Welcome to the website of the Data and Application Security Group!
Paper accepted at EuroUSEC 2020
The paper "Vision: Shred If Insecure - Persuasive Message Design as a Lesson and Alternative to Previous Approaches to Usable Secure Email Interfaces" by Jan Tolsdorf and Luigi Lo Iacono was accepted for the vision track of the 5th European Workshop on Usable Security (EuroUSEC 2020). The workshop is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020) and scheduled for 7 September 2020 in Genova (Italy).
Paper accepted at IFIP SEC 2020
The paper Evaluation of Risk-based Re-Authentication Methods by Stephan Wiefling, Tanvi Patil, Markus Dürmuth and Luigi Lo Iacono was accepted at the 35th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2020). The conference will take place September 21-23, 2020 in Maribor Slovenia.
Paper published at AsiaUSEC 2020
The paper In Our Employer We Trust: Mental Models of Office Worker’s Privacy Perceptions by Jan Tolsdorf and Florian Dehling was published at the 1st Asian Workshop on Usable Security (AsiaUSEC 2020). The conference took place at February 14, 2020 in Kota Kinabalu, Sabah, Malaysia.
Paper published at CHI 2020
The paper Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs by Peter Leo Gorski, Yasemin Acar, Luigi Lo Iacono and Sascha Fahl has been published at the 2020 ACM CHI Conference on Human Factors in Computing Systems (CHI). The conference was supposed to take place from April 25th to April 30th in Honolulu, Hawaii, USA.
Paper accepted at ACM CODASPY 2020
The paper CREHMA: Cache-aware REST-ful HTTP Message Authentication by Hoai Viet Nguyen and Luigi Lo Iacono has been accepted at the The 10th ACM Conference on Data and Application Security and Privacy (CODASPY 2020). The conference will take place from March 16th to March 18th in New Orleans, USA.
Talks at USP Day 2020
Peter Leo Gorski and Stephan Wiefling are confirmed as speakers at the USP Day 2020. Peter will talk about the influence of information flows in secure software development. Stephan’s talk will cover the Risk-based Authentication practices of big online services. The USP Day 2020 will take place on the 10th of January, 2020 at the Zuse Institute Berlin. You can register free of charge and read the program in the official announcement.
Website on CPDoS launched
Accompanying to our accepted ACM CCS paper Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack, we launched the website cpdos.org to briefly inform about Cache Poisoned Denial of Service (CPDoS) attacks. Besides the freely available paper, the website includes videos and upcoming talks on CPDoS attacks.
Papers accepted at NordSec
Two papers were accepted for the 24th Nordic Conference on Secure IT Systems (NordSec 2019). One paper is Rotten Cellar: Security and Privacy of the Browser Cache Revisited by Florian Dehling, Tobias Mengel, and Luigi Lo Iacono. The other paper is Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services by Stephan Wiefling, Nils Gruschka, and Luigi Lo Iacono. The conference will take place November 18-20 in Aalborg, Denmark.
Paper accepted at ACM CCS 2019
The paper Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack by Hoai Viet Nguyen, Luigi Lo Iacono and Hannes Federrath has been accepted at the 26th ACM Conference on Computer and Communications Security (CCS 2019). The conference will take place from November 11th to 16th in London, UK.
Article published in IEEE Communications Standards Magazine
The article Security Challenges of the 3GPP 5G Service Based Architecture by Hans Christian Rudolph, Andreas Kunz, Luigi Lo Iacono, and Hoai Viet Nguyen has been published in the IEEE Communications Standards Magazine.
Talk at PasswordsCon 2019
Stephan Wiefling will give a talk on Risk-based Authentication applied in the wild at the PasswordsCon 2019. The conference will take place on November 25-27 at the Internetdagarna in Stockholm, Sweden. Stephan’s talk will be on November 25th at 3:30 PM.
Website on Risk-based Authentication launched
Accompanying the accepted IFIP SEC paper, we launched the website rbainfo.org to inform about Risk-based Authentication (RBA) in general. The website presents the RBA state-of-the-art and discloses how eight popular online services use this technology. Besides the paper and detailed results, the website also provides a video of the Facebook privacy leak which was discovered in the study. German technology news website GIGA.de gave press coverage on the Facebook privacy leak, including an interview with Stephan Wiefling.
Paper accepted at IFIP SEC 2019
The paper Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild by Stephan Wiefling, Luigi Lo Iacono and Markus Dürmuth was accepted for the 34th IFIP TC-11 International Conference on Information Security and Privacy Protection (IFIP SEC 2019). The conference will take place from June 25th to June 27th in Lisbon, Portugal.
Article published in MDPI Future Internet
The article On the Need for a General REST-Security Framework by Luigi Lo Iacono, Hoai Viet Nguyen and Peter Leo Gorski has been published in the Journal MDPI - Future Internet.
Paper accepted at ACM SAC 2019
The paper “Mind the Cache: Large-Scale Analysis of Web Caching” by Hoai Viet Nguyen, Luigi Lo Iacono and Hannes Federrath has been accepted at the 34rd ACM/SIGAPP Symposium on Applied Computing (SAC). The conference will take place from 8th - 12th April in Limassol, Cyprus.
Project TrUSD started
The research project Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen (TrUSD) has recently started. The project aims to develop so-called Privacy Dashboards for use in companies. These dashboards want to build a bridge between the potential of data analysis and the right of employees to privacy. More information can be found on the website of the TrUSD project.
Talks at RFH IT Security & Forensic Days 2018
Peter Leo Gorski and Stephan Wiefling will give talks at the RFH IT Security & Forensic Days on November 8th, 2018. The talks will be about Usable Security and Risk-based Authentication, respectively. More information can be found in the official program.
Paper published at HAISA 2018
The paper “Warn if Secure or How to Deal with Security by Default in Software Development?” by Peter Leo Gorski, Luigi Lo Iacono, Stephan Wiefling and Sebastian Möller has been published at the 12th International Symposium on Human Aspects of Information Security & Assurance (HAISA). The conference will took place from 29th - 31st August in Dundee, Scotland.
New Cache Testing Tool published
We developed a cache testing tool based on the paper “Systematic Analysis of Web Browser Caches”. This tool allows to analyze the compliance RFC 7240 compliance of web caching systems. More details can be found here
Paper published at Soups 2018
The paper “Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse” by Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl has been published at the 14th Symposium on Usable Privacy and Security (SOUPS). The conference took place from 12th - 14th August in Baltimore, MD, USA. British technology news website The Register gave press coverage of the paper in the article “Here’s a fab idea: Get crypto libs to warn devs when they screw up”.