Refine
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (307) (remove)
Document Type
- Conference Object (201)
- Article (60)
- Part of a Book (13)
- Book (monograph, edited volume) (7)
- Contribution to a Periodical (7)
- Doctoral Thesis (5)
- Conference Proceedings (4)
- Preprint (4)
- Report (3)
- Lecture (2)
- Research Data (1)
Year of publication
Keywords
- Usable Security (11)
- DPA (6)
- Privacy (6)
- Robotics (6)
- HTTP (5)
- security (5)
- Cloud (4)
- GDPR (4)
- Machine Learning (4)
- Power Analysis (4)
- REST (4)
- Risk-based Authentication (4)
- Usable Privacy (4)
- Web (4)
- Authentication (3)
- Big Data Analysis (3)
- Cooperative Awareness Message (3)
- Fault analysis (3)
- IP protection (3)
- Intelligent Transport System (3)
- Java <Programmiersprache> (3)
- Pseudonym Concept (3)
- Python <Programmiersprache> (3)
- SOA (3)
- Security (3)
- Side Channel Analysis (3)
- Stochastic Model (3)
- Vehicular Ad hoc Networks (3)
- visualization (3)
- web caching (3)
- web services (3)
- Basic Access Control (2)
- Boolean Masking (2)
- Cloud Security (2)
- Computersicherheit (2)
- E-Passport (2)
- Embedded software (2)
- Host-Based Code Injection Attacks (2)
- Human-Centered Design (2)
- LOTUS Sensor Node (2)
- MESD (2)
- MRTD (2)
- Malware (2)
- Malware analysis (2)
- Memory forensics (2)
- Mobility modeling (2)
- Password (2)
- Public Key Infrastructure (2)
- Rapid Prototyping (2)
- Risk-based Authentication (RBA) (2)
- SEMA (2)
- SOAP (2)
- Side Channel Cryptanalysis (2)
- Side-channel analysis (2)
- Smart Card (2)
- Software (2)
- TLS (2)
- Template Attack (2)
- Testing (2)
- TinyECC 2.0 (2)
- Usable Security and Privacy (2)
- User Interface Design (2)
- Vehicle-to-Vehicle Communication (2)
- WS-Security (2)
- Wireless Sensor Network (2)
- XML Signature (2)
- XML Signature Wrapping (2)
- knowledge learning (2)
- neural networks (2)
- usable privacy (2)
- virtual reality (2)
- AES (1)
- AES hardware (1)
- AMD Family 15h (1)
- API Documentation (1)
- API usability (1)
- ARM Cortex M3 Processor (1)
- Account (Datenverarbeitung) (1)
- Account Security (1)
- Adaptive Media Streaming (1)
- Adaptive Streaming (1)
- Advance Encryption Standard (1)
- Adversarial Model (1)
- Affective computing (1)
- Agent-oriented software engineering (1)
- Analysis (1)
- Antifuse memory (1)
- Artificial Intelligence (1)
- Assistive robots (1)
- Attacks and Attack Implementations (1)
- Authentication features (1)
- Authentifikation (1)
- Authorship watermark (1)
- Autonomous Systems (1)
- Bag of Features (1)
- Beacon Chain (1)
- Behaviour-Driven Development (1)
- Benchmarking (1)
- Biometrics (1)
- Black Hole (1)
- Block cipher (1)
- Boolean and arithmetic operations (1)
- Botnet tracking (1)
- Botnets (1)
- Browser cache (1)
- COPACOBANA (1)
- CPA (1)
- CPUID instruction (1)
- CRT (1)
- CUDA (1)
- Cache Poisoning (1)
- Cache line fingerprinting (1)
- Cache-independent (1)
- Certificates (1)
- Chip ID (1)
- Cipher Block Chain (1)
- Cloud Computing security (1)
- Cloud Malware Injection (1)
- Cloud Standards (1)
- CoAP (1)
- Code Generation (1)
- Code similarity analysis (1)
- Common Criteria (1)
- Component Models (1)
- Computer Security (1)
- Conficker (1)
- Conformance Testing (1)
- Content Security Policies (1)
- Conversational Interface (1)
- Cooperative Intelligent Transport Systems (ITS) (1)
- Counterfeit protection (1)
- Countermeasures (1)
- Covert channel (1)
- Cross-core (1)
- Cryptography (1)
- Cyber Attacks (1)
- Cyber Security (1)
- Cybercrime (1)
- Cybercrime Legislation (1)
- Cypher (1)
- D [Software] (1)
- DASH (1)
- DEMA (1)
- DES (1)
- DFA Lab (1)
- DNSSEC (1)
- DPA Lab (1)
- Data Compression (1)
- Data Generation (1)
- Data Protection Officer (1)
- Data Reduction (1)
- Data Tiles (1)
- Denial of Service (1)
- Design patterns (1)
- Developer Centered Security (1)
- Difference-coding (1)
- Differential Side Channel Cryptanalysis (1)
- Differential analysis (1)
- Differential side-channel analysis (1)
- Differentielle Kryptoanalyse (1)
- Digital Ecosystem (1)
- Digital signatures (1)
- Digital watermarking (1)
- Disaster Area (1)
- Disaster area scenario (1)
- Distance Bounding (1)
- Domain Expert (1)
- Domain-Specific Modeling Languages, (1)
- Domestic service robots (1)
- E-Health (1)
- EM Algorithm (1)
- EM leakage (1)
- Earth Observation (1)
- Eclipse Modeling Framework (1)
- Eingebettetes System (1)
- Electromagnetic Analysis (1)
- Electronic Immobilizer (1)
- Elliptic Curve Cryptography (1)
- Employee Privacy (1)
- Employee data protection (1)
- Ethereum (1)
- Evaluation (1)
- Expert Interviews (1)
- Explainability (1)
- FPGA implementation (1)
- Fake Link (1)
- Fault Channel Watermarking Lab (1)
- Fault-channel watermarks (1)
- Fehlerbehandlung (1)
- File carving (1)
- Fingerprint watermark (1)
- Fragmented files (1)
- Frontend architecture (1)
- Full-text Search (1)
- Gaussian Mixture Models (1)
- Graphics Cards (1)
- HMAC-construction (1)
- HTML5 (1)
- HTTPS (1)
- Hardware Testbed (1)
- Header whitelisting (1)
- High-Order Attacks (1)
- Higher-Order Analysis (1)
- Higher-Order Side Channel Analysis (1)
- Human factors (1)
- Human robot interaction (1)
- Human-Robot Interaction (1)
- Human-Robot-Interaction (HRI) (1)
- Human-agent interaction (1)
- Humanoid Robot (1)
- IC identification (1)
- IDEA (1)
- ISO 27000 (1)
- IT-Sicherheitsanforderungen (1)
- Implementation Attack (1)
- Implementation Challenges (1)
- Information Privacy (1)
- Information hiding (1)
- Informational self-determination (1)
- Informationssicherheit (1)
- Instruction scheduling (1)
- Integrate Development Environment (1)
- Interactive Smart Card Applications (1)
- Intermediaries (1)
- Internet Technology (1)
- IoT services security (1)
- JOSE (1)
- JPEGs (1)
- JSON (1)
- Key Search Machine (1)
- Language Engineering (1)
- Large-Scale Online Services (1)
- Leakage circuits (1)
- Legal metrology (1)
- Live Streaming (1)
- Login (1)
- MRTD Cracker (1)
- Mafia Attack (1)
- Malware Detection (1)
- Manipulation tasks (1)
- Maximum Likelihood Principle (1)
- Mental Models (1)
- Message Authentication (1)
- Microarchitectural Data Sampling (MDS) (1)
- Microservices (1)
- Minimum Principle (1)
- Mobility Model (1)
- Model-Based Software Development (1)
- Model-Driven Engineering (1)
- Model-based Approach (1)
- Model-based engineering approaches to AI safety (1)
- Model-driven Development (1)
- Model-driven engineering (1)
- Motion Generator (1)
- Motor Control Unit (1)
- Multi-hop Net-works (1)
- Multimedia Communication (1)
- Multimedia forensics (1)
- Multithreaded and multicore architecture (1)
- Multivariate Analyse (1)
- Multivariate Side Channel Analysis (1)
- Neural Machine Translation (1)
- Online Services (1)
- OpenStack (1)
- PHR (1)
- Partial Data Protection (1)
- Partial Signature (1)
- PartialEncryption (1)
- Password Masking (1)
- Password Visualization (1)
- Passwords (1)
- Passwort (1)
- People Detection (1)
- Performance (1)
- Performance Analysis (1)
- Performance Evaluation (1)
- Periodic structures (1)
- Personal Health Record (1)
- Phishing (1)
- Physical Security (1)
- Physikalischer Effekt (1)
- Plagiat (1)
- Privacy engineering (1)
- Privacy in the workplace (1)
- Privacy patterns (1)
- Privacy perceptions (1)
- Process Models (1)
- Proof of Stake (1)
- Public Key Infrastructures (1)
- Push-based Streaming (1)
- QoS (1)
- RACS (1)
- RBAR (1)
- RC6 (1)
- REST security (1)
- RF Eavesdropper (1)
- RFID (1)
- RGB-D (1)
- RSA (1)
- Rank correlation (1)
- Re-authentication (1)
- Reference Architectural Model Automotive (RAMA) (1)
- Requirements (1)
- Requirements Engineering (1)
- Restful Web Services (1)
- Reusable Software (1)
- Right to Informational Self-Determination (1)
- Risk-Based Account Recovery (1)
- Robot Perception (1)
- Robot software (1)
- Robotics competitions (1)
- Robots (1)
- Runtime AI safety monitoring (1)
- Runtime Adaptation (1)
- SAML (1)
- SELMA (1)
- SHA-1 (1)
- SQL (1)
- SaaS (1)
- ScalarMultiplication (1)
- Schutzobjekte (1)
- Second-Order DPA (1)
- Secure Cloud Storage (1)
- Secure Coding Practices (1)
- Secure data transfer (1)
- Security APIs (1)
- Security Approaches (1)
- Security Protocol (1)
- Seitenkanalattacke (1)
- Semantic gap (1)
- Semantic scene understanding (1)
- Semi-Virtual Testbed (1)
- Service-Oriented Architecture (1)
- Sichere Kommunikation Kritische Infrastrukturen (1)
- Side Channel Countermeasures (1)
- Side Channel Cryptanalysis, Stochastic Methods (1)
- Side Channel Watermarking Lab (1)
- Side channel attack (1)
- Side channels (1)
- Side-channel watermarking (1)
- Similarity matrix (1)
- Simulator (1)
- Smart Card User Interface Design, Interactive Smart Card Applications (1)
- SmartMANET Jamming (1)
- Software Architectures (1)
- Software Development Process (1)
- Software IP protection (1)
- Software Security (1)
- Software and Architecture (1)
- Software reverse engineering (1)
- Stream cipher (1)
- Stuxnet (1)
- Support Vector Machine (1)
- TOGBAD (1)
- Tactical Wireless Multi-hop Networks (1)
- Tamper-Proof Hardware (1)
- Tampering (1)
- Template Attacks (1)
- Template attacks (1)
- Templates (1)
- Testing Tool (1)
- Thin Client (1)
- Timing analysis (1)
- Timing channel (1)
- Transponder (1)
- Trusted Computing (1)
- Two-factor Authentication (1)
- UAV teleoperation (1)
- UI-Dressing (1)
- URI (1)
- Usability (1)
- User experience design (1)
- User-Centered Design (1)
- User-centered privacy engineering (1)
- VLSI (1)
- Variability Management (1)
- Variability Resolution (1)
- Vehicle-2-Infrastructure Kommunikation (1)
- Vehicle-2-Vehicle Communication (1)
- Vehicle-2-Vehicle Kommunikation (1)
- Vehicle-to- Vehicle Communication (V2V) (1)
- Vehicle-to-Infrastructure Communication (1)
- Vehicle-to-Infrastructure Communication (V2I) (1)
- Vehicle-to-Vehicle Com- munication (1)
- Vehicular Ad hoc Networks (VANETs) (1)
- Video (1)
- Warnings (1)
- Watermarking (1)
- Web Browser (1)
- Web Browser Cache (1)
- Web Information Systems and Technologies (1)
- Web Interfaces and Applications (1)
- Web Portal (1)
- Web Security (1)
- Web Service (1)
- Web Service Security (1)
- Web Services and Web Engineering (1)
- WebSocket (1)
- WebSockets (1)
- Wind Fields (1)
- Wind Flow Visualization (1)
- Wireless multi-hop networks (1)
- Wizard of Oz (1)
- Workflow (1)
- Worm Hole (1)
- XAI (1)
- XML (1)
- XML Security (1)
- XSpRES (1)
- ZombieLoad (1)
- analyses (1)
- analysis (1)
- attacks (1)
- benchmarking (1)
- blockchain (1)
- caching (1)
- classifier combination (1)
- clustering (1)
- cognitive agents (1)
- component based (1)
- cooperation (1)
- crawling (1)
- cryptanalytic attacks (1)
- cryptographic apis (1)
- denial-of-service (1)
- developer console (1)
- distributed systems (1)
- domestic robots (1)
- eavesdropping (1)
- embedded systems (1)
- emotion recognition (1)
- employee privacy (1)
- end-to-end security (1)
- factor analysis (1)
- feature extraction (1)
- focus groups (1)
- force sensing (1)
- human-centred design (1)
- humanoidrobot (1)
- industrial robots (1)
- informational self-determination (1)
- interactive-learning (1)
- intervention mechanisms (1)
- intrusion detection (1)
- latent class analysis (1)
- link quality (1)
- machine learning (1)
- manipulation (1)
- mental models (1)
- model-driven engineering (1)
- modular reduction (1)
- multi robot systems (1)
- network (1)
- neural-networks (1)
- object categorization (1)
- participatory design (1)
- privacy at work (1)
- privacy by design (1)
- property-based testing for robots (1)
- radio-frequency identification (RFID) systems (1)
- remote-controlled robots (1)
- reproducible node motion (1)
- reverse engineering, malware, machine learning (1)
- robot competitions (1)
- robotics (1)
- routing attacks (1)
- routing metrics (1)
- run-time adaptation (1)
- security and privacy literacy (1)
- security warning design (1)
- sensor fusion (1)
- services (1)
- signature (1)
- simulation (1)
- simulation-based robot testing (1)
- slip detection (1)
- smartcard (1)
- social robots (1)
- software development (1)
- software variability (1)
- structural equation modeling (1)
- tactical environments (1)
- tactical multi-hop networks (1)
- tactile sensing (1)
- transparency-enhancing technologies (1)
- usable privacy controls (1)
- usable secure email (1)
- user interface design (1)
- verification and validation of robot action execution (1)
- virtual-reality (1)
- web (1)
- web services security (1)
- website (1)
- wormhole detection (1)
Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries’ APIs. Therefore, functionality is the main focus of contemporary API documentation, while cross-cutting concerns such as security are almost never considered at all, especially when the API itself does not provide security features. Documentations of JavaScript libraries for use in web applications, e.g., do not specify how to add or adapt a Content Security Policy (CSP) to mitigate content injection attacks like Cross-Site Scripting (XSS). This is unfortunate, as security-relevant API documentation might have an influence on secure coding practices and prevailing major vulnerabilities such as XSS. For the first time, we study the effects of integrating security-relevant information in non-security API documentation. For this purpose, we took CSP as an exemplary study object and extended the official Google Maps JavaScript API documentation with security-relevant CSP information in three distinct manners. Then, we evaluated the usage of these variations in a between-group eye-tracking lab study involving N=49 participants. Our observations suggest: (1) Developers are focused on elements with code examples. They mostly skim the documentation while searching for a quick solution to their programming task. This finding gives further evidence to results of related studies. (2) The location where CSP-related code examples are placed in non-security API documentation significantly impacts the time it takes to find this security-relevant information. In particular, the study results showed that the proximity to functional-related code examples in documentation is a decisive factor. (3) Examples significantly help to produce secure CSP solutions. (4) Developers have additional information needs that our approach cannot meet.
Overall, our study contributes to a first understanding of the impact of security-relevant information in non-security API documentation on CSP implementation. Although further research is required, our findings emphasize that API producers should take responsibility for adequately documenting security aspects and thus supporting the sensibility and training of developers to implement secure systems. This responsibility also holds in seemingly non-security relevant contexts.
In Fortführung zu den drei erfolgreichen „Usable Security und Privacy“ Workshops der letzten drei Jahre, sollen in einem vierten ganztätigen wissenschaftlichen Workshop auf der diesjährigen Mensch und Computer sechs bis acht Arbeiten auf dem Gebiet Usable Security and Privacy vorgestellt und diskutiert werden. Vorgesehen sind Beiträge aus Forschung und Praxis, die neue nutzerzentrierte Ansätze aber auch praxisrelevante Lösungen zur nutzerzentrierten Entwicklung und Ausgestaltung von digitalen Schutzmechanismen thematisieren. Mit dem Workshop soll das etablierte Forum weiterentwickelt werden, in dem sich Experten aus unterschiedlichen Domänen, z. B. dem Usability-Engineering und Security-Engineering, transdisziplinär austauschen können. Der Workshop wird von den Organisatoren als klassischer wissenschaftlicher Workshop ausgestaltet. Ein Programmkomitee bewertet die Einreichungen und wählt daraus die zur Präsentation akzeptierten Beiträge aus. Diese werden zudem im Poster- und Workshopband der Mensch und Computer 2018 veröffentlicht.
Bei der sechsten Ausgabe des wissenschaftlichen Workshops ”Usable Security und Privacy” auf der Mensch und Computer 2020 werden wie in den vergangenen Jahren aktuelle Forschungs- und Praxisbeiträge präsentiert und anschließend mit allen Teilnehmenden diskutiert. Drei Beiträge befassen sich dieses Jahr mit dem Thema Privatsphäre, einer mit dem Thema Sicherheit. Mit dem Workshop wird ein etabliertes Forum fortgeführt und weiterentwickelt, in dem sich Expert*innen aus unterschiedlichen Domänen, z. B. dem Usability- und Security-Engineering, transdisziplinär austauschen können.
Auch die mittlerweile siebte Ausgabe des wissenschaftlichen Workshops “Usable Security und Privacy” auf der Mensch und Computer 2021 wird aktuelle Forschungs- und Praxisbeiträge präsentiert und anschließend mit allen Teilnehmer:innen diskutiert. Zwei Beiträge befassen sich dieses Jahr mit dem Thema Privatsphäre, zwei mit dem Thema Sicherheit. Mit dem Workshop wird ein etabliertes Forum fortgeführt und weiterentwickelt, in dem sich Expert:innen aus unterschiedlichen Domänen, z. B. dem Usability- und Security- Engineering, transdisziplinär austauschen können.
Ziel der achten Auflage des wissenschaftlichen Workshops “Usable Security and Privacy” auf der Mensch und Computer 2022 ist es, aktuelle Forschungs- und Praxisbeiträge zu präsentieren und anschließend mit den Teilnehmenden zu diskutieren. Der Workshop soll ein etabliertes Forum fortführen und weiterentwickeln, in dem sich Experten aus verschiedenen Bereichen, z. B. Usability und Security Engineering, transdisziplinär austauschen können.
Ziel der neunten Ausgabe des wissenschaftlichen Workshops "Usable Security und Privacy" auf der Mensch und Computer 2023 ist es, aktuelle Forschungs- und Praxisbeiträge auf diesem Gebiet zu präsentieren und mit den Teilnehmer:innen zu diskutieren. Getreu dem Konferenzmotto "Building Bridges" soll mit dem Workshop ein etabliertes Forum fortgeführt und weiterentwickelt werden, in dem sich Expert:innen, Forscher:innen und Praktiker:innen aus unterschiedlichen Domänen transdisziplinär zum Thema Usable Security und Privacy austauschen können. Das Thema betrifft neben dem Usability- und Security-Engineering unterschiedliche Forschungsgebiete und Berufsfelder, z. B. Informatik, Ingenieurwissenschaften, Mediengestaltung und Psychologie. Der Workshop richtet sich an interessierte Wissenschaftler:innen aus all diesen Bereichen, aber auch ausdrücklich an Vertreter:innen der Wirtschaft, Industrie und öffentlichen Verwaltung.