@inproceedings(beringer2015verified, author = {Lennart Beringer and Adam Petcher and Q Ye Katherine and Andrew W Appel}, year = {2015}, title = {Verified Correctness and Security of OpenSSL {HMAC}}, booktitle = {24th {USENIX} Security Symposium ({USENIX} Security 15)}, pages = {207--221}, doi = {10.1145/3133956.3133974}, ) @inproceedings(bhargavan2017everest, author = {Karthikeyan Bhargavan and Barry Bond and Delignat-Lavaud, Antoine and C{\'e}dric Fournet and Chris Hawblitzel and Catalin Hritcu and Samin Ishtiaq and Markulf Kohlweiss and Rustan Leino and Jay Lorch}, year = {2017}, title = {Everest: Towards a verified, drop-in replacement of HTTPS}, booktitle = {2nd Summit on Advances in Programming Languages (SNAPL 2017)}, organization = {Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik}, pages = {1:1--1:12}, ) @article(chen2020blockchain, author = {Yan Chen and Cristiano Bellavitis}, year = {2020}, title = {Blockchain disruption and decentralized finance: The rise of decentralized business models}, journal = {Journal of Business Venturing Insights}, volume = {13}, pages = {e00151}, doi = {10.1016/j.jbvi.2019.e00151}, ) @inproceedings(ferreira2017certified, author = {Jo{\~a}o F. Ferreira and Saul Johnson and Alexandra Mendes and Phillip Brooke}, year = {2017}, title = {Certified Password Quality: A Case Study Using Coq and Linux Pluggable Authentication Modules}, booktitle = {13th International Conference on Integrated Formal Methods}, organization = {Springer}, pages = {407--421}, doi = {10.1007/978-3-319-66845-1_27}, ) @article(fisher2017hacms, author = {Kathleen Fisher and John Launchbury and Raymond Richards}, year = {2017}, title = {The HACMS program: using formal methods to eliminate exploitable bugs}, journal = {Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences}, volume = {375}, number = {2104}, pages = {20150401}, doi = {10.1098/rsta.2015.0401}, ) @article(gao2015two, author = {Xianyi Gao and Gradeigh D Clark and Janne Lindqvist}, year = {2015}, title = {Of two minds, multiple addresses, and one history: Characterizing opinions, knowledge, and perceptions of bitcoin across groups}, journal = {arXiv preprint arXiv:1503.02377}, doi = {10.2139/ssrn.2575796}, ) @article(grilo2021towards, author = {Miguel Grilo and Jo{\~a}o F. Ferreira and Jos{\'e} Bacelar Almeida}, year = {2021}, title = {Towards Formal Verification of Password Generation Algorithms used in Password Managers}, journal = {arXiv preprint arXiv:2106.03626}, note = {Paper supporting talk given at INForum 2021 (\url{https://inforum.org.pt})}, ) @inproceedings(hildenbrandt2018kevm, author = {Everett Hildenbrandt and Manasvi Saxena and Nishant Rodrigues and Xiaoran Zhu and Philip Daian and Dwight Guth and Brandon Moore and Daejun Park and Yi Zhang and Andrei Stefanescu}, year = {2018}, title = {Kevm: A complete formal semantics of the ethereum virtual machine}, booktitle = {2018 IEEE 31st Computer Security Foundations Symposium (CSF)}, organization = {IEEE}, pages = {204--217}, doi = {10.1109/CSF.2018.00022}, ) @inproceedings(inglesant2010true, author = {Philip G Inglesant and M Angela Sasse}, year = {2010}, title = {The true cost of unusable password policies: password use in the wild}, booktitle = {Proceedings of the sigchi conference on human factors in computing systems}, pages = {383--392}, doi = {10.1145/1753326.1753384}, ) @inproceedings(ion2015no, author = {Iulia Ion and Rob Reeder and Sunny Consolvo}, year = {2015}, title = {...no one can hack my mind: Comparing Expert and Non-Expert Security Practices}, booktitle = {Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)}, pages = {327--346}, ) @book(tidwell2010designing, author = {Aynne Valencia Jenifer Tidwell, Charles Brewer}, year = {2020}, title = {Designing interfaces: Patterns for effective interaction design}, publisher = {" O'Reilly Media, Inc."}, ) @inproceedings(johnson2020skeptic, author = {Saul Johnson and Jo{\~a}o F. Ferreira and Alexandra Mendes and Julien Cordry}, year = {2020}, title = {Skeptic: Automatic, justified and privacy-preserving password composition policy selection}, booktitle = {Proceedings of the 15th ACM Asia Conference on Computer and Communications Security}, pages = {101--115}, doi = {10.1145/3320269.3384762}, ) @article(kearney1997toward, author = {Anne R Kearney and Stephen Kaplan}, year = {1997}, title = {Toward a methodology for the measurement of knowledge structures of ordinary people: the conceptual content cognitive map (3CM)}, journal = {Environment and behavior}, volume = {29}, number = {5}, pages = {579--617}, doi = {10.1177/0013916597295001}, ) @inproceedings(krombholz2016other, author = {Katharina Krombholz and Aljosha Judmayer and