Publikationen

Home | Publikationen

Publikationen

Verbundweite Themen

Eckhardt, D., Feist, N., & Herrmann, D. (2026).
Selbstbestimmt (un)sicher? Herausforderungen an Datensicherheit und Datenschutz im digitalen Alltag.
In C. Bala, A. Boden, G. Stevens, & W. Schuldzinski (Eds.), Herausforderungen für die Verbraucherpolitik: Digitaler Alltag und Polykrise. Jahrbuch Konsum & Verbraucherwissenschaften 2024/2025. Verbraucherzentrale NRW, 2025.
https://www.verbraucherforschung.nrw/kommunizieren/jbkv-2024-2025-herausforderungen-fuer-die-verbraucherpolitik-114706

Geloczi, E., Mexis, N., Holler, B., Pöhls, H. C., & Katzenbeisser, S. (2025).
IoTCat: A Multidimensional Approach to Categorize IoT Devices in order to Identify a Delegate for Cybersecurity Functions.
In M. Manulis (Ed.), Applied Cryptography and Network Security Workshops. ACNS 2025. Lecture Notes in Computer Science, Vol. 15653 (pp. 222-241). Springer.
https://doi.org/10.1007/978-3-032-01799-4_13

Pöhls, H.C., Eckhardt, D., Feist, N., Pfeiffer, S., Herrmann, D. & Katzenbeisser, S. (2025).
The Complexity of Cyber Security in Private and Professional Everyday Life — An Ethnographic-Informatic Collaborative Approach.
In A. Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust. HCII 2025. Lecture Notes in Computer Science, Vol.15814 (pp. 105-124). Springer. 
https://doi.org/10.1007/978-3-031-92833-8_7

Pöhls, H. C., Kügler, F., Geloczi, E., & Klement, F. (2025).
Segmentation and Filtering Are Still the Gold Standard for Privacy in IoT — An In-Depth STRIDE and LINDDUN Analysis of Smart Homes.
Future Internet, 17(2), 1–61.
https://www.mdpi.com/1999-5903/17/2/77/pdf

Geloczi, E., Pöhls, H.C., Klement, F., Posegga, J. & Katzenbeisser, S. (2024).
Unveiling the Shadows: An Approach towards Detection, Precise Localization, and Effective Isolation of Concealed IoT Devices in Unfamiliar Environments. 
In Proceedings of the 23rd Workshop on Privacy in the Electronic Society (WPES ’24). Association for Computing Machinery, New York, NY, USA (pp. 109–123).
https://doi.org/10.1145/3689943.3695040

Eckhardt, D., Freiling, F., Herrmann, D., Katzenbeisser, S., & Pöhls, H. C. (2024).
Sicherheit in der Digitalisierung des Alltags: Definition eines ethnografisch-informatischen Forschungsfeldes für die Lösung alltäglicher Sicherheitsprobleme.
GI Sicherheit 2024, 107-118.
https://doi.org/10.18420/sicherheit2024_007

Mader, B., Eichenmüller, C., Pugliese, G., Eckhardt, D., & Benenson, Z. (2024).
I Blame Apple in Part for My False Expectations: An Autoethnographic Study of Apple’s Lockdown Mode in IOS.
arXiv, Preprint.
https://doi.org/10.48550/arXiv.2411.13249

Brenner, R., Leithäuser, M., Jänich, S., & Pöhls, H. C. (2024).
Updatefähigkeit als Konstruktionsanforderung.
RDiRecht der Digitalisierung 2024, 252-260.

