2023
- Better Safe Than Sorry! Automated Identification of Functionality-Breaking Security-Configuration Rules. ACM/IEEE International Conference on Automation of Software Test (AST) (AST '23), 2023, 10 mehr…
2022
- Automated Identification of Security-Relevant Configuration Settings Using NLP. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), Association for Computing Machinery, 2022 mehr…
- Hardening with Scapolite: A DevOps-Based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations. Proceedings of the Twelveth ACM Conference on Data and Application Security and Privacy (CODASPY '22), Association for Computing Machinery, 2022 mehr…
2019
- Towards Empirically Assessing Behavior Stimulation Approaches for Android Malware. SECURWARE 2019, The Thirteenth International Conference on Emerging Security Information, Systems and Technologies, 2019, 47-52 mehr…
2018
- Data Usage Control for Distributed Systems. ACM Transactions on Privacy and Security, 2018 mehr…
2016
- Code Obfuscation Against Symbolic Execution Attacks. Proceedings of the 32Nd Annual Conference on Computer Security Applications, ACM, 2016, 189--200 mehr…
- Persona-Driven Information Security Awareness. Proceedings of British HCI, ACM, 2016, to appear mehr…
- Compliance Monitoring of Third-Party Applications in Online Social Networks. The 8th International Workshop on Privacy Engineering (Proceedings of the 8th International Workshop on Privacy Engineering), IEEE, 2016, 9-16 mehr…
- Standard Compliant Hazard and Threat Analysis for the Automotive Domain. Information 36 (7), 2016 mehr…
- A Serious Game for Eliciting Social Engineering Security Requirements. Proceedings of the International Conference on Requirements Engineering, RE, 2016, to appear mehr…
- HATCH: Hack And Trick Capricious Humans – A Serious Game on Social Engineering. Proceedings of British HCI, ACM, 2016, to appear mehr…
- A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology. 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July, 2016, Proceedings, to appear, 2016, 241-251 mehr…
2015
- Idea: Benchmarking Indistinguishability Obfuscation – A Candidate Implementation. 7th International Symposium, ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings, Springer Science + Business Media, 2015 mehr…
- Software-Based Protection against "Changeware". Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), 2015 mehr…
- SHRIFT System-wide HybRid Information Flow Tracking. ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings, Springer International Publishing, 2015, 371-385 mehr…
- Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMs. 7th International Symposium, ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings, Springer Science + Business Media, 2015 mehr…
- Holistic security requirements analysis: An attacker's perspective. IEEE 23rd International Requirements Engineering Conference (RE) (Proceedings of the 2015 IEEE 23rd International Requirements Engineering Conference (RE)), IEEE, 2015, 282-283 mehr…
- Analyzing Attack Strategies Through Anti-goal Refinement. 8th IFIP WG 8.1. Working Conference (8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain, November 10-12, 2015, Proceedings), Springer International Publishing, 2015, 75-90 mehr…
2014
- Leakage Resilience against Concurrent Cache Attacks. Third International Conference, POST 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014, Proceedings, Springer Science + Business Media, 2014 mehr…
- On quantitative dynamic data flow tracking. Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), 2014 mehr…
- Model-Based Detection of CSRF. 29th IFIP TC 11 International Conference, SEC 2014, Marrakech, Morocco, June 2-4, 2014. Proceedings, Springer Science + Business Media, 2014 mehr…
- Malware detection with quantitative data flow graphs. Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Association for Computing Machinery (ACM), 2014 mehr…
- DAVAST. Proceedings of the Eleventh Workshop on Visualization for Cyber Security, Association for Computing Machinery (ACM), 2014 mehr…
2013
- Internet Privacy – Options for adequate realisation. Springer Science + Business Media, 2013 mehr…
- Security Testing with Fault-Models and Properties. Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on, Institute of Electrical & Electronics Engineers (IEEE), 2013 mehr…
- Data Protection in a Cloud-Enabled Smart Grid. First International Workshop, SmartGridSec 2012, Berlin, Germany, December 3, 2012, Revised Selected Papers, Springer Science + Business Media, 2013 mehr…
- Data usage control enforcement in distributed systems. Proceedings of the Third ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), 2013 mehr…
- Model-Based Usage Control Policy Derivation. Proceedings of the 5th International Conference on Engineering Secure Software and Systems, Springer Science + Business Media, 2013 mehr…
- The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services. OWASP AppSec Research, Institute of Electrical & Electronics Engineers (IEEE), 2013 mehr…
2012
- Semi-Automatic Security Testing of Web Applications from a Secure Model. Proc. 6th IEEE Intl. Conf. on Software Security and Reliability, Institute of Electrical & Electronics Engineers (IEEE), 2012 mehr…
- Flexible Data-Driven Security for Android. Proceedings of the 2012 IEEE Sixth International Conference on Software Security and Reliability, Institute of Electrical & Electronics Engineers (IEEE), 2012 mehr…
- Towards a policy enforcement infrastructure for distributed usage control. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery (ACM), 2012 mehr…
- State of Online Privacy: A Technical Perspective. Springer Science + Business Media, 2012 mehr…
- Deriving implementation-level policies for usage control enforcement. {Proceedings of the Second ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), 2012 mehr…
