Short CV

Sebastian Pape is a security and privacy manager working at Continental Automotive Technologies GmbH. He is also a Privatdozent at Goethe University Frankfurt and (co-)founder and managing director of the Social Engineering Academy (SEA) GmbH.
Sebastian successfully completed diplomas in mathematics (Dipl.-Math.) and computer science (Dipl.-Inform.) at Darmstadt University of Technology and holds a doctoral degree (Dr. rer. nat.) from the University of Kassel and a venia legendi for computer science from his habilitation at Goethe University Frankfurt. From 2005 to 2011, he worked as research and teaching assistant at the Database Group (lead by Prof. Dr. Lutz Wegner) of the Department of Electrical Engineering and Computer Science of the University of Kassel. From 2011 to 2015, he was a senior researcher and teaching assistant at the Software Engineering for Critical Systems Group (lead by Prof. Dr. Jan Jürjens) of the Department of Computer Science Department of TU Dortmund University. From October 2014 to January 2015, he also was a visiting researcher (of Prof. Dr. Fabio Massacci) at the security group of the Department of Information Engineering and Computer Science of University of Trento. From October 2018 to August 2019 he was standing in as a professor for business informatics at Regensburg University. From 2015 to 2022 Sebastian was working as senior researcher at the Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt and (co-)founder of the Social Engineering Academy. Outlets of his research include the following Journals and Conferences:

• Computers and Security (Core Journal Ranking 2020: B, SJR 2021: Q1) [SP20cose] [SSHP21cose]
• Behaviour and Information Technology (Core Journal Ranking: B 2020, SJR 2021: Q1) [HP19bit]
• Computers in Human Behavior (SJR 2020: Q1) [HP21chb]
• IEEE Access (SJR 2021: Q1) [LTNP21access]

• Mobile Networks and Applications (MONET) (SJR 2021: Q2) [PR19monet]
• ACM SIGMIS Database, the Data Base for Advances in Information Systems (CORE Journal Ranking 2020: B, SJR 2021: Q2) [HP20sigmis]
• Information and Computer Security (SJR 2021: Q2) [SBP17ics]
• Future Internet (SJR 2021: Q2) [HP20futureinternet]
• Information (SJR 2021: Q2) [PPJM20information]
• Healthcare (SJR 2021: Q2) [HPM23healthcare]

• International Conference on Software Engineering (ICSE) (CORE Conference Ranking 2021: A*) [PFBJ16icse]
• IEEE International Symposium on Mixed and Augmented Reality (ISMAR) (CORE Conference Ranking 2021: A*) [HP17ismar]
• International Conference on Information Systems (ICIS) (CORE Conference Ranking 2018: A*) [HP19icis]
• IEEE International Requirements Engineering Conference (RE) (CORE Conference Ranking 2021: A) [BP16re]
• Privacy Enhancing Technologies Symposium (PETS) (CORE Conference Ranking 2021: A) [HPR20pets] [KGPBU22pets] [BPL22pets]
• Financial Cryptography and Data Security Conference (FC) (CORE Conference Ranking 2021: A) [Pape14fc]
• Hawaii International Conference on System Sciences (HICSS) (CORE Conference Ranking 2018: A) [HP19hicss]
• Americas Conference on Information Systems (AMCIS) (CORE Conference Ranking 2018: A) [HP18amcis]
• International Conference on Information Security and Privacy Protection (IFIP SEC) (CORE Conference Ranking 2021: B) [TKPNBTR16ifipsec][HP18ifipsec][PTKSP18ifipsec][HCP19ifipsec][HPR19ifipsec][SP19ifipsec][PHK21ifipsec][HP22ifipsec]
• Symposium On Usable Privacy and Security (SOUPS) (CORE Conference Ranking 2021: B) [HPR21soupsposter][PKR21soupsposter]
• International Conference on Availability, Reliability and Security (ARES) (CORE Conference Ranking 2021: B)
• International Conference on Trust, Privacy and Security in Digital Business (TrustBus) (CORE Conference Ranking 2021: B)

Lists of publications, given talks, projects been involved in, teaching activities and further scientific activities can be found on dedicated pages.

