Research Topics

Human Factorshuman factors

  1. Pape, S.; Quintanar, A. and Beckers, K.: Towards Accessible and Inclusive Serious Games for Cybersecurity. In Serious Games - 11th Joint International Conference, JCSG 2025, Lucerne, Switzerland, December 4-5, 2025, Proceedings, pages 97-112, LNCS , 2025.
    PDFDOILinkLinkLinkLink Abstract PQB25jcsgBibtexsecurityhuman factorsserious gamesocial engineeringcybersecprohatchphoeni2x

  2. Löbner, S.; Pape, S.; Bracamonte, V. and Phalakarn, K.: Which PPML Would a User Choose? A Structured Decision Support Framework for Developers to Rank PPML Techniques Based on User Acceptance Criteria., 2024.
    PDFDOILinkLinkLinkLink Abstract LPBP24arxivBibtexprivacyhuman factorspetsmachine learning

  3. Bracamonte, V.; Pape, S. and Löbner, S.: Factors of Intention to Use a Photo Tool: Comparison between Privacy-enhancing and Non-privacy-enhancing Tools. In ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Poznan, Poland, June 14-16, 2023, Proceedings, 2023.
    PDFDOILinkLinkLinkLink Abstract BPL23ifipsecBibtexprivacyhuman factors

  4. Harborth, D. and Pape, S.: A Privacy Calculus Model for Contact Tracing Apps: Analyzing the Use Behavior of the German Corona-Warn-App with a Longitudinal User Study. In Computers & Security: 103338, 2023.
    PDFDOILinkLinkLinkLink Abstract HP23coseBibtexprivacyhuman factorscs4e

  5. Hamm, P.; Pape, S. and Harborth, D.: Acceptance Factors and Obstacles for Cryptocurrency Adoption. In EICC '23: Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference, pages 26-33, 2023.
    PDFDOILinkLinkLinkLink Abstract HPH23eiccBibtexprivacyhuman factors

  6. Hamm, P.; Pape, S. and Rannenberg, K.: The Influence of Privacy Concerns on Cryptocurrency Acceptance. In ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Poznan, Poland, June 14-16, 2023, Proceedings, 2023.
    PDFDOILinkLinkLinkLink Abstract HPR23ifipsecBibtexhuman factorssioc

  7. Sadeghi, A.; Pape, S. and Harborth, D.: The impact of individuals' social environments on contact tracing app use: Survey Study. In JMIR Human Factors, 10:e45825, 2023.
    PDFDOILinkLinkLinkno Link Abstract SPH23jmirhfBibtexhuman factorsiotcs4e

  8. Pape, S. and Harborth, D.: Acceptance Factors of Privacy-Enhancing Technologies on the Basis of Tor and JonDonym. In Human Factors in Privacy Research, pages 299-320, Springer International Publishing, 2023.
    PDFDOILinkLinkLinkno Link Abstract PH23hfiprBibtexprivacyhuman factorspets

  9. Bracamonte, V.; Pape, S. and Löbner, S.: Comparing the Effect of Privacy and Non-privacy Social Media Photo Tools on Factors of Privacy Concern. In Proceedings of the 9th International Conference on Information Systems Security and Privacy, ICISSP 2023, pages 669-676, 2023.
    PDFDOILinkLinkLinkLink Abstract BPL23icisspBibtexprivacyhuman factorspets

  10. Harborth, D.; Pape, S. and McKenzie, L.: Why Individuals Do (Not) Use Contact Tracing Apps: A Health Belief Model Perspective on the German Corona-Warn-App. In Healthcare, 11 (4), 2023.
    PDFDOILinkLinkLinkno Link Abstract HPM23healthcareBibtexhuman factors

  11. Chaudhary, S.; Kompara, M.; Pape, S. and Gkioulos, V.: Properties for Cybersecurity Awareness Posters' Design and Quality Assessment. In ARES 2022: The 17th International Conference on Availability, Reliability and Security, Vienna,Austria, August 23 - 26, 2022, pages 79:1-79:8, 2022, ETACS 2022.
    PDFDOILinkLinkLinkLink Abstract CKPG22etacsBibtexsecurityhuman factorscs4e

