Publications

Yusra Elbitar, Alexander Hart, Sven Bugiel (2025). The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions. 32nd Annual Network & Distributed System Security Symposium (NDSS ‘25).
PDF Cite
Eric Ackermann, Noah Mauthe, Sven Bugiel (2024). Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing. IEEE European Symposium on Security and Privacy Workshops.
PDF Cite
Alfusainey Jallow, Michael Schilling, Michael Backes, Sven Bugiel (2024). Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security. 45th IEEE Symposium on Security and Privacy (SP'24).
PDF Cite
Dhiman Chakraborty, Michael Schwarz, Sven Bugiel (2023). TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors. Financial Cryptography and Data Security (FC'23).
PDF Cite
Sanam Ghorbani Lyastani, Michael Backes, Sven Bugiel (2023). A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. 30th Annual Network & Distributed System Security Symposium (NDSS'23).
PDF Cite Extended Version
Yusra Elbitar, Michael Schilling, Trung Tin Nguyen, Michael Backes, Sven Bugiel (2021). Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission Decisions. 30th USENIX Security Symposium (USENIX Sec'21).
PDF Cite
Abdallah Dawoud, Sven Bugiel (2021). Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. 28th Annual Network & Distributed System Security Symposium (NDSS'21).
PDF Cite Code Video
Jie Huang, Michael Backes, Sven Bugiel (2021). A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android. 31st USENIX Security Symposium (USENIX Security ‘21).
PDF Cite
Duc Cuong Nguyen, Erik Derr, Michael Backes, Sven Bugiel (2020). Up2Dep: Android Tool Support to Fix Insecure Code Dependencies. 36th Annual Computer Security Applications Conference (ACSAC'20).
PDF Cite Code Project Slides Video
Sanam Ghorbani Lyastani, Michael Schilling, Michaela Neumayr, Michael Backes, Sven Bugiel (2020). Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication. 41st IEEE Symposium on Security and Privacy (SP ‘20).
PDF Cite Video
Jie Huang, Nataniel Borges, Sven Bugiel, Michael Backes (2019). Up-To-Crash: Evaluating Third-Party Library Updatability on Android. 4th IEEE European Symposium on Security and Privacy (EuroSP'19).
PDF Cite
Dhiman Chakraborty, Lucjan Hanzlik, Sven Bugiel (2019). simTPM: User-centric TPM for Mobile Devices. 29th USENIX Security Symposium (USENIX Security ‘19).
PDF Cite Video
Duc Cuong Nguyen, Erik Derr, Michael Backes, Sven Bugiel (2019). Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. 40th IEEE Symposium on Security and Privacy (SP ‘19).
PDF Cite Video
Dhiman Chakraborty, Christian Hammer, Sven Bugiel (2019). Secure Multi-execution in Android. 34th Symposium on Applied Computing (SAC ‘19).
PDF Cite
Abdallah Dawoud, Sven Bugiel (2019). DroidCap: OS Support for Capability-based Permissions in Android. 26th Annual Network & Distributed System Security Symposium (NDSS ‘19).
PDF Cite Video
Marten Oltrogge, Erik Derr, Christian Stransky, Yasemin Acar, Sascha Fahl, Christian Rossow, Giancarlo Pellegrino, Sven Bugiel, Michael Backes (2018). The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. 39th IEEE Symposium on Security and Privacy (SP ‘18).
PDF Cite
Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel (2018). Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. 28th USENIX Security Symposium (USENIX Security ‘18).
PDF Cite Slides Video
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes (2017). The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android. 24th ACM Conference on Computer and Communication Security (CCS'17).
PDF Cite Video
Michael Backes, Sven Bugiel, Philipp Von Styp-Rekowsky, Marvin Wißfeld (2017). Seamless In-App Ad Blocking on Stock Android. Mobile Security Technologies (MOST) 2017 Workshop.
PDF Cite
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes (2017). Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android. 24th ACM Conference on Computer and Communication Security (CCS'17).
PDF Cite Video
Michael Backes, Sven Bugiel, Oliver Schranz, Philipp Von Styp-Rekowsky, Sebastian Weisgerber (2017). ARTist: The Android Runtime Instrumentation and Security Toolkit. 2nd IEEE European Symposium on Security and Privacy (EuroSP'17).