- Representation-Independent Data Usage Control. Proceedings of the 6th International Conference, and 4th International Conference on Data Privacy Management and Autonomous Spontaneus Security, Springer Science + Business Media, 2012 mehr…
- Data Loss Prevention Based on Data-Driven Usage Control. Proceedings of the 2012 IEEE 23rd International Symposium on Software Reliability Engineering, Institute of Electrical & Electronics Engineers (IEEE), 2012 mehr…
2011
- Software Security in Virtualized Infrastructures: The Smart Meter Example. it - Information Technology, 2011 mehr…
- A virtualized usage control bus system. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2011 mehr…
- Distributed data usage control for web applications. Proceedings of the First ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), 2011 mehr…
- Data-centric multi-layer usage control enforcement. Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, Association for Computing Machinery (ACM), 2011 mehr…
- A Hypervisor-Based Bus System for Usage Control. Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security, Institute of Electrical & Electronics Engineers (IEEE), 2011 mehr…
- Implementing Trust in Cloud Infrastructures. Proceedings of the 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, Institute of Electrical & Electronics Engineers (IEEE), 2011 mehr…
- A Trustworthy Usage Control Enforcement Framework. Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security, Institute of Electrical & Electronics Engineers (IEEE), 2011 mehr…
- Data Protection in Heterogeneous Distributed Systems: A Smart Meter Example. Dependable Software for Critical Infrastructures, 2011 mehr…
2010
- Requirements Analysis for Privacy in Social Networks. 8th Intl. Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods (VG), 2010 mehr…
2009
- GoCoMM: A Governance and Compliance Maturity Model. Proceedings of the First ACM Workshop on Information Security Governance, Association for Computing Machinery (ACM), 2009 mehr…
- State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. Proceedings of the 2009 Third International Conference on Network and System Security, Institute of Electrical & Electronics Engineers (IEEE), 2009 mehr…
- Usage Control Enforcement with Data Flow Tracking for X11. 5th Intl. Workshop on Security and Trust Management (STM), 2009 mehr…
- Policy Evolution in Distributed Usage Control. 4th Intl. Workshop on Security and Trust Management (STM'08), Elsevier BV, 2009, 109-123 mehr…
- An Overview of Distributed Usage Control. 2nd Conf. Knowledge Engineering: Principles and Techniques, 2009 mehr…
2008
- Towards Systematic Achievement of Compliance in Service-Oriented Architectures: The MASTER Approach. J. Wirtschaftsinformatik, Springer Science + Business Media, 2008, 383-391 mehr…
- Mechanisms for usage control. Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, Association for Computing Machinery (ACM), 2008 mehr…
- Usage Control Enforcement: Present and Future. Security Privacy, IEEE, Institute of Electrical & Electronics Engineers (IEEE), 2008, 44-53 mehr…
- Model-Based Tests for Access Control Policies. Proc. 1st International Conference on Software Testing, Verification, and Validation (ICST), Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
- Model-Based Tests for Access Control Policies. Proc. 1st International Conference on Software Testing, Verification, and Validation (ICST), Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
- Model-Based Tests for Access Control Policies. Proc. 1st International Conference on Software Testing, Verification, and Validation (ICST), Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
- Negotiation of Usage Control Policies - Simply the Best? Availability, Reliability and Security, 2008. ARES 08. Third International Conference on Availability, Reliability and Security , Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
- Test-Driven Assessment of Access Control in Legacy Applications. Proc. 1st International Conference on Software Testing, Verification, and Validation (ICST), Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
- Test-Driven Assessment of Access Control in Legacy Applications. Proc. 1st International Conference on Software Testing, Verification, and Validation (ICST), Institute of Electrical & Electronics Engineers (IEEE), 2008 mehr…
2007
- A technical architecture for enforcing usage control requirements in service-oriented architectures. Proceedings of the 2007 ACM Workshop on Secure Web Services, Association for Computing Machinery (ACM), 2007 mehr…
- Verteilte Nutzungskontrolle. digma , 2007 mehr…
- Monitors for Usage Control. Proceedings of IFIPTM 2007: Joint iTrust and PST Conferences on Privacy, Trust Management and Security,, Springer Science + Business Media, 2007 mehr…
- A Policy Language for Distributed Usage Control. Proceedings of the 12th European Conference on Research in Computer Security, Springer Science + Business Media, 2007 mehr…
- DUKE--Distributed Usage Control Enforcement. 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), Institute of Electrical & Electronics Engineers (IEEE), 2007 mehr…
- Usage Control in Service-Oriented Architectures. 4th International Conference, TrustBus 2007, Regensburg, Germany, September 3-7, 2007. Proceedings, Springer Science + Business Media, 2007 mehr…
2006
- Usage Control Requirements in Mobile and Ubiquitous Computing Applications. Systems and Networks Communications, 2006. ICSNC '06. International Conference, Institute of Electrical & Electronics Engineers (IEEE), 2006 mehr…
- Distributed usage control. Communications of the ACM, Association for Computing Machinery (ACM), 2006, 39 mehr…
2005
- On Obligations. 10th European Symp. on Research in Computer Security (ESORICS'05), Springer LNCS , 2005 mehr…