SIT_Logo

Publications

2017

Laura Kocksch; Andreas Poller: Breaking New Ground for Researching Secure Software Development with Social Theory. CSCW'17 "Theory transfers? Social theory & CSCW research" Workshop, February 25, 2017, Portland, OR, USA. © authors. [BibTeX]

Andreas Poller; Laura Kocksch; Sven Türpe; Felix Anand Epp; Katharina Kinder-Kurlanda: Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group. Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW'17), February 25–March 1, 2017, Portland, OR, USA. DOI: 10.1145/2998181.2998191, © authors/ACM. [BibTeX]
also available: CSCW'17 slide deck

Sven Türpe; Jürgen Geuter; Andreas Poller: Emission statt Transaktion: Weshalb das klassische Datenschutzparadigma nicht mehr funktioniert. In: Friedewald, M.; Roßnagel, A.; Lamla, J. (Hrsg.) (2017): Informationelle Selbstbestimmung im digitalen Wandel. Wiesbaden: Springer Vieweg DOI: 10.1007/978-3-658-17662-4_14, © Springer. [BibTeX]
auch online: Slides des Konferenzvortrags am 26.11.2015

2016

Philipp Holzinger; Stefan Triller; Alexandre Bartel; Eric Bodden: An In-Depth Study of More Than Ten Years of Java Exploitation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16), Vienna, Austria, Oct. 24-28, 2016. DOI: 10.1145/2976749.2978361, © authors. [BibTeX]
Artifacts: ccs2016-artifacts-v01.zip, recorded presentation: YouTube

Sven Türpe; Laura Kocksch; Andreas Poller: Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team. 2nd Workshop on Security Information Workers, Denver, CO, 22 June 2016. © authors. [BibTeX]
(see also our CSCW'17 paper for more detail)

Andreas Poller; Laura Kocksch; Katharina Kinder-Kurlanda; Felix Anand Epp: First-time Security Audits As a Turning Point? Challenges for Security Practices in an Industry Software Development Team. Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems. DOI: 10.1145/2851581.2892392, © authors/ACM. [BibTeX]
(see also our CSCW'17 paper for more detail)

Sven Türpe: Idea: Usable Platforms for Secure Programming - Mining Unix for Insight and Guidelines. Engineering Secure Software and Systems (Proc. ESSoS'16), LNCS 9639. DOI: 10.1007/978-3-319-30806-7_13, © Springer. [BibTeX]

2015

Mauro Baluda; Andreas Fuchs; Philipp Holzinger; Lotfi ben Othmane; Andreas Poller; Jürgen Repp; Johannes Späth; Jan Steffan; Stefan Triller; Eric Bodden: Security Analysis of TrueCrypt. Fraunhofer Institute for Secure Information Technology (SIT) for the German Federal Office for Information Security (BSI), 2015. [BibTeX]

Mauro Baluda; Andreas Fuchs; Philipp Holzinger; Lotfi ben Othmane; Andreas Poller; Jürgen Repp; Johannes Späth; Jan Steffan; Stefan Triller; Eric Bodden: Sicherheitsanalyse TrueCrypt. Fraunhofer-Institut für Sichere Informationstechnologie (SIT) im Auftrag des Bundesamts für Sicherheit in der Informationstechnik (BSI), 2015. [BibTeX]

Andreas Kramm; Petra Ilyes; Andreas Poller; Laura Kocksch: Studying the Effects of SNS Users’ Alternative Privacy Strategies With an Activity Tracking Tool. CSCW '15 The Future of Networked Privacy: Challenges and Opportunities Workshop, Vancouver, British Columbia, Canada. [BibTeX]

2014

Andreas Poller; Sven Türpe; Katharina Kinder-Kurlanda: An Asset to Security Modeling? Analyzing Stakeholder Collaborations Instead of Threats to Assets. New Security Paradigms Workshop (NSPW'14), Victoria, BC, September 15-18, 2014. DOI: 10.1145/2683467.2683474 [BibTeX]

Steffen Bartsch; Bernhard J. Berger; Eric Bodden; Achim D. Brucker; Jens Heider; Mehmet Kus; Sönke Maseberg; Karsten Sohr; Melanie Volkamer: Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen. GI SICHERHEIT 2014, Sicherheit – Schutz und Zuverlässigkeit, Fachtagung, 19.-21. März 2014, Wien. [BibTeX]

Andreas Poller; Andreas Kramm; Petra Ilyes; Laura Kocksch: Investigating OSN Users’ Privacy Strategies With In-Situ Observation. CSCW Companion ’14, Baltimore, 2014. DOI: 10.1145/2556420.2556508, © ACM. [BibTeX]

Jens Heider: Die Gretchenfrage: Wie halten Sie's mit der App-Sicherheit? Datenschutz und Datensicherheit - DuD 38(1), Januar 2014, S. 15-19. DOI: 10.1007/s11623-014-0005-0, © Autor / Springer Gabler. [BibTeX]