PDF Cite Project
Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick McDaniel, Matthew Smith (2016). SoK: Lessons Learned From Android Security Research For Appified Software Platforms. 37th IEEE Symposium on Security and Privacy (SP'16).
PDF Cite
Michael Backes, Sven Bugiel, Erik Derr (2016). Reliable Third-Party Library Detection in Android and its Security Applications. 23rd ACM Conference on Computer and Communications Security (CCS'16).
PDF Cite Code Dataset Video
Michael Backes, Sven Bugiel, Erik Derr, Sebastian Gerling, Christian Hammer (2016). R-Droid: Leveraging Android App Analysis with Static Slice Optimization. 11th ACM Asia Conference on Computer and Communications Security (ASIACCS ‘16).
PDF Cite
Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, Sebastian Weisgerber (2016). On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. 26th USENIX Security Symposium (USENIX Sec'16).
PDF Cite Dataset Slides Video
Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp Von Styp-Rekowsky (2015). Boxify: Full-fledged App Sandboxing for Stock Android. 24th USENIX Security Symposium (USENIX Sec'15).
PDF Cite Slides Video
Michael Backes, Sven Bugiel, Sebastian Gerling (2014). Scippa: System-Centric IPC Provenance on Android. 30th Annual Computer Security Applications Conference (ACSAC'14).
PDF Cite
Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp Von Styp-Rekowsky (2014). Android Security Framework: Extensible Multi-Layered Access Control on Android. 30th Annual Computer Security Applications Conference (ACSAC'14).
PDF Cite
Sven Bugiel, Stephan Heuser, Ahmad-Reza Sadeghi (2013). Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. 22nd USENIX Security Symposium (USENIX Sec'13).
PDF Cite
Sören Bleikertz, Sven Bugiel, Hugo Ideler, Stefan Nürnberger, Ahmad-Reza Sadeghi (2013). Client-controlled Cryptography-as-a-Service in the Cloud. 11th International Conference on Applied Cryptography and Network Security (ACNS'13).
PDF Cite
Sven Bugiel, Erik Derr, Sebastian Gerling, Christian Hammer (2013). Advances in Mobile Security. 8th Future Security 2013. Security Research Conference.
Cite
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava Shastry (2012). Towards Taming Privilege-Escalation Attacks on Android. 19th Annual Network & Distributed System Security Symposium (NDSS'12).
PDF Cite
Franz Ferdinand Brasser, Sven Bugiel, Atanas Filyanov, Ahmad-Reza Sadeghi, Steffen Schulz (2012). Softer Smartcards: Usable Cryptographic Tokens with Secure Execution. Financial Cryptography and Data Security (FC'12).
PDF Cite
Sven Bugiel, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Schneider (2011). Twin Clouds: Secure Cloud Computing with Low Latency. Communications and Multimedia Security Conference (CMS'11).
PDF Cite
Sven Bugiel, Ahmad-Reza Sadeghi, Thomas Schneider, Stefan Nürnberger (2011). Twin Clouds: An Architecture for Secure Cloud Computing (Extended Abstract). Workshop on Cryptography and Security in Clouds (CSC'11).
Cite
Sven Bugiel, Lucas Davi, Steffen Schulz (2011). Scalable Trust Establishment with Software Reputation. 6th Annual Workshop on Scalable Trusted Computing (STC'11).
PDF Cite
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, Bhargava Shastry (2011). Practical and Lightweight Domain Isolation on Android. 1st ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM'11).
PDF Cite
Sven Bugiel, Thomas Pöppelmann, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Schneider (2011). AmazonIA: When Elasticity Snaps Back. 18th ACM Conference on Computer and Communications Security (CCS'11).
PDF Cite
Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy (2010). TruWalletM: Secure Web Authentication on Mobile Platforms. 2nd Conference on Trusted Systems (INTRUST'10).
PDF Cite
Sven Bugiel, Jan-Erik Ekberg (2010). Implementing an Application-Specific Credential Platform Using Late-Launched Mobile Trusted Module. 5th Annual Workshop on Scalable Trusted Computing (STC'10).
PDF Cite
Jan-Erik Ekberg, Sven Bugiel (2009). Trust in a Small Package: Minimized MRTM Software Implementation for Mobile Secure Environments. 4th Annual Workshop on Scalable Trusted Computing (STC'09).
PDF Cite