News

• June 2022: The slides and talk for A Privacy Calculus Model for Contact Tracing Apps: Analyzing the German Corona-Warn-App are now available.
• June 2022: The paper Properties for Cybersecurity Awareness Posters' Design and Quality Assessment with Sunil, Marko and Vasileios based on the Deliverable "Guidelines for Enhancement of Societal Security Awareness"is published.
• April 2022: The paper A Discussion on Ethical Cybersecurity Issues in Digital Service Chains with Frederic, Sascha and Kai is published.
• March 2022: The paper A Privacy Calculus Model for Contact Tracing Apps: Analyzing the German Corona-Warn-App with David has been accepted for presentation and publication at IFIP SEC.
• March 2022: The paper "All apps do this": Comparing Privacy Concerns Towards Privacy Tools and Non-Privacy Tools for Social Media Content with Vanessa and Sascha has been accepted for publication in PoPETs.
• November 22nd, 2021: The paper on Personal Information Inference from Voice Recordings with Jacob, Leon, Saba and Stefan has appeared in PoPETs.
• October 19th, 2021: I participated in the panel EU's cybersecurity strategies at the seminar on "Data Dilemmas: Dealing with data and investigating the consequences" organized by the Arena for Journalism in Europe
• October 16th, 2021: The paper Comparison of De-Identification Techniques for Privacy Preserving Data Analysis in Vehicular Data Sharing with Sascha, Frederic and Kai was accepted for publication at ACM Computer Science in Cars Symposium
• September 28th, 2021: I was invited to the Informatik 2021 Workshop "Security, Datenschutz und Anonymisierung" to give a keynote on "Datenschutz und -sicherheit im Internet der Dinge"
• August 18th, 2021: I was invited to the IFIP Summerschool on Privacy & Identity Management to give a keynote on Serious Games for Security and Privacy Awareness
• July 12th, 2021: Proud that David succesfully defended his phd thesis, today!
• June 23rd, 2021: Just presented our paper Privacy Concerns Go Hand in Hand with Lack of Knowledge: The Case of the German Corona-Warn-App at IFIP SEC 2021.
• June 21st, 2021: Our paper The THREAT-ARREST cyber ranges platform about THREAT-ARREST was accepted at the IEEE CSR Workshop on Cyber Ranges and Security Training (CRST)
• June 11th, 2021: The poster Leech: Let's Expose Evidently bad data Collecting Habits - Towards a Serious Game on Understanding Privacy Policies (Poster) with Alexander and Michaela was accepted at SOUPS's poster track.
• June 11th, 2021: The poster Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym (Poster) with David and Kai was accepted at SOUPS's poster track.
• April 29th, 2021: Another Statement about digital contact tracing is now online.
• April 18th, 2021: The paper Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners' Assessment Capabilities with Christopher, Michael and David was accepted for publication at Computers and Security.
• April 16th, 2021: The paper Investigating Privacy Concerns Related to Mobile Augmented Reality Apps - A Vignette Based Online Experiment with David was accepted for publication at Computers in Human Behaviour.
• April 14th, 2021: The paper Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy with Dennis was accepted for publication at the Journal Datenschutz und Datensicherheit.
• April 11th, 2021: The paper Explainable Machine Learning for Default Privacy Setting Prediction with Sascha, Welde and Toru was accepted for publication at IEEE Access.
• March 23rd, 2021: The paper Privacy Concerns Go Hand in Hand with Lack of Knowledge: The Case of the German Corona-Warn-App with David and Jacob was accepted for publication at IFIP SEC 2021.
• February 22nd, 2021: I passed my habilitation lecture on Fairness in Machine Learning (German) at Goethe University Frankfurt.
• January 19th, 2021: Vanessa presented our paper Investigating User Intention to Use a Privacy Sensitive Information Detection Tool at SCIS.
• January 18th, 2021: My habilitation thesis was accepted by the extended faculty council of the mathematics and computer science faculty at Goethe University Frankfurt.
• November 28th, 2020: Empirically Investigating Extraneous Influences on the "APCO" Model - Childhood Brand Nostalgia and the Positivity Bias with David has been accepted for publication at Future Internet.
• November 2nd, 2020: Open Materials Discourse accompanying the paper Re-evaluating Internet Users' Information Privacy Concerns: The Case in Japan with Ana, David, Toru, Shinsaku, Haruo and Kai online at AIS Transactions on Replications Research.
• August 19th, 2020: The paper Conceptualization of a CyberSecurity Awareness Quiz with Ludger, Alejandro and Kristian was accepted for publication at the 2nd Model-Driven Simulation and Training Environments for Cybersecurity (MSTEC).
• August 11th, 2020: The paper Systematic Scenario Creation for Serious Security-Awareness Games with Vera was accepted for publication at the 2nd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE).
• July 30th, 2020: The article Re-evaluating Internet Users' Information Privacy Concerns: The Case in Japan with Ana, David, Toru, Shinsaku, Haruo and Kai was accepted for publication at AIS Transactions on Replications Research.
• June 9th, 2020: The article Asset-centric analysis and visualisation of attack trees with Christopher and Andre was accepted for presentation at Gramsec 2020.
• May 6th, 2020: The article Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach with Federica, Jan and Fabio was accepted for publication at Information.
• April 19th, 2020: Joint Statement on Contact Tracing

Research Interests

My current research focus is in the area of security and privacy with a particular interest in a holistic view on the examined systems. In particular, my research interests include, but are not limited to (naturally there will be an overlap between some of the topics):

Usability and Human behavior

It is important to design usable systems since otherwise improved security or privacy features won't be accepted by the users. On the other hand, usability is not the only factor deciding if a user accepts a certain system. I investigate how much certain factors influence the users' acceptance of privacy enhancing technologies and security measures.

Serious Games and Gamification

I aim to enable users to detect and defend social engineering attacks and privacy violations, to regard security considerations and to understand privacy implications. For that purpose, I develop and evaluate Serious Games and gamify processes and systems to improve user engagement and productivity.

Privacy-Enhancing Technologies

I investigate the development of secure and privacy-friendly architectures and practical solutions, such as anonymous e-commerce or the application of privacy patterns within fog and cloud computing environments. In particular, one of the re-occurring challenges is to make use of Privacy-Enhancing Technologies without degrading performance or usability.

Modeling & Measuring Privacy and Security

Security Management

Applied Crytography

I am also interested in applied cryptography for security and privacy purposes and the development of (crytographic) attacker models to get further insights about the chances of attackers to successfully break crytographic systems.

Selected Publications

1. Harborth, D. and Pape, S.: Investigating Privacy Concerns Related to Mobile Augmented Reality Apps - A Vignette Based Online Experiment.
   In Computers in Human Behavior, 122, 2021.
   
   
   Citations: 31 (Google Scholar); 11 (Open Citations);
   
2. Schmitz, C.; Schmid, M.; Harborth, D. and Pape, S.: Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners' Assessment Capabilities.
   In Computers & Security, 108, 2021.
   
   
   Citations: 13 (Google Scholar); 2 (Open Citations);
   
3. Löbner, S.; Tesfay, W. B.; Nakamura, T. and Pape, S.: Explainable Machine Learning for Default Privacy Setting Prediction.
   In IEEE Access, 9: 63700-63717, 2021.
   
   
   Citations: 8 (Google Scholar); 2 (Open Citations);
   
4. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
   .
   
   
   Citations: 1 (Google Scholar);
   
5. Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym.
   In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
   
   
   Citations: 31 (Google Scholar); 13 (Open Citations);
   
6. Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security.
   In Computers & Security, 90, 2020.
   
   
   Citations: 36 (Google Scholar); 14 (Researchgate); 19 (Open Citations);
   
7. Harborth, D. and Pape, S.: How Nostalgic Feelings Impact Pokémon Go Players - Integrating Childhood Brand Nostalgia into the Technology Acceptance Theory.
   In Behaviour & Information Technology, 39 (12): 1276-1296, 2019.
   
   
   Citations: 35 (Google Scholar); 10 (Researchgate); 9 (Open Citations);
   
8. Pape, S. and Rannenberg, K.: Applying Privacy Patterns to the Internet of Things' (IoT) Architecture.
   In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
   
   
   Citations: 41 (Google Scholar); 31 (Researchgate); 23 (Open Citations);
   
9. Harborth, D. and Pape, S.: Exploring the Hype: Investigating Technology Acceptance Factors of Pokémon Go.
   In 2017 IEEE International Symposium on Mixed and Augmented Reality, ISMAR 2017, Nantes, France, October 9-13, 2017, pages 155-168, 2017, Acceptance rate: (17)/99 = 17.2 %.
   
   
   Citations: 39 (Google Scholar); 25 (Researchgate); 9 (Open Citations);
   
10. Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies.
    In Information and Computer Security, 25 (2): 206-222, 2017.
    
    
    Citations: 51 (Google Scholar); 25 (Researchgate); 21 (Open Citations);
    
11. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
    In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    
    
    Citations: 97 (Google Scholar); 49 (Researchgate); 42 (Open Citations);
    
12. Pape, S.; Flake, J.; Beckmann, A. and Jürjens, J.: STAGE -- A Software Tool for Automatic Grading of Testing Exercises -- Case Study Paper.
    In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 - Companion Volume, pages 491-500, 2016, Acceptance rate: (22+4)/64 = (34.4 + 6.3) %.
    
    
    Citations: 14 (Google Scholar); 7 (Researchgate); 4 (Open Citations);
    
13. Pape, S.: Sample or Random Security - A Security Model for Segment-Based Visual Cryptography.
    In Financial Cryptography and Data Security - 18th International Conference, FC 2014, Christ Church, Barbados, March 3-7, 2014, Revised Selected Papers, pages 291-303, 2014, Acceptance rate: 31 / 138 = 22.5%.
    
    
    Citations: 2 (Google Scholar); 2 (Researchgate);
    
14. Bleikertz, S.; Mastelic, T.; Pape, S.; Pieters, W. and Dimkov, T.: Defining the Cloud Battlefield -- Supporting Security Assessments by Cloud Customers.
    In Proceedings of IEEE International Conference on Cloud Engineering (IC2E), pages 78-87, 2013, Acceptance rate: 22 / 107 = 20.6%.
    
    
    Citations: 19 (Google Scholar); 14 (Researchgate); 9 (Open Citations);