1. Lennart Beringer, Adam Petcher, Q Ye Katherine & Andrew W Appel (2015): Verified Correctness and Security of OpenSSL HMAC. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 207–221, doi:10.1145/3133956.3133974.
  2. Karthikeyan Bhargavan, Barry Bond, Antoine Delignat-Lavaud, Cédric Fournet, Chris Hawblitzel, Catalin Hritcu, Samin Ishtiaq, Markulf Kohlweiss, Rustan Leino & Jay Lorch (2017): Everest: Towards a verified, drop-in replacement of HTTPS. In: 2nd Summit on Advances in Programming Languages (SNAPL 2017). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, pp. 1:1–1:12.
  3. Yan Chen & Cristiano Bellavitis (2020): Blockchain disruption and decentralized finance: The rise of decentralized business models. Journal of Business Venturing Insights 13, pp. e00151, doi:10.1016/j.jbvi.2019.e00151.
  4. João F. Ferreira, Saul Johnson, Alexandra Mendes & Phillip Brooke (2017): Certified Password Quality: A Case Study Using Coq and Linux Pluggable Authentication Modules. In: 13th International Conference on Integrated Formal Methods. Springer, pp. 407–421, doi:10.1007/978-3-319-66845-1_27.
  5. Kathleen Fisher, John Launchbury & Raymond Richards (2017): The HACMS program: using formal methods to eliminate exploitable bugs. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 375(2104), pp. 20150401, doi:10.1098/rsta.2015.0401.
  6. Xianyi Gao, Gradeigh D Clark & Janne Lindqvist (2015): Of two minds, multiple addresses, and one history: Characterizing opinions, knowledge, and perceptions of bitcoin across groups. arXiv preprint arXiv:1503.02377, doi:10.2139/ssrn.2575796.
  7. Miguel Grilo, João F. Ferreira & José Bacelar Almeida (2021): Towards Formal Verification of Password Generation Algorithms used in Password Managers. arXiv preprint arXiv:2106.03626. Paper supporting talk given at INForum 2021 (
  8. Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang & Andrei Stefanescu (2018): Kevm: A complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, pp. 204–217, doi:10.1109/CSF.2018.00022.
  9. Philip G Inglesant & M Angela Sasse (2010): The true cost of unusable password policies: password use in the wild. In: Proceedings of the sigchi conference on human factors in computing systems, pp. 383–392, doi:10.1145/1753326.1753384.
  10. Iulia Ion, Rob Reeder & Sunny Consolvo (2015): one can hack my mind: Comparing Expert and Non-Expert Security Practices. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 327–346.
  11. Aynne Valencia Jenifer Tidwell, Charles Brewer (2020): Designing interfaces: Patterns for effective interaction design. " O'Reilly Media, Inc.".
  12. Saul Johnson, João F. Ferreira, Alexandra Mendes & Julien Cordry (2020): Skeptic: Automatic, justified and privacy-preserving password composition policy selection. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 101–115, doi:10.1145/3320269.3384762.
  13. Anne R Kearney & Stephen Kaplan (1997): Toward a methodology for the measurement of knowledge structures of ordinary people: the conceptual content cognitive map (3CM). Environment and behavior 29(5), pp. 579–617, doi:10.1177/0013916597295001.
  14. Katharina Krombholz, Aljosha Judmayer, Matthias Gusenbauer & Edgar Weippl (2016): The other side of the coin: User experiences with bitcoin security and privacy. In: International conference on financial cryptography and data security. Springer, pp. 555–580, doi:10.1007/978-3-662-54970-4_33.
  15. Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes & Sven Bugiel (2018): Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 203–220.
  16. Alexandra Mai, Katharina Pfeffer, Matthias Gusenbauer, Edgar Weippl & Katharina Krombholz (2020): User Mental Models of Cryptocurrency Systems-A Grounded Theory Approach. In: Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 341–358.
  17. Frank Merrett (2006): Reflections on the Hawthorne effect. Educational Psychology 26(1), pp. 143–146, doi:10.1080/01443410500341080.
  18. S. Pearman, S. A. Zhang, L. Bauer, N. Christin & L. F. Cranor (2019): Why people (dont) use password managers effectively. In: Fifteenth Symposium On Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA, pp. 319–338.
  19. Wanda Presthus & Nicholas Owen OMalley (2017): Motivations and barriers for end-user adoption of bitcoin as digital currency. Procedia Computer Science 121, pp. 89–97, doi:10.1016/j.procs.2017.11.013.
  20. M Angela Sasse & Ivan Flechais (2005): Usable security: Why do we need it? How do we get it?. In: Security and Usability: Designing secure systems that people can use. O'Reilly, pp. 13–30.
  21. Richard Shay, Saranga Komanduri, Adam L Durity, Phillip Huh, Michelle L Mazurek, Sean M Segreti, Blase Ur, Lujo Bauer, Nicolas Christin & Lorrie Faith Cranor (2014): Can long passwords be secure and usable?. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2927–2936, doi:10.1145/2556288.2557377.
  22. B. Shneiderman, C. Plaisant, M. Cohen, S. Jacobs, N. Elmqvist & N. Diakopoulos (2016): Designing the user interface: strategies for effective human-computer interaction. Pearson.
  23. David Silver, Suman Jana, Dan Boneh, Eric Chen & Collin Jackson (2014): Password managers: Attacks and defenses. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 449–464.
  24. Palina Tolmach, Yi Li, Shang-Wei Lin, Yang Liu & Zengxiang Li (2021): A survey of smart contract formal specification and verification. ACM Computing Surveys (CSUR) 54(7), pp. 1–38, doi:10.1145/3464421.
  25. Blase Ur, Fumiko Noma, Jonathan Bees, Sean M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin & Lorrie Faith Cranor (2015): "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 123–140.
  26. A. Whitten & J. D. Tygar (1999): Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.. In: USENIX Security Symposium 348, pp. 169–184.
  27. Jeff Yan, Alan Blackwell, Ross Anderson & Alasdair Grant (2004): Password memorability and security: Empirical results. IEEE Security & privacy 2(5), pp. 25–31, doi:10.1109/msp.2004.81.
  28. Katherine Q Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher & Andrew W Appel (2017): Verified correctness and security of mbedTLS HMAC-DRBG. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2007–2020, doi:10.1145/3133956.3133974.

Comments and questions to:
For website issues: