Send email Copy Email Address
Faculty

Sascha Fahl

Research Group
Empirical & Behavioral Security

Email

Address

Lange Laube 6
30159 Hannover (Germany)

Further Information

Short Bio

Prof. Dr. Sascha Fahl has been Pro­fes­sor for com­pu­ter sci­ence and head of the chair for usa­ble se­cu­ri­ty and pri­va­cy since April 2018. Pre­vious­ly, he was head of the in­for­ma­ti­on se­cu­ri­ty in­sti­tu­te at Leib­niz Uni­ver­si­ty in Han­no­ver (2017 - 2018). From 2016 to 2017 he was in­de­pen­dent re­se­arch group lea­der of the usa­ble se­cu­ri­ty and pri­va­cy group at CISPA. He re­cei­ved a PhD in com­pu­ter sci­ence from Leib­niz Uni­ver­si­ty Han­no­ver in 2016. In 2015 he was soft­ware en­gi­neer (SWE) in­tern in the Chro­me Se­cu­ri­ty team at Goog­le in Moun­tain View.

CV: Last stations

Since 2021
Tenured Faculty at CISPA Helmholtz Center for Information Security
Since 2019
Professor at Leibniz University Hannover
2018 – 2019
Associate Professor at Ruhr University Bochum
2017 – 2018
Deputy Professor at Leibniz University Hannover, Germany

Publications by Sascha Fahl

Year 2025

2025

"Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects.

Conference / Medium

Usenix Security Symposium (USENIX-Security)
"Threat modeling is very formal, it's very technical, and also very hard to do correctly": Investigating Threat Modeling Practices in Open-Source Software Projects.

Tags
Empirical & Behavioral Security
Authors
  • Harjot Kaur
  • Carson Powers
  • Ronald E Thompson III
  • Sascha Fahl
  • Daniel Votipka
Full Paper Visit Detail Page

Year 2024

2024-10-16

“It’s Not My Data Anymore”: Exploring Non-Users’ Privacy Perceptions of Medical Data Donation Apps

Conference / Medium

Privacy Enhancing Technologies Symposium (PETS)
“It’s Not My Data Anymore”: Exploring Non-Users’ Privacy Perceptions of Medical Data Donation Apps

Tags
Empirical & Behavioral Security
Authors
  • Sarah Abdelwahab Gaballah
  • Lamya Abdullah
  • Ephraim Zimmer
  • Sascha Fahl
  • Max Mühlhäuser
  • Karola Marky
Full Paper Visit Detail Page
2024-10-14

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)
Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-10

Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns

Tags
Empirical & Behavioral Security
Authors
  • Jan Klemmer
  • Stefan Albert Horstmann
  • Nikhil Patnaik
  • Cordelia Ludden
  • Cordell Burton Jr
  • Carson Powers
  • Fabio Massacci
  • Akond Rahman
  • Daniel Votipka
  • Heather Richter Lipford
  • Awais Rashid
  • Alena Naiakshina
  • Sascha Fahl
Full Paper Visit Detail Page
2024-08-14

"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.

Conference / Medium

Usenix Security Symposium (USENIX-Security)
"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-08-14

The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts.

Conference / Medium

Usenix Security Symposium (USENIX-Security)
The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts.

Tags
Empirical & Behavioral Security
Authors
  • Konstantin Fischer
  • Ivana Trummová
  • Phillip Gajland
  • Yasemin Acar
  • Sascha Fahl
  • M Angela Sasse
Full Paper Visit Detail Page
2024-08-05

“You received $100,000 from Johnny”: A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps

Article

IEEE Access“You received $100,000 from Johnny”: A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-05-20

Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors

Conference / Medium

IEEE Symposium on Security and Privacy (S&P)
Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-05-11

Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter

Conference / Medium

International Conference on Human Factors in Computing Systems (CHI)
Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter

Tags
Empirical & Behavioral Security
Authors
  • Juliane Schmüser
  • Harshini Sri Ramulu
  • Noah Wöhler
  • Christian Stransky
  • Felix Bensmann
  • Dimitar Dimitrov
  • Sebastian Schellhammer
  • Dominik Wermke
  • Stefan Dietze
  • Yasemin Acar
  • Sascha Fahl
Full Paper Visit Detail Page
2024-05-11

Mental Models, Expectations and Implications of Client-Side Scanning: An Interview Study with Experts.

Conference / Medium

International Conference on Human Factors in Computing Systems (CHI)
Mental Models, Expectations and Implications of Client-Side Scanning: An Interview Study with Experts.

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page