  12. Tronnier, F.; Pape, S.; Löbner, S. and Rannenberg, K.: A Discussion on Ethical Cybersecurity Issues in Digital Service Chains. In Cybersecurity of Digital Service Chains - Challenges, Methodologies, and Tools, pages 222-256, Springer, Lecture Notes in Computer Science 13300, 2022.
    PDFDOILinkLinkLinkLink Abstract TPLR22guardBibtexsecurityhuman factors

  13. Chaudhary, S.; Pape, S.; Kompara, M.; Kavallieratos, G. and Gkioulos, V.: Guidelines for Enhancement of Societal Security Awareness. Technical Report Deliverable 3.19, CyberSec4Europe, 2022.
    PDFDOILinkno Link Abstract CS4E22D3.19Bibtexprivacysecurityhuman factorsserious gamecs4e

  14. Schmitz, C.; Schmid, M.; Harborth, D. and Pape, S.: Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners' Assessment Capabilities. In Computers & Security, 108, 2021.
    PDFDOILinkLinkLinkLink Abstract SSHP21coseBibtexsecurityhuman factorscs4e

  15. Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym (Poster). In 17th Symposium on Usable Privacy and Security (SOUPS 2021), 2021.
    PosterDOILinkno Link Abstract HPR21soupsposterBibtexprivacyhuman factorsanoncs4e

  16. Pape, S.: Challenges for Designing Serious Games on Security and Privacy Awareness. In Privacy and Identity Management. Between Data Protection and Security - 16th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Privacy and Identity 2021, Virtual Event, August 16-20, 2021, Revised Selected Papers, pages 3-16, Springer, IFIP Advances in Information and Communication Technology 644, 2021.
    PDFDOILinkLinkLink Abstract Pape21ifipscBibtexprivacysecurityhuman factorsserious gamecs4ethreat-arrest

Social Engineering social engineering

  1. Pape, S.; Quintanar, A. and Beckers, K.: Towards Accessible and Inclusive Serious Games for Cybersecurity. In Serious Games - 11th Joint International Conference, JCSG 2025, Lucerne, Switzerland, December 4-5, 2025, Proceedings, pages 97-112, LNCS , 2025.
    PDFDOILinkLinkLinkLink Abstract PQB25jcsgBibtexsecurityhuman factorsserious gamesocial engineeringcybersecprohatchphoeni2x

  2. Pape, S. and Kipker, D-K.: Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy. In Datenschutz und Datensicherheit, 45 (5): 310-314, 2021.
    PDFDOILinkLinkLinkLink Abstract PK21dudBibtexsecuritysocial engineeringlawcs4ehatchthreat-arrest

  3. Hazilov, V. and Pape, S.: Systematic Scenario Creation for Serious Security-Awareness Games. In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.
    PDFDOILinkLinkLinkLinkVideo Abstract HP20sposeBibtexsecuritysocial engineeringcs4ehatchthreat-arrest

  4. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz. In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkLinkLinkVideo Abstract PGQB20mstecBibtexsecurityserious gamesocial engineeringcs4ethreat-arrest

  5. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    PDFDOILinkLinkLink Abstract Pape20habilBibtexprivacysecuritypetsserious gamesocial engineeringcloud computingioteconomylawpsychology

  6. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks. In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLinkLinkLink Abstract GQBP19mstecBibtexsecurityserious gamesocial engineeringthreat-arrest

  7. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1. Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFDOILinkno Link Abstract TA19D4.2Bibtexsecurityserious gamesocial engineeringthreat-arrest

  8. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game. In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLinkLinkLink Abstract ABP18trustbusBibtexprivacysecurityserious gamesocial engineeringsidate