Sven Türpe; Annika Selzer; Andreas Poller; Mark Bedner: Denkverbote für Star-Trek-Computer? Datenschutz und Datensicherheit - DuD 38(1), Januar 2014, S. 31-35. DOI: 10.1007/s11623-014-0008-x, © Autoren / Springer Gabler. [BibTeX]

Jim Whitmore; Sven Türpe; Stefan Triller; Andreas Poller; Christina Carlson: Threat analysis in the software development lifecycle. IBM Journal of Research and Development 58(1), 2014. DOI: 10.1147/JRD.2013.2288060, © IBM. [BibTeX]

2013

Andreas Poller; Ulrich Waldmann: Soziale Netzwerke bewusst nutzen. Ein Dossier zu Datenschutz, Privatsphärenschutz und Unternehmenssicherheit. SIT Technical Reports, SIT-TR-2013-02, August 2013. [BibTeX]

Christian Breitenstrom; Clemens Micklisch; Małgorzata Mochól; Jürgen Baum; Clemens Pflüger; Jan Steffan: Sicherheitsstudie Content Management System (CMS). Studie, Bundesamt für Sicherheit in der Informationstechnik, 2013. [BibTeX]

Andreas Poller; Petra Ilyes; Andreas Kramm: Designing privacy-aware online social networks - A reflective socio-technical approach. CSCW ’13 Measuring Networked Social Privacy Workshop, February 23-27, 2013, San Antonio, Texas, USA. [BibTeX]

Jens Heider: Angriffsflächen von Alleskönnern. Smart Devices im Produktionsumfeld. IT-Sicherheit 01/2013, S. 48-52. [BibTeX]

2012

Jörn Eichler; Andreas Fuchs; Nico Lincke: Supporting Security Engineering at Design Time with Adequate Tooling. 15th IEEE International Conference on Computational Science and Engineering (CSE 2012), Paphos, Cyprus, December 5-7, 2012. DOI: 10.1109/ICCSE.2012.34, © IEEE. [BibTeX]

Jörn Eichler: SecEPM: A Security Engineering Process Model for Electronic Business Processes. International Conference on e-Business Engineering (ICEBE 2012), Hangzhou, China, September 9-11, 2012. DOI: 10.1109/icebe.2012.41, © IEEE. [BibTeX]

Sven Türpe: Point-and-Shoot Security Design: Can We Build Better Tools for Developers? New Security Paradigms Workshop 2012 (NSPW’12), Bertinoro, Italy, September 19-21, 2012. DOI: 10.1145/2413296.2413300, © ACM. [BibTeX]

Jörn Eichler: Towards a Security Engineering Process Model for Electronic Business Processes. Extended abstract; European Dependable Computing Conference (EDCC 2012). [BibTeX]

Jens Heider; Rachid El Khayari: Geht Ihr Smartphone fremd? Datenschutz und Datensicherheit - DuD 36(2012)3. DOI: 10.1007/s11623-012-0056-z, © Vieweg+Teubner | GWV. [BibTeX]

Sven Türpe: Warum Googles Datensammeln gar nicht so böse ist. golem.de, 2012. Überarbeitete Fassung der Blogserie Datenkrake Google, Erich sieht - Sicherheit anders, http://erichsieht.wordpress.com, 2012. [BibTeX]

Andreas Poller; Martin Steinebach; Huajian Liu: Robust Image Obfuscation for Privacy Protection in Web 2.0 Applications. Proceedings of SPIE Vol. 8303 - Media Watermarking, Security, and Forensics 2012, SPIE, 2012. DOI: 10.1117/12.908587 [BibTeX]

Andreas Poller; Ulrich Waldmann; Sven Vowé; Sven Türpe: Electronic Identity Cards for User Authentication – Promise and Practice. IEEE Security and Privacy Magazine, vol. 10, no. 1 (jan/feb) 2012. DOI: 10.1109/MSP.2011.148, © IEEE. [BibTeX]

2011

Jörn Eichler; Roland Rieke: Model-based Situational Security Analysis. 6th International Workshop models@run.time, Wellington, New Zealand, 17 October 2011. [BibTeX]

Jens Heider; Rachid El Khayari: iOS Keychain Weakness FAQ. Report, Fraunhofer Institute for Secure Information Technology (SIT), May 6, 2011; updated 2012-12-05. [BibTeX]

Jörn Eichler; Mike Bona-Stecki; Thomas Wiezcorek: Sicherheitsverwalter. Management-Werkzeuge für die Informationssicherheit. iX Magazin 06/2011. [BibTeX]

Sven Türpe: Search-based Application Security Testing: Towards a Structured Search Space. 4th International Workshop on Search-Based Software Testing (SBST’11), March 21, 2011, Berlin, Germany. DOI: 10.1109/ICSTW.2011.96, © IEEE. [BibTeX]

Jens Heider; Matthias Boll: Lost iPhone? Lost Passwords! Practical Consideration of iOS Device Encryption Security. Report, Fraunhofer Institute for Secure Information Technology (SIT), February 9, 2011. [BibTeX]

Jörn Eichler: Modellgetriebener IT-Grundschutz: Erstellung und Analyse von IT-Sicherheitskonzeptionen in offenen Werkzeugketten. in: Tagungsband des 12. Deutschen IT-Sicherheitskongresses, 2011. [BibTeX]
[slides]

Jörn Eichler: Lightweight Modeling and Analysis of Security Concepts. in: Engineering Secure Software and Systems. Third International Symposium, ESSoS 2011, Madrid, Spain, February 9-10, 2011, Proceedings, pp. 128-141, LNCS 6542, Springer. DOI: 10.1007/978-3-642-19125-1_10, © Springer. [BibTeX]

2010

Thomas Heumann; Sven Türpe; Jörg Keller: Quantifying the Attack Surface of a Web Application. In: Felix C. Freiling (Hrsg.): Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) 5.-7. Oktober 2010 in Berlin, GI-Edition - Lecture Notes in Informatics (LNI), P-170, Bonner Köllen Verlag, 2010. [BibTeX]

Jörn Eichler; Sven Türpe: Produktivsysteme sicher testen. Praktische Vorsichtsmaßnahmen für Penetrationstests. <kes> 2010#2, Mai 2010. [BibTeX]

2009

Sven Türpe: What Is the Shape of Your Security Policy? Security as a Classification Problem. New Security Paradigms Workshop (NSPW), September 8-11, 2009, Oxford, United Kingdom. DOI: 10.1145/1719030.1719035, © ACM. [BibTeX]

Sven Türpe; Jörn Eichler: Testing Production Systems Safely: Common Precautions in Penetration Testing. Testing: Academic and Industrial Conference-Practice and Research Techniques (TAIC PART 2009), 4-6 September 2009, Windsor, United Kingdom. DOI: 10.1109/TAICPART.2009.17, © IEEE. [BibTeX]

Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. 2nd International Conference on Trusted Computing (Trust 2009), Oxford, UK; April 6-8th. DOI: 10.1007/978-3-642-00587-9_12, © Springer. [BibTeX]
(see also our demonstration video)

Dr. Roland Steidle; Dr. Ulrich Pordesch; Katja Seitz; Jan Steffan: Chrome mit Kratzern: Google’s Webbrowser und der Datenschutz. DuD – Datenschutz und Datensicherheit 01/2009. DOI: 10.1007/s11623-009-0010-x, © Springer. [BibTeX]

2008

Andreas Poller: Privatsphärenschutz in Soziale-Netzwerke-Plattformen. Studie; Fraunhofer-Institut SIT; 25. September 2008; 124 Seiten. [BibTeX]

Sven Türpe; Andreas Poller; Jan Steffan; Jan-Peter Stotz; Jan Trukenmüller: Attacking the BitLocker Boot Process. Research Workshop on Challenges for Trusted Computing at the 3rd European Trusted Infrastructure Summer School (ETISS 2008). [BibTeX]
(superseded by Trust 2009 version)

Sven Türpe; Andreas Poller; Jürgen Repp; Jan Trukenmüller; Christian Bornmann: Supporting Security Testers in Discovering Injection Flaws. 3rd IEEE Testing: Academic and Industrial Conference (TAIC-PART 2008); Windsor, England, United Kingdom, August 2008. DOI: 10.1109/TAIC-PART.2008.7, © IEEE. [BibTeX]

Sven Türpe: Security Testing: Turning Practice into Theory. 1st International ICST workshop on Security Testing, 9 April 2008, Lillehammer. DOI: 10.1109/ICSTW.2008.38, © IEEE. [BibTeX]

Jan Trukenmüller; Olaf Henniger: OpenPGP-Karten mit biometrischer Benutzerauthentisierung. In: Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2.-4. April 2008 im Saarbrücker Schloss, Lecture Notes in Informatics, vol. P-128. GI 2008, ISBN 978-3-88579-222-2, [BibTeX]

Jan Steffan; Andreas Poller; Jan Trukenmüller; Jan-Peter Stotz; Sven Türpe: BitLocker Drive Encryption im mobilen und stationären Unternehmenseinsatz. Ein Leitfaden für Anwender. Fraunhofer-Institut SIT und BSI; 84 Seiten; 03/2008. [BibTeX]
[more information]

Middle Ages and Before

Sven Türpe; Anke Baumann: Phishing-Shutz im Online-Banking - Hilfe zum Selbstschutz für Nutzer. Studie, Fraunhofer-Institut SIT, 10/2004. [BibTeX]

The BibTeX files may contain UTF-8 characters.

Some of the rights for some of the papers have been transferred to the respective publishers.

More Publications