Quicklinks
The CISPA Building

Empirical & Behavioral Security

Ultimately, we need solutions that work both in theory and practice. However, as truth is stranger than fiction, this means that to attain this grand goal we cannot simply retreat to our study but will need to draw insight from empirical data. That is, unless a tool is easy to use properly, although it may be secure in theory it can still prove a liability in practice -- which goes for both end-users and developers. Moreover, we cannot preempt every possible attack, and hence need techniques that can detect and name subtle patterns in data that we can act upon. In short, this research area aims to devise an engineering process that significantly improves the security and privacy of today's real-world software, that keep pace with the continuing growth in complexity for future IT systems, and that is conveniently usable even by layman users and developers. It provides empirical methods and tools for dealing with unstructured, heterogeneous datasets at scale, techniques for ensuring the security of web applications and services; as well as usable and effective solutions for application development and maintenance.

Members

Most Recent Publications

Title Date Authors Meta
 2018
USENIX-Security
2018
 Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel
 27th USENIX Security Symposium (USENIX Security 18)
 2018
2018
 Björn Mathis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, Andreas Zeller
 Software Engineering (SE) 2018
 2018
NDSS
2018
 Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes, Christian Rossow
 Proceedings of the 25th Annual Symposium on Network and Distributed System Security (NDSS '18).
 2018
ICSE
2018
 Andreas Rau, Jenny Hotzkow, Andreas Zeller
 Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings
 2018
CCS
2018
 Constanze Dietrich, Katharina Krombholz, Kevin Borgolte, Tobias Fiebig
 25th ACM Conference on Computer and Communications Security