83 Publications
2024 | Conference Paper | LibreCat-ID: 54863
Schmüser J, Ramulu HS, Wöhler N, et al. Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter. In: Mueller F ’Floyd’, Kyburz P, Williamson JR, et al., eds. Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI 2024, Honolulu, HI, USA, May 11-16, 2024. ACM; 2024:574:1–574:16. doi:10.1145/3613904.3642826
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 54862
Boughton L, Miller C, Acar Y, Wermke D, Kästner C. Decomposing and Measuring Trust in Open-Source Software Supply Chains. In: Proceedings of the 2024 {ACM/IEEE} 44th International Conference on Software Engineering: New Ideas and Emerging Results, NIER@ICSE 2024, Lisbon, Portugal, April 14-20, 2024. ACM; 2024:57–61. doi:10.1145/3639476.3639775
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 54864
Horstmann SA, Domiks S, Gutfleisch M, et al. “Those things are written by lawyers, and programmers are reading that.” Mapping the Communication Gap Between Software Developers and Privacy Experts. Proc Priv Enhancing Technol. 2024;2024(1):151–170. doi:10.56553/POPETS-2024-0010
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 55633
Höltervennhoff S, Wöhler N, Möhle A, et al. A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55632
Fischer K, Trummová I, Gajland P, Acar Y, Fahl S, Sasse MA. The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55634
Fourné M, Braga DDA, Jancar J, et al. “These results must be false”: A usability evaluation of constant-time analysis tools. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55636
Huaman N, Suray J, Klemmer JH, et al. “You have to read 50 different RFCs that contradict each other”: An Interview Study on the Experiences of Implementing Cryptographic Standards. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55641
Panahi K, Robertson S, Acar Y, Bardas AG, Kohno T, Simko L. "But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55642
Ramulu HS, Schmitt H, Wermke D, Acar Y. Security and Privacy Software Creators’ Perspectives on Unintended Consequences. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Journal Article | LibreCat-ID: 58368
Zahan N, Acar Y, Cukier M, et al. S3C2 Summit 2023-11: Industry Secure Supply Chain Summit. CoRR. 2024;abs/2408.16529. doi:10.48550/ARXIV.2408.16529
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 58369
Tystahl G, Acar Y, Cukier M, et al. S3C2 Summit 2024-03: Industry Secure Supply Chain Summit. CoRR. 2024;abs/2405.08762. doi:10.48550/ARXIV.2405.08762
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 56624 | 
Kostan A, Olschar S, Simko L, Acar Y. Exploring digital security and privacy in relative poverty in Germany through qualitative interviews. In: 33rd USENIX Security Symposium (USENIX Security 24). ; 2024:2029–2046.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 47306
Herbert F, Becker S, Schaewitz L, et al. A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries. In: Schmidt A, Väänänen K, Goyal T, et al., eds. Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, April 23-28, 2023. ACM; 2023:582:1–582:23. doi:10.1145/3544548.3581410
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47304
Wermke D, Klemmer JH, Wöhler N, et al. “Always Contribute Back”: A Qualitative Study on Security Challenges of the Open Source Supply Chain. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:1545–1560. doi:10.1109/SP46215.2023.10179378
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47299
Krause A, Klemmer JH, Huaman N, Wermke D, Acar Y, Fahl S. Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47310
Fourné M, Wermke D, Enck W, Fahl S, Acar Y. It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:1527–1544. doi:10.1109/SP46215.2023.10179320
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47311
Munyendo CW, Acar Y, Aviv AJ. “In Eighty Percent of the Cases, I Select the Password for Them”: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:570–587. doi:10.1109/SP46215.2023.10179410
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47303
Keküllüoglu D, Acar Y. “We are a startup to the core”: A qualitative interview study on the security and privacy development practices in Turkish software startups. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:2015–2031. doi:10.1109/SP46215.2023.10179339
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47296
Kohno T, Acar Y, Loh W. Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations. CoRR. 2023;abs/2302.14326. doi:10.48550/arXiv.2302.14326
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47305
Amft S, Höltervennhoff S, Huaman N, Acar Y, Fahl S. “Would You Give the Same Priority to the Bank and a Game? I Do Not!” Exploring Credential Management Strategies and Obstacles during Password Manager Setup. In: Kelley PG, Kapadia A, eds. Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023. USENIX Association; 2023:171–190.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47301
Höltervennhoff S, Klostermeyer P, Wöhler N, Acar Y, Fahl S. “I wouldn’t want my unsafe code to run my pacemaker”: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47298
Mink J, Kaur H, Schmüser J, Fahl S, Acar Y. “Security is not my field, I’m a stats guy”: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47842
Fourné M, Wermke D, Enck W, Fahl S, Acar Y. It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In: 2023 IEEE Symposium on Security and Privacy (SP). IEEE; 2023. doi:10.1109/sp46215.2023.10179320
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47295
Amft S, Höltervennhoff S, Huaman N, et al. Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication. CoRR. 2023;abs/2306.09708. doi:10.48550/arXiv.2306.09708
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47294
Tran M, Acar Y, Cucker M, et al. S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit. CoRR. 2023;abs/2307.15642. doi:10.48550/arXiv.2307.15642
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47293
Dunlap T, Acar Y, Cucker M, et al. S3C2 Summit 2023-02: Industry Secure Supply Chain Summit. CoRR. 2023;abs/2307.16557. doi:10.48550/arXiv.2307.16557
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47292
Enck W, Acar Y, Cukier M, Kapravelos A, Kästner C, Williams LA. S3C2 Summit 2023-06: Government Secure Supply Chain Summit. CoRR. 2023;abs/2308.06850. doi:10.48550/arXiv.2308.06850
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47300
Kohno T, Acar Y, Loh W. Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47312
Neil L, Sri Ramulu H, Acar Y, Reaves B. Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice. In: Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023. USENIX Association; 2023:283–299.
LibreCat
2023 | Journal Article | LibreCat-ID: 47291
Klemmer JH, Gutfleisch M, Stransky C, Acar Y, Sasse MA, Fahl S. “Make Them Change it Every Week!”: A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication. CoRR. 2023;abs/2309.00744. doi:10.48550/arXiv.2309.00744
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53362
Amft S, Höltervennhoff S, Huaman N, et al. “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. In: Meng W, Jensen CD, Cremers C, Kirda E, eds. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023. ACM; 2023:3138–3152. doi:10.1145/3576915.3623180
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
Krüger S, Reif M, Wickert A-K, et al. Securing Your Crypto-API Usage Through Tool Support - A Usability Study. In: 2023 IEEE Secure Development Conference (SecDev). IEEE; 2023. doi:10.1109/secdev56634.2023.00015
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53369
Amft S, Höltervennhoff S, Huaman N, et al. “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ; 2023:3138–3152.
LibreCat
2023 | Journal Article | LibreCat-ID: 53368
Fourné M, Wermke D, Fahl S, Acar Y. A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda. IEEE Security & Privacy. 2023;21(6):59–63.
LibreCat
2023 | Conference Paper | LibreCat-ID: 53366
Tran M, Munyendo CW, Sri Ramulu H, et al. Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study. In: 2024 IEEE Symposium on Security and Privacy (SP). ; 2023:4–4.
LibreCat
2023 | Journal Article | LibreCat-ID: 53348
Fourné M, Wermke D, Fahl S, Acar Y. A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda. IEEE Secur Priv. 2023;21(6):59–63. doi:10.1109/MSEC.2023.3316569
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 53352
Simko L, Sri Ramulu H, Kohno T, Acar Y. The Use and Non-Use of Technology During Hurricanes. Proc ACM Hum Comput Interact. 2023;7(CSCW2):1–54. doi:10.1145/3610215
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048
LibreCat
| Files available
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 47289
Huaman N, Krause A, Wermke D, et al. If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers. In: Chiasson S, Kapadia A, eds. Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022. USENIX Association; 2022:313–330.
LibreCat
2022 | Conference Paper | LibreCat-ID: 47844
Jancar J, Fourné M, Braga DDA, et al. “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks. In: 2022 IEEE Symposium on Security and Privacy (SP). IEEE; 2022. doi:10.1109/sp46214.2022.9833713
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47286
Gutfleisch M, Klemmer JH, Busch N, Acar Y, Sasse MA, Fahl S. How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:893–910. doi:10.1109/SP46214.2022.9833756
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47287
Stransky C, Wiese O, Roth V, Acar Y, Fahl S. 27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:860–875. doi:10.1109/SP46214.2022.9833755
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47283
Kaur H, Amft S, Votipka D, Acar Y, Fahl S. Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. In: Butler KRB, Thomas K, eds. 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. USENIX Association; 2022:4041–4058.
LibreCat
2022 | Journal Article | LibreCat-ID: 47290
Huaman N, Amft S, Oltrogge M, Acar Y, Fahl S. They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web. IEEE Secur Priv. 2022;20(2):49–60. doi:10.1109/MSEC.2021.3123795
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47843
Wermke D, Wohler N, Klemmer JH, Fourné M, Acar Y, Fahl S. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In: 2022 IEEE Symposium on Security and Privacy (SP). IEEE; 2022. doi:10.1109/sp46214.2022.9833686
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47288
Jancar J, Fourné M, Braga DDA, et al. “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:632–649. doi:10.1109/SP46214.2022.9833713
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47285
Wermke D, Wöhler N, Klemmer JH, Fourné M, Acar Y, Fahl S. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:1880–1896. doi:10.1109/SP46214.2022.9833686
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47284
Munyendo CW, Acar Y, Aviv AJ. “Desperate Times Call for Desperate Measures”: User Concerns with Mobile Loan Apps in Kenya. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:2304–2319. doi:10.1109/SP46214.2022.9833779
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 47281
Krause A, Klemmer JH, Huaman N, Wermke D, Acar Y, Fahl S. Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories. CoRR. 2022;abs/2211.06213. doi:10.48550/arXiv.2211.06213
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47265
Huaman N, von Skarczinski B, Stransky C, et al. A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:1235–1252.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47268
Stransky C, Wermke D, Schrader J, et al. On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security. In: Chiasson S, ed. Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021. USENIX Association; 2021:437–454.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47267
Huaman N, Amft S, Oltrogge M, Acar Y, Fahl S. They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE; 2021. doi:10.1109/sp40001.2021.00094
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47266
Haney JM, Acar Y, Furman S. “It’s the Company, the Government, You and I”: User Perceptions of Responsibility for Smart Home Privacy and Security. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:411–428.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47264
Oltrogge M, Huaman N, Amft S, Acar Y, Backes M, Fahl S. Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:4347–4364.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47269
Neil L, Bouma-Sims E, Lafontaine E, Acar Y, Reaves B. Investigating Web Service Account Remediation Advice. In: Chiasson S, ed. Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021. USENIX Association; 2021:359–376.
LibreCat
2021 | Dissertation | LibreCat-ID: 47271
Acar Y. Human Factors in Secure Software Development. University of Marburg, Germany; 2021.
LibreCat
2020 | Book Chapter | LibreCat-ID: 47261
Haney JM, Furman SM, Acar Y. Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges. In: HCI for Cybersecurity, Privacy and Trust. Springer International Publishing; 2020. doi:10.1007/978-3-030-50309-3_26
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47260
Wermke D, Huaman N, Stransky C, Busch N, Acar Y, Fahl S. Cloudy with a Chance of Misconceptions: Exploring Users’ Perceptions and Expectations of Security and Privacy in Cloud Office Suites. In: Lipford HR, Chiasson S, eds. Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020. USENIX Association; 2020:359–377.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47262
Gorski PL, Acar Y, Lo Iacono L, Fahl S. Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM; 2020. doi:10.1145/3313831.3376142
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47879
Haney J, Furman S, Acar Y. Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges. In: International Conference on Human-Computer Interaction, Copenhagen, -1; 2020.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47253
Wu Y, Gupta P, Wei M, Acar Y, Fahl S, Ur B. Your Secrets Are Safe. In: Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. ACM Press; 2018. doi:10.1145/3178876.3186088
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47255
Haney JM, Theofanos M, Acar Y, Prettyman SS. “We make it a big deal in the company”: Security Mindsets in Organizations that Develop Cryptographic Products. In: Zurko ME, Lipford HR, eds. Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018. USENIX Association; 2018:357–373.
LibreCat
2018 | Report | LibreCat-ID: 47876
Haney J, Theofanos M, Acar Y, Prettyman SS. Organizational Views of NIST Cryptographic Standards and Testing and Validation Programs. National Institute of Standards and Technology; 2018. doi:10.6028/nist.ir.8241
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47256
Gorski PL, Iacono LL, Wermke D, et al. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In: Zurko ME, Lipford HR, eds. Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018. USENIX Association; 2018:265–281.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47254
Oltrogge M, Derr E, Stransky C, et al. The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE; 2018. doi:10.1109/sp.2018.00005
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47252
Wermke D, Huaman N, Acar Y, Reaves B, Traynor P, Fahl S. A Large Scale Investigation of Obfuscation Use in Google Play. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. ACM; 2018:222–235. doi:10.1145/3274694.3274726
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47249
Derr E, Bugiel S, Fahl S, Acar Y, Backes M. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2017. doi:10.1145/3133956.3134059
LibreCat
| DOI
2017 | Journal Article | LibreCat-ID: 47309
Acar Y, Backes M, Fahl S, Kim D, Mazurek ML, Stransky C. How Internet Resources Might Be Helping You Develop Faster but Less Securely. IEEE Secur Priv. 2017;15(2):50–60. doi:10.1109/MSP.2017.24
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47245
Stransky C, Acar Y, Nguyen DC, et al. Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers. In: Fernandez JM, Payer M, eds. 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017. USENIX Association; 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 47243
Fischer F, Böttinger K, Xiao H, et al. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. IEEE Computer Society; 2017:121–136. doi:10.1109/SP.2017.31
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47250
Nguyen DC, Wermke D, Acar Y, Backes M, Weir C, Fahl S. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2017. doi:10.1145/3133956.3133977
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47248
Acar Y, Stransky C, Wermke D, Weir C, Mazurek ML, Fahl S. Developers Need Support, Too: A Survey of Security Advice for Software Developers. In: 2017 IEEE Cybersecurity Development (SecDev). IEEE; 2017. doi:10.1109/secdev.2017.17
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47242
Acar Y, Fahl S, Mazurek ML. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In: 2016 IEEE Cybersecurity Development (SecDev). IEEE; 2017. doi:10.1109/secdev.2016.013
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47246
Acar Y, Backes M, Fahl S, et al. Comparing the Usability of Cryptographic APIs. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE; 2017. doi:10.1109/sp.2017.52
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47244
Acar Y, Stransky C, Wermke D, Mazurek ML, Fahl S. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. In: Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017. USENIX Association; 2017:81–95.
LibreCat
2017 | Report | LibreCat-ID: 47873
Redmiles EM, Acar Y, Fahl S, Mazurek ML. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers. University of Maryland Computer Science Department; 2017. doi:10.13016/M22K2W
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47240
Acar Y, Backes M, Bugiel S, Fahl S, McDaniel P, Smith M. SoK: Lessons Learned from Android Security Research for Appified Software Platforms. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE; 2016. doi:10.1109/sp.2016.33
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47239
Dechand S, Schürmann D, Busse K, Acar Y, Fahl S, Smith M. An Empirical Study of Textual Key-Fingerprint Representations. In: Holz T, Savage S, eds. 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. USENIX Association; 2016:193–208.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47241
Acar Y, Backes M, Fahl S, Kim D, Mazurek ML, Stransky C. You Get Where You’re Looking for: The Impact of Information Sources on Code Security. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE; 2016. doi:10.1109/sp.2016.25
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47233
Perl H, Dechand S, Smith M, et al. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM; 2015. doi:10.1145/2810103.2813604
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47232
Oltrogge M, Acar Y, Dechand S, Smith M, Fahl S. To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections. In: Jung J, Holz T, eds. 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. USENIX Association; 2015:239–254.
LibreCat
2014 | Conference Paper | LibreCat-ID: 47162
Fahl S, Acar Y, Perl H, Smith M. Why eve and mallory (also) love webmasters. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM; 2014. doi:10.1145/2590296.2590341
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 47161
Fahl S, Harbach M, Acar Y, Smith M. On the ecological validity of a password study. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM; 2013. doi:10.1145/2501604.2501617
LibreCat
| DOI
83 Publications
2024 | Conference Paper | LibreCat-ID: 54863
Schmüser J, Ramulu HS, Wöhler N, et al. Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter. In: Mueller F ’Floyd’, Kyburz P, Williamson JR, et al., eds. Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI 2024, Honolulu, HI, USA, May 11-16, 2024. ACM; 2024:574:1–574:16. doi:10.1145/3613904.3642826
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 54862
Boughton L, Miller C, Acar Y, Wermke D, Kästner C. Decomposing and Measuring Trust in Open-Source Software Supply Chains. In: Proceedings of the 2024 {ACM/IEEE} 44th International Conference on Software Engineering: New Ideas and Emerging Results, NIER@ICSE 2024, Lisbon, Portugal, April 14-20, 2024. ACM; 2024:57–61. doi:10.1145/3639476.3639775
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 54864
Horstmann SA, Domiks S, Gutfleisch M, et al. “Those things are written by lawyers, and programmers are reading that.” Mapping the Communication Gap Between Software Developers and Privacy Experts. Proc Priv Enhancing Technol. 2024;2024(1):151–170. doi:10.56553/POPETS-2024-0010
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 55633
Höltervennhoff S, Wöhler N, Möhle A, et al. A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55632
Fischer K, Trummová I, Gajland P, Acar Y, Fahl S, Sasse MA. The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55634
Fourné M, Braga DDA, Jancar J, et al. “These results must be false”: A usability evaluation of constant-time analysis tools. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55636
Huaman N, Suray J, Klemmer JH, et al. “You have to read 50 different RFCs that contradict each other”: An Interview Study on the Experiences of Implementing Cryptographic Standards. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55641
Panahi K, Robertson S, Acar Y, Bardas AG, Kohno T, Simko L. "But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55642
Ramulu HS, Schmitt H, Wermke D, Acar Y. Security and Privacy Software Creators’ Perspectives on Unintended Consequences. In: Balzarotti D, Xu W, eds. 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024. USENIX Association; 2024.
LibreCat
2024 | Journal Article | LibreCat-ID: 58368
Zahan N, Acar Y, Cukier M, et al. S3C2 Summit 2023-11: Industry Secure Supply Chain Summit. CoRR. 2024;abs/2408.16529. doi:10.48550/ARXIV.2408.16529
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 58369
Tystahl G, Acar Y, Cukier M, et al. S3C2 Summit 2024-03: Industry Secure Supply Chain Summit. CoRR. 2024;abs/2405.08762. doi:10.48550/ARXIV.2405.08762
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 56624 |
Kostan A, Olschar S, Simko L, Acar Y. Exploring digital security and privacy in relative poverty in Germany through qualitative interviews. In: 33rd USENIX Security Symposium (USENIX Security 24). ; 2024:2029–2046.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 47306
Herbert F, Becker S, Schaewitz L, et al. A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries. In: Schmidt A, Väänänen K, Goyal T, et al., eds. Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, April 23-28, 2023. ACM; 2023:582:1–582:23. doi:10.1145/3544548.3581410
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47304
Wermke D, Klemmer JH, Wöhler N, et al. “Always Contribute Back”: A Qualitative Study on Security Challenges of the Open Source Supply Chain. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:1545–1560. doi:10.1109/SP46215.2023.10179378
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47299
Krause A, Klemmer JH, Huaman N, Wermke D, Acar Y, Fahl S. Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47310
Fourné M, Wermke D, Enck W, Fahl S, Acar Y. It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:1527–1544. doi:10.1109/SP46215.2023.10179320
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47311
Munyendo CW, Acar Y, Aviv AJ. “In Eighty Percent of the Cases, I Select the Password for Them”: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:570–587. doi:10.1109/SP46215.2023.10179410
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47303
Keküllüoglu D, Acar Y. “We are a startup to the core”: A qualitative interview study on the security and privacy development practices in Turkish software startups. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE; 2023:2015–2031. doi:10.1109/SP46215.2023.10179339
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47296
Kohno T, Acar Y, Loh W. Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations. CoRR. 2023;abs/2302.14326. doi:10.48550/arXiv.2302.14326
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47305
Amft S, Höltervennhoff S, Huaman N, Acar Y, Fahl S. “Would You Give the Same Priority to the Bank and a Game? I Do Not!” Exploring Credential Management Strategies and Obstacles during Password Manager Setup. In: Kelley PG, Kapadia A, eds. Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023. USENIX Association; 2023:171–190.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47301
Höltervennhoff S, Klostermeyer P, Wöhler N, Acar Y, Fahl S. “I wouldn’t want my unsafe code to run my pacemaker”: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47298
Mink J, Kaur H, Schmüser J, Fahl S, Acar Y. “Security is not my field, I’m a stats guy”: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47842
Fourné M, Wermke D, Enck W, Fahl S, Acar Y. It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In: 2023 IEEE Symposium on Security and Privacy (SP). IEEE; 2023. doi:10.1109/sp46215.2023.10179320
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47295
Amft S, Höltervennhoff S, Huaman N, et al. Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication. CoRR. 2023;abs/2306.09708. doi:10.48550/arXiv.2306.09708
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47294
Tran M, Acar Y, Cucker M, et al. S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit. CoRR. 2023;abs/2307.15642. doi:10.48550/arXiv.2307.15642
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47293
Dunlap T, Acar Y, Cucker M, et al. S3C2 Summit 2023-02: Industry Secure Supply Chain Summit. CoRR. 2023;abs/2307.16557. doi:10.48550/arXiv.2307.16557
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47292
Enck W, Acar Y, Cukier M, Kapravelos A, Kästner C, Williams LA. S3C2 Summit 2023-06: Government Secure Supply Chain Summit. CoRR. 2023;abs/2308.06850. doi:10.48550/arXiv.2308.06850
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47300
Kohno T, Acar Y, Loh W. Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations. In: Calandrino JA, Troncoso C, eds. 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023. USENIX Association; 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47312
Neil L, Sri Ramulu H, Acar Y, Reaves B. Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice. In: Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023. USENIX Association; 2023:283–299.
LibreCat
2023 | Journal Article | LibreCat-ID: 47291
Klemmer JH, Gutfleisch M, Stransky C, Acar Y, Sasse MA, Fahl S. “Make Them Change it Every Week!”: A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication. CoRR. 2023;abs/2309.00744. doi:10.48550/arXiv.2309.00744
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53362
Amft S, Höltervennhoff S, Huaman N, et al. “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. In: Meng W, Jensen CD, Cremers C, Kirda E, eds. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023. ACM; 2023:3138–3152. doi:10.1145/3576915.3623180
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
Krüger S, Reif M, Wickert A-K, et al. Securing Your Crypto-API Usage Through Tool Support - A Usability Study. In: 2023 IEEE Secure Development Conference (SecDev). IEEE; 2023. doi:10.1109/secdev56634.2023.00015
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53369
Amft S, Höltervennhoff S, Huaman N, et al. “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ; 2023:3138–3152.
LibreCat
2023 | Journal Article | LibreCat-ID: 53368
Fourné M, Wermke D, Fahl S, Acar Y. A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda. IEEE Security & Privacy. 2023;21(6):59–63.
LibreCat
2023 | Conference Paper | LibreCat-ID: 53366
Tran M, Munyendo CW, Sri Ramulu H, et al. Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study. In: 2024 IEEE Symposium on Security and Privacy (SP). ; 2023:4–4.
LibreCat
2023 | Journal Article | LibreCat-ID: 53348
Fourné M, Wermke D, Fahl S, Acar Y. A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda. IEEE Secur Priv. 2023;21(6):59–63. doi:10.1109/MSEC.2023.3316569
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 53352
Simko L, Sri Ramulu H, Kohno T, Acar Y. The Use and Non-Use of Technology During Hurricanes. Proc ACM Hum Comput Interact. 2023;7(CSCW2):1–54. doi:10.1145/3610215
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048
LibreCat
| Files available
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 47289
Huaman N, Krause A, Wermke D, et al. If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers. In: Chiasson S, Kapadia A, eds. Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022. USENIX Association; 2022:313–330.
LibreCat
2022 | Conference Paper | LibreCat-ID: 47844
Jancar J, Fourné M, Braga DDA, et al. “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks. In: 2022 IEEE Symposium on Security and Privacy (SP). IEEE; 2022. doi:10.1109/sp46214.2022.9833713
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47286
Gutfleisch M, Klemmer JH, Busch N, Acar Y, Sasse MA, Fahl S. How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:893–910. doi:10.1109/SP46214.2022.9833756
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47287
Stransky C, Wiese O, Roth V, Acar Y, Fahl S. 27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:860–875. doi:10.1109/SP46214.2022.9833755
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47283
Kaur H, Amft S, Votipka D, Acar Y, Fahl S. Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. In: Butler KRB, Thomas K, eds. 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. USENIX Association; 2022:4041–4058.
LibreCat
2022 | Journal Article | LibreCat-ID: 47290
Huaman N, Amft S, Oltrogge M, Acar Y, Fahl S. They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web. IEEE Secur Priv. 2022;20(2):49–60. doi:10.1109/MSEC.2021.3123795
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47843
Wermke D, Wohler N, Klemmer JH, Fourné M, Acar Y, Fahl S. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In: 2022 IEEE Symposium on Security and Privacy (SP). IEEE; 2022. doi:10.1109/sp46214.2022.9833686
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47288
Jancar J, Fourné M, Braga DDA, et al. “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:632–649. doi:10.1109/SP46214.2022.9833713
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47285
Wermke D, Wöhler N, Klemmer JH, Fourné M, Acar Y, Fahl S. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:1880–1896. doi:10.1109/SP46214.2022.9833686
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47284
Munyendo CW, Acar Y, Aviv AJ. “Desperate Times Call for Desperate Measures”: User Concerns with Mobile Loan Apps in Kenya. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE; 2022:2304–2319. doi:10.1109/SP46214.2022.9833779
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 47281
Krause A, Klemmer JH, Huaman N, Wermke D, Acar Y, Fahl S. Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories. CoRR. 2022;abs/2211.06213. doi:10.48550/arXiv.2211.06213
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47265
Huaman N, von Skarczinski B, Stransky C, et al. A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:1235–1252.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47268
Stransky C, Wermke D, Schrader J, et al. On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security. In: Chiasson S, ed. Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021. USENIX Association; 2021:437–454.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47267
Huaman N, Amft S, Oltrogge M, Acar Y, Fahl S. They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE; 2021. doi:10.1109/sp40001.2021.00094
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47266
Haney JM, Acar Y, Furman S. “It’s the Company, the Government, You and I”: User Perceptions of Responsibility for Smart Home Privacy and Security. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:411–428.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47264
Oltrogge M, Huaman N, Amft S, Acar Y, Backes M, Fahl S. Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In: Bailey M, Greenstadt R, eds. 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. USENIX Association; 2021:4347–4364.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47269
Neil L, Bouma-Sims E, Lafontaine E, Acar Y, Reaves B. Investigating Web Service Account Remediation Advice. In: Chiasson S, ed. Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021. USENIX Association; 2021:359–376.
LibreCat
2021 | Dissertation | LibreCat-ID: 47271
Acar Y. Human Factors in Secure Software Development. University of Marburg, Germany; 2021.
LibreCat
2020 | Book Chapter | LibreCat-ID: 47261
Haney JM, Furman SM, Acar Y. Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges. In: HCI for Cybersecurity, Privacy and Trust. Springer International Publishing; 2020. doi:10.1007/978-3-030-50309-3_26
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47260
Wermke D, Huaman N, Stransky C, Busch N, Acar Y, Fahl S. Cloudy with a Chance of Misconceptions: Exploring Users’ Perceptions and Expectations of Security and Privacy in Cloud Office Suites. In: Lipford HR, Chiasson S, eds. Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020. USENIX Association; 2020:359–377.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47262
Gorski PL, Acar Y, Lo Iacono L, Fahl S. Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM; 2020. doi:10.1145/3313831.3376142
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47879
Haney J, Furman S, Acar Y. Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges. In: International Conference on Human-Computer Interaction, Copenhagen, -1; 2020.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47253
Wu Y, Gupta P, Wei M, Acar Y, Fahl S, Ur B. Your Secrets Are Safe. In: Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW ’18. ACM Press; 2018. doi:10.1145/3178876.3186088
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47255
Haney JM, Theofanos M, Acar Y, Prettyman SS. “We make it a big deal in the company”: Security Mindsets in Organizations that Develop Cryptographic Products. In: Zurko ME, Lipford HR, eds. Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018. USENIX Association; 2018:357–373.
LibreCat
2018 | Report | LibreCat-ID: 47876
Haney J, Theofanos M, Acar Y, Prettyman SS. Organizational Views of NIST Cryptographic Standards and Testing and Validation Programs. National Institute of Standards and Technology; 2018. doi:10.6028/nist.ir.8241
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47256
Gorski PL, Iacono LL, Wermke D, et al. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In: Zurko ME, Lipford HR, eds. Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018. USENIX Association; 2018:265–281.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47254
Oltrogge M, Derr E, Stransky C, et al. The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE; 2018. doi:10.1109/sp.2018.00005
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47252
Wermke D, Huaman N, Acar Y, Reaves B, Traynor P, Fahl S. A Large Scale Investigation of Obfuscation Use in Google Play. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. ACM; 2018:222–235. doi:10.1145/3274694.3274726
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47249
Derr E, Bugiel S, Fahl S, Acar Y, Backes M. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2017. doi:10.1145/3133956.3134059
LibreCat
| DOI
2017 | Journal Article | LibreCat-ID: 47309
Acar Y, Backes M, Fahl S, Kim D, Mazurek ML, Stransky C. How Internet Resources Might Be Helping You Develop Faster but Less Securely. IEEE Secur Priv. 2017;15(2):50–60. doi:10.1109/MSP.2017.24
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47245
Stransky C, Acar Y, Nguyen DC, et al. Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers. In: Fernandez JM, Payer M, eds. 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017. USENIX Association; 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 47243
Fischer F, Böttinger K, Xiao H, et al. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. IEEE Computer Society; 2017:121–136. doi:10.1109/SP.2017.31
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47250
Nguyen DC, Wermke D, Acar Y, Backes M, Weir C, Fahl S. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2017. doi:10.1145/3133956.3133977
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47248
Acar Y, Stransky C, Wermke D, Weir C, Mazurek ML, Fahl S. Developers Need Support, Too: A Survey of Security Advice for Software Developers. In: 2017 IEEE Cybersecurity Development (SecDev). IEEE; 2017. doi:10.1109/secdev.2017.17
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47242
Acar Y, Fahl S, Mazurek ML. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In: 2016 IEEE Cybersecurity Development (SecDev). IEEE; 2017. doi:10.1109/secdev.2016.013
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47246
Acar Y, Backes M, Fahl S, et al. Comparing the Usability of Cryptographic APIs. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE; 2017. doi:10.1109/sp.2017.52
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47244
Acar Y, Stransky C, Wermke D, Mazurek ML, Fahl S. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. In: Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017. USENIX Association; 2017:81–95.
LibreCat
2017 | Report | LibreCat-ID: 47873
Redmiles EM, Acar Y, Fahl S, Mazurek ML. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers. University of Maryland Computer Science Department; 2017. doi:10.13016/M22K2W
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47240
Acar Y, Backes M, Bugiel S, Fahl S, McDaniel P, Smith M. SoK: Lessons Learned from Android Security Research for Appified Software Platforms. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE; 2016. doi:10.1109/sp.2016.33
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47239
Dechand S, Schürmann D, Busse K, Acar Y, Fahl S, Smith M. An Empirical Study of Textual Key-Fingerprint Representations. In: Holz T, Savage S, eds. 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. USENIX Association; 2016:193–208.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47241
Acar Y, Backes M, Fahl S, Kim D, Mazurek ML, Stransky C. You Get Where You’re Looking for: The Impact of Information Sources on Code Security. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE; 2016. doi:10.1109/sp.2016.25
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47233
Perl H, Dechand S, Smith M, et al. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM; 2015. doi:10.1145/2810103.2813604
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47232
Oltrogge M, Acar Y, Dechand S, Smith M, Fahl S. To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections. In: Jung J, Holz T, eds. 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. USENIX Association; 2015:239–254.
LibreCat
2014 | Conference Paper | LibreCat-ID: 47162
Fahl S, Acar Y, Perl H, Smith M. Why eve and mallory (also) love webmasters. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM; 2014. doi:10.1145/2590296.2590341
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 47161
Fahl S, Harbach M, Acar Y, Smith M. On the ecological validity of a password study. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM; 2013. doi:10.1145/2501604.2501617
LibreCat
| DOI