Matthias Gusenbauer and Edgar Weippl}, year = {2016}, title = {The other side of the coin: User experiences with bitcoin security and privacy}, booktitle = {International conference on financial cryptography and data security}, organization = {Springer}, pages = {555--580}, doi = {10.1007/978-3-662-54970-4_33}, ) @inproceedings(lyastani2018better, author = {Sanam Ghorbani Lyastani and Michael Schilling and Sascha Fahl and Michael Backes and Sven Bugiel}, year = {2018}, title = {Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse}, booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)}, pages = {203--220}, ) @inproceedings(mai2020user, author = {Alexandra Mai and Katharina Pfeffer and Matthias Gusenbauer and Edgar Weippl and Katharina Krombholz}, year = {2020}, title = {User Mental Models of Cryptocurrency Systems-A Grounded Theory Approach}, booktitle = {Sixteenth Symposium on Usable Privacy and Security ({SOUPS} 2020)}, pages = {341--358}, ) @article(merrett2006reflections, author = {Frank Merrett}, year = {2006}, title = {Reflections on the Hawthorne effect}, journal = {Educational Psychology}, volume = {26}, number = {1}, pages = {143--146}, doi = {10.1080/01443410500341080}, ) @inproceedings(pearman2019people, author = {S. Pearman and S. A. Zhang and L. Bauer and N. Christin and L. F. Cranor}, year = {2019}, title = {Why people (don\IeC{\textquoteright}t) use password managers effectively}, booktitle = {Fifteenth Symposium On Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA}, pages = {319--338}, ) @article(presthus2017motivations, author = {Wanda Presthus and O\IeC{\textquoteright}Malley, Nicholas Owen}, year = {2017}, title = {Motivations and barriers for end-user adoption of bitcoin as digital currency}, journal = {Procedia Computer Science}, volume = {121}, pages = {89--97}, doi = {10.1016/j.procs.2017.11.013}, ) @incollection(sasse2005usable, author = {M Angela Sasse and Ivan Flechais}, year = {2005}, title = {Usable security: Why do we need it? How do we get it?}, booktitle = {Security and Usability: Designing secure systems that people can use}, publisher = {O'Reilly}, pages = {13--30}, ) @inproceedings(shay2014can, author = {Richard Shay and Saranga Komanduri and Adam L Durity and Phillip Huh and Michelle L Mazurek and Sean M Segreti and Blase Ur and Lujo Bauer and Nicolas Christin and Lorrie Faith Cranor}, year = {2014}, title = {Can long passwords be secure and usable?}, booktitle = {Proceedings of the SIGCHI Conference on Human Factors in Computing Systems}, pages = {2927--2936}, doi = {10.1145/2556288.2557377}, ) @book(shneiderman2016designing, author = {B. Shneiderman and C. Plaisant and M. Cohen and S. Jacobs and N. Elmqvist and N. Diakopoulos}, year = {2016}, title = {Designing the user interface: strategies for effective human-computer interaction}, publisher = {Pearson}, ) @inproceedings(silver2014password, author = {David Silver and Suman Jana and Dan Boneh and Eric Chen and Collin Jackson}, year = {2014}, title = {Password managers: Attacks and defenses}, booktitle = {23rd {USENIX} Security Symposium ({USENIX} Security 14)}, pages = {449--464}, ) @article(tolmach2021survey, author = {Palina Tolmach and Yi Li and Shang-Wei Lin and Yang Liu and Zengxiang Li}, year = {2021}, title = {A survey of smart contract formal specification and verification}, journal = {ACM Computing Surveys (CSUR)}, volume = {54}, number = {7}, pages = {1--38}, doi = {10.1145/3464421}, ) @inproceedings(ur2015added, author = {Blase Ur and Fumiko Noma and Jonathan Bees and Sean M Segreti and Richard Shay and Lujo Bauer and Nicolas Christin and Lorrie Faith Cranor}, year = {2015}, title = {"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab}, booktitle = {Eleventh Symposium On Usable Privacy and Security ({SOUPS} 2015)}, pages = {123--140}, ) @inproceedings(whitten1999johnny, author = {A. Whitten and J. D. Tygar}, year = {1999}, title = {Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.}, booktitle = {{USENIX} Security Symposium}, volume = {348}, pages = {169--184}, ) @article(yan2004password, author = {Jeff Yan and Alan Blackwell and Ross Anderson and Alasdair Grant}, year = {2004}, title = {Password memorability and security: Empirical results}, journal = {IEEE Security \& privacy}, volume = {2}, number = {5}, pages = {25--31}, doi = {10.1109/msp.2004.81}, ) @inproceedings(ye2017verified, author = {Katherine Q Ye and Matthew Green and Naphat Sanguansin and Lennart Beringer and Adam Petcher and Andrew W Appel}, year = {2017}, title = {Verified correctness and security of mbedTLS HMAC-DRBG}, booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security}, pages = {2007--2020}, doi = {10.1145/3133956.3133974}, )