Research Topics

Human Factors

Social Engineering

  1. Hazilov, V. and Pape, S.: Systematic Scenario Creation for Serious Security-Awareness Games.
    In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.
    PDFDOILinkLinkVideo Abstract HP20sposeBibtexsecuritysocial engineeringcs4ethreat-arrest

  2. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
    In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkVideo Abstract PGQB20mstecBibtexsecuritysocial engineeringserious gamecs4ethreat-arrest

  3. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  4. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
    In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLink Abstract GQBP19mstecBibtexsecuritysocial engineeringserious gamethreat-arrest

  5. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
    Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFLink Abstract TA19D4.2Bibtexsecuritysocial engineeringserious gamethreat-arrest

  6. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
    In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLink Abstract ABP18trustbusBibtexprivacysecuritysocial engineeringserious gamesidate

  7. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritysocial engineeringserious gamelawhatchsidate

  8. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
    In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesLink Abstract BFGP17CreaREBibtexsecuritysocial engineeringserious gamehatch

  9. Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.: A Structured Comparison of Social Engineering Intelligence Gathering Tools.
    In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
    PDFPresentation slidesDOILink Abstract BSPS17trustbusBibtexprivacysecuritysocial engineeringsidate

  10. Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies.
    In Information and Computer Security, 25 (2): 206-222, 2017.
    PDFDOILinkLink Abstract SBP17icsBibtexsecuritysocial engineeringpsychology

  11. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
    In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFLink Abstract SHBP17aepfBibtexsecuritysocial engineeringserious game

  12. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
    In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILink Abstract BP16reBibtexsecuritysocial engineeringserious gamehatchsidate

  13. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
    In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterLink Abstract BPF16bhciBibtexsecuritysocial engineeringserious gamehatchsidate

  14. Schaab, P.; Beckers, K. and Pape, S.: A systematic Gap Analysis of Social Engineering Defence Mechanisms considering Social Psychology.
    In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFLink Abstract SBP16haisaBibtexsecuritysocial engineeringpsychology

Serious Games & Gamification serious game

  1. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
    In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkVideo Abstract PGQB20mstecBibtexsecuritysocial engineeringserious gamecs4ethreat-arrest

  2. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  3. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
    In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLink Abstract GQBP19mstecBibtexsecuritysocial engineeringserious gamethreat-arrest

  4. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
    Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFLink Abstract TA19D4.2Bibtexsecuritysocial engineeringserious gamethreat-arrest

  5. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
    In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLink Abstract ABP18trustbusBibtexprivacysecuritysocial engineeringserious gamesidate

  6. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritysocial engineeringserious gamelawhatchsidate

  7. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
    In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesLink Abstract BFGP17CreaREBibtexsecuritysocial engineeringserious gamehatch

  8. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
    In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFLink Abstract SHBP17aepfBibtexsecuritysocial engineeringserious game

  9. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
    In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILink Abstract BP16reBibtexsecuritysocial engineeringserious gamehatchsidate

  10. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
    In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterLink Abstract BPF16bhciBibtexsecuritysocial engineeringserious gamehatchsidate

Privacy Enhancing Technologies pets

  1. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Jondonym.
    IEEE Dataport, 2020.
    PDFDOILinkLink Dataset Dataset Abstract HP20dataportJDBibtexprivacypetsmethodologyanon

  2. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Tor.
    IEEE Dataport, 2020.
    PDFDOILinkLink Dataset Dataset Abstract HP20dataportTorBibtexprivacypetsmethodologyanon

  3. Harborth, D. and Pape, S.: How Privacy Concerns, Trust and Risk Beliefs and Privacy Literacy Influence Users' Intentions to Use Privacy-Enhancing Technologies - The Case of Tor.
    In ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 51 (1): 51-69, 2020.
    PDFDOILinkLink Dataset Dataset Abstract HP20sigmisBibtexinformation systemsprivacypetsanon

  4. Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym.
    In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
    PDFDOILinkLink Dataset Dataset Dataset Dataset Abstract HPR20petsBibtexinformation systemsprivacypetsanoncs4e

  5. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  6. Harborth, D.; Cai, X. and Pape, S.: Why Do People Pay for Privacy?.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 253-267, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLink Dataset Dataset Abstract HCP19ifipsecBibtexinformation systemsprivacypetseconomyanon

  7. Harborth, D. and Pape, S.: How Privacy Concerns and Trust and Risk Beliefs Influence Users' Intentions to Use Privacy-Enhancing Technologies -- The Case of Tor.
    In 52nd Hawaii International Conference on System Sciences (HICSS) 2019, pages 4851-4860, 2019, Acceptance rate: 48%.
    PDFDOILinkLink Abstract HP19hicssBibtexinformation systemsprivacypetsanon

  8. Pape, S. and Rannenberg, K.: Applying Privacy Patterns to the Internet of Things' (IoT) Architecture.
    In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
    PDFDOILinkLink Abstract PR19monetBibtexprivacysoftware engineeringpetscloud computingiot

  9. Harborth, D.; Braun, M.; Grosz, A.; Pape, S. and Rannenberg, K.: Anreize und Hemmnisse für die Implementierung von Privacy-Enhancing Technologies im Unternehmenskontext.
    In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 29-41, 2018.
    PDFPresentation slidesDOILink Abstract HBGPR18sicherheitBibtexinformation systemsprivacypetseconomyanonsioc

  10. Harborth, D. and Pape, S.: Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust.
    In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018, Association for Information Systems, 2018.
    PDFLink Abstract HP18amcisBibtexinformation systemsprivacypetspsychologyanon

  11. Harborth, D. and Pape, S.: JonDonym Users' Information Privacy Concerns.
    In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings, pages 170-184, 2018, Acceptance rate: 27 / 89 = 30.3%.
    PDFPresentation slidesDOILink Dataset Dataset Abstract HP18ifipsecBibtexinformation systemsprivacypetspsychologyanon

  12. Pape, S.; Tasche, D.; Bastys, I.; Grosz, A.; Laessig, J. and Rannenberg, K.: Towards an Architecture for Pseudonymous E-Commerce -- Applying Privacy by Design to Online Shopping.
    In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 17-28, 2018.
    PDFPresentation slidesDOILink Abstract PTBGLR18sicherheitBibtexprivacypetse-commerceeconomysioc

  13. Harborth, D.; Herrmann, D.; Köpsell, S.; Pape, S.; Roth, C.; Federrath, H.; Kesdogan, D. and Rannenberg, K.: Integrating Privacy-Enhancing Technologies into the Internet Infrastructure.
    Technical Report, Cornell University, arXiv, 2017.
    PDFLink Abstract HHKPRFKR17anonBibtexprivacypetsanon

  14. Harborth, D. and Pape, S.: Privacy Concerns and Behavior of Pokémon Go Players in Germany.
    In Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, pages 314-329, Springer International Publishing, IFIP Advances in Information and Communication Technology 526, 2017.
    PDFDOILink Abstract HP17ifipscBibtexinformation systemsprivacypetsarpsychologyanon

Modeling & Measuring

Security Management

  1. Pape, S.; Paci, F.; Juerjens, J. and Massacci, F.: Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach.
    In Information, 11 (5), 2020.
    PDFDOILinkLink Abstract PPJM20informationBibtexsecuritycloud computingcloudatcs4eseconomics

  2. Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.: On the use of Information Security Management Systems by German Energy Providers.
    .
    Abstract PSKS20iccipBibtexinformation systemssecuritycritical infrastructureslawcs4esidate

  3. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  4. Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security.
    In Computers & Security, 90, 2020.
    PDFDOILinkLink Abstract SP20coseBibtexsecuritycritical infrastructuressidate

  5. Schmitz, C.; Sekulla, A. and Pape, S.: Asset-centric analysis and visualisation of attack trees.
    In Graphical Models for Security - 7th International Workshop, GraMSec@CSF 2020, Boston, MA, USA, Virtual Conference, June 22, 2020, Revised Selected Papers, pages 45-64, Springer, LNCS 12419, 2020.
    PDFDOILinkLink Abstract SSP20gramsecBibtexsecuritycritical infrastructurescs4e

  6. Hatamian, M.; Pape, S. and Rannenberg, K.: ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 165-179, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLink Abstract HPR19ifipsecBibtexsecurityprivacy'n'us

  7. Pape, S. and Stankovic, J.: An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security.
    In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 287-306, Springer International Publishing, Cham, LNCS 11980, 2019.
    PDFPresentation slidesDOILinkLink Abstract PS19sposeBibtexinformation systemssecuritycloud computing

  8. Schmid, M. and Pape, S.: Aggregating Corporate Information Security Maturity Levels of Different Assets.
    In Privacy and Identity Management. Data for Better Living: AI and Privacy - 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19-23, 2019, Revised Selected Papers, pages 376-392, Springer Boston, IFIP Advances in Information and Communication Technology , 2019.
    PDFDOILinkLink Abstract SP19ifipscBibtexprivacysecurity

  9. Schmid, M. and Pape, S.: A structured comparison of the corporate information security.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLink Abstract SP19ifipsecBibtexsecurity

  10. Dax, J.; Hamburg, D.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE).
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 29, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkLinkBibtexsecuritycritical infrastructuressidate

  11. Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 69-74, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkLinkBibtexsecuritycritical infrastructuressidate

  12. Dax, J.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Das SIDATE-Portal im Einsatz.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 145-150, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritycritical infrastructuressidate

  13. Hamburg, D.; Niephaus, T.; Noll, W.; Pape, S.; Rannenberg, K. and Schmitz, C.: SIDATE: Gefährdungen und Sicherheitsmassnahmen.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 51, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritycritical infrastructuressidate

  14. Schmitz, C.; Sekula, A.; Pape, S.; Pipek, V. and Rannenberg, K.: Easing the Burden of Security Self-Assessments.
    In 12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ,Dundee, Scotland, August 29-31, 2018, Proceedings., 2018.
    PDFLink Abstract SSPPR18haisaBibtexsecuritycritical infrastructuressidate

  15. Dax, J.; Hamburg, D.; Kreusch, M.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Terhaag, F.: Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger.
    In Multikonferenz Wirtschaftsinformatik (MKWI) -- Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.
    PDFPoster Abstract DHKLPPRST16mkwiBibtexsecuritycritical infrastructuressidate

  16. Dax, J.; Ley, B.; Pape, S.; Schmitz, C.; Pipek, V. and Rannenberg, K.: Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions.
    In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFLink Abstract DLPSPR16haisaBibtexsecuritycritical infrastructuressidate

Applied Cryptography