  9. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkno LinkBibtexsecurityserious gamesocial engineeringlawhatchsidate

  10. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment. In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract BFGP17CreaREBibtexsecurityserious gamesocial engineeringhatch

  11. Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.: A Structured Comparison of Social Engineering Intelligence Gathering Tools. In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract BSPS17trustbusBibtexprivacysecuritysocial engineeringsidate

  12. Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies. In Information and Computer Security, 25 (2): 206-222, 2017.
    PDFDOILinkLinkLinkLink Abstract SBP17icsBibtexsecuritysocial engineeringpsychology

  13. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie. In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFDOILinkno Link Abstract SHBP17aepfBibtexsecurityserious gamesocial engineering

  14. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements. In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILinkLinkLinkLink Abstract BP16reBibtexsecurityserious gamesocial engineeringhatchsidate

  15. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering. In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterDOILinkLinkLinkLink Abstract BPF16bhciBibtexsecurityserious gamesocial engineeringhatchsidate

  16. Schaab, P.; Beckers, K. and Pape, S.: A systematic Gap Analysis of Social Engineering Defence Mechanisms considering Social Psychology. In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFDOILinkLinkLinkLink Abstract SBP16haisaBibtexsecuritysocial engineeringpsychology

Serious Games & Gamification serious game

  1. Pape, S.; Quintanar, A. and Beckers, K.: Towards Accessible and Inclusive Serious Games for Cybersecurity. In Serious Games - 11th Joint International Conference, JCSG 2025, Lucerne, Switzerland, December 4-5, 2025, Proceedings, pages 97-112, LNCS , 2025.
    PDFDOILinkLinkLinkLink Abstract PQB25jcsgBibtexsecurityhuman factorsserious gamesocial engineeringcybersecprohatchphoeni2x

  2. Fysarakis, K.; Lekidis, A.; Mavroeidis, V.; Lampropoulos, K.; Lyberopoulos, G.; Vidal, I. G-M.; Casals, J. C. T. i; Luna, E. R.; Sancho, A. A. M.; Mavrelos, A.; Tsantekidis, M.; Pape, S.; Chatzopoulou, A.; Nanou, C.; Drivas, G.; Photiou, V.; Spanoudakis, G. and Koufopavlou, O.: PHOENI2X -- A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange. Technical Report, 2023.
    PDFDOILinkLinkLinkLink Abstract FLMLLVVLSMTPCNDPSK23arxivBibtexsecurityserious gamephoeni2x

  3. Fysarakis, K.; Lekidis, A.; Mavroeidis, V.; Lampropoulos, K.; Lyberopoulos, G.; Vidal, I. G-M.; Casals, J. C. T. i; Luna, E. R.; Sancho, A. A. M.; Mavrelos, A.; Tsantekidis, M.; Pape, S.; Chatzopoulou, A.; Nanou, C.; Drivas, G.; Photiou, V.; Spanoudakis, G. and Koufopavlou, O.: PHOENI2X - A European Cyber Resilience Framework With Artificial Intelligence-Assisted Orchestration Automation For Business Continuity, Incident Response & Information Exchange. In IEEE CSR, 2023.
    PDFDOILinkLinkLinkLink Abstract FLMLLVVLSMTPCNDPSK23csrBibtexsecurityserious gamephoeni2x

  4. Chaudhary, S.; Pape, S.; Kompara, M.; Kavallieratos, G. and Gkioulos, V.: Guidelines for Enhancement of Societal Security Awareness. Technical Report Deliverable 3.19, CyberSec4Europe, 2022.
    PDFDOILinkno Link Abstract CS4E22D3.19Bibtexprivacysecurityhuman factorsserious gamecs4e

  5. Hatzivasilis, G.; Ioannidis, S.; Smyrlis, M.; Spanoudakis, G.; Frati, F.; Braghin, C.; Damiani, E.; Koshutanski, H.; Tsakirakis, G.; Hildebrandt, T.; Goeke, L.; Pape, S.; Blinder, O.; Vinov, M.; Leftheriotis, G.; Kunc, M.; Oikonomou, F.; Magilo, G.; Petrarolo, V.; Chieti, A. and Bordianu, R.: The THREAT-ARREST cyber ranges platform. In IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021.
    PDFDOILinkLinkLinkLink Abstract HISSFBDKTHGPBVLKOMPCB21crstBibtexsecurityserious gamethreat-arrest

  6. Pape, S.; Klauer, A. and Rebler, M.: Leech: Let's Expose Evidently bad data Collecting Habits - Towards a Serious Game on Understanding Privacy Policies (Poster). In 17th Symposium on Usable Privacy and Security (SOUPS 2021), 2021.
    PDFPosterDOILinkLinkLinkno Link Abstract PKR21soupsposterBibtexprivacyserious gamecs4ethreat-arrest

  7. Pape, S.: Challenges for Designing Serious Games on Security and Privacy Awareness. In Privacy and Identity Management. Between Data Protection and Security - 16th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Privacy and Identity 2021, Virtual Event, August 16-20, 2021, Revised Selected Papers, pages 3-16, Springer, IFIP Advances in Information and Communication Technology 644, 2021.
    PDFDOILinkLinkLink Abstract Pape21ifipscBibtexprivacysecurityhuman factorsserious gamecs4ethreat-arrest

  8. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz. In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    PDFPresentation slidesDOILinkLinkLinkLinkVideo Abstract PGQB20mstecBibtexsecurityserious gamesocial engineeringcs4ethreat-arrest

  9. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    PDFDOILinkLinkLink Abstract Pape20habilBibtexprivacysecuritypetsserious gamesocial engineeringcloud computingioteconomylawpsychology

  10. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks. In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    PDFDOILinkLinkLinkLink Abstract GQBP19mstecBibtexsecurityserious gamesocial engineeringthreat-arrest

  11. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1. Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    PDFDOILinkno Link Abstract TA19D4.2Bibtexsecurityserious gamesocial engineeringthreat-arrest

  12. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game. In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    PDFDOILinkLinkLinkLink Abstract ABP18trustbusBibtexprivacysecurityserious gamesocial engineeringsidate

  13. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkno LinkBibtexsecurityserious gamesocial engineeringlawhatchsidate

  14. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment. In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract BFGP17CreaREBibtexsecurityserious gamesocial engineeringhatch

  15. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie. In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    PDFDOILinkno Link Abstract SHBP17aepfBibtexsecurityserious gamesocial engineering

  16. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements. In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    PDFDOILinkLinkLinkLink Abstract BP16reBibtexsecurityserious gamesocial engineeringhatchsidate

  17. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering. In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    PDFPosterDOILinkLinkLinkLink Abstract BPF16bhciBibtexsecurityserious gamesocial engineeringhatchsidate

Privacy Enhancing Technologies pets

  1. Al-Momani, A.; Balenson, D.; Bösch, C.; Mann, Z. A.; Pape, S. and Petit, J.: Lessons from a Robotaxi: Challenges in Selecting Privacy-Enhancing Technologies. In ESORICS 2025 International Workshops - DPM, 2025, to appear.
    PDFDOIno Link Abstract ABBMPP25dpmBibtexprivacypetsautomotiveautopsy

  2. Pape, S.; Bkakria, A.; Chah, B.; Heymann, M. and Winkler, S. S.: A Framework for Supporting PET Selection Based on GDPR Principles. In Proceedings of the 20th International Conference on Availability, Reliability and Security, ARES 2025, Ghent, Belgium, 11 August 2025 - 14 August 2025, pages 3-23, Springer, Cham, LNCS 15992, 2025.
    PDFDOILinkLinkLinkLink Abstract PBCHS25aresBibtexprivacypetsautomotiveautopsy

