Prof. Dr. Martina Angela Sasse

HUMAN-CENTRED SECURITY

Professor / Head of Chair

Address:
Ruhr-University Bochum
Faculty of Computer Science
Human-Centred Security
Universitätsstr. 150
D-44801 Bochum

Room: MB 2/177

Telephone: (+49)(0)234 / 32 – 25028

Office Hours: By arrangement

E-Mail: martina.sasse@rub.de

Lebenslauf

Prof. Dr. Angela Sasse studierte in den 1980er-Jahren an der Bergischen Universität Wuppertal Psychologie und setzte ihr Studium in Großbritannien fort. Ihren Master in Arbeitspsychologie machte sie an der Universität Sheffield und wurde an der Universität Birmingham promoviert.

1990 begann sie eine Tätigkeit als Dozentin in Computer Science am University College London. Dort war sie seit 2003 Professorin für Human-Centred Technology. Von 2012 bis 2017 leitete sie das Britische Forschungsinstitut für empirische Sicherheitsforschung und wurde 2015 in die Royal Academy of Engineering aufgenommen.

Am 1. Mai 2018 übernahm sie die Leitung des Lehrstuhls Human-Centred Security am Horst-Görtz-Institut für IT-Sicherheit der Ruhr-Universität Bochum.

Lehrveranstaltungen

Veröffentlichungen

Curriculum Vitae

1990 begann sie eine Tätigkeit als Dozentin in Computer Science am University College London. Dort war sie seit 2003 Professorin für Human-Centred Technology. Von 2012 bis 2017 leitete sie das Britische Forschungsinstitut für empirische Sicherheitsforschung und wurde 2015 in die Royal Academy of Engineering aufgenommen.

Am 1. Mai 2018 übernahm sie die Leitung des Lehrstuhls Human-Centred Security am Horst-Görtz-Institut für IT-Sicherheit der Ruhr-Universität Bochum.

Courses

Publications

2023

[1]

J. Hielscher, U. Menges, S. Parkin, A. Kluge, und M. A. Sasse, „‚Employees who don’t accept the time security takes are not aware enough‘: the CISO view of human-centred security“, in Proceedings of the 32nd USENIX Security Symposium, Anaheim, Calif., 2023, S. 2311–2328. [Online]. Verfügbar unter: https://www.usenix.org/system/files/sec23fall-prepub-110-hielscher.pdf

[2]

U. Menges, J. Hielscher, A. Kluge, und M. A. Sasse, „Work in progress – brick by brick: using a structured building blocks method to engage participants and collect IT security insights“, in STAST 2022: 12th International Workshop on Socio-Technical Aspects in Security, Kopenhagen, 2023, Im Erscheinen.

[3]

F. Herbert u. a., „A world full of privacy and security (mis)conceptions?: Findings of a representative survey in 12 countries“, in CHI ’23, Hamburg, 2023, Publiziert. doi: 10.1145/3544548.3581410.

[4]

S. Weydner-Volkmann und M. A. Sasse, „Kompetenzbildung zu Dual-Use-Problemen: Potentiale einer interdisziplinären Lehre zwischen IT-Sicherheit und (Technik-)Ethik“, gehalten auf der Sensibilisierung und Kompetenzbildung für Ethik sicherheitsrelevanter Forschung in der Lehre, Berlin, 2023, Publiziert.

2022

[1]

M. Gutfleisch, J. H. Klemmer, N. Busch, Y. Acar, M. A. Sasse, und S. Fahl, „How does usable security (not) end up in software products?: Results from a qualitative interview study“, in 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2022, S. 171–188. doi: 10.1109/sp46214.2022.00011.

[2]

M. A. Sasse, J. Hielscher, J. Friedauer, U. Menges, und M. Peiffer, „Warum IT-Sicherheit in Organisationen einen Neustart braucht“, in Cyber-Sicherheit ist Chefinnen- und Chefsache!, online, Feb. 2022, Publiziert. [Online]. Verfügbar unter: https://www.researchgate.net/publication/358277373_Warum_IT-Sicherheit_in_Organisationen_einen_Neustart_braucht

[3]

M. A. Sasse, J. Hielscher, und M. Gutfleisch, „Human-Centred Security: Unfug Informationssicherheits-Sensibilisierung“, Kma , Bd. 27, Nr. 4, S. 44–46, Apr. 2022, doi: 10.1055/s-0042-1748095.

[4]

M. Gutfleisch u. a., „Caring about IoT-security: an interview study in the healthcare sector“, in Proceedings of the 2022 European symposium on usable security, Karlsruhe, Sep. 2022, S. 202–215. doi: 10.1145/3549015.3554209.

[5]

M. Gutfleisch, M. Schöps, S. Sayin, F. Wende, und M. A. Sasse, „Putting security on the table: the digitalisation of security tabletop games and its challenging aftertaste“, in 2022 ACM/IEEE 44th International Conference on Software Engineering: software engineering education and training, Pittsburgh, Pennsylvania, Juni 2022, S. 217–222. doi: 10.1109/icse-seet55299.2022.9794181.

[6]

P. Mayer u. a., „“I don’t know why I check this…” : Investigating expert users’ strategies to detect email signature spoofing attacks“, in Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), Boston, MA, 2022, S. 77–96. [OnlineRessource]. Verfügbar unter: https://casa.rub.de/fileadmin/img/Publikationen_PDFs/2022_I-dont-know-why-I-check-this…-Investigating-Expert-Users-Strategies-to-Detect-Email-Signature-Spoofing-Attacks_Publication_ClusterofExcellence_CASA_Bochum.pdf

[7]

L. Schaewitz, C. A. Lohmann, K. M. Fischer, und M. A. Sasse, „Bringing crypto knowledge to school: examining and improving junior high school students’ security assumptions about encrypted chat apps“, in STAST 2021: , online, Juli 2022, Bd. 13176, S. 43–64. doi: 10.1007/978-3-031-10183-0_3.

[8]

F. Herbert u. a., „A world full of privacy and security (mis)conceptions?: findings of a representative survey in 12 countries“, 2022.

[9]

S. Wiefling, M. Dürmuth, M. A. Sasse, und L. Lo Iacono, „Usability, security, and privacy of risk-based authentication“, Universitätsbibliothek, Ruhr-Universität Bochum, Bochum, 2022. doi: 10.13154/294-9901.

2021

[1]

J. Hielscher, A. Kluge, U. Menges, und M. A. Sasse, „‚Taking out the trash‘: why security behavior change requires intentional forgetting“, in NSPW ’21, Online, 2021, S. 108–122. doi: 10.1145/3498891.3498902.

[2]

L. Schaewitz, C. A. Lohmann, K. Fischer, und M. A. Sasse, „Bringing crypto knowledge to school: examining and improving junior high school students’ security assumptions about encrypted chat apps“, gehalten auf der STAST, Online, 8. Oktober 2021, Publiziert.

[3]

L. Schaewitz, D. Lakotta, M. A. Sasse, und N. Rummel, „Peeking into the black box: towards understanding user understanding of E2EE“, gehalten auf der EuroUSEC, Online, 12. Oktober 2021, Publiziert.

[4]

N. Borgert, J. Friedauer, I. Böse, M. A. Sasse, und M. Elson, „The study of cybersecurity self-efficacy: a systematic literature review of methodology“, gehalten auf der Media Psychology Conference, Aachen, 10. September 2021, Publiziert.

[5]

N. Borgert, J. Friedauer, I. Böse, M. A. Sasse, und M. Elson, „The study of cybersecurity self-efficacy: a systematic literature review of methodology“, 2021. [Online]. Verfügbar unter: https://www.usenix.org/conference/soups2021/presentation/borgert

[6]

U. Menges, J. Hielscher, A. Buckmann, A. Kluge, M. A. Sasse, und I. Verret, „Why IT security needs therapy“, in Computer Security. ESORICS 2021 International Workshops, Darmstadt, Okt. 2021, 1. Aufl., Bd. 13106, S. 335–356. doi: 10.1007/978-3-030-95484-0_20.

[7]

L. Schaewitz, D. Lakotta, M. A. Sasse, und N. Rummel, „Peeking into the black box: : towards understanding user understanding of E2EE“, in Proceedings of the 2021 European symposium on usable security, Karlsruhe, Dez. 2021, S. 129–140. doi: 10.1145/3481357.3481521.

[8]

M. Gutfleisch, M. Peiffer, S. Erk, und M. A. Sasse, „Microsoft Office macro warnings: a design comedy of errors with tragic security consequences“, in Proceedings of the 2021 European symposium on usable security, Karlsruhe, Dez. 2021, S. 9–22. doi: 10.1145/3481357.3481512.

2020

[1]

I. Boureanu u. a., Hrsg., Computer security: ESORICS 2020 international workshops, DETIPS, DeSECSys, MPS, and SPOSE: Guildford, UK, September 17-18, 2020; revised selected papers. Cham: Springer, 2020. doi: 10.1007/978-3-030-66504-3.

[2]

M. Volkamer, M. A. Sasse, und F. Boehm, „Analysing simulated phishing campaigns for staff“, in Computer security: ESORICS 2020 international workshops, DETIPS, DeSECSys, MPS, and SPOSE, Online, 2020, Bd. 12580, S. 312–328.

[3]

S. K. Katsikas u. a., Hrsg., Computer security : ESORICS 2019 international workshops, CyberICPS, SECPRE, SPOSE, and ADIoT: Luxembourg City, Luxembourg, September 26-27, 2019 ; revised selected papers. Cham: Springer, 2020. doi: 10.1007/978-3-030-42048-2.

[4]

M. Volkamer, M. A. Sasse, und F. Boehm, „Analysing simulated phishing campaigns for staff“, 2020.

2019

[1]

A. Wichmann, M. A. Sasse, und C. Paar, „IT-Sicherheit ist mehr als Technik “, Datenschutz und Datensicherheit, Bd. 43, S. 673–674, 2019, doi: 10.1007/s11623-019-1186-3.

