Lennart Beringer, Adam Petcher, Q Ye Katherine & Andrew W Appel (2015):
Verified Correctness and Security of OpenSSL HMAC.
In: 24th USENIX Security Symposium (USENIX Security 15),
pp. 207–221,
doi:10.1145/3133956.3133974.
Karthikeyan Bhargavan, Barry Bond, Antoine Delignat-Lavaud, Cédric Fournet, Chris Hawblitzel, Catalin Hritcu, Samin Ishtiaq, Markulf Kohlweiss, Rustan Leino & Jay Lorch (2017):
Everest: Towards a verified, drop-in replacement of HTTPS.
In: 2nd Summit on Advances in Programming Languages (SNAPL 2017).
Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik,
pp. 1:1–1:12.
Yan Chen & Cristiano Bellavitis (2020):
Blockchain disruption and decentralized finance: The rise of decentralized business models.
Journal of Business Venturing Insights 13,
pp. e00151,
doi:10.1016/j.jbvi.2019.e00151.
João F. Ferreira, Saul Johnson, Alexandra Mendes & Phillip Brooke (2017):
Certified Password Quality: A Case Study Using Coq and Linux Pluggable Authentication Modules.
In: 13th International Conference on Integrated Formal Methods.
Springer,
pp. 407–421,
doi:10.1007/978-3-319-66845-1_27.
Kathleen Fisher, John Launchbury & Raymond Richards (2017):
The HACMS program: using formal methods to eliminate exploitable bugs.
Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 375(2104),
pp. 20150401,
doi:10.1098/rsta.2015.0401.
Xianyi Gao, Gradeigh D Clark & Janne Lindqvist (2015):
Of two minds, multiple addresses, and one history: Characterizing opinions, knowledge, and perceptions of bitcoin across groups.
arXiv preprint arXiv:1503.02377,
doi:10.2139/ssrn.2575796.
Miguel Grilo, João F. Ferreira & José Bacelar Almeida (2021):
Towards Formal Verification of Password Generation Algorithms used in Password Managers.
arXiv preprint arXiv:2106.03626.
Paper supporting talk given at INForum 2021 (https://inforum.org.pt).
Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang & Andrei Stefanescu (2018):
Kevm: A complete formal semantics of the ethereum virtual machine.
In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF).
IEEE,
pp. 204–217,
doi:10.1109/CSF.2018.00022.
Philip G Inglesant & M Angela Sasse (2010):
The true cost of unusable password policies: password use in the wild.
In: Proceedings of the sigchi conference on human factors in computing systems,
pp. 383–392,
doi:10.1145/1753326.1753384.
Iulia Ion, Rob Reeder & Sunny Consolvo (2015):
...no one can hack my mind: Comparing Expert and Non-Expert Security Practices.
In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015),
pp. 327–346.
Aynne Valencia Jenifer Tidwell, Charles Brewer (2020):
Designing interfaces: Patterns for effective interaction design.
" O'Reilly Media, Inc.".
Saul Johnson, João F. Ferreira, Alexandra Mendes & Julien Cordry (2020):
Skeptic: Automatic, justified and privacy-preserving password composition policy selection.
In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security,
pp. 101–115,
doi:10.1145/3320269.3384762.
Anne R Kearney & Stephen Kaplan (1997):
Toward a methodology for the measurement of knowledge structures of ordinary people: the conceptual content cognitive map (3CM).
Environment and behavior 29(5),
pp. 579–617,
doi:10.1177/0013916597295001.
Katharina Krombholz, Aljosha Judmayer, Matthias Gusenbauer & Edgar Weippl (2016):
The other side of the coin: User experiences with bitcoin security and privacy.
In: International conference on financial cryptography and data security.
Springer,
pp. 555–580,
doi:10.1007/978-3-662-54970-4_33.
Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes & Sven Bugiel (2018):
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse.
In: 27th USENIX Security Symposium (USENIX Security 18),
pp. 203–220.
Alexandra Mai, Katharina Pfeffer, Matthias Gusenbauer, Edgar Weippl & Katharina Krombholz (2020):
User Mental Models of Cryptocurrency Systems-A Grounded Theory Approach.
In: Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020),
pp. 341–358.
Frank Merrett (2006):
Reflections on the Hawthorne effect.
Educational Psychology 26(1),
pp. 143–146,
doi:10.1080/01443410500341080.
S. Pearman, S. A. Zhang, L. Bauer, N. Christin & L. F. Cranor (2019):
Why people (dont) use password managers effectively.
In: Fifteenth Symposium On Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA,
pp. 319–338.
Wanda Presthus & Nicholas Owen OMalley (2017):
Motivations and barriers for end-user adoption of bitcoin as digital currency.
Procedia Computer Science 121,
pp. 89–97,
doi:10.1016/j.procs.2017.11.013.
M Angela Sasse & Ivan Flechais (2005):
Usable security: Why do we need it? How do we get it?.
In: Security and Usability: Designing secure systems that people can use.
O'Reilly,
pp. 13–30.
Richard Shay, Saranga Komanduri, Adam L Durity, Phillip Huh, Michelle L Mazurek, Sean M Segreti, Blase Ur, Lujo Bauer, Nicolas Christin & Lorrie Faith Cranor (2014):
Can long passwords be secure and usable?.
In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems,
pp. 2927–2936,
doi:10.1145/2556288.2557377.
B. Shneiderman, C. Plaisant, M. Cohen, S. Jacobs, N. Elmqvist & N. Diakopoulos (2016):
Designing the user interface: strategies for effective human-computer interaction.
Pearson.
David Silver, Suman Jana, Dan Boneh, Eric Chen & Collin Jackson (2014):
Password managers: Attacks and defenses.
In: 23rd USENIX Security Symposium (USENIX Security 14),
pp. 449–464.
Palina Tolmach, Yi Li, Shang-Wei Lin, Yang Liu & Zengxiang Li (2021):
A survey of smart contract formal specification and verification.
ACM Computing Surveys (CSUR) 54(7),
pp. 1–38,
doi:10.1145/3464421.
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin & Lorrie Faith Cranor (2015):
"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab.
In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015),
pp. 123–140.
A. Whitten & J. D. Tygar (1999):
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0..
In: USENIX Security Symposium 348,
pp. 169–184.
Jeff Yan, Alan Blackwell, Ross Anderson & Alasdair Grant (2004):
Password memorability and security: Empirical results.
IEEE Security & privacy 2(5),
pp. 25–31,
doi:10.1109/msp.2004.81.
Katherine Q Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher & Andrew W Appel (2017):
Verified correctness and security of mbedTLS HMAC-DRBG.
In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security,
pp. 2007–2020,
doi:10.1145/3133956.3133974.