Research Topics

Human Factors

Social Engineering

  1. Pape, S. and Kipker, D-K.: Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy.
    In Datenschutz und Datensicherheit, 45 (5): 310-314, 2021.
    PDFDOILinkLinkLinkLink Abstract PK21dudBibtexsecuritysocial engineeringlawcs4ehatchthreat-arrest

  2. Hazilov, V. and Pape, S.: Systematic Scenario Creation for Serious Security-Awareness Games.
    In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.
    PDFDOILinkLinkLinkLinkVideo Abstract HP20sposeBibtexsecuritysocial engineeringcs4ehatchthreat-arrest

  3. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
    In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkLinkLinkVideo Abstract PGQB20mstecBibtexsecuritysocial engineeringserious gamecs4ethreat-arrest

  4. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    PDFLinkLink Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  5. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
    In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLinkLink Abstract GQBP19mstecBibtexsecuritysocial engineeringserious gamethreat-arrest

  6. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
    Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFLink Abstract TA19D4.2Bibtexsecuritysocial engineeringserious gamethreat-arrest

  7. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
    In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLinkLink Abstract ABP18trustbusBibtexprivacysecuritysocial engineeringserious gamesidate

  8. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritysocial engineeringserious gamelawhatchsidate

  9. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
    In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesLinkLinkLink Abstract BFGP17CreaREBibtexsecuritysocial engineeringserious gamehatch

  10. Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.: A Structured Comparison of Social Engineering Intelligence Gathering Tools.
    In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
    PDFPresentation slidesDOILinkLinkLink Abstract BSPS17trustbusBibtexprivacysecuritysocial engineeringsidate

  11. Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies.
    In Information and Computer Security, 25 (2): 206-222, 2017.
    PDFDOILinkLinkLink Abstract SBP17icsBibtexsecuritysocial engineeringpsychology

  12. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
    In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFLink Abstract SHBP17aepfBibtexsecuritysocial engineeringserious game

  13. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
    In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILinkLinkLinkLink Abstract BP16reBibtexsecuritysocial engineeringserious gamehatchsidate

  14. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
    In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterLinkLinkLink Abstract BPF16bhciBibtexsecuritysocial engineeringserious gamehatchsidate

  15. Schaab, P.; Beckers, K. and Pape, S.: A systematic Gap Analysis of Social Engineering Defence Mechanisms considering Social Psychology.
    In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFLinkLinkLink Abstract SBP16haisaBibtexsecuritysocial engineeringpsychology

Serious Games & Gamification serious game

  1. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
    In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkLinkLinkVideo Abstract PGQB20mstecBibtexsecuritysocial engineeringserious gamecs4ethreat-arrest

  2. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    PDFLinkLink Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  3. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
    In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLinkLink Abstract GQBP19mstecBibtexsecuritysocial engineeringserious gamethreat-arrest

  4. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
    Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFLink Abstract TA19D4.2Bibtexsecuritysocial engineeringserious gamethreat-arrest

  5. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
    In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLinkLink Abstract ABP18trustbusBibtexprivacysecuritysocial engineeringserious gamesidate

  6. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritysocial engineeringserious gamelawhatchsidate

  7. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
    In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesLinkLinkLink Abstract BFGP17CreaREBibtexsecuritysocial engineeringserious gamehatch

  8. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
    In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFLink Abstract SHBP17aepfBibtexsecuritysocial engineeringserious game

  9. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
    In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILinkLinkLinkLink Abstract BP16reBibtexsecuritysocial engineeringserious gamehatchsidate

  10. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
    In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterLinkLinkLink Abstract BPF16bhciBibtexsecuritysocial engineeringserious gamehatchsidate

Privacy Enhancing Technologies pets

  1. Pape, S.; Harborth, D. and Kröger, J. L.: Privacy Concerns Go Hand in Hand with Lack of Knowledge: The Case of the German Corona-Warn-App.
    In ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, pages 256-269, Springer, IFIP Advances in Information and Communication Technology 625, 2021.
    PDFDOILinkLink Abstract PHK21ifipsecBibtexinformation systemsprivacypetscs4e

  2. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Jondonym.
    IEEE Dataport, 2020.
    PDFDOILinkLinkLink Dataset Dataset Abstract HP20dataportJDBibtexprivacypetsmethodologyanon

  3. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Tor.
    IEEE Dataport, 2020.
    PDFDOILinkLinkLink Dataset Dataset Abstract HP20dataportTorBibtexprivacypetsmethodologyanon

  4. Harborth, D. and Pape, S.: How Privacy Concerns, Trust and Risk Beliefs and Privacy Literacy Influence Users' Intentions to Use Privacy-Enhancing Technologies - The Case of Tor.
    In ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 51 (1): 51-69, 2020.
    PDFDOILinkLinkLink Dataset Dataset Abstract HP20sigmisBibtexinformation systemsprivacypetsanon

  5. Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym.
    In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
    PDFDOILinkLinkLinkLink Dataset Dataset Dataset Dataset Abstract HPR20petsBibtexinformation systemsprivacypetsanoncs4e

  6. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    PDFLinkLink Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  7. Harborth, D.; Cai, X. and Pape, S.: Why Do People Pay for Privacy?.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 253-267, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLink Dataset Dataset Abstract HCP19ifipsecBibtexinformation systemsprivacypetseconomyanon

  8. Harborth, D. and Pape, S.: How Privacy Concerns and Trust and Risk Beliefs Influence Users' Intentions to Use Privacy-Enhancing Technologies -- The Case of Tor.
    In 52nd Hawaii International Conference on System Sciences (HICSS) 2019, pages 4851-4860, 2019, Acceptance rate: 48%.
    PDFDOILinkLinkLink Abstract HP19hicssBibtexinformation systemsprivacypetsanon

  9. Pape, S. and Rannenberg, K.: Applying Privacy Patterns to the Internet of Things' (IoT) Architecture.
    In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
    PDFDOILinkLinkLink Abstract PR19monetBibtexprivacysoftware engineeringpetscloud computingiot

  10. Harborth, D.; Braun, M.; Grosz, A.; Pape, S. and Rannenberg, K.: Anreize und Hemmnisse für die Implementierung von Privacy-Enhancing Technologies im Unternehmenskontext.
    In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 29-41, 2018.
    PDFPresentation slidesDOILinkLinkLink Abstract HBGPR18sicherheitBibtexinformation systemsprivacypetseconomyanonsioc

  11. Harborth, D. and Pape, S.: Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust.
    In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018, Association for Information Systems, 2018.
    PDFLinkLinkLink Abstract HP18amcisBibtexinformation systemsprivacypetspsychologyanon

  12. Harborth, D. and Pape, S.: JonDonym Users' Information Privacy Concerns.
    In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings, pages 170-184, 2018, Acceptance rate: 27 / 89 = 30.3%.
    PDFPresentation slidesDOILinkLinkLink Dataset Dataset Abstract HP18ifipsecBibtexinformation systemsprivacypetspsychologyanon

  13. Pape, S.; Tasche, D.; Bastys, I.; Grosz, A.; Laessig, J. and Rannenberg, K.: Towards an Architecture for Pseudonymous E-Commerce -- Applying Privacy by Design to Online Shopping.
    In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 17-28, 2018.
    PDFPresentation slidesDOILinkLinkLink Abstract PTBGLR18sicherheitBibtexprivacypetse-commerceeconomysioc

  14. Harborth, D.; Herrmann, D.; Köpsell, S.; Pape, S.; Roth, C.; Federrath, H.; Kesdogan, D. and Rannenberg, K.: Integrating Privacy-Enhancing Technologies into the Internet Infrastructure.
    Technical Report, Cornell University, arXiv, 2017.
    PDFLinkLinkLink Abstract HHKPRFKR17anonBibtexprivacypetsanon

  15. Harborth, D. and Pape, S.: Privacy Concerns and Behavior of Pokémon Go Players in Germany.
    In Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, pages 314-329, Springer International Publishing, IFIP Advances in Information and Communication Technology 526, 2017.
    PDFDOILinkLinkLink Abstract HP17ifipscBibtexinformation systemsprivacypetsarpsychologyanon

Modeling & Measuring

Security Management

  1. Pape, S.; Paci, F.; Juerjens, J. and Massacci, F.: Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach.
    In Information, 11 (5), 2020.
    PDFDOILinkLinkLinkLink Abstract PPJM20informationBibtexsecuritycloud computingcloudatcs4eseconomics

  2. Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.: On the use of Information Security Management Systems by German Energy Providers.
    In Presented at the Fourteenth IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, 2020.
    PDF Abstract PSKS20iccipBibtexinformation systemssecuritycritical infrastructureslawcs4esidate

  3. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    .
    PDFLinkLink Abstract Pape20habilBibtexprivacysecuritysocial engineeringpetsserious gamecloud computingioteconomylawpsychology

  4. Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security.
    In Computers & Security, 90, 2020.
    PDFDOILinkLinkLinkLink Abstract SP20coseBibtexsecuritycritical infrastructuressidate

  5. Schmitz, C.; Sekulla, A. and Pape, S.: Asset-centric analysis and visualisation of attack trees.
    In Graphical Models for Security - 7th International Workshop, GraMSec@CSF 2020, Boston, MA, USA, Virtual Conference, June 22, 2020, Revised Selected Papers, pages 45-64, Springer, LNCS 12419, 2020.
    PDFDOILinkLinkLinkLink Abstract SSP20gramsecBibtexsecuritycritical infrastructurescs4e

  6. Hatamian, M.; Pape, S. and Rannenberg, K.: ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 165-179, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLink Abstract HPR19ifipsecBibtexsecurityprivacy'n'us

  7. Pape, S. and Stankovic, J.: An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security.
    In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 287-306, Springer International Publishing, Cham, LNCS 11980, 2019.
    PDFPresentation slidesDOILinkLinkLink Abstract PS19sposeBibtexinformation systemssecuritycloud computing

  8. Schmid, M. and Pape, S.: Aggregating Corporate Information Security Maturity Levels of Different Assets.
    In Privacy and Identity Management. Data for Better Living: AI and Privacy - 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19-23, 2019, Revised Selected Papers, pages 376-392, Springer Boston, IFIP Advances in Information and Communication Technology , 2019.
    PDFDOILinkLinkLinkLink Abstract SP19ifipscBibtexprivacysecurity

  9. Schmid, M. and Pape, S.: A structured comparison of the corporate information security.
    In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLink Abstract SP19ifipsecBibtexsecurity

  10. Dax, J.; Hamburg, D.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE).
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 29, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkLinkBibtexsecuritycritical infrastructuressidate

  11. Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 69-74, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkLinkBibtexsecuritycritical infrastructuressidate

  12. Dax, J.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Das SIDATE-Portal im Einsatz.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 145-150, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritycritical infrastructuressidate

  13. Hamburg, D.; Niephaus, T.; Noll, W.; Pape, S.; Rannenberg, K. and Schmitz, C.: SIDATE: Gefährdungen und Sicherheitsmassnahmen.
    In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 51, Universität der Bundeswehr, Neubiberg, 2018.
    PDFLinkBibtexsecuritycritical infrastructuressidate

  14. Schmitz, C.; Sekula, A.; Pape, S.; Pipek, V. and Rannenberg, K.: Easing the Burden of Security Self-Assessments.
    In 12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ,Dundee, Scotland, August 29-31, 2018, Proceedings., 2018.
    PDFLinkLinkLink Abstract SSPPR18haisaBibtexsecuritycritical infrastructuressidate

  15. Dax, J.; Hamburg, D.; Kreusch, M.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Terhaag, F.: Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger.
    In Multikonferenz Wirtschaftsinformatik (MKWI) -- Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.
    PDFPoster Abstract DHKLPPRST16mkwiBibtexsecuritycritical infrastructuressidate

  16. Dax, J.; Ley, B.; Pape, S.; Schmitz, C.; Pipek, V. and Rannenberg, K.: Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions.
    In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFLinkLinkLink Abstract DLPSPR16haisaBibtexsecuritycritical infrastructuressidate

Applied Cryptography