  3. Pape, S.; Bkakria, A.; Heymann, M.; Chah, B.; Abbas-Turki, A.; Syed-Winkler, S.; Hiller, M. and Yaich, R.: AUTOPSY: A Framework for Tackling Privacy Challenges in the Automotive Industry., 2025.
    PDFDOILinkLinkLinkLink Abstract PBHCASHY25arxivBibtexprivacypetsautomotiveautopsy

  4. Löbner, S.; Pape, S.; Bracamonte, V. and Phalakarn, K.: Which PPML Would a User Choose? A Structured Decision Support Framework for Developers to Rank PPML Techniques Based on User Acceptance Criteria., 2024.
    PDFDOILinkLinkLinkLink Abstract LPBP24arxivBibtexprivacyhuman factorspetsmachine learning

  5. Al-Momani, A.; Balenson, D.; Mann, Z. &.; Pape, S.; Petit, J. and Bösch, C.: Navigating Privacy Patterns in the Era of Robotaxis. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2024, International Workshop on Privacy Engineering (IWPE) 2024, pages 32-39, 2024.
    PDFDOILinkLinkLinkLink Abstract ABMPPB24iwpeBibtexprivacypetsautomotiveiotautopsy

  6. Pape, S.; Syed-Winkler, S.; Garcia, A. M.; Chah, B.; Bkakria, A.; Hiller, M.; Walcher, T.; Lombard, A.; Abbas-Turki, A. and Yaich, R.: A Systematic Approach for Automotive Privacy Management. In CSCS '23: ACM Computer Science in Cars Symposium, Darmstadt, Germany, December 5th, 2023, ACM, 2023.
    PDFDOILinkLinkLinkLink Abstract PSGCBHWLAY23cscsBibtexprivacypetsautomotiveautopsy

  7. Rannenberg, K.; Pape, S.; Tronnier, F. and Löbner, S.: Study on the technical evaluation of decentralization based de-identification procedures for personal data in the automotive sector. Technical Report 371, Forschungsvereinigung Automobiltechnik e.V. (FAT), 2023.
    DOILinkLinkno Link Abstract RPTL23fatBibtexprivacypetsautomotive

  8. Löbner, S.; Pape, S. and Bracamonte, V.: User Acceptance Criteria for Privacy Preserving Machine Learning Techniques. In Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, 29 August 2023- 1 September 2023, pages 149:1-149:8, ACM, 2023, 20th International Workshop on Trust, Privacy and Security in the Digital Society.
    PDFDOILinkLinkLinkLink Abstract LPB23trustbusBibtexprivacypetsmachine learningcs4e

  9. Pape, S. and Harborth, D.: Acceptance Factors of Privacy-Enhancing Technologies on the Basis of Tor and JonDonym. In Human Factors in Privacy Research, pages 299-320, Springer International Publishing, 2023.
    PDFDOILinkLinkLinkno Link Abstract PH23hfiprBibtexprivacyhuman factorspets

  10. Bracamonte, V.; Pape, S. and Löbner, S.: Comparing the Effect of Privacy and Non-privacy Social Media Photo Tools on Factors of Privacy Concern. In Proceedings of the 9th International Conference on Information Systems Security and Privacy, ICISSP 2023, pages 669-676, 2023.
    PDFDOILinkLinkLinkLink Abstract BPL23icisspBibtexprivacyhuman factorspets

  11. Syed-Winkler, S.; Pape, S. and Sabouri, A.: A Data Protection-Oriented System Model Enforcing Purpose Limitation for Connected Mobility. In CSCS '22: ACM Computer Science in Cars Symposium, Ingolstadt, Germany, December 8th, 2022, ACM, 2022.
    PDFDOILinkLinkLinkLink Abstract SPS22cscsBibtexprivacypetsautomotivecloud computingautopsy

  12. Löbner, S.; Tronnier, F.; Pape, S. and Rannenberg, K.: Comparison of De-Identification Techniques for Privacy Preserving Data Analysis in Vehicular Data Sharing. In CSCS '21: ACM Computer Science in Cars Symposium, Ingolstadt, Germany, November 30th, 2021, pages 7:1-7:11, ACM, 2021.
    PDFDOILinkLinkLinkLink Abstract LTPR21cscsBibtexprivacypetsautomotive

  13. Rannenberg, K.; Pape, S.; Tronnier, F. and Löbner, S.: Study on the Technical Evaluation of De-Identification Procedures for Personal Data in the Automotive Sector. Technical Report, Goethe University Frankfurt, 2021.
    PDFDOILinkLinkno Link Abstract RPTL21trBibtexprivacypetsautomotive

  14. Pape, S.; Harborth, D. and Kröger, J. L.: Privacy Concerns Go Hand in Hand with Lack of Knowledge: The Case of the German Corona-Warn-App. In ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, pages 256-269, Springer, IFIP Advances in Information and Communication Technology 625, 2021.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract PHK21ifipsecBibtexinformation systemsprivacypetscs4e

  15. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    PDFDOILinkLinkLink Abstract Pape20habilBibtexprivacysecuritypetsserious gamesocial engineeringcloud computingioteconomylawpsychology

  16. Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
    PDFDOILinkLinkLinkLink Dataset Dataset Dataset Dataset Abstract HPR20petsBibtexinformation systemsprivacypetsanoncs4e

  17. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Jondonym. IEEE Dataport, 2020.
    PDFDOILinkLinkLinkno Link Dataset Dataset Abstract HP20dataportJDBibtexprivacypetsmethodologyanon

  18. Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Tor. IEEE Dataport, 2020.
    PDFDOILinkLinkLinkno Link Dataset Dataset Abstract HP20dataportTorBibtexprivacypetsmethodologyanon

  19. Harborth, D. and Pape, S.: How Privacy Concerns, Trust and Risk Beliefs and Privacy Literacy Influence Users' Intentions to Use Privacy-Enhancing Technologies - The Case of Tor. In ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 51 (1): 51-69, 2020.
    PDFDOILinkLinkLinkLink Dataset Dataset Abstract HP20sigmisBibtexinformation systemsprivacypetsanon

  20. Harborth, D.; Cai, X. and Pape, S.: Why Do People Pay for Privacy-Enhancing Technologies? The Case of Tor and JonDonym?. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 253-267, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLinkLink Dataset Dataset Abstract HCP19ifipsecBibtexinformation systemsprivacypetseconomyanon

  21. Pape, S. and Rannenberg, K.: Applying Privacy Patterns to the Internet of Things' (IoT) Architecture. In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
    PDFDOILinkLinkLinkLink Abstract PR19monetBibtexprivacysoftware engineeringpetscloud computingiot

  22. Harborth, D. and Pape, S.: How Privacy Concerns and Trust and Risk Beliefs Influence Users' Intentions to Use Privacy-Enhancing Technologies -- The Case of Tor. In 52nd Hawaii International Conference on System Sciences (HICSS) 2019, pages 4851-4860, 2019, Acceptance rate: 48%.
    PDFDOILinkLinkLinkLink Abstract HP19hicssBibtexinformation systemsprivacypetsanon

  23. Harborth, D. and Pape, S.: JonDonym Users' Information Privacy Concerns. In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings, pages 170-184, 2018, Acceptance rate: 27 / 89 = 30.3%.
    PDFPresentation slidesDOILinkLinkLinkLink Dataset Dataset Abstract HP18ifipsecBibtexinformation systemsprivacypetspsychologyanon

  24. Harborth, D.; Braun, M.; Grosz, A.; Pape, S. and Rannenberg, K.: Anreize und Hemmnisse für die Implementierung von Privacy-Enhancing Technologies im Unternehmenskontext. In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 29-41, 2018.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract HBGPR18sicherheitBibtexinformation systemsprivacypetseconomyanonsioc