Eckhardt, D., Freiling, F., Herrmann, D., Katzenbeisser, S., & Pöhls, H. C. (2023).
Sicherheit in der Digitalisierung des Alltags: Definition eines ethnografisch-informatischen Forschungsfeldes für die Lösung alltäglicher Sicherheitsprobleme (pp.1-18).
Technischer Bericht, Universität Passau.
https://doi.org/10.15475/sidial.2023

Klement, F., Pöhls, H. C., & Katzenbeisser, S. (2022).
Change your Car’s Filters: Efficient Concurrent and Multi-Stage Firewall for OBD-II Network Traffic.
In IEEE International Workshop on Computer-Aided Modeling and Design of Communication Links and Networks (CAMAD) (pp. 19-25), IEEE, Paris, France.
https://ieeexplore.ieee.org/document/9966902

Klement, F., Pöhls, H. C., & Katzenbeisser, S. (2022).
Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security.
In W. Li, S. Furnell & W. Meng (Eds.), Attacks and Defenses for the Internet-of-Things. ADIoT 2022. Lecture Notes in Computer Science, vol. 13745 (pp. 143-164). Springer.

Teilprojekt A01 – Sichere Kapselung

Geloczi, E., & Katzenbeisser, S. (2025).
Inter-Device PUFs: A Novel Paradigm for Physical Unclonable Functions.
HS3 2025: 1st Workshop on Hardware-Supported Software Security (Co-Located with ESORICS), September 25, 2025. HS3 2025, Toulouse, France. To appear.

Geloczi, E., Mexis, N. & Katzenbeisser, S. (2025).
PUSH for Security: A PUF-Based Protocol to Prevent Session Hijacking.
In V. Nicomette, A. Benzekri, N. Boulahia-Cuppens & J. Vaidya (Eds.), Computer Security – ESORICS 2025. ESORICS 2025. Lecture Notes in Computer Science, vol. 16055. Springer, Cham.
https://doi.org/10.1007/978-3-032-07894-0_7

Geloczi, E., Klement, F., Struck, P., & Katzenbeisser, S. (2025).
SoK: Delegated Security in the Internet of Things.
Future Internet 2025, 17(5), 202.
https://doi.org/10.3390/fi17050202

Geloczi, E., Klement, F., Gründinger, E., & Katzenbeisser, S. (2023). 
Secure Stitch: Unveiling the Fabric of Security Patterns for the Internet of Things.
In R. Rios & J. Posegga (Eds.), Security and Trust Management. STM 2023. Lecture Notes in Computer Science, vol. 14336. Springer, Cham.
https://doi.org/10.1007/978-3-031-47198-8 _4

Anagnostopoulos, N. A., Fan, Y., Saleem, M. U., Mexis, N., Geloczi, E., Klement, F., Frank, F., Schaller, A., Arul, T., & Katzenbeisser, S. (2022).
Testing Physical Unclonable Functions Implemented on Commercial Off-the-Shelf NAND Flash Memories Using Programming Disturbances.
2022 IEEE 12th International Conference on Consumer Electronics (ICCE-Berlin), Berlin, Germany, 2022,1-9.
doi: 10.1109/ICCE-Berlin56473.2022.10021310

Teilprojekt A02 – Firmware-Härtung

Jänich, S., Sievers, M., & Kinder, J. (2025).
Match & Mend: Minimally invasive local reassembly for patching N-day vulnerabilities in ARM binaries.
arXiv:2510.14384. ArXiv.
https://arxiv.org/abs/2510.14384

Benoit, T., Wang, Y., Dannehl, M., & Kinder, J. (2025).
BLens: Contrastive Captioning of Binary Functions using Ensemble Embedding.
In 34th USENIX Security Symposium (USENIX Security), USENIX Association.

Teilprojekt B03 Architekturen und Dienste

Eichhammer, P., & Reiser, H. P. (2026).
SimGuard: Towards Resilience of Community-based Intrusion Detection.
The 41st ACM/SIGAPP Symposium On Applied Computing, ACM, Tessaloniki, Greece.
https://dl.acm.org/doi/10.1145/3704440.3704787

Pöhls, H.C. & Steffens, L. (2025).
Checking the Impact of Security Standardization – A Case Study on Bluetooth LE Pairing of Internet-of-Things Devices.
In ICT Systems Security and Privacy Protection – 40th IFIP SEC Conference (pp. 49-63). Springer, Maribor, Slovenia.
https://link.springer.com/chapter/10.1007/978-3-031-928864_4

Rakotondravony, N., Pöhls, H. C., Pfeifer, J., & Harrison, L. (2024).
Viz4NetSec: Visualizing Dynamic Network Security Configurations of Everyday Interconnected Objects in Home Networks. 
HCI International, Washington, USA.

Pöhls, H. C. (2023).
Towards a Unified Abstract Architecture to Coherently and Generically Describe Security Goals and Risks of AI Systems.
19th International Workshop Security and Trust Management (STM) in conjunction with ESORICS. Springer, Hague, Netherlands.
https://link.springer.com/chapter/10.1007/978-3031-47198-8_5

Pöhls, H. C., Gebauer S., Scharnboeck F., Spielvogel, K., & Posegga, J. (2024).
MQfilTTr: Strengthening Smart Home Privacy through MQTT Traffic Manipulation.
14th WISTP International Conference on Information Security Theory and Practice (WISTP 2024), LNCS, Paris, France.

Teilprojekt B04 – Datenschutz-Bibliotheken

Hennig, A., Veit, M., Schmidt-Enke, L., Neusser, F., Herrmann, D., & Mayer, P. (2026).
“I believe it’s incredibly difficult to fight against this flood of spam”: Towards enhancing strategies for creating effective vulnerability notifications. Computers & Security, 160, 104682.
https://doi.org/https://doi.org/10.1016/j.cose.2025.104682

Eckstein, F., Rosenauer, R., Huppert, P., Volkamer, M., & Herrmann, D. (2025).
RFC 9116 (security.txt“) an deutschen Hochschulservern.
Datenschutz und Datensicherheit (dud), 49 (8), 522-526.
https://doi.org/10.1007/S11623-025-2132-1

Drescher, J. N., Moser, J., Strangmann, N., Spinner, J., Herrmann, D., & Volkamer, M. (2024).
“Data Protection Can Sometimes Be a Nuisance” Notification Study on Data Sharing Practices in City Apps.
Mensch und Computer 2024 – Workshopband, 2024.
https://doi.org/10.18420/MUC2024-MCI-WS17-159

Kriecherbauer, T., Schwank, R., Krauss, A., Neureither, K., Remme, L., Volkamer, M., & Herrmann, D. (2024).
Is Personalization Worth It? Notifying Blogs about a Privacy Issue Resulting from Poorly Implemented Consent Banners.
Proceedings of the 19th International Conference on Availability, Reliability and Security, ARES 2024, 38:1-38:7.
https://doi.org/10.1145/3664476.3664499

Stöver, A., Gerber, N., Pridöhl, H., Maass, M., Bretthauer, S. , Spiecker genannt Döhmann, I., Hollick, M., & Herrmann, D. (2023).
How Website Owners Face Privacy Issues: Thematic Analysis of Responses from a Covert Notification Study Reveals Diverse Circumstances and Challenges.
Proceedings on Privacy Enhancing Technologies, 2023(2), 251-264.
https://doi.org/10.56553/popets-2023-0051

Hennig, A., Neusser, F., Pawelek, A. A., Herrmann, D., & Mayer, P. (2022).
Standing out among the daily spam: How to catch website owners‘ attention by means of vulnerability notifications.
In S. D. J. Barbosa, C. Lampe, C. Appert & D. A. Shamma (Eds.), CHI ’22: CHI Conference on Human Factors in Computing Systems 2022, Extended Abstracts (317:1-317:8). ACM.
https://dl.acm.org/doi/10.1145/3491101.3519847

Teilprojekt B05 – Sichere Einbindung

Andreas, M., Specht, F., & Momeu, M. (2026).
HyperMirage: Direct State Manipulation in Hybrid Virtual CPU Fuzzing.
In Proceedings of the 33rd Annual Network and Distributed Systems Symposium (NDSS).
https://go.tum.de/625123

Momeu, M., Gaidis, A. J., v.d. Heidt, J., & Kemerlis, V. P. (2025).
IUBIK: Isolating User Bytes in Commodity Operating System Kernels via Memory Tagging Extensions.
In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P).
https://ieeexplore.ieee.org/abstract/document/11023322

Momeu, M., Kilger, F., Roemheld, C., Schnückel, S., Proskurin, S., Polychronakis, M., & Kemerlis, V. P. (2024).
ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels.
In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIA CCS) (pp. 1159-1172).
https://doi.org/10.1145/3634737.3644994

Momeu, M., Schnückel, S., Angnis, K., Polychronakis, M., & Kemerlis, V. P. (2024).
Safeslab: Mitigating use-after-free vulnerabilities via memory protection keys.
In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS ’24) (pp. 1345–1359).
https://doi.org/10.1145/3658644.3670279

Teilprojekt C06 – Datenschutz-Analyse

Eichhorn, M., Hammer, A., Pugliese, G., & Freiling, F. (2026).
UDIM: Formal User-Device Interaction Model for Approximating Artifact Coverage in IoT Forensics.
Workshop on Security and Privacy in Standardized IoT (SDIoTSec’26, co-located with Network and Distributed System Security (NDSS’26) Symposium.
To appear.

Abu-Salma, R., Anthonysamy, P., Benenson, Z., Berens, B., Coopamootoo, K. P. L., Gutmann, A., Jenkins, A., Patil, S., Preibusch, S., Schaub, F., Seymour, W., Such, J.,Tahaei, M., Tuncdogan, A., Kleek, M. V., & Wilkinson, D. (2025).
Grand Challenges in Human-Centered Privacy.
IEEE Security & Privacy, 23(4), 103–110.
https://doi.org/10.1109/MSEC.2025.3566451

Weinberger, L., Eichenmüller, C., Gassmann, F., Pugliese, G., & Benenson, Z. (2024).
Used, Avoided, Restricted? Perceptions, Behavior, and Changes in Video Conferencing of German-speaking Users During and After the Pandemic.
European Symposium on Usable Security (EuroUSEC 2024, Karlstad, Sweden), 77-93.
https://doi.org/10.1145/3688459.3688478

Eichhorn, M., & Pugliese, G. (2024).
Do You „Relay“ Want to Give Me Away? – Forensic Cues of Smart Relays and Their IoT Companion Apps.
Forensic Science International: Digital Investigation, 50, 301810.
https://doi.org/10.1016/j.fsidi.2024.301810

Crasselt, J., & Pugliese, G. (2024).
Started Off Local, Now We’re in the Cloud: Forensic Examination of the Amazon Echo Show 15 Smart Display.
Digital Forensics Research Conference USA (DFRWS USA24, Baton Rouge, Louisiana), 1-11.
https://doi.org/10.48550/arXiv.2408.15768

Stachak, M., Geus, J., Pugliese, G., & Freiling, F. (2024).
Nyon Unchained: Forensic Analysis of Bosch’s eBike Board Computers.
Digital Forensics Research Conference Europe (DFRWS EU’24, Zaragoza, Spain), 1-11.
https://doi.org/10.48550/arXiv.2404.12864

Best Student Paper Award – DFRWS EU-Konferenz 2024
Eichhorn, M., Schneider, J., & Pugliese, G. (2024).
Well Played, Suspect! – Forensic Examination of the Handheld Gaming Console “Steam Deck”.
Forensic Science International: Digital Investigation, 48, 301688.
https://doi.org/10.1016/j.fsidi.2023.301688

Weinberger, L., Eichenmüller, C., & Benenson, Z.  (2023).
Interplay of Security, Privacy and Usability in Videoconferencing.
Extended Abstracts of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI:EA’23, Hamburg, Germany), 1-10. https://doi.org/10.1145/3544549.3585683

Freiling, F. (2023).
Zum Umgang mit Erkenntnissen der IT-Sicherheitsforschung.
In S. Golla & D. Brodowski (Eds.), IT-Sicherheitsforschung und IT-Strafrecht (pp. 21-33). Mohr Siebeck.
https://doi.org/10.1628/978-3-16-162184-0

Benenson, Z. (2022).
Gestaltung menschengerechter IT-Sicherheit.
Gesellschaft für Informatik e.V., Band 46, Cyber Security, 7–12.
https://dl.gi.de/handle/20.500.12116/39438

Teilprojekt C07 – Updatepflicht und -berechtigung

Brenner, R. (2025).
Die Produktbeobachtungspflicht im digitalen Zeitalter: Chancen und Herausforderungen für Hersteller.
Nomos.
https://doi.org/10.5771/9783748964490

Leithäuser, M. (2025).
Nachträgliche Drosselung eines Batteriespeichers als Sachmangel.
RDi 2025, 269-271.

Riehm, T., Leithäuser, M. & Brenner, R. (2024).
Vertragliche Ansprüche auf Sicherheitsaktualisierungen?
In B. Raue (Ed.), Digitale Resilienz: Effektives Recht auf sichere Software (pp. 5-37). Schriften des IRDT | Trier Studies on Digital Law.

Brenner, R. (2024).
Software im Fokus der neuen Produkthaftungsrichtlinie.
RDi 2024, 345-352.

Brenner, R., Leithäuser, M., Jänich, S., & Pöhls, H. C. (2024).
Updatefähigkeit als Konstruktionsanforderung.
RDi 2024, 252-260.

Leithäuser, M. (2023).
Nachträgliche Mängel beim Softwarekauf.
RDi 2023, 274-281.

Riehm, T. (2022).
Digitale Dienstleistungen.
RDi 2022, 209-216.

Teilprojekt C08 – Alltagsdigitalisierung: Akzeptanz – Kompetenz – Prozesse

Eckhardt, D. (2025).
Unterwegs(sein) Feldnotieren. Kritzeln, Jotten, Headnoting als mobile Methoden für mobile Feldwissenschaften.
In M. Naumann & A. Strüver (Eds.), Handbuch Mobile Methoden in der Sozial- und Raumforschung (pp. 265-276). utb.

Eckhardt, D. (2025).
Das Partineum: Ein ethnografischer Ort zur Wissens- und Denkstilteilhabe.
Zeitschrift für Empirische Kulturwissenschaft, 121(1), 28-47.
https://doi.org/10.31244/zekw/2025/01.03

Eckhardt, D., Feist, N., & Pfeiffer, S. (2024).
Work Based Human Factor: Vom Mensch als Störfaktor zum Mensch als Sicherheitsgewährleister.
Cybernation Deutschland. Kooperation gewinnt. Die Themen des 20. Deutschen IT-Sicherheitskongresses, 274-289.
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Veranstaltungen/ITSiKongress/20ter/Kongressdokumentation_2024.pdf?__blob=publicationFile&v=5

Dendler, L., Nicklich, M., Pfeiffer, S., & Schulze, A. (2024).
Systemic Risks and Organizational Challenges in Transformative Processes: ‘Cybersecurity’ in the Food Field.
In E. Weik, C. Land & R. Hartz (Eds.), The Handbook of Organizing Economic, Ecological and Societal Transformation (pp. 165–188). De Gruyter. 
https://doi.org/10.1515/9783110986945-009

Eckhardt, D. (2023).
Ethnografisches Feldnotieren in digitalen Feldern: Perspektiven einer Wissens- und Arbeitspraxis.
Kulturanthropologie Notizen, 85, 52-77.
https://doi.org/10.21248/ka-notizen.85.21