstream Verification language: - iso: eng main_file_link: - open_access: '1' url: "\turn:nbn:de:hbz:466:2-40303" oa: '1' place: Paderborn project: - _id: '1' name: 'SFB 901: SFB 901' - _id: '4' name: 'SFB 901 - C: SFB 901 - Project Area C' - _id: '14' name: 'SFB 901 - C2: SFB 901 - Subproject C2' publication_status: published publisher: ' Paderborn University, Paderborn, Germany' status: public supervisor: - first_name: Marco full_name: Platzner, Marco id: '398' last_name: Platzner title: Hardware Trojans in Reconfigurable Computing type: dissertation user_id: '477' year: '2022' ... --- _id: '37157' author: - first_name: Kaan full_name: Eyilmez, Kaan last_name: Eyilmez - first_name: Ali Sercan full_name: Basyurt, Ali Sercan last_name: Basyurt - first_name: Stefan full_name: Stieglitz, Stefan last_name: Stieglitz - first_name: Christoph full_name: Fuchss, Christoph last_name: Fuchss - first_name: Marc-André full_name: Kaufhold, Marc-André last_name: Kaufhold - first_name: Christian full_name: Reuter, Christian last_name: Reuter - first_name: Milad full_name: Mirbabaie, Milad id: '88691' last_name: Mirbabaie citation: ama: 'Eyilmez K, Basyurt AS, Stieglitz S, et al. A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication. In: Australasian Conference on Information Systems (ACIS). AIS Electronic Library (AISel); 2022.' apa: Eyilmez, K., Basyurt, A. S., Stieglitz, S., Fuchss, C., Kaufhold, M.-A., Reuter, C., & Mirbabaie, M. (2022). A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication. Australasian Conference on Information Systems (ACIS). bibtex: '@inproceedings{Eyilmez_Basyurt_Stieglitz_Fuchss_Kaufhold_Reuter_Mirbabaie_2022, title={A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication}, booktitle={Australasian Conference on Information Systems (ACIS)}, publisher={AIS Electronic Library (AISel)}, author={Eyilmez, Kaan and Basyurt, Ali Sercan and Stieglitz, Stefan and Fuchss, Christoph and Kaufhold, Marc-André and Reuter, Christian and Mirbabaie, Milad}, year={2022} }' chicago: Eyilmez, Kaan, Ali Sercan Basyurt, Stefan Stieglitz, Christoph Fuchss, Marc-André Kaufhold, Christian Reuter, and Milad Mirbabaie. “A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication.” In Australasian Conference on Information Systems (ACIS). AIS Electronic Library (AISel), 2022. ieee: K. Eyilmez et al., “A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication,” 2022. mla: Eyilmez, Kaan, et al. “A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication.” Australasian Conference on Information Systems (ACIS), AIS Electronic Library (AISel), 2022. short: 'K. Eyilmez, A.S. Basyurt, S. Stieglitz, C. Fuchss, M.-A. Kaufhold, C. Reuter, M. Mirbabaie, in: Australasian Conference on Information Systems (ACIS), AIS Electronic Library (AISel), 2022.' date_created: 2023-01-17T15:46:42Z date_updated: 2023-01-18T07:59:21Z keyword: - Student - Security - Projekt-CYWARN language: - iso: eng publication: Australasian Conference on Information Systems (ACIS) publisher: AIS Electronic Library (AISel) status: public title: A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication type: conference user_id: '80546' year: '2022' ... --- _id: '21396' abstract: - lang: eng text: "Verifiable random functions (VRFs) are essentially digital signatures with additional properties, namely verifiable uniqueness and pseudorandomness, which make VRFs a useful tool, e.g., to prevent enumeration in DNSSEC Authenticated Denial of Existence and the CONIKS key management system, or in the random committee selection of the Algorand blockchain.\r\n\r\nMost standard-model VRFs rely on admissible hash functions (AHFs) to achieve security against adaptive attacks in the standard model. Known AHF constructions are based on error-correcting codes, which yield asymptotically efficient constructions. However, previous works do not clarify how the code should be instantiated concretely in the real world. The rate and the minimal distance of the selected code have significant impact on the efficiency of the resulting cryptosystem, therefore it is unclear if and how the aforementioned constructions can be used in practice.\r\n\r\nFirst, we explain inherent limitations of code-based AHFs. Concretely, we assume that even if we were given codes that achieve the well-known Gilbert-Varshamov or McEliece-Rodemich-Rumsey-Welch bounds, existing AHF-based constructions of verifiable random functions (VRFs) can only be instantiated quite inefficiently. Then we introduce and construct computational AHFs (cAHFs). While classical AHFs are information-theoretic, and therefore work even in presence of computationally unbounded adversaries, cAHFs provide only security against computationally bounded adversaries. However, we show that cAHFs can be instantiated significantly more efficiently. Finally, we use our cAHF to construct the currently most efficient verifiable random function with full adaptive security in the standard model." author: - first_name: Tibor full_name: Jager, Tibor last_name: Jager - first_name: David full_name: Niehues, David id: '36113' last_name: Niehues citation: ama: 'Jager T, Niehues D. On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions. In: Lecture Notes in Computer Science. Cham; 2020. doi:10.1007/978-3-030-38471-5_13' apa: Jager, T., & Niehues, D. (2020). On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions. In Lecture Notes in Computer Science. Cham. https://doi.org/10.1007/978-3-030-38471-5_13 bibtex: '@inbook{Jager_Niehues_2020, place={Cham}, title={On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions}, DOI={10.1007/978-3-030-38471-5_13}, booktitle={Lecture Notes in Computer Science}, author={Jager, Tibor and Niehues, David}, year={2020} }' chicago: Jager, Tibor, and David Niehues. “On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions.” In Lecture Notes in Computer Science. Cham, 2020. https://doi.org/10.1007/978-3-030-38471-5_13. ieee: T. Jager and D. Niehues, “On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions,” in Lecture Notes in Computer Science, Cham, 2020. mla: Jager, Tibor, and David Niehues. “On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions.” Lecture Notes in Computer Science, 2020, doi:10.1007/978-3-030-38471-5_13. short: 'T. Jager, D. Niehues, in: Lecture Notes in Computer Science, Cham, 2020.' conference: end_date: 2019-08-16 location: Waterloo, Canada name: Selected Areas in Cryptography start_date: 2019-08-12 date_created: 2021-03-08T16:50:31Z date_updated: 2022-01-06T06:54:58Z ddc: - '000' department: - _id: '558' doi: 10.1007/978-3-030-38471-5_13 file: - access_level: closed content_type: application/pdf creator: davnie date_created: 2021-03-08T17:02:37Z date_updated: 2021-03-08T17:02:37Z file_id: '21399' file_name: Jager und Niehues - 2020 - On the Real-World Instantiability of Admissible Ha.pdf file_size: 706743 relation: main_file file_date_updated: 2021-03-08T17:02:37Z has_accepted_license: '1' keyword: - Admissible hash functions - Verifiable random functions - Error-correcting codes - Provable security language: - iso: eng main_file_link: - url: https://link.springer.com/content/pdf/10.1007%252F978-3-030-38471-5_13.pdf place: Cham project: - _id: '1' name: SFB 901 - _id: '4' name: SFB 901 - Project Area C - _id: '13' name: SFB 901 - Subproject C1 publication: Lecture Notes in Computer Science publication_identifier: isbn: - '9783030384708' - '9783030384715' issn: - 0302-9743 - 1611-3349 publication_status: published quality_controlled: '1' related_material: link: - relation: later_version url: https://eprint.iacr.org/2019/1335.pdf status: public title: On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions type: book_chapter user_id: '36113' year: '2020' ... --- _id: '16249' abstract: - lang: eng text: Timing plays a crucial role in the context of information security investments. We regard timing in two dimensions, namely the time of announcement in relation to the time of investment and the time of announcement in relation to the time of a fundamental security incident. The financial value of information security investments is assessed by examining the relationship between the investment announcements and their stock market reaction focusing on the two time dimensions. Using an event study methodology, we found that both dimensions influence the stock market return of the investing organization. Our results indicate that (1) after fundamental security incidents in a given industry, the stock price will react more positively to a firm’s announcement of actual information security investments than to announcements of the intention to invest; (2) the stock price will react more positively to a firm’s announcements of the intention to invest after the fundamental security incident compared to before; and (3) the stock price will react more positively to a firm’s announcements of actual information security investments after the fundamental security incident compared to before. Overall, the lowest abnormal return can be expected when the intention to invest is announced before a fundamental information security incident and the highest return when actual investing after a fundamental information security incident in the respective industry. author: - first_name: Eva full_name: Szubartowicz, Eva last_name: Szubartowicz - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Szubartowicz E, Schryen G. Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. Journal of Information System Security. 2020;16(1):3-31.' apa: 'Szubartowicz, E., & Schryen, G. (2020). Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. Journal of Information System Security, 16(1), 3–31.' bibtex: '@article{Szubartowicz_Schryen_2020, title={Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements}, volume={16}, number={1}, journal={Journal of Information System Security}, publisher={Information Institute Publishing, Washington DC, USA}, author={Szubartowicz, Eva and Schryen, Guido}, year={2020}, pages={3–31} }' chicago: 'Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” Journal of Information System Security 16, no. 1 (2020): 3–31.' ieee: 'E. Szubartowicz and G. Schryen, “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements,” Journal of Information System Security, vol. 16, no. 1, pp. 3–31, 2020.' mla: 'Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” Journal of Information System Security, vol. 16, no. 1, Information Institute Publishing, Washington DC, USA, 2020, pp. 3–31.' short: E. Szubartowicz, G. Schryen, Journal of Information System Security 16 (2020) 3–31. date_created: 2020-03-05T10:29:00Z date_updated: 2022-01-06T06:52:47Z ddc: - '000' department: - _id: '277' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2020-03-05T10:26:11Z date_updated: 2020-03-05T10:35:49Z file_id: '16250' file_name: Timing in Information Security - JISSEC format PREPUBLICATION.pdf file_size: 478056 relation: main_file file_date_updated: 2020-03-05T10:35:49Z has_accepted_license: '1' intvolume: ' 16' issue: '1' keyword: - Event Study - Information Security - Investment Announcements - Stock Price Reaction - Value of Information Security Investments language: - iso: eng oa: '1' page: 3 - 31 publication: Journal of Information System Security publisher: Information Institute Publishing, Washington DC, USA status: public title: 'Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements' type: journal_article user_id: '61579' volume: 16 year: '2020' ... --- _id: '17667' abstract: - lang: eng text: 'Resolving distributed attacks benefits from collaboration between networks. We present three approaches for the same multi-domain defensive action that can be applied in such an alliance: 1) Counteract Everywhere, 2) Minimize Countermeasures, and 3) Minimize Propagation. First, we provide a formula to compute efficiency of a defense; then we use this formula to compute the efficiency of the approaches under various circumstances. Finally, we discuss how task execution order and timing influence defense efficiency. Our results show that the Minimize Propagation approach is the most efficient method when defending against the chosen attack.' author: - first_name: Ralph full_name: Koning, Ralph last_name: Koning - first_name: Gleb full_name: Polevoy, Gleb id: '83983' last_name: Polevoy - first_name: Lydia full_name: Meijer, Lydia last_name: Meijer - first_name: Cees full_name: de Laat, Cees last_name: de Laat - first_name: Paola full_name: Grosso, Paola last_name: Grosso citation: ama: 'Koning R, Polevoy G, Meijer L, de Laat C, Grosso P. Approaches for Collaborative Security Defences in Multi Network Environments. In: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). ; 2019:113-123. doi:10.1109/CSCloud/EdgeCom.2019.000-9' apa: Koning, R., Polevoy, G., Meijer, L., de Laat, C., & Grosso, P. (2019). Approaches for Collaborative Security Defences in Multi Network Environments. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) (pp. 113–123). https://doi.org/10.1109/CSCloud/EdgeCom.2019.000-9 bibtex: '@inproceedings{Koning_Polevoy_Meijer_de Laat_Grosso_2019, series={2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)}, title={Approaches for Collaborative Security Defences in Multi Network Environments}, DOI={10.1109/CSCloud/EdgeCom.2019.000-9}, booktitle={2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)}, author={Koning, Ralph and Polevoy, Gleb and Meijer, Lydia and de Laat, Cees and Grosso, Paola}, year={2019}, pages={113–123}, collection={2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)} }' chicago: Koning, Ralph, Gleb Polevoy, Lydia Meijer, Cees de Laat, and Paola Grosso. “Approaches for Collaborative Security Defences in Multi Network Environments.” In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 113–23. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2019. https://doi.org/10.1109/CSCloud/EdgeCom.2019.000-9. ieee: R. Koning, G. Polevoy, L. Meijer, C. de Laat, and P. Grosso, “Approaches for Collaborative Security Defences in Multi Network Environments,” in 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2019, pp. 113–123. mla: Koning, Ralph, et al. “Approaches for Collaborative Security Defences in Multi Network Environments.” 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2019, pp. 113–23, doi:10.1109/CSCloud/EdgeCom.2019.000-9. short: 'R. Koning, G. Polevoy, L. Meijer, C. de Laat, P. Grosso, in: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2019, pp. 113–123.' conference: name: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) date_created: 2020-08-06T15:23:23Z date_updated: 2022-01-06T06:53:16Z department: - _id: '63' - _id: '541' doi: 10.1109/CSCloud/EdgeCom.2019.000-9 extern: '1' keyword: - computer network security - multinetwork environments - multidomain defensive action - task execution order - timing influence defense efficiency - distributed attacks - collaborative security defence approach - minimize propagation approach - minimize countermeasure approach - counteract everywhere approach - Conferences - Cloud computing - Computer crime - Edge computing - Security - Defense Approaches - Multi-Domain Defense - Collaborative Defense - Defense Algorithms - Computer Networks language: - iso: eng main_file_link: - url: https://ieeexplore.ieee.org/abstract/document/8854057/authors#authors page: 113-123 publication: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) publication_identifier: issn: - 'null' quality_controlled: '1' series_title: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) status: public title: Approaches for Collaborative Security Defences in Multi Network Environments type: conference user_id: '83983' year: '2019' ... --- _id: '17666' abstract: - lang: eng text: 'Software Defined Networks (SDN) and Network Function Virtualisation (NFV) provide the basis for autonomous response and mitigation against attacks on networked computer infrastructures. We propose a new framework that uses SDNs and NFV to achieve this goal: Secure Autonomous Response Network (SARNET). In a SARNET, an agent running a control loop constantly assesses the security state of the network by means of observables. The agent reacts to and resolves security problems, while learning from its previous decisions. Two main metrics govern the decision process in a SARNET: impact and efficiency; these metrics can be used to compare and evaluate countermeasures and are the building blocks for self-learning SARNETs that exhibit autonomous response. In this paper we present the software implementation of the SARNET framework, evaluate it in a real-life network and discuss the tradeoffs between parameters used by the SARNET agent and the efficiency of its actions.' author: - first_name: R. full_name: Koning, R. last_name: Koning - first_name: B. full_name: de Graaff, B. last_name: de Graaff - first_name: Gleb full_name: Polevoy, Gleb id: '83983' last_name: Polevoy - first_name: R. full_name: Meijer, R. last_name: Meijer - first_name: C. full_name: de Laat, C. last_name: de Laat - first_name: P. full_name: Grosso, P. last_name: Grosso citation: ama: Koning R, de Graaff B, Polevoy G, Meijer R, de Laat C, Grosso P. Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Generation Computer Systems. 2018. doi:https://doi.org/10.1016/j.future.2018.08.011 apa: Koning, R., de Graaff, B., Polevoy, G., Meijer, R., de Laat, C., & Grosso, P. (2018). Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Generation Computer Systems. https://doi.org/10.1016/j.future.2018.08.011 bibtex: '@article{Koning_de Graaff_Polevoy_Meijer_de Laat_Grosso_2018, title={Measuring the efficiency of SDN mitigations against attacks on computer infrastructures}, DOI={https://doi.org/10.1016/j.future.2018.08.011}, journal={Future Generation Computer Systems}, author={Koning, R. and de Graaff, B. and Polevoy, Gleb and Meijer, R. and de Laat, C. and Grosso, P.}, year={2018} }' chicago: Koning, R., B. de Graaff, Gleb Polevoy, R. Meijer, C. de Laat, and P. Grosso. “Measuring the Efficiency of SDN Mitigations against Attacks on Computer Infrastructures.” Future Generation Computer Systems, 2018. https://doi.org/10.1016/j.future.2018.08.011. ieee: R. Koning, B. de Graaff, G. Polevoy, R. Meijer, C. de Laat, and P. Grosso, “Measuring the efficiency of SDN mitigations against attacks on computer infrastructures,” Future Generation Computer Systems, 2018. mla: Koning, R., et al. “Measuring the Efficiency of SDN Mitigations against Attacks on Computer Infrastructures.” Future Generation Computer Systems, 2018, doi:https://doi.org/10.1016/j.future.2018.08.011. short: R. Koning, B. de Graaff, G. Polevoy, R. Meijer, C. de Laat, P. Grosso, Future Generation Computer Systems (2018). date_created: 2020-08-06T15:23:11Z date_updated: 2022-01-06T06:53:16Z department: - _id: '63' - _id: '541' doi: https://doi.org/10.1016/j.future.2018.08.011 extern: '1' keyword: - Software defined networks - Network function virtualization - Cyber attacks - Cyber security - Defense efficiency - Overlay networks language: - iso: eng publication: Future Generation Computer Systems publication_identifier: issn: - 0167-739X status: public title: Measuring the efficiency of SDN mitigations against attacks on computer infrastructures type: journal_article user_id: '83983' year: '2018' ... --- _id: '5586' abstract: - lang: eng text: The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis. author: - first_name: Eva full_name: Weishäupl, Eva last_name: Weishäupl - first_name: Emrah full_name: Yasasin, Emrah last_name: Yasasin - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Weishäupl E, Yasasin E, Schryen G. Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security. 2018;77:807-823.' apa: 'Weishäupl, E., Yasasin, E., & Schryen, G. (2018). Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security, 77, 807–823.' bibtex: '@article{Weishäupl_Yasasin_Schryen_2018, title={Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}, volume={77}, journal={Computers & Security}, publisher={Elsevier}, author={Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}, year={2018}, pages={807–823} }' chicago: 'Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security 77 (2018): 807–23.' ieee: 'E. Weishäupl, E. Yasasin, and G. Schryen, “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning,” Computers & Security, vol. 77, pp. 807–823, 2018.' mla: 'Weishäupl, Eva, et al. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security, vol. 77, Elsevier, 2018, pp. 807–23.' short: E. Weishäupl, E. Yasasin, G. Schryen, Computers & Security 77 (2018) 807–823. date_created: 2018-11-14T11:24:37Z date_updated: 2022-01-06T07:02:03Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-07T11:26:53Z date_updated: 2018-12-13T15:06:10Z file_id: '6022' file_name: JOURNAL VERSION.pdf file_size: 809490 relation: main_file file_date_updated: 2018-12-13T15:06:10Z has_accepted_license: '1' intvolume: ' 77' keyword: - Information Security Investments - Multiple Case Study - Organizations - Single Loop Learning - Double Loop Learning language: - iso: eng oa: '1' page: 807 - 823 publication: Computers & Security publisher: Elsevier status: public title: 'Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning' type: journal_article user_id: '61579' volume: 77 year: '2018' ... --- _id: '20719' author: - first_name: Philipp full_name: Holzinger, Philipp last_name: Holzinger - first_name: Stefan full_name: Triller, Stefan last_name: Triller - first_name: Alexandre full_name: Bartel, Alexandre last_name: Bartel - first_name: Eric full_name: Bodden, Eric id: '59256' last_name: Bodden orcid: 0000-0003-3470-3647 citation: ama: 'Holzinger P, Triller S, Bartel A, Bodden E. An In-Depth Study of More Than Ten Years of Java Exploitation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16. ; 2016:779-790. doi:http://doi.acm.org/10.1145/2976749.2978361' apa: Holzinger, P., Triller, S., Bartel, A., & Bodden, E. (2016). An In-Depth Study of More Than Ten Years of Java Exploitation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 779–790. http://doi.acm.org/10.1145/2976749.2978361 bibtex: '@inproceedings{Holzinger_Triller_Bartel_Bodden_2016, series={CCS ’16}, title={An In-Depth Study of More Than Ten Years of Java Exploitation}, DOI={http://doi.acm.org/10.1145/2976749.2978361}, booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, author={Holzinger, Philipp and Triller, Stefan and Bartel, Alexandre and Bodden, Eric}, year={2016}, pages={779–790}, collection={CCS ’16} }' chicago: Holzinger, Philipp, Stefan Triller, Alexandre Bartel, and Eric Bodden. “An In-Depth Study of More Than Ten Years of Java Exploitation.” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 779–90. CCS ’16, 2016. http://doi.acm.org/10.1145/2976749.2978361. ieee: 'P. Holzinger, S. Triller, A. Bartel, and E. Bodden, “An In-Depth Study of More Than Ten Years of Java Exploitation,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–790, doi: http://doi.acm.org/10.1145/2976749.2978361.' mla: Holzinger, Philipp, et al. “An In-Depth Study of More Than Ten Years of Java Exploitation.” Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–90, doi:http://doi.acm.org/10.1145/2976749.2978361. short: 'P. Holzinger, S. Triller, A. Bartel, E. Bodden, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–790.' date_created: 2020-12-14T11:58:33Z date_updated: 2022-01-06T06:54:34Z department: - _id: '76' doi: http://doi.acm.org/10.1145/2976749.2978361 keyword: - ATTRACT - access control - exploits - java security - security analysis - ITSECWEBSITE language: - iso: eng page: 779-790 publication: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security publication_identifier: isbn: - 978-1-4503-4139-4 series_title: CCS '16 status: public title: An In-Depth Study of More Than Ten Years of Java Exploitation type: conference user_id: '5786' year: '2016' ... --- _id: '5588' abstract: - lang: eng text: The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples. author: - first_name: Eva full_name: Weishäupl, Eva last_name: Weishäupl - first_name: Emrah full_name: Yasasin, Emrah last_name: Yasasin - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Weishäupl E, Yasasin E, Schryen G. A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory. In: International Conference on Information Systems. ; 2015.' apa: Weishäupl, E., Yasasin, E., & Schryen, G. (2015). A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory. In International Conference on Information Systems. bibtex: '@inproceedings{Weishäupl_Yasasin_Schryen_2015, title={A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory}, booktitle={International Conference on Information Systems}, author={Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}, year={2015} }' chicago: Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “A Multi-Theoretical Literature Review on Information Security Investments Using the Resource-Based View and the Organizational Learning Theory.” In International Conference on Information Systems, 2015. ieee: E. Weishäupl, E. Yasasin, and G. Schryen, “A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory,” in International Conference on Information Systems, 2015. mla: Weishäupl, Eva, et al. “A Multi-Theoretical Literature Review on Information Security Investments Using the Resource-Based View and the Organizational Learning Theory.” International Conference on Information Systems, 2015. short: 'E. Weishäupl, E. Yasasin, G. Schryen, in: International Conference on Information Systems, 2015.' date_created: 2018-11-14T11:25:38Z date_updated: 2022-01-06T07:02:03Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-07T11:45:31Z date_updated: 2018-12-13T15:09:32Z file_id: '6038' file_name: ICIS PROCEEDINGS PAPER - Security Investments.pdf file_size: 958019 relation: main_file file_date_updated: 2018-12-13T15:09:32Z has_accepted_license: '1' keyword: - Information Security - Investment - Literature review - Resource-based View - Organi-zational Learning Theory - Multi-theoretical Perspective language: - iso: eng oa: '1' publication: International Conference on Information Systems status: public title: A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory type: conference user_id: '61579' year: '2015' ... --- _id: '5590' abstract: - lang: eng text: 'Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview.' author: - first_name: Eva full_name: Weishäupl, Eva last_name: Weishäupl - first_name: Michael full_name: Kunz, Michael last_name: Kunz - first_name: Emrah full_name: Yasasin, Emrah last_name: Yasasin - first_name: Gerit full_name: Wagner, Gerit last_name: Wagner - first_name: Julian full_name: Prester, Julian last_name: Prester - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen - first_name: Günther full_name: Pernul, Günther last_name: Pernul citation: ama: 'Weishäupl E, Kunz M, Yasasin E, et al. Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory. In: 2nd International Workshop on Security in Highly Connected IT Systems (SHCIS?15). ; 2015.' apa: Weishäupl, E., Kunz, M., Yasasin, E., Wagner, G., Prester, J., Schryen, G., & Pernul, G. (2015). Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory. In 2nd International Workshop on Security in highly connected IT Systems (SHCIS?15). bibtex: '@inproceedings{Weishäupl_Kunz_Yasasin_Wagner_Prester_Schryen_Pernul_2015, title={Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory}, booktitle={2nd International Workshop on Security in highly connected IT Systems (SHCIS?15)}, author={Weishäupl, Eva and Kunz, Michael and Yasasin, Emrah and Wagner, Gerit and Prester, Julian and Schryen, Guido and Pernul, Günther}, year={2015} }' chicago: Weishäupl, Eva, Michael Kunz, Emrah Yasasin, Gerit Wagner, Julian Prester, Guido Schryen, and Günther Pernul. “Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory.” In 2nd International Workshop on Security in Highly Connected IT Systems (SHCIS?15), 2015. ieee: E. Weishäupl et al., “Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory,” in 2nd International Workshop on Security in highly connected IT Systems (SHCIS?15), 2015. mla: Weishäupl, Eva, et al. “Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory.” 2nd International Workshop on Security in Highly Connected IT Systems (SHCIS?15), 2015. short: 'E. Weishäupl, M. Kunz, E. Yasasin, G. Wagner, J. Prester, G. Schryen, G. Pernul, in: 2nd International Workshop on Security in Highly Connected IT Systems (SHCIS?15), 2015.' date_created: 2018-11-14T11:27:20Z date_updated: 2022-01-06T07:02:04Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-07T11:46:28Z date_updated: 2018-12-13T15:09:54Z file_id: '6040' file_name: Towards an Economic Approach to IAMS.PDF file_size: 166015 relation: main_file file_date_updated: 2018-12-13T15:09:54Z has_accepted_license: '1' keyword: - Identity and Access Management - Economic Decision Making - Information Systems - Information Security Investment - Decision Theory language: - iso: eng oa: '1' publication: 2nd International Workshop on Security in highly connected IT Systems (SHCIS?15) status: public title: Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory type: conference user_id: '61579' year: '2015' ... --- _id: '5621' abstract: - lang: eng text: Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we examine the public record of three recent elections that used Internet voting. Our specific goal is to identify any potential flaws that security experts would recognize, but may have not been identified in the rush to implement technology. To do this, we present a multiple exploratory case study, looking at elections conducted between 2006 and 2007 in Estonia, Netherlands, and Switzerland. These elections were selected as particularly interesting and accessible, and each presents its own technical and security challenges. The electoral environment, technical design and process for each election are described, including reconstruction of details which are implied but not specified within the source material. We found that all three elections warrant significant concern about voter security, verifiability, and transparency. Usability, our fourth area of focus, seems to have been well-addressed in these elections. While our analysis is based on public documents and previously published reports, and therefore lacking access to any confidential materials held by electoral officials, this comparative analysis provides interesting insight and consistent questions across all these cases. Effective review of Internet voting requires an aggressive stance towards identifying potential security and operational flaws, and we encourage the use of third party reviews with critical technology skills during design, programming, and voting to reduce the changes of failure or fraud that would undermine public confidence. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen - first_name: Eliot full_name: Rich, Eliot last_name: Rich citation: ama: 'Schryen G, Rich E. Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \& Security. 2009;4(4 Part):729-744.' apa: 'Schryen, G., & Rich, E. (2009). Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \& Security, 4(4 Part), 729–744.' bibtex: '@article{Schryen_Rich_2009, title={Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland}, volume={4}, number={4 Part}, journal={IEEE Transactions on Information Forensics \& Security}, publisher={IEEE}, author={Schryen, Guido and Rich, Eliot}, year={2009}, pages={729–744} }' chicago: 'Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \& Security 4, no. 4 Part (2009): 729–44.' ieee: 'G. Schryen and E. Rich, “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland,” IEEE Transactions on Information Forensics \& Security, vol. 4, no. 4 Part, pp. 729–744, 2009.' mla: 'Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \& Security, vol. 4, no. 4 Part, IEEE, 2009, pp. 729–44.' short: G. Schryen, E. Rich, IEEE Transactions on Information Forensics \& Security 4 (2009) 729–744. date_created: 2018-11-14T14:06:44Z date_updated: 2022-01-06T07:02:12Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:16:07Z date_updated: 2018-12-18T13:16:07Z file_id: '6316' file_name: JOURNAL VERSION.pdf file_size: 1544790 relation: main_file file_date_updated: 2018-12-18T13:16:07Z has_accepted_license: '1' intvolume: ' 4' issue: 4 Part keyword: - e-voting - Internet voting - Internet election - security - verifiability - RIES - Estonia - Neuch{\^a}tel language: - iso: eng oa: '1' page: 729-744 publication: IEEE Transactions on Information Forensics \& Security publisher: IEEE status: public title: 'Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland' type: journal_article user_id: '61579' volume: 4 year: '2009' ... --- _id: '5625' abstract: - lang: eng text: The increasing availability and deployment of open source software in personal and commercial environments makes open source software highly appealing for hackers, and others who are interested in exploiting software vulnerabilities. This deployment has resulted in a debate ?full of religion? on the security of open source software compared to that of closed source software. However, beyond such arguments, only little quantitative analysis on this research issue has taken place. We discuss the state-of-the-art of the security debate and identify shortcomings. Based on these, we propose new metrics, which allows to answer the question to what extent the review process of open source and closed source development has helped to fix vulnerabilities. We illustrate the application of some of these metrics in a case study on OpenOffice (open source software) vs. Microsoft Office (closed source software). author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen - first_name: Rouven full_name: Kadura, Rouven last_name: Kadura citation: ama: 'Schryen G, Kadura R. Open Source vs. Closed Source Software: Towards Measuring Security. In: 24th Annual ACM Symposium on Applied Computing. ; 2009.' apa: 'Schryen, G., & Kadura, R. (2009). Open Source vs. Closed Source Software: Towards Measuring Security. In 24th Annual ACM Symposium on Applied Computing.' bibtex: '@inproceedings{Schryen_Kadura_2009, title={Open Source vs. Closed Source Software: Towards Measuring Security}, booktitle={24th Annual ACM Symposium on Applied Computing}, author={Schryen, Guido and Kadura, Rouven}, year={2009} }' chicago: 'Schryen, Guido, and Rouven Kadura. “Open Source vs. Closed Source Software: Towards Measuring Security.” In 24th Annual ACM Symposium on Applied Computing, 2009.' ieee: 'G. Schryen and R. Kadura, “Open Source vs. Closed Source Software: Towards Measuring Security,” in 24th Annual ACM Symposium on Applied Computing, 2009.' mla: 'Schryen, Guido, and Rouven Kadura. “Open Source vs. Closed Source Software: Towards Measuring Security.” 24th Annual ACM Symposium on Applied Computing, 2009.' short: 'G. Schryen, R. Kadura, in: 24th Annual ACM Symposium on Applied Computing, 2009.' date_created: 2018-11-14T14:12:27Z date_updated: 2022-01-06T07:02:13Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:14:09Z date_updated: 2018-12-18T13:14:09Z file_id: '6310' file_name: ACM VERSION.pdf file_size: 456497 relation: main_file file_date_updated: 2018-12-18T13:14:09Z has_accepted_license: '1' keyword: - Open source software - Closed source software - Security - Metrics language: - iso: eng oa: '1' publication: 24th Annual ACM Symposium on Applied Computing status: public title: 'Open Source vs. Closed Source Software: Towards Measuring Security' type: conference user_id: '61579' year: '2009' ... --- _id: '5647' abstract: - lang: eng text: Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Schryen G. Security of open source and closed source software: An empirical comparison of published vulnerabilities. In: 15th Americas Conference on Information Systems. ; 2009.' apa: 'Schryen, G. (2009). Security of open source and closed source software: An empirical comparison of published vulnerabilities. In 15th Americas Conference on Information Systems.' bibtex: '@inproceedings{Schryen_2009, title={Security of open source and closed source software: An empirical comparison of published vulnerabilities}, booktitle={15th Americas Conference on Information Systems}, author={Schryen, Guido}, year={2009} }' chicago: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” In 15th Americas Conference on Information Systems, 2009.' ieee: 'G. Schryen, “Security of open source and closed source software: An empirical comparison of published vulnerabilities,” in 15th Americas Conference on Information Systems, 2009.' mla: 'Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” 15th Americas Conference on Information Systems, 2009.' short: 'G. Schryen, in: 15th Americas Conference on Information Systems, 2009.' date_created: 2018-11-14T14:41:24Z date_updated: 2022-01-06T07:02:19Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:16:39Z date_updated: 2018-12-18T13:16:39Z file_id: '6317' file_name: Security of Open Source and Closed Source Software An Empirical - AMCIS Version.pdf file_size: 483690 relation: main_file file_date_updated: 2018-12-18T13:16:39Z has_accepted_license: '1' keyword: - Vulnerabilities - security - open source software - closed source software - empirical comparison language: - iso: eng oa: '1' publication: 15th Americas Conference on Information Systems status: public title: 'Security of open source and closed source software: An empirical comparison of published vulnerabilities' type: conference user_id: '61579' year: '2009' ... --- _id: '5649' abstract: - lang: eng text: The Estonian parliamentary election in 2007 is regarded as a success story of large-scale Internet elections. I use this election in a single case study on practical security to show that low quality of security and its management does not necessarily prevent large-scale Internet elections from being conducted. I also provide research propositions with regard to future challenges for large-scale Internet elections. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Schryen G. Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia. In: 7th Workshop on E-Business (WEB 2008, AIS Special Interest Group on E-Business). ; 2008.' apa: 'Schryen, G. (2008). Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia. In 7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business).' bibtex: '@inproceedings{Schryen_2008, title={Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia}, booktitle={7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business)}, author={Schryen, Guido}, year={2008} }' chicago: 'Schryen, Guido. “Practical Security of Large-Scale Elections: An Exploratory Case Study of Internet Voting in Estonia.” In 7th Workshop on E-Business (WEB 2008, AIS Special Interest Group on E-Business), 2008.' ieee: 'G. Schryen, “Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia,” in 7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business), 2008.' mla: 'Schryen, Guido. “Practical Security of Large-Scale Elections: An Exploratory Case Study of Internet Voting in Estonia.” 7th Workshop on E-Business (WEB 2008, AIS Special Interest Group on E-Business), 2008.' short: 'G. Schryen, in: 7th Workshop on E-Business (WEB 2008, AIS Special Interest Group on E-Business), 2008.' date_created: 2018-11-14T14:43:23Z date_updated: 2022-01-06T07:02:20Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:18:21Z date_updated: 2018-12-18T13:18:21Z file_id: '6320' file_name: Schryen - Practical Security of Large-scale Elections - LNBIP - web version.pdf file_size: 273231 relation: main_file file_date_updated: 2018-12-18T13:18:21Z has_accepted_license: '1' keyword: - Internet voting - large-scale election - Estonian parliamen- tary election - security - security management language: - iso: eng oa: '1' publication: 7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business) status: public title: 'Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia' type: conference user_id: '61579' year: '2008' ... --- _id: '5658' abstract: - lang: eng text: 'Email communication is encumbered with a mass of email messages which their recipients have neither requested nor require. Even worse, the impacts of these messages are far from being simply an annoyance, as they also involve economic damage. This manuscript examines the resource ?email addresses?, which is vital for any potential bulk mailer and spammer. Both a methodology and a honeypot conceptualization for implementing an empirical analysis of the usage of email addresses placed on the Internet are proposed here. Their objective is to assess, on a quantitative basis, the extent of the current harassment and its development over time. This ?framework? is intended to be extensible to measuring the effectiveness of address-obscuring techniques. The implementation of a pilot honeypot is described, which led to key findings, some of them being: (1) Web placements attract more than two-thirds (70\%) of all honeypot spam emails, followed by newsgroup placements (28.6\%) and newsletter subscriptions (1.4\%), (2) the proportions of spam relating to the email addresses? top-level domain can be statistically assumed to be uniformly distributed, (3) More than 43\% of addresses on the web have been abused, whereas about 27\% was the case for addresses on newsgroups and only about 4\% was the case for addresses used for a newsletter subscription, (4) Regarding the development of email addresses? attractiveness for spammers over time, the service ?web sites? features a negative linear relationship, whereas the service ?Usenet? hows a negative exponential relationship. (5) Only 1.54\% of the spam emails showed an interrelation between the topic of the spam email and that of the location where the recipient?s address was placed, so that spammers are assumed to send their emails in a ?context insensitive? manner. The results of the empirical analysis motivate the need for the protection of email addresses through obscuration. We analyze this need by formulating requirements for address obscuring techniques and we reveal to which extent today?s most relevant approaches fulfill these requirements.' author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: Schryen G. The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis. Computers & Security. 2007;2(5):361-372. apa: Schryen, G. (2007). The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis. Computers & Security, 2(5), 361–372. bibtex: '@article{Schryen_2007, title={The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis}, volume={2}, number={5}, journal={Computers & Security}, publisher={Elsevier}, author={Schryen, Guido}, year={2007}, pages={361–372} }' chicago: 'Schryen, Guido. “The Impact That Placing Email Addresses on the Internet Has on the Receipt of Spam ? An Empirical Analysis.” Computers & Security 2, no. 5 (2007): 361–72.' ieee: G. Schryen, “The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis,” Computers & Security, vol. 2, no. 5, pp. 361–372, 2007. mla: Schryen, Guido. “The Impact That Placing Email Addresses on the Internet Has on the Receipt of Spam ? An Empirical Analysis.” Computers & Security, vol. 2, no. 5, Elsevier, 2007, pp. 361–72. short: G. Schryen, Computers & Security 2 (2007) 361–372. date_created: 2018-11-14T14:53:12Z date_updated: 2022-01-06T07:02:22Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:27:01Z date_updated: 2018-12-18T13:27:01Z file_id: '6326' file_name: The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam - An Empirical Analysis - Journal version.pdf file_size: 3026200 relation: main_file file_date_updated: 2018-12-18T13:27:01Z has_accepted_license: '1' intvolume: ' 2' issue: '5' keyword: - Address-obfuscating techniques - email - empirical analysis - honeypot - security by design - security by obscurity - spam language: - iso: eng oa: '1' page: 361-372 publication: Computers & Security publisher: Elsevier status: public title: The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis type: journal_article user_id: '61579' volume: 2 year: '2007' ... --- _id: '39050' abstract: - lang: eng text: Currently, middleware for smart home networks with embedded and mobile devices are in the focus of several investigations. In this paper, we propose a middleware for secure management of device and user profiles by integrating a profile database with a generic authentication scheme for an X.509 enabled ticket management in the context of the OSGi framework. After the introduction of the individual system components and their interaction, we also discuss potential system attacks. author: - first_name: Max full_name: Ziegler, Max last_name: Ziegler - first_name: Wolfgang full_name: Müller, Wolfgang id: '16243' last_name: Müller - first_name: Robbie full_name: Schäfer, Robbie last_name: Schäfer - first_name: Chris full_name: Loeser, Chris last_name: Loeser citation: ama: 'Ziegler M, Müller W, Schäfer R, Loeser C. Secure Profile Management in Smart Home Networks. In: Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005). IEEE; 2005. doi:10.1109/DEXA.2005.171' apa: Ziegler, M., Müller, W., Schäfer, R., & Loeser, C. (2005). Secure Profile Management in Smart Home Networks. Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005). 16th International Workshop on Database and Expert Systems Applications (DEXA’05), Copenhagen, Denmark . https://doi.org/10.1109/DEXA.2005.171 bibtex: '@inproceedings{Ziegler_Müller_Schäfer_Loeser_2005, place={Copenhagen, Denmark }, title={Secure Profile Management in Smart Home Networks}, DOI={10.1109/DEXA.2005.171}, booktitle={Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005)}, publisher={IEEE}, author={Ziegler, Max and Müller, Wolfgang and Schäfer, Robbie and Loeser, Chris}, year={2005} }' chicago: 'Ziegler, Max, Wolfgang Müller, Robbie Schäfer, and Chris Loeser. “Secure Profile Management in Smart Home Networks.” In Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005). Copenhagen, Denmark : IEEE, 2005. https://doi.org/10.1109/DEXA.2005.171.' ieee: 'M. Ziegler, W. Müller, R. Schäfer, and C. Loeser, “Secure Profile Management in Smart Home Networks,” presented at the 16th International Workshop on Database and Expert Systems Applications (DEXA’05), Copenhagen, Denmark , 2005, doi: 10.1109/DEXA.2005.171.' mla: Ziegler, Max, et al. “Secure Profile Management in Smart Home Networks.” Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005), IEEE, 2005, doi:10.1109/DEXA.2005.171. short: 'M. Ziegler, W. Müller, R. Schäfer, C. Loeser, in: Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005), IEEE, Copenhagen, Denmark , 2005.' conference: location: 'Copenhagen, Denmark ' name: 16th International Workshop on Database and Expert Systems Applications (DEXA'05) date_created: 2023-01-24T08:39:45Z date_updated: 2023-01-24T08:39:50Z department: - _id: '672' doi: 10.1109/DEXA.2005.171 keyword: - Intelligent networks - Smart homes - Middleware - Project management - Data security - Ubiquitous computing - Context-aware services - Computer architecture - Home automation - Environmental management language: - iso: eng place: 'Copenhagen, Denmark ' publication: Proceedings of the 1st International Workshop on Secure and Ubiquitous Networks (SUN-2005) publication_identifier: isbn: - 0-7695-2424-9 publisher: IEEE status: public title: Secure Profile Management in Smart Home Networks type: conference user_id: '5786' year: '2005' ... --- _id: '5667' abstract: - lang: eng text: Voting via the Internet is part of electronic government and electronic democracy. However, there are many obstacles which have to be overcome, especially legal restrictions have to be transformed into technical and security solutions. In the first part the article discusses advantages and disadvantages of Internet elections, shows different application fields, and presents important international pilot schemes (political and business ones). in the second part, due to democratic basic principles, technological security aspects are worked out. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen citation: ama: 'Schryen G. E-Democracy: Internet Voting. In: Proceedings of the IADIS International Conference WWW Internet 2003. Vol. 2. Algarve: IADIS Press; 2003:1017-1021.' apa: 'Schryen, G. (2003). E-Democracy: Internet Voting. In Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2 (pp. 1017–1021). Algarve: IADIS Press.' bibtex: '@inbook{Schryen_2003, place={Algarve}, title={E-Democracy: Internet Voting}, booktitle={Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2}, publisher={IADIS Press}, author={Schryen, Guido}, year={2003}, pages={1017–1021} }' chicago: 'Schryen, Guido. “E-Democracy: Internet Voting.” In Proceedings of the IADIS International Conference WWW Internet 2003. Vol. 2, 1017–21. Algarve: IADIS Press, 2003.' ieee: 'G. Schryen, “E-Democracy: Internet Voting,” in Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2, Algarve: IADIS Press, 2003, pp. 1017–1021.' mla: 'Schryen, Guido. “E-Democracy: Internet Voting.” Proceedings of the IADIS International Conference WWW Internet 2003. Vol. 2, IADIS Press, 2003, pp. 1017–21.' short: 'G. Schryen, in: Proceedings of the IADIS International Conference WWW Internet 2003. Vol. 2, IADIS Press, Algarve, 2003, pp. 1017–1021.' date_created: 2018-11-14T15:01:49Z date_updated: 2022-01-06T07:02:25Z department: - _id: '277' extern: '1' keyword: - Internet Voting - Online polls - E-Democracy - Security language: - iso: eng page: 1017-1021 place: Algarve publication: Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2 publisher: IADIS Press status: public title: 'E-Democracy: Internet Voting' type: book_chapter user_id: '61579' year: '2003' ...