04.07.2023 | Sascha Fahl, CISPA

Biographie

Sascha Fahl is Tenured Faculty at CISPA Helmholtz-Center for Information Security in Hannover and Full Professor (W3) for Empirical Information Security at Leibniz University Hannover in Germany. Previously, he was Professor at Ruhr University Bochum, Germany, held the chair for Information Security at Leibniz University Hannover, and was an independent research group leader at CISPA, Saarland University. Prof. Fahl studied Computer Science at Philipps University Marburg and received a Ph.D. in Computer Science. He worked with the Chrome Security team and was a researcher at Fraunhofer FKIE in Bonn. His research won the Distinguished Paper award at IEEE S&P (2022), the Best Student Paper award at IEEE S&P (2021) the NSA's Best Scientific Cybersecurity Paper Competition (2016) and received the Google Faculty Research Award (2016). He is a recipient of the Heinz Maier-Leibnitz Prize (2018) and the "Curious Mind" Award of the Manager Magazin (2018). 

A Holistic Approach to Human Factors in Cybersecurity

Abstract

The field of information security and privacy has taught us that developing functional and practical security mechanisms requires more than just technological innovation. Human factors play a crucial role in the success or failure of security and privacy systems. The persistent gap between the theoretical security of cryptographic algorithms and real-world vulnerabilities, data breaches, and possible attacks has highlighted the need for a holistic approach to security and privacy research.

As a researcher in this field, I have focused on identifying crucial weak points and empowering all actors involved in creating and using security and privacy-preserving technology. This includes end-users, developers, and system operators. My research has involved working with secure messaging, security indicators, and authentication mechanisms to empower end-users, improving APIs, documentation, and developer tools to support developers, and improving configuration languages and tools to benefit system operators.

In this talk, I will demonstrate how this holistic approach to human factors in cybersecurity research helps close the gap between theoretical security, privacy, and real-world deployments. I will present my past and current work on supporting expert users and protecting end-users and outlining my goals and strategies for future research. Through a combination of technical innovation and consideration of human factors, I believe we can successfully prevent involuntary loss of control over data and empower users to retain power over their security and privacy.