Faculty

Sven Bugiel

Android Authentication Mobile Security Secure Connected and Mobile Systems Passwords Trusted Computing

Email

Address

Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Awards (selection)

2024: Busy Beaver Award "Mobile Security“, Saarland University

2019: Busy Beaver Award "Selected Topics in Mobile Security", Saarland University

Further Information

Short Bio

Dr. Sven Bugiel is Faculty at CISPA and security researcher with focus on (mobile) operating system security and trusted computing. In the past, he was particularly looking into mandatory access control systems for the Android OS and integrating hardware security building blocks into mobile operating systems.

Since May 2016 Sven is employed as the research group leader of the Trusted Systems Group at CISPA.

CV: Last stations

Since 2017: Tenure-Track Faculty at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany, and head of the Trusted Systems Group
2016 – 2017: Research Group Leader of the Trusted Systems Group at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
2013 – 2016: Research Assistant and Ph.D. Student in the Information Security & Cryptography Group, Saarland University, Germany Since Feb, 2016: Dr.-Ing. (Ph.D. in Security in Information Technology) Ph.D. thesis title: "Establishing Mandatory Access Control on Android OS"
2010 – 2013: Research Assistant and Ph.D. Student at the Center for Advanced Security Research Darmstadt, Germany

Download CV

Publications by Sven Bugiel

Year 2025

2025-04-28

Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns

Conference / Medium

International Conference on Human Factors in Computing Systems (CHI)

Tags

Empirical & Behavioral Security

Authors

Yusra Elbitar
Soheil Khodayari
Marian Harbach
Gianluca De Stefano
Balazs Csaba Engedy
Giancarlo Pellegrino
Sven Bugiel

Full Paper Visit Detail Page

2025-02-24

The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags

Secure Connected and Mobile Systems

Authors

Full Paper Visit Detail Page

2025-02-19

Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2025-02-19

Stack Overflow Meets Replication: Security Research Amid Evolving Code Snippets

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

Year 2024

2024-07-08

Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing

Conference / Medium

Workshop on Operating Systems and Virtualization Security (OSVS)

Tags

Secure Connected and Mobile Systems

Authors

Full Paper Visit Detail Page

2024-05-23

Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security

Conference / Medium

IEEE Symposium on Security and Privacy (S&P)

Tags

Trustworthy Information Processing

Authors

Full Paper Visit Detail Page

Year 2023

2023-02-01

A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags

Empirical & Behavioral Security

Authors

Sanam Ghorbani Lyastani
Sven Bugiel
Michael Backes

Full Paper Visit Detail Page

2023-01-19

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors

Conference / Medium

Financial Cryptography and Data Security (FC)

Tags

Secure Connected and Mobile Systems

Authors

Dhiman Chakraborty
Michael Schwarz
Sven Bugiel

Full Paper Visit Detail Page

Year 2021

2021-08-11

Explanation Beats Context: The Effect of Timing and Rationales on Users' Runtime Permission Decisions

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Yusra Elbitar
michael.schilling
Trung Tin Nguyen
Michael Backes
Sven Bugiel

Full Paper Visit Detail Page

2021-08-11

A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Secure Connected and Mobile Systems

Authors

Full Paper Visit Detail Page