  25. Harborth, D. and Pape, S.: Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust. In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018, Association for Information Systems, 2018.
    PDFDOILinkLinkLinkLink Abstract HP18amcisBibtexinformation systemsprivacypetspsychologyanon

  26. Pape, S.; Tasche, D.; Bastys, I.; Grosz, A.; Laessig, J. and Rannenberg, K.: Towards an Architecture for Pseudonymous E-Commerce -- Applying Privacy by Design to Online Shopping. In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 17-28, 2018.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract PTBGLR18sicherheitBibtexprivacypetse-commerceeconomysioc

  27. Harborth, D.; Herrmann, D.; Köpsell, S.; Pape, S.; Roth, C.; Federrath, H.; Kesdogan, D. and Rannenberg, K.: Integrating Privacy-Enhancing Technologies into the Internet Infrastructure. Technical Report, Cornell University, arXiv, 2017.
    PDFDOILinkLinkLinkLink Abstract HHKPRFKR17anonBibtexprivacypetsanon

  28. Harborth, D. and Pape, S.: Privacy Concerns and Behavior of Pokémon Go Players in Germany. In Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, pages 314-329, Springer International Publishing, IFIP Advances in Information and Communication Technology 526, 2017.
    PDFDOILinkLinkLinkLink Abstract HP17ifipscBibtexinformation systemsprivacypetsarpsychologyanon

Modeling & Measuring

Security Management

  1. Schmitz, C.; Sekulla, A. and Pape, S.: Asset-centric analysis and visualisation of attack trees. In Graphical Models for Security - 7th International Workshop, GraMSec@CSF 2020, Boston, MA, USA, Virtual Conference, June 22, 2020, Revised Selected Papers, pages 45-64, Springer, LNCS 12419, 2020.
    PDFDOILinkLinkLinkLink Abstract SSP20gramsecBibtexsecuritycritical infrastructurescs4e

  2. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    PDFDOILinkLinkLink Abstract Pape20habilBibtexprivacysecuritypetsserious gamesocial engineeringcloud computingioteconomylawpsychology

  3. Pape, S.; Paci, F.; Juerjens, J. and Massacci, F.: Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach. In Information, 11 (5), 2020.
    PDFDOILinkLinkLinkLink Abstract PPJM20informationBibtexsecuritycloud computingcloudatcs4eseconomics

  4. Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.: On the use of Information Security Management Systems by German Energy Providers. In Presented at the Fourteenth IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, 2020.
    PDFPresentation slidesDOIno Link Abstract PSKS20iccipBibtexinformation systemssecuritycritical infrastructureslawcs4esidate

  5. Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security. In Computers & Security, 90, 2020.
    PDFDOILinkLinkLinkLink Abstract SP20coseBibtexsecuritycritical infrastructuressidate

  6. Pape, S. and Stankovic, J.: An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security. In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 287-306, Springer International Publishing, Cham, LNCS 11980, 2019.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract PS19sposeBibtexinformation systemssecuritycloud computing

  7. Schmid, M. and Pape, S.: Aggregating Corporate Information Security Maturity Levels of Different Assets. In Privacy and Identity Management. Data for Better Living: AI and Privacy - 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19-23, 2019, Revised Selected Papers, pages 376-392, Springer Boston, IFIP Advances in Information and Communication Technology , 2019.
    PDFDOILinkLinkLinkLink Abstract SP19ifipscBibtexprivacysecurity

  8. Hatamian, M.; Pape, S. and Rannenberg, K.: ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 165-179, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLinkLink Abstract HPR19ifipsecBibtexsecurityprivacy'n'us

  9. Schmid, M. and Pape, S.: A structured comparison of the corporate information security. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.
    PDFDOILinkLinkLinkLink Abstract SP19ifipsecBibtexsecurity

  10. Dax, J.; Hamburg, D.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE). In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 29, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkLinkLinkno LinkBibtexsecuritycritical infrastructuressidate

  11. Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 69-74, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkLinkno LinkBibtexsecuritycritical infrastructuressidate

  12. Dax, J.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Das SIDATE-Portal im Einsatz. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 145-150, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkno LinkBibtexsecuritycritical infrastructuressidate

  13. Hamburg, D.; Niephaus, T.; Noll, W.; Pape, S.; Rannenberg, K. and Schmitz, C.: SIDATE: Gefährdungen und Sicherheitsmassnahmen. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 51, Universität der Bundeswehr, Neubiberg, 2018.
    PDFDOILinkno LinkBibtexsecuritycritical infrastructuressidate

  14. Schmitz, C.; Sekula, A.; Pape, S.; Pipek, V. and Rannenberg, K.: Easing the Burden of Security Self-Assessments. In 12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ,Dundee, Scotland, August 29-31, 2018, Proceedings., 2018.
    PDFDOILinkLinkLinkLink Abstract SSPPR18haisaBibtexsecuritycritical infrastructuressidate

  15. Dax, J.; Hamburg, D.; Kreusch, M.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Terhaag, F.: Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger. In Multikonferenz Wirtschaftsinformatik (MKWI) -- Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.
    PDFPosterDOIno Link Abstract DHKLPPRST16mkwiBibtexsecuritycritical infrastructuressidate

  16. Dax, J.; Ley, B.; Pape, S.; Schmitz, C.; Pipek, V. and Rannenberg, K.: Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions. In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    PDFDOILinkLinkLinkLink Abstract DLPSPR16haisaBibtexsecuritycritical infrastructuressidate

Applied Cryptographycrypto

  1. Pape, S.: Technische Bedingungen wirksamer Verschlüsselung. In Jahrbuch 2016, Deutsche Gesellschaft für Recht und Informatik, 2017, available via https://www.dgri.de/55/Publikationen/Schriftenreihe-der-DGRI.htm.
    PDFDOILinkno LinkBibtexsecuritycrypto

  2. Pape, S.: Sample or Random Security - A Security Model for Segment-Based Visual Cryptography. In Financial Cryptography and Data Security - 18th International Conference, FC 2014, Christ Church, Barbados, March 3-7, 2014, Revised Selected Papers, pages 291-303, 2014, Acceptance rate: 31 / 138 = 22.5%.
    PDFPresentation slidesDOILinkLinkLinkLink Abstract Pape14fcBibtexcrypto

  3. Pape, S.: Authentication in Insecure Environments -- Using Visual Cryptography and Non-Transferable Credentials in Practise. Springer Vieweg, Research , 2014.
    DOILinkLinkLink Abstract pape14authenticationBibtexprivacysecuritycrypto

  4. Pape, S.: The Challenge of Authentication in Insecure Environments.
    DOIno LinkBibtexprivacysecuritycrypto

  5. Pape, S.: Some Observations on Reusing One-Time Pads within Dice Codings (abstract). Technical Report, in Tagungsband zum 10. Kryptotag, Workshop der Fachgruppe Angewandte Kryptologie in der Gesellschaft für Informatik, 2009.
    DOIno LinkBibtexcrypto

  6. Pape, S.: Sicherheitsmodelle für das Ajtai-Dwork-Kryptosystem: Untersuchungen eines Kryptosystems mit Worst-Case / Average-Case Äquivalenz zum unique Shortest Vector Problem. Vdm Verlag Dr. Müller, 2008.
    DOILinkLinkno Link Abstract pape08ajtai-dworkBibtexcrypto

  7. Pape, S. and Benamar, N.: Using Identity-Based Public-Key Cryptography with Images to Preserve Privacy. In The Future of Identity in the Information Society, pages 299-310, Springer Boston, IFIP International Federation for Information Processing 262, 2008.
    PDFDOILinkLinkLinkLink Abstract PB08ifipscBibtexprivacycrypto

  8. Pape, S.: Sicherheitsmodelle für das Ajtai-Dwork-Kryptosystem.
    PDFDOILinkno Link Abstract pape04thesisBibtexcrypto