I am a security researcher focusing on (mobile) operating system security and trusted computing. In the past, I was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems. This interest has extended to object-capability systems and developing new confidential computing solutions. More recently, I also worked on the intersection of those topics with human-centered studies, authentication, and data science.

Since December 2021 I am a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and heading the Trusted Systems Group. Between July 2018 and December 2021 I headed the same group at CISPA as tenure-track faculty and between June 2016 and July 2018 as a Research Group Leader.

I earned my Dr.-Ing. from Saarland University in 2016 with my thesis on ‘Establishing Mandatory Access Control on Android OS,’ which I wrote under supervision of Prof. Michael Backes. I finished my Master of Science in Engineering, Security and Mobile Computing on the KTH/DTU track of the NordSecMob Erasmus Mundus programme with my thesis “Using TCG/DRTM for application-specific credential storage and usage” in cooperation with Nokia Research Center, Helsinki, Finland.

Download CV
Interests
  • Mobile Platform Security
  • Trusted Computing
  • Usable Security
Education

  • Ph.D. in Security in Information Technology

    Saarland University, Germany

  • Master of Science in Engineering, Security and Mobile Computing

    Royal Institute of Technology (KTH), Stockholm, Sweden / Technical University of Denmark (DTU), Copenhagen, Denmark

Recent Publications
Yusra Elbitar, Alexander Hart, Sven Bugiel (2025). The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions. 32nd Annual Network & Distributed System Security Symposium (NDSS ‘25).
PDF Cite
Eric Ackermann, Noah Mauthe, Sven Bugiel (2024). Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing. IEEE European Symposium on Security and Privacy Workshops.
PDF Cite
Alfusainey Jallow, Michael Schilling, Michael Backes, Sven Bugiel (2024). Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security. 45th IEEE Symposium on Security and Privacy (SP'24).
PDF Cite
Sanam Ghorbani Lyastani, Michael Backes, Sven Bugiel (2023). A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. 30th Annual Network & Distributed System Security Symposium (NDSS'23).
PDF Cite Extended Version
Dhiman Chakraborty, Michael Schwarz, Sven Bugiel (2023). TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors. Financial Cryptography and Data Security (FC'23).
PDF Cite
See all publications
Academic Service

Program (Co-)Chair

  • Symposium on Usable Security and Privacy (USEC'25) together with Sanchari Das
  • Who Are You?! Adventures in Authentication Workshop 2021 (WAY'21) together with Sarah Pearman

Program Committee Member

  • IEEE SP: 2025, 2024, 2022
  • USENIX Security: 2025,2024, 2023, 2021, 2020, 2019
  • ACM CCS: 2019, 2018
  • ACM SAC: 2019
  • IEEE EuroSP: 2016

Workshops

  • PasswordCon: 2025
  • FoPI (co-located with IEEE EuroSP): 2021
  • WAY (co-located with USENIX SOUPS): 2020
  • SysTEX (co-located with ACM CCS): 2016

External Reviewer

  • ACM CHI: 2024

Journal Reviewer

  • ACM TOPS: 2023
  • IEEE TDSC: 2021, 2016, 2014
  • IEEE TIFS: 2017
  • IEEE TDSCSI: 2014