Publications

2021

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites
Nicolas Huaman, Sabrina Amft, Marten Oltrogge, Yasemin Acar, Sascha Fahl
IEEE Symposium on Security and Privacy - Oakland'21

A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises
Nicolas Huaman, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, Sascha Fahl
USENIX Security Symposium - SEC'21

Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications
Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, Sascha Fahl
USENIX Security Symposium - SEC'21

2020

Cloudy with a Chance of Misconceptions: Exploring Users’ Perceptions and Expectations of Security and Privacy in Cloud Office Suites
Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Yasemin Acar, Sascha Fahl
Symposium on Usable Privacy and Security - SOUPS'20

From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security
Charles Weir, Ben Hermann, Sascha Fahl
USENIX Security Symposium - SEC'20

Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs
Peter Leo Gorski, Yasemin Acar, Luigi Lo Iacono, Sascha Fahl
ACM CHI Conference on Human Factors in Computing Systems - CHI'20

2019

(Un)informed Consent: Studying GDPR Consent Notices in the Field
Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz
ACM Conference on Computer and Communications Security - CCS'19

Do We Snooze If We Can’t Lose? Modelling Risk with Incentives in Habituation User Studies
Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, Matthew Smith
Proceedings USEC 2019 - USEC'19

2018

A Large Scale Investigation of Obfuscation Use in Google Play
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Brad Reaves, Patrick Traynor, Sascha Fahl
Proceedings of the 2018 Annual Computer Security Applications Conference - ACSAC'18

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse
Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel
USENIX Security Symposium - SEC'18

Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse
Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl
Symposium on Usable Privacy and Security - SOUPS'18

Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode
Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, Blase Ur
The Web Conference 2018 - WWW'18

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Marten Oltrogge, Erik Derr, Christian Stransky, Sven Bugiel, Giancarlo Pellegrino, Christian Rossow, Sascha Fahl, Yasemin Acar, Michael Backes
IEEE Symposium on Security and Privacy - Oakland'18

2017

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz
ACM Conference on Computer and Communications Security - CCS'17

A Stitch in Time: Supporting Android Developers in Writing Secure Code
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl
ACM Conference on Computer and Communications Security - CCS'17

Keep me updated: An Empirical Study of Third-Party Library Updatability on Android
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes
ACM Conference on Computer and Communications Security - CCS'17

Developers Need Support, Too: A Survey of Security Advice for Software Developers
Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle Mazurek, Sascha Fahl
IEEE Secure Development Conference - SecDev'17

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers
Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Elissa M. Redmiles, Doowon Kim, Michael Backes, Simson Garfinkel, Michelle Mazurek, Sascha Fahl
USENIX Workshop on Cyber Security Experimentation and Test - CSET'17

Security Developer Studies with GitHub Users: Exploring a Convenience Sample
Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle Mazurek, Sascha Fahl
Symposium on Usable Privacy and Security - SOUPS'17

Comparing the Usability of Cryptographic APIs
Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle Mazurek, Christian Stransky
IEEE Symposium on Security and Privacy - Oakland'17

Stack Overflow Considered Harmful? The Impact of Copy & Paste on Android Application Security
Felix Fischer, Konstantin Böttinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, Sascha Fahl
IEEE Symposium on Security and Privacy - Oakland'17

How Internet Resources Might Be Helping You Develop Faster but Less Securely
Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle Mazurek, Christian Stransky
IEEE Security and Privacy Magazine 2017

2016

You Are Not Your Developer, Either: A Research Agenda For Usable Security and Privacy Research Beyond End Users
Yasemin Acar, Sascha Fahl, Michelle Mazurek
IEEE Secure Development Conference - SecDev'16

An Empirical Study of Textual Key-Fingerprint Representations
Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl, Matthew Smith
USENIX Security Symposium - SEC'16

You Get Where You’re Looking For - The Impact of Information Sources on Code Security
Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle Mazurek, Christian Stransky
IEEE Symposium on Security and Privacy - Oakland'16

SoK: Lessons Learned From Android Security Research For Appified Software Platforms
Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick McDaniel, Matthew Smith
IEEE Symposium on Security and Privacy - Oakland'16

2015

To Pin or Not to Pin - Helping App Developers To Bulletproof Their TLS Connections
Marten Oltrogge, Yasemin Acar, Sergej Dechand, Matthew Smith, Sascha Fahl
USENIX Security Symposium - SEC'15

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
Henning Perl, Daniel Arp, Sergej Dechand, Sascha Fahl, Yasemin Acar, Fabian Yamaguchi, Konrad Rieck, Matthew Smith
ACM Conference on Computer and Communications Security - CCS'15

SoK: Secure Messaging
Nick Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith
IEEE Symposium on Security and Privacy - Oakland'15

2014

Who’s Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness
Marian Harbach, Sascha Fahl, Matthew Smith
Computer Security Foundations Symposium - CSF'14

Why Eve and Mallory (Also) Love Webmasters: A Study on the Root Causes of SSL Misconfigurations
Sascha Fahl, Yasemin Acar, Henning Perl, Matthew Smith
ACM Symposium on Information, Computer and Communications Security - AsiaCCS'14

Hey, NSA: Stay Away from my Market! Future Proofing App Markets Against Powerful Attackers
Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrceck, Matthew Smith
ACM Conference on Computer and Communications Security - CCS'14

You Won’t Be Needing These Any More: On Removing Unused Certificates From Trust Stores
Henning Perl, Sascha Fahl, Matthew Smith
Conference on Financial Cryptography and Data Security - FC'14

2013

Rethinking SSL Development in an Appified World
Sascha Fahl, Marian Harbach, Henning Perl, Markus Kötter, Matthew Smith
ACM Conference on Computer and Communications Security - CCS'13

Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers
Sascha Fahl, Marian Harbach, Marten Oltrogge, Thomas Muders, Matthew Smith
Conference on Financial Cryptography and Data Security - FC'13

On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards
Marian Harbach, Sascha Fahl, Matthias Rieger, Matthew Smith
Privacy Enhancing Technologies Symposium - PETS'13

On The Ecological Validity of a Password Study
Sascha Fahl, Marian Harbach, Yasemin Acar, Matthew Smith
Symposium on Usable Privacy and Security - SOUPS'13

2012

Why Eve and Mallory Love Android: An Analysis of SSL (In)Security
Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, Matthew Smith
ACM Conference on Computer and Communications Security - CCS'12

Helping Johnny 2.0 to Encrypt His Facebook Conversations
Sascha Fahl, Marian Harbach, Thomas Muders, Uwe Sanders, Matthew Smith
Symposium on Usable Privacy and Security - SOUPS'12