Heinz Maier-Leibnitz Prize: The Human Factor in IT Security

It takes more than technological innovation to develop functional mechanisms for IT security and privacy.

For his work on the role of human in IT security and data protection, Prof Dr Sascha Fahl, Ruhr-Universität Bochum, is honoured with the Heinz Maier-Leibnitz Prize 2018, an annual award by the German Research Foundation. Amounting to 20,000 euros, the prize was presented at an award ceremony on Mai 29, 2018 in Berlin.

In theory, many IT security and privacy mechanisms should ensure a high degree of security. “In practice, however, this is often not the case,” says Sascha Fahl, head of the research group Usable Security and Privacy at the Horst Görtz Institute for IT Security. This is because technological innovation is not the only factor affecting IT security and privacy. They must also be easy to handle by the end users. The team headed by Sascha Fahl studies how this goal can be achieved, using IT security approaches in combination with qualitative and quantitative research methods from the fields of social science and psychology.

All actors must be considered

Research into usable security frequently focuses on end users – for example exploring options for rendering alerts more effective. Still, end users constitute only one aspect studied by Fahl’s group. The team takes all key actors into consideration, those including software developers, system administrators, and IT system designers.
Sascha Fahl had, for example, analysed how superfluous or fake certificate alerts in browsers could be avoided, and how software development should be documented in order to enable developers to create a secure product with simple means.


About the person

Sascha Fahl studied computer science at the University of Marburg. In 2016, he completed his PhD thesis in computer science with the title: “On the Importance of Ecologically Valid Usable Security Research for End Users and IT Workers”. Since April 2018, he has been heading the research group Usable Security and Privacy at Ruhr-Universität; prior to that, he assumed the roles of deputy professor for IT security at Leibniz Universität Hