SIT_Logo

Publications

2017

Andreas Poller; Laura Kocksch; Sven Türpe; Felix Anand Epp; Katharina Kinder-Kurlanda: Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group. Forthcoming: 20th ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW'17), February 25–March 1, 2017, Portland, OR, USA. DOI: 10.1145/2998181.2998191, © ACM. [BibTeX]

Sven Türpe; Jürgen Geuter; Andreas Poller: Emission statt Transaktion: Weshalb das klassische Datenschutzparadigma nicht mehr funktioniert. In: Friedewald, M.; Roßnagel, A.; Lamla, J. (Hrsg.) (2017): Informationelle Selbstbestimmung im digitalen Wandel. Wiesbaden: Springer Vieweg (DuD-Fachbeiträge, hrsg. von H. Reimer, K. Rihaczek, A. Roßnagel) [BibTeX]

2016

Philipp Holzinger; Stefan Triller; Alexandre Bartel; Eric Bodden: An In-Depth Study of More Than Ten Years of Java Exploitation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16), Vienna, Austria, Oct. 24-28, 2016. DOI: 10.1145/2976749.2978361, © authors. [BibTeX]
Artifacts: ccs2016-artifacts-v01.zip

Sven Türpe; Laura Kocksch; Andreas Poller: Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team. 2nd Workshop on Security Information Workers, Denver, CO, 22 June 2016. © authors. [BibTeX]
(see also our CSCW'17 paper for more detail)

Andreas Poller; Laura Kocksch; Katharina Kinder-Kurlanda; Felix Anand Epp: First-time Security Audits As a Turning Point? Challenges for Security Practices in an Industry Software Development Team. Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems. DOI: 10.1145/2851581.2892392, © authors/ACM. [BibTeX]
(see also our CSCW'17 paper for more detail)

Sven Türpe: Idea: Usable Platforms for Secure Programming - Mining Unix for Insight and Guidelines. Engineering Secure Software and Systems (Proc. ESSoS'16), LNCS 9639. DOI: 10.1007/978-3-319-30806-7_13, © Springer. [BibTeX]

2015

Mauro Baluda; Andreas Fuchs; Philipp Holzinger; Lotfi ben Othmane; Andreas Poller; Jürgen Repp; Johannes Späth; Jan Steffan; Stefan Triller; Eric Bodden: Security Analysis of TrueCrypt. Fraunhofer Institute for Secure Information Technology (SIT) for the German Federal Office for Information Security (BSI), 2015. [BibTeX]

Mauro Baluda; Andreas Fuchs; Philipp Holzinger; Lotfi ben Othmane; Andreas Poller; Jürgen Repp; Johannes Späth; Jan Steffan; Stefan Triller; Eric Bodden: Sicherheitsanalyse TrueCrypt. Fraunhofer-Institut für Sichere Informationstechnologie (SIT) im Auftrag des Bundesamts für Sicherheit in der Informationstechnik (BSI), 2015. [BibTeX]

Andreas Kramm; Petra Ilyes; Andreas Poller; Laura Kocksch: Studying the Effects of SNS Users’ Alternative Privacy Strategies With an Activity Tracking Tool. CSCW '15 The Future of Networked Privacy: Challenges and Opportunities Workshop, Vancouver, British Columbia, Canada. [BibTeX]

2014

Andreas Poller; Sven Türpe; Katharina Kinder-Kurlanda: An Asset to Security Modeling? Analyzing Stakeholder Collaborations Instead of Threats to Assets. New Security Paradigms Workshop (NSPW'14), Victoria, BC, September 15-18, 2014. DOI: 10.1145/2683467.2683474 [BibTeX]

Steffen Bartsch; Bernhard J. Berger; Eric Bodden; Achim D. Brucker; Jens Heider; Mehmet Kus; Sönke Maseberg; Karsten Sohr; Melanie Volkamer: Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen. GI SICHERHEIT 2014, Sicherheit – Schutz und Zuverlässigkeit, Fachtagung, 19.-21. März 2014, Wien. [BibTeX]

Andreas Poller; Andreas Kramm; Petra Ilyes; Laura Kocksch: Investigating OSN Users’ Privacy Strategies With In-Situ Observation. CSCW Companion ’14, Baltimore, 2014. DOI: 10.1145/2556420.2556508, © ACM. [BibTeX]

Jens Heider: Die Gretchenfrage: Wie halten Sie's mit der App-Sicherheit? Datenschutz und Datensicherheit - DuD 38(1), Januar 2014, S. 15-19. DOI: 10.1007/s11623-014-0005-0, © Autor / Springer Gabler. [BibTeX]

Sven Türpe; Annika Selzer; Andreas Poller; Mark Bedner: Denkverbote für Star-Trek-Computer? Datenschutz und Datensicherheit - DuD 38(1), Januar 2014, S. 31-35. DOI: 10.1007/s11623-014-0008-x, © Autoren / Springer Gabler. [BibTeX]

Jim Whitmore; Sven Türpe; Stefan Triller; Andreas Poller; Christina Carlson: Threat analysis in the software development lifecycle. IBM Journal of Research and Development 58(1), 2014. DOI: 10.1147/JRD.2013.2288060, © IBM. [BibTeX]

2013

Andreas Poller; Ulrich Waldmann: Soziale Netzwerke bewusst nutzen. Ein Dossier zu Datenschutz, Privatsphärenschutz und Unternehmenssicherheit. SIT Technical Reports, SIT-TR-2013-02, August 2013. [BibTeX]

Christian Breitenstrom; Clemens Micklisch; Małgorzata Mochól; Jürgen Baum; Clemens Pflüger; Jan Steffan: Sicherheitsstudie Content Management System (CMS). Studie, Bundesamt für Sicherheit in der Informationstechnik, 2013. [BibTeX]

Andreas Poller; Petra Ilyes; Andreas Kramm: Designing privacy-aware online social networks - A reflective socio-technical approach. CSCW ’13 Measuring Networked Social Privacy Workshop, February 23-27, 2013, San Antonio, Texas, USA. [BibTeX]

Jens Heider: Angriffsflächen von Alleskönnern. Smart Devices im Produktionsumfeld. IT-Sicherheit 01/2013, S. 48-52. [BibTeX]

2012

Jörn Eichler; Andreas Fuchs; Nico Lincke: Supporting Security Engineering at Design Time with Adequate Tooling. 15th IEEE International Conference on Computational Science and Engineering (CSE 2012), Paphos, Cyprus, December 5-7, 2012. DOI: 10.1109/ICCSE.2012.34, © IEEE. [BibTeX]

Jörn Eichler: SecEPM: A Security Engineering Process Model for Electronic Business Processes. International Conference on e-Business Engineering (ICEBE 2012), Hangzhou, China, September 9-11, 2012. DOI: 10.1109/icebe.2012.41, © IEEE. [BibTeX]

Sven Türpe: Point-and-Shoot Security Design: Can We Build Better Tools for Developers? New Security Paradigms Workshop 2012 (NSPW’12), Bertinoro, Italy, September 19-21, 2012. DOI: 10.1145/2413296.2413300, © ACM. [BibTeX]

Jörn Eichler: Towards a Security Engineering Process Model for Electronic Business Processes. Extended abstract; European Dependable Computing Conference (EDCC 2012). [BibTeX]

Jens Heider; Rachid El Khayari: Geht Ihr Smartphone fremd? Datenschutz und Datensicherheit - DuD 36(2012)3. DOI: 10.1007/s11623-012-0056-z, © Vieweg+Teubner | GWV. [BibTeX]

Sven Türpe: Warum Googles Datensammeln gar nicht so böse ist. golem.de, 2012. Überarbeitete Fassung der Blogserie Datenkrake Google, Erich sieht - Sicherheit anders, http://erichsieht.wordpress.com, 2012. [BibTeX]

Andreas Poller; Martin Steinebach; Huajian Liu: Robust Image Obfuscation for Privacy Protection in Web 2.0 Applications. Proceedings of SPIE Vol. 8303 - Media Watermarking, Security, and Forensics 2012, SPIE, 2012. DOI: 10.1117/12.908587 [BibTeX]

Andreas Poller; Ulrich Waldmann; Sven Vowé; Sven Türpe: Electronic Identity Cards for User Authentication – Promise and Practice. IEEE Security and Privacy Magazine, vol. 10, no. 1 (jan/feb) 2012. DOI: 10.1109/MSP.2011.148, © IEEE. [BibTeX]

2011

Jörn Eichler; Roland Rieke: Model-based Situational Security Analysis. 6th International Workshop models@run.time, Wellington, New Zealand, 17 October 2011. [BibTeX]

Jens Heider; Rachid El Khayari: iOS Keychain Weakness FAQ. Report, Fraunhofer Institute for Secure Information Technology (SIT), May 6, 2011; updated 2012-12-05. [BibTeX]

Jörn Eichler; Mike Bona-Stecki; Thomas Wiezcorek: Sicherheitsverwalter. Management-Werkzeuge für die Informationssicherheit. iX Magazin 06/2011. [BibTeX]

Sven Türpe: Search-based Application Security Testing: Towards a Structured Search Space. 4th International Workshop on Search-Based Software Testing (SBST’11), March 21, 2011, Berlin, Germany. DOI: 10.1109/ICSTW.2011.96, © IEEE. [BibTeX]

Jens Heider; Matthias Boll: Lost iPhone? Lost Passwords! Practical Consideration of iOS Device Encryption Security. Report, Fraunhofer Institute for Secure Information Technology (SIT), February 9, 2011. [BibTeX]

Jörn Eichler: Modellgetriebener IT-Grundschutz: Erstellung und Analyse von IT-Sicherheitskonzeptionen in offenen Werkzeugketten. in: Tagungsband des 12. Deutschen IT-Sicherheitskongresses, 2011. [BibTeX]
[slides]

Jörn Eichler: Lightweight Modeling and Analysis of Security Concepts. in: Engineering Secure Software and Systems. Third International Symposium, ESSoS 2011, Madrid, Spain, February 9-10, 2011, Proceedings, pp. 128-141, LNCS 6542, Springer. DOI: 10.1007/978-3-642-19125-1_10, © Springer. [BibTeX]

2010

Thomas Heumann; Sven Türpe; Jörg Keller: Quantifying the Attack Surface of a Web Application. In: Felix C. Freiling (Hrsg.): Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) 5.-7. Oktober 2010 in Berlin, GI-Edition - Lecture Notes in Informatics (LNI), P-170, Bonner Köllen Verlag, 2010. [BibTeX]

Jörn Eichler; Sven Türpe: Produktivsysteme sicher testen. Praktische Vorsichtsmaßnahmen für Penetrationstests. <kes> 2010#2, Mai 2010. [BibTeX]

2009

Sven Türpe: What Is the Shape of Your Security Policy? Security as a Classification Problem. New Security Paradigms Workshop (NSPW), September 8-11, 2009, Oxford, United Kingdom. DOI: 10.1145/1719030.1719035, © ACM. [BibTeX]

Sven Türpe; Jörn Eichler: Testing Production Systems Safely: Common Precautions in Penetration Testing. Testing: Academic and Industrial Conference-Practice and Research Techniques (TAIC PART 2009), 4-6 September 2009, Windsor, United Kingdom. DOI: 10.1109/TAICPART.2009.17, © IEEE. [BibTeX]

Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. 2nd International Conference on Trusted Computing (Trust 2009), Oxford, UK; April 6-8th. DOI: 10.1007/978-3-642-00587-9_12, © Springer. [BibTeX]
(see also our demonstration video)

Dr. Roland Steidle; Dr. Ulrich Pordesch; Katja Seitz; Jan Steffan: Chrome mit Kratzern: Google’s Webbrowser und der Datenschutz. DuD – Datenschutz und Datensicherheit 01/2009. DOI: 10.1007/s11623-009-0010-x, © Springer. [BibTeX]

2008

Andreas Poller: Privatsphärenschutz in Soziale-Netzwerke-Plattformen. Studie; Fraunhofer-Institut SIT; 25. September 2008; 124 Seiten. [BibTeX]

Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. Research Workshop on Challenges for Trusted Computing at the 3rd European Trusted Infrastructure Summer School (ETISS 2008). [BibTeX]
(superseded by Trust 2009 version)

Sven Türpe; Andreas Poller; Jürgen Repp; Jan Trukenmüller; Christian Bornmann: Supporting Security Testers in Discovering Injection Flaws. 3rd IEEE Testing: Academic and Industrial Conference (TAIC-PART 2008); Windsor, England, United Kingdom, August 2008. DOI: 10.1109/TAIC-PART.2008.7, © IEEE. [BibTeX]

Sven Türpe: Security Testing: Turning Practice into Theory. 1st International ICST workshop on Security Testing, 9 April 2008, Lillehammer. DOI: 10.1109/ICSTW.2008.38, © IEEE. [BibTeX]

Jan Trukenmüller; Olaf Henniger: OpenPGP-Karten mit biometrischer Benutzerauthentisierung. In: Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2.-4. April 2008 im Saarbrücker Schloss, Lecture Notes in Informatics, vol. P-128. GI 2008, ISBN 978-3-88579-222-2, [BibTeX]

Jan Steffan; Andreas Poller; Jan Trukenmüller; Jan-Peter Stotz; Sven Türpe: BitLocker Drive Encryption im mobilen und stationären Unternehmenseinsatz. Ein Leitfaden für Anwender. Fraunhofer-Institut SIT und BSI; 84 Seiten; 03/2008. [BibTeX]
[more information]

Middle Ages and Before

Sven Türpe; Anke Baumann: Phishing-Shutz im Online-Banking - Hilfe zum Selbstschutz für Nutzer. Studie, Fraunhofer-Institut SIT, 10/2004. [BibTeX]

The BibTeX files may contain UTF-8 characters.

Some of the rights for some of the papers have been transferred to the respective publishers.

More Publications