2018

[1]

A. ̈ e Demjaha, J. Spring, I. Becker, S. Parkin, und M. A. Sasse, „Metaphors considered harmful?: An exploratory study of the effectiveness of functional metaphors for end-to-end encryption“, 2018. [OnlineRessource]. Verfügbar unter: http://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/07/usec2018_04-2_Demjaha.pdf

[2]

P. Andriotis, G. Stringhini, und M. A. Sasse, „Studying users’ adaptation to Android’s run-time fine-grained access control system“, Journal of information security and applications, Bd. 40, S. 31–43, 2018, doi: 10.1016/j.jisa.2018.02.004.

[3]

I. Becker, S. Parkin, und M. A. Sasse, „The rewards and costs of stronger passwords in a university: linking password lifetime to strength“, Proceedings of the 27th USENIX Security Symposium. USENIX Assoc., Berkeley, CA, S. 239–253, 2018. [OnlineRessource]. Verfügbar unter: https://www.usenix.org/conference/usenixsecurity18/presentation/becker

2017

[1]

S. Dodier-Lazaro, I. Becker, J. Krinke, und M. A. Sasse, No good reason to remove features: expert users value useful apps over secure ones. London: UCL Computer Science, 2017. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1540944/

[2]

R. Abu-Salma, M. A. Sasse, J. Bonneau, A. Danilova, A. Naiakshina, und M. Smith, „Obstacles to the adoption of secure communication tools“, in 2017 IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, 2017, S. 137–153. doi: 10.1109/sp.2017.65.

[3]

M. Whitty u. a., „Ethical and social challenges with developing automated methods to detect and warn potential victims of mass-marketing fraud (MMF)“, in WWW ’17 Companion, Perth (Western Australia), 2017, S. 1311–1314. doi: 10.1145/3041021.3053891.

[4]

R. Abu-Salma u. a., „The security blanket of the chat world: an analytic evaluation and a user study of Telegram“, in Proceedings of the EuroUSEC ’17, Paris, 2017, Publiziert. doi: 10.14722/eurousec.2017.23006.

[5]

J. R. P. Mauriés, K. Krol, simon Parkin, R. Abu-Salma, und M. A. Sasse, „Dead on arrival: recovering from fatal flaws in email encryption tools“, in Learning from authoritative security experiment results, Arlington, Va., 2017, S. 49–57. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/10041297/

[6]

I. Becker, S. Parkin, und M. A. Sasse, „Finding security champions in blends of organisational culture“, in Proceedings of the EuroUSEC ’17, Paris, 2017, Publiziert. doi: 10.14722/eurousec.2017.23007.

[7]

I. Becker, S. Parkin, und M. A. Sasse, „Measuring the success of context-aware security behaviour surveys“, 2017. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/id/eprint/10038352

[8]

S. Dodier-Lazaro, I. Becker, J. Krinke, und M. A. Sasse, „‚No good reason to remove features‘: expert users value useful apps over secure ones“, in Human aspects of information security, privacy and trust, Vancouver (British Columbia), 2017, Bd. 10292, S. 25–44. doi: 10.1007/978-3-319-58460-7_3.

[9]

S. J. Murdoch u. a., „Are payment card contracts unfair?: (Short paper)“, in Financial cryptography and data security, Christ Church (Barbados), 2017, Bd. 9603, S. 600–608. doi: 10.1007/978-3-662-54970-4_35.

[10]

S. Dodier-Lazaro, R. Abu-Salma, I. Becker, und M. A. Sasse, „From paternalistic to user-centred security: putting users first with value-sensitive design“, 2017. [Online]. Verfügbar unter: http://discovery.ucl.ac.uk/id/eprint/1557895

[11]

I. Becker u. a., „International comparison of bank fraud reimbursement: customer perceptions and contractual terms“, Journal of cybersecurity, Bd. 3, Nr. 2, S. 109–125, 2017, doi: 10.1093/cybsec/tyx011.

2016

[1]

P. Kostkova u. a., „Who owns the data?: Open data for healthcare“, Frontiers in public health, Bd. 4, Art. Nr. 7, 2016, doi: 10.3389/fpubh.2016.00007.

[2]

P. Andriotis, M. A. Sasse, und G. Stringhini, „Permissions snapshots: assessing users’ adaptation to the Android runtime permission model“, in WIFS 2016, Abu Dhabi, 2016, S. 1–6. doi: 10.1109/wifs.2016.7823922.

[3]

A. Beautement, I. Becker, S. Parkin, K. Krol, und M. A. Sasse, „Productive security: a scalable methodology for analysing employee security behaviours“, in Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, Colo., 2016, S. 253–270. [Online]. Verfügbar unter: https://www.usenix.org/conference/soups2016/technical-sessions/presentation/beautement

[4]

I. Becker, S. Parkin, und M. A. Sasse, „Combining qualitative coding and sentiment analysis: deconstructing perceptions of usable security in organisations“, in LASER 2016, San Jose, Calif., 2016, S. 43–53. [OnlineRessource]. Verfügbar unter: https://www.usenix.org/conference/laser2016/program/presentation/becker

[5]

B. D. Glass, G. Jenkinson, Y. Liu, M. A. Sasse, F. Stajano, und M. Spencer, „The usability canary in the security coal mine: a cognitive framework for evaluation and design of usable authentication solutions“, 2016. doi: 10.14722/eurousec.2016.23007.

[6]

K. Krol, S. Parkin, und M. A. Sasse, „Better the devil you know: a user study of two CAPTCHAs and a possible replacement technology“, in Proceedings of NDSS Workshop on Usable Security (USEC 2016), San Diego, Calif., 2016, Publiziert. doi: 10.14722/usec.2016.23013.

[7]

J. Sänger, N. Hänsch, B. Glass, Z. Benenson, R. Landwirth, und M. A. Sasse, „Look before you leap: improving the users’ ability to detect fraud in electronic marketplaces“, in CHI ’16, San Jose, Calif., 2016, S. 3870–3882. doi: 10.1145/2858036.2858555.

[8]

I. Becker u. a., „International comparison of bank fraud reimbursement: customer perceptions and contractual terms“, 2016. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1492768/

[9]

M. A. Sasse, M. Smith, C. Herley, H. Lipford, und K. Vaniea, „Debunking security-usability tradeoff myths“, IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 14, Nr. 5, S. 33–39, 2016, doi: 10.1109/msp.2016.110.

[10]

S. Parkin, S. Driss, K. Krol, und M. A. Sasse, „Assessing the user experience of password reset policies in a university“, in Technology and practice of passwords, Cambridge, 2016, Bd. 9551, S. 21–38. doi: 10.1007/978-3-319-29938-9_2.

[11]

N. Sombatruang, M. A. Sasse, und M. Baddeley, „Why do people use unsecure public wi-fi?: An investigation of behaviour and factors driving decisions“, in STAST ’16, Los Angeles, Calif., 2016, S. 61–72. doi: 10.1145/3046055.3046058.

[12]

K. Krol, J. M. Spring, S. Parkin, und M. A. Sasse, „Towards robust experimental design for user studies in security and privacy“, in LASER 2016, San Jose, Calif., 2016, S. 21–31. [OnlineRessource]. Verfügbar unter: https://www.usenix.org/conference/laser2016/program/presentation/krol

[13]

K. Krol, S. Parkin, und M. A. Sasse, „‚I don’t like putting my face on the Internet!‘: An acceptance study of face biometrics as a CAPTCHA replacement“, in ISBA 2016, Sendai, 2016, Publiziert. doi: 10.1109/isba.2016.7477235.

[14]

M. A. Sasse und M. Smith, „The security-usability tradeoff myth“, in IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 14, Nr. 5, New York, NY: IEEE, 2016, S. 11–13. doi: 10.1109/msp.2016.102.

[15]

D. D. Caputo, S. L. Pfleeger, M. A. Sasse, P. Ammann, J. Offutt, und L. Deng, „Barriers to usable security?: Three organizational case studies“, IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 14, Nr. 5, S. 22–32, 2016, doi: 10.1109/msp.2016.95.

[16]

S. Parkin, K. Krol, I. Becker, und M. A. Sasse, „Applying cognitive control modes to identify security fatigue hotspots“, 2016. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1502205/

[17]

A. Naiakshina, A. Danilova, S. Dechand, K. Krol, M. A. Sasse, und M. Smith, „Poster: Mental models – user understanding of messaging and encryption“, 2016. Zugegriffen: 22. Februar 2022. [Online]. Verfügbar unter: http://www.ieee-security.org/TC/EuroSP2016/posters/number18.pdf

2015

[1]

I. Kirlappos und M. A. Sasse, „Fixing security together: leveraging trust relationships to improve security in organizations“, in NDSS Symposium 2015, San Diego, Calif., 2015, Publiziert. doi: 10.14722/usec.2015.23013.

[2]

D. Gollmann, C. Herley, V. Koenig, W. Pieters, und M. A. Sasse, „Socio-technical security metrics (Dagstuhl Seminar 14491)“, Dagstuhl Reports, Bd. 4, Nr. 12, S. 1–28, 2015, doi: 10.4230/dagrep.4.12.1.

[3]

M. A. Sasse, „Scaring and bullying people into security won’t work“, IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 13, Nr. 3, S. 80–83, 2015, doi: 10.1109/msp.2015.65.

[4]

K. Krol, E. Philippou, E. de Cristofaro, und M. A. Sasse, „‚They brought in the horrible key ring thing!‘: Analysing the usability of two-factor authentication in UK online banking“, in NDSS Symposium 2015, San Diego, Calif., 2015, Publiziert. doi: 10.14722/usec.2015.23001.

[5]

I. Kirlappos, S. Parkin, und M. A. Sasse, „‚Shadow security‘ as a tool for the learning organization“, ACM SIGCAS computers and society, Bd. 45, Nr. 1, S. 29–37, 2015, doi: 10.1145/2738210.2738216.

[6]

O. Beris, A. Beautement, und M. A. Sasse, „Employee rule breakers, excuse makers and security champions: mapping the risk perceptions and emotions that drive security behaviors“, in Proceedings of the 2015 New Security Paradigms Workshop (NSPW 2015), Twente, 2015, S. 73–84. doi: 10.1145/2841113.2841119.

[7]

K. Krol, C. Papanicolaou, A. Vernitski, und M. A. Sasse, „‚Too taxing on the mind!‘: Authentication grids are not for everyone“, in Human aspects of information security, privacy and trust, Los Angeles, Calif., 2015, Bd. 9190, S. 71–82. doi: 10.1007/978-3-319-20376-8_7.

[8]

R. Abu-Salma, M. A. Sasse, J. Bonneau, und M. Smith, „Secure chat for the masses?: User-centered security to the rescue“, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM Pr., New York, NY, S. 1623–1625, 2015. doi: 10.1145/2810103.2810126.

2014

[1]

C. Jennett und M. A. Sasse, „Is sending shoppers ads by Bluetooth just a bit creepy?“, Okt. 2014. [OnlineRessource]. Verfügbar unter: http://theconversation.com/is-sending-shoppers-ads-by-bluetooth-just-a-bit-creepy-32643

[2]

M. Steves, D. Chisnell, M. A. Sasse, K. Krol, M. Theofanos, und H. Wald, „Report: Authentication Diary Study“, Feb. 2014. doi: 10.6028/nist.ir.7983.

[3]

S. L. Pfleeger, M. A. Sasse, und A. Furnham, „From weakest link to security hero: transforming staff security behavior“, Journal of homeland security and emergency management, Bd. 11, Nr. 4, S. 489–510, 2014, doi: 10.1515/jhsem-2014-0035.

[4]

M. A. Sasse, „‚Technology should be smarter than this!‘: A vision for overcoming the great authentication fatigue“, in Secure data management, Trient, 2014, Bd. 8425, S. 33–36. doi: 10.1007/978-3-319-06811-4_7.

[5]

M. A. Sasse und C. C. Palmer, „Protecting you“, in IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 12, Nr. 1, New York, NY: IEEE, 2014, S. 11–13. doi: 10.1109/msp.2014.11.

[6]

C. Porter, E. Letier, und M. A. Sasse, „Building a national e-service using Sentire: experience report on the use of Sentire : a volere-based requirements framework driven by calibrated personas and simulated user feedback“, in 2014 IEEE 22nd International Requirements Engineering Conference (RE), Karlskrona, 2014, S. 374–383. doi: 10.1109/re.2014.6912288.

[7]

M. A. Sasse, „Design for trusted and trustworthy services: why we must do better“, in Trust, computing, and society, R. H. R. Harper, Hrsg. Cambridge: Cambridge University Press, 2014, S. 229–249. doi: 10.1017/cbo9781139828567.015.

[8]

M. Bada und M. A. Sasse, Cyber security awareness campaigns: why do they fail to change behaviour? Oxford: Cyber Security Capacity Centre, 2014. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1468954/

[9]

A. Morton und M. A. Sasse, „Desperately seeking assurances: segmenting users by their information-seeking preferences“, in 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST 2014), Toronto, 2014, S. 102–111. doi: 10.1109/pst.2014.6890929.

[10]

M. Ruskov, P. Ekblom, und M. A. Sasse, „Towards a simulation of information security behaviour in organisations“, in Cyberpatterns, C. Blackwell und H. Zhu, Hrsg. Cham: Springer, 2014, S. 177–184. doi: 10.1007/978-3-319-04447-7_14.

[11]

I. Kirlappos, S. Parkin, und M. A. Sasse, „Learning from “shadow security“: why understanding non-compliant behaviors provides the basis for effective security“, in Workshop on Usable Security (USEC 2014) – programme, San Diego, Calif., 2014, Publiziert. [Online]. Verfügbar unter: https://www.ndss-symposium.org/ndss2014/workshop-usable-security-usec-2014-programme/learning-shadow-security-why-understanding-non-compliance-provides-basis-effective-security/

[12]

M. Jakobsson, S. Consolvo, und R. Wash, „Helping you protect you“, IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 12, Nr. 1, S. 39–42, 2014, doi: 10.1109/msp.2014.4.

[13]

M. A. Sasse, M. Steves, K. Krol, und D. Chisnell, „The great authentication fatigue: and how to overcome it“, in Cross-cultural design, Heraklion, 2014, Bd. 8528, S. 228–239. doi: 10.1007/978-3-319-07308-8_23.

2013

[1]

A. Acquisti, I. Krontiris, M. Langheinrich, und M. A. Sasse, „‚My life, shared‘: trust and privacy in the age of ubiquitous experience sharing (Dagstuhl Seminar 13312)“, Dagstuhl Reports, Bd. 3, Nr. 7, S. 74–107, 2013, doi: 10.4230/dagrep.3.7.74.

[2]

D. Ashenden und M. A. Sasse, „CISOs and organisational culture: their own worst enemy?“, Computers & security, Bd. 39, Nr. B, S. 396–405, 2013, doi: 10.1016/j.cose.2013.09.004.

[3]

M. Huth, J. H.-P. Kuo, M. A. Sasse, und I. Kirlappos, „Towards usable generation and enforcement of trust evidence from programmers’ intent“, in Human aspects of information security, privacy and trust, Las Vegas, Nev., 2013, Bd. 8030, S. 246–255. doi: 10.1007/978-3-642-39345-7_26.

[4]

M. Ruskov, P. Ekblom, und M. A. Sasse, „In search for the right measure: assessing types of developed knowledge while using a gamified web toolkit“, in 7th European Conference on Games Based Learning (ECGBL 2013), Porto (Portugal), 2013, S. 722–729. [Online]. Verfügbar unter: http://discovery.ucl.ac.uk/1458033/

[5]

M. Malheiros, S. Brostoff, C. Jennett, und M. A. Sasse, „Would you sell your mother’s data?: Personal data disclosure in a simulated credit card application“, in The economics of information security and privacy, 2013, S. 237–261. doi: 10.1007/978-3-642-39498-0_11.

[6]

S. Brostoff, C. Jennett, M. Malheiros, und M. A. Sasse, „Federated identity to access e-government services: are citizens ready for this?“, in DIM’13, Berlin, 2013, S. 97–107. doi: 10.1145/2517881.2517893.

[7]

M. Malheiros, S. Preibusch, und M. A. Sasse, „‚Fairly truthful‘: the impact of perceived effort, fairness, relevance, and sensitivity on personal data disclosure“, in Trust and trustworthy computing, London, 2013, Bd. 7904, S. 250–266. doi: 10.1007/978-3-642-38908-5_19.

[8]

I. Kirlappos, A. Beautement, und M. A. Sasse, „‚Comply or die‘ is dead: long live security-aware principal agents“, in Financial cryptography and data security, Okinawa, 2013, Bd. 7859, S. 70–82. doi: 10.1007/978-3-642-41320-9_5.

[9]

S. Bartsch und M. A. Sasse, „How users bypass access control – and why: the impact of authorization problems on individuals and the organization“, 2013. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1426546/

[10]

M. A. Sasse und K. Krol, „Usable biometrics for an ageing population“, in Age factors in biometric processing, 2013, S. 303–320. doi: 10.1049/pbsp010e_ch16.

2012

[1]

M. Malheiros, C. Jennett, S. Patel, S. Brostoff, und M. A. Sasse, „Too close for comfort: a study of the effectiveness and acceptability of rich-media personalized advertising“, in CHI ’12, Austin, Tex, 2012, S. 579–588. doi: 10.1145/2207676.2207758.

[2]

A. Rahaman und M. A. Sasse, „Designing national identity: an organisational perspective on requirements for national identity management systems“, in ICDS 2012, Valencia, 2012, S. 40–49. [OnlineRessource]. Verfügbar unter: http://www.thinkmind.org/index.php?view=article&articleid=icds_2012_2_40_10164

[3]

M. A. Sasse, V. Schöppner, S. Seibel, und K. Becker, „Expert database provides support for pipe extrusion“, Kunststoffe Kunststoffe international, Bd. 101, Nr. 12, S. 32–34, 2012.

[4]

A. Wibbeke, V. Schöppner, und M. A. Sasse, „Self-reinforcement of uniaxially stretched polycarbonate film“, in 70th Annual Technical Conference of the Society of Plastics Engineers 2012 (ANTEC 2012), Orlando, Fla., 2012, S. 1175–1181.

[5]

C. Jennett, S. Brostoff, M. Malheiros, und M. A. Sasse, „Adding insult to injury: consumer experiences of being denied credit“, International journal of consumer studies, Bd. 36, Nr. 5, S. 549–555, 2012, doi: 10.1111/j.1470-6431.2012.01120.x.

[6]

K. Krol, M. Moroz, und M. A. Sasse, „Don’t work. Can’t work?: why it’s time to rethink security warnings“, in CRiSIS 2012, Cork, 2012, S. 1–8. doi: 10.1109/crisis.2012.6378951.

[7]

S. Bartsch und M. A. Sasse, „Guiding decisions on authorization policies: a participatory approach to decision support“, in SAC ’12, Riva del Garda, 2012, S. 1502–1507. doi: 10.1145/2245276.2232015.

[8]

S. Bartsch und M. A. Sasse, „How users bypass access control – and why: the impact of authorization problems on individuals and the organization“, RN/12/06, 2012. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1389948/

[9]

N. Conti, C. Jennett, J. Maestre, und M. A. Sasse, „When did my mobile turn into a ‚sellphone‘?: A study of consumer responses to tailored smartphone ads“, in HCI2012 people & computers XXVI, Birmingham, 2012, S. 215–220. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1377079/

[10]

C. W. Probst, M. A. Sasse, W. Pieters, T. Dimkov, E. Luysterborg, und M. Arnaud, „Privacy penetration testing: how to establish trust in your cloud provider“, in European data protection, S. Gutwirth, R. Leenes, P. de Hert, und Y. Poullet, Hrsg. Dordrecht: Springer, 2012, S. 251–265. doi: 10.1007/978-94-007-2903-2_12.

[11]

M. Ruskov, J. M. Celdran, P. Ekblom, und M. A. Sasse, „Unlocking the next level of crime prevention: development of a game prototype to teach the conjunction of criminal opportunity“, Information technologies and control, Bd. 10, Nr. 3, S. 15–21, 2012, [Online]. Verfügbar unter: http://www.acad.bg/rismim/itc/sub/archiv/Paper3_3_2012.pdf

[12]

C. Jennett, M. Malheiros, S. Brostoff, und M. A. Sasse, „Privacy for loan applicants versus predictive power for loan providers: is it possible to bridge the gap?“, in European data protection, S. Gutwirth, R. Leenes, P. de Hert, und Y. Poullet, Hrsg. Dordrecht: Springer, 2012, S. 35–51. doi: 10.1007/978-94-007-2903-2_3.

[13]

M. Malheiros, S. Brostoff, C. Jennett, und M. A. Sasse, „Would you sell your mother’s data?: personal data disclosure in a simulated credit card application“, 2012. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1349987/

[14]

I. Kirlappos, M. A. Sasse, und N. Harvey, „Why trust seals don’t work: a study of user perceptions and behavior“, in Trust and trustworthy computing, Wien, 2012, Bd. 7344, S. 308–324. doi: 10.1007/978-3-642-30921-2_18.

[15]

I. Kirlappos und M. A. Sasse, „Security education against phishing: a modest proposal for a major rethink“, IEEE security & privacy / Institute of Electrical and Electronics Engineers, Bd. 10, Nr. 2, S. 24–32, 2012, doi: 10.1109/msp.2011.179.

[16]

A. Morton und M. A. Sasse, „Privacy is a process, not a PET: a theory for effective privacy practice“, in NSPW ’12, Bertinoro, 2012, S. 87–104. doi: 10.1145/2413296.2413305.

[17]

C. Porter, M. A. Sasse, und E. Letier, „Designing acceptable user registration processes for e-services“, 2012. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1378346/

[18]

M. Zhang, C. Jennett, M. Malheiros, und M. A. Sasse, „Data after death: user requirements and design challenges for SNSs and email providers“, 2012. [OnlineRessource]. Verfügbar unter: https://2d484174-a-62cb3a1a-s-sites.googlegroups.com/site/chi2012eol/accepted-papers/jennett-chi2012eol.pdf?attachauth=ANoY7cpsnjtZYzgvwftP9YOO6VzCj-9Fz4BLJgeKDqEgERvXpi6LeTpo7y31ZNRmWW7cMbEYFgyWFW3ThVPD47T0Pe1Q6VG_bRjF2IUfoqqHbFEf0Ly_E1y7PmQRUxYte7RWhFG5czNFJpuqA9yLQ7_SqW3kQaMv7_3p_3A3KzPjEwN0fqY2JJBY-a5WYxUd55L5GDlu0PjcddgMAfCkQw91Yh62nCBqVcDX56hbHPRop7DXZMgDVZ2aYH4aGA5ofx3Q2YQuk12w&attredirects=0

2011

[1]

J. M. McCune, B. Balacheff, A. Perrig, A.-R. Sadeghi, M. A. Sasse, und Y. Beres, Hrsg., Trust and trustworthy computing: 4th international conference, TRUST 2011 : Pittsburgh, PA, USA, June 22 – 24, 2011 : proceedings. Berlin: Springer, 2011. doi: 10.1007/978-3-642-21599-5.

[2]

M. Malheiros, C. Jennett, W. Seager, und M. A. Sasse, „Trusting to learn: trust and privacy issues in serious games“, in Trust and trustworthy computing, Pittsburgh, Pa., 2011, S. 116–130. doi: 10.1007/978-3-642-21599-5_9.

[3]

S. Arnhell, A. Beautement, P. Inglesant, B. Monahan, D. Pym, und M. A. Sasse, „Systematic decision making in security management modelling password usage and support“, HPL-2011-36, 2011. [OnlineRessource]. Verfügbar unter: http://www.hpl.hp.com/techreports/2011/HPL-2011-36.pdf

[4]

Y. Beres, A. Perrig, und M. A. Sasse, „Preface“, in Trust and trustworthy computing, A.-R. Sadeghi, M. A. Sasse, J. M. McCune, B. Balacheff, A. Perrig, und Y. Beres, Hrsg. Berlin: Springer, 2011. [Online]. Verfügbar unter: https://link.springer.com/content/pdf/bfm%3A978-3-642-21599-5%2F1.pdf

[5]

R. Jhawar, P. Inglesant, N. Courtois, und M. A. Sasse, „Make mine a quadruple: strengthening the security of graphical one-time PIN authentication“, in 2011 5th International Conference on Network and System Security, Mailand, 2011, S. 81–88. doi: 10.1109/icnss.2011.6059963.

[6]

W. Seager, M. Ruskov, M. A. Sasse, und M. Oliveira, „Eliciting and modelling expertise for serious games in project management“, Entertainment computing, Bd. 2, Nr. 2, S. 75–80, 2011, doi: 10.1016/j.entcom.2011.01.002.

[7]

P. Inglesant und M. A. Sasse, „Information security as organizational power: a framework for re-thinking security policies“, in 2011 1st Workshop on Socio-Technical Aspects in Security and Trust : STAST 2011, Mailand, 2011, S. 9–16. doi: 10.1109/stast.2011.6059250.

[8]

M. A. Sasse und I. Kirlappos, „Familiarity breeds con-victims: why we need more effective trust signaling“, in 5th IFIP WG 11.11 International Conference, IFIPTM 2011 : Copenhagen, Denmark, June 29 – July 1, 2011 : proceedings, Kopenhagen, 2011, Bd. 5, S. 9–12. doi: 10.1007/978-3-642-22200-9_2.

[9]

A. K. Beeharee, S. Laqua, und M. A. Sasse, „Navigating haystacks at 70mph: intelligent search for intelligent in-car services“, in 3rd International Multimodal Interfaces for Automobile Applications (MIAA) Workshop, Palo Alto, Calif., 2011, S. 25–28. [Online]. Verfügbar unter: http://discovery.ucl.ac.uk/1306631/

[10]

F. Ben Abdesslem, T. Henderson, S. Brostoff, und M. A. Sasse, „Context-based personalised settings for mobile location sharing“, 2011. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1366952/

[11]

S. Laqua, M. A. Sasse, S. Greenspan, und C. Gates, „Do you know dis?: A user study of a knowledge discovery tool for organizations“, in CHI ’11, Vancouver (British Columbia), 2011, S. 2887–2896. doi: 10.1145/1978942.1979371.

[12]

C. Jennett, S. Brostoff, M. Malheiros, und M. A. Sasse, „Investigating loan applicants’ perceptions of alternative data items and the effect of incentives on disclosure“, 2011. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1309088/

2010

[1]

K. Potente, V. Schöppner, M. A. Sasse, und S. Seibel, „Defects during extrusion processes: recognize, analyze, graduate and eradicate“, in 68th Annual Technical Conference of the Society of Plastics Engineers 2010 (ANTEC 2010), Orlando, Fla., 2010, S. 784–789.

[2]

A. Rahaman und M. A. Sasse, „A framework for the lived experience of identity“, Identity in the information society, Bd. 3, Nr. 3, S. 605–638, 2010, doi: 10.1007/s12394-010-0078-3.

[3]

P. Inglesant und M. A. Sasse, „Studying password use in the wild: practical problems and possible solutions“, 2010. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/102757/

[4]

W. Seager, M. Fradinho, M. Ruskov, und M. A. Sasse, „Eliciting and modelling expertise for serious game design“, gehalten auf der SIG Workshop on Experimental Learning on Sustainable Management, Economics and Industrial Engineering, Mailand, 2010, Publiziert.

[5]

A. Beautement und M. A. Sasse, „Gathering realistic authentication performance data through field trials“, 2010. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1301851/

[6]

G. Frémont, S. Grazzini, M. A. Sasse, und A. Beeharee, „The SafeTRIP project: improving road safety for passenger vehicles using 2-way satellite communications“, 2010. [OnlineRessource]. Verfügbar unter: https://www.researchgate.net/publication/229017601_The_SAFETRIP_Project_improving_road_safety_for_passenger_vehicles_using_2-way_satellite_communications

[7]

M. Ruskov, W. Seager, und M. A. Sasse, „Persuading giants to be wise: an exploratory study of advice sharing in online games“, 2010. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/1318526/

[8]

J. Riegelsberger und M. A. Sasse, „Ignore these at your peril: ten principles for trust design“, 2010. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/20297/

[9]

A. Rahaman und M. A. Sasse, „Human-centred identity: from rhetoric to reality“, 2010. [OnlineRessource]. Verfügbar unter: http://discovery.ucl.ac.uk/20116/

[10]

M. A. Sasse, „Not seeing the crime for the cameras?“, Communications of the ACM, Bd. 53, Nr. 2, S. 22–25, 2010, doi: 10.1145/1646353.1646363.

[11]

S. Parkin, A. van Moorsel, P. Inglesant, und M. A. Sasse, „A stealth approach to usable security: helping IT security managers to identify workable security solutions“, in NSPW ’10, Concord, Mass., 2010, S. 33–49. doi: 10.1145/1900546.1900553.

[12]

P. G. Inglesant und M. A. Sasse, „The true cost of unusable password policies: password use in thw wild“, in CHI 2010 – we are HCI, Atlanta, Ga., 2010, S. 383–392. doi: 10.1145/1753326.1753384.

[13]

S. Brostoff, P. Inglesant, und M. A. Sasse, „Evaluating the usability and security of a graphical one-time PIN system“, in BCS ’10, Dundee, 2010, S. 88–97.

[14]

H. Keval und M. A. Sasse, „‚Not the usual suspects‘: a study of factors reducing the effectiveness of CCTV“, Security journal, Bd. 23, Nr. 2, S. 134–154, 2010, doi: 10.1057/palgrave.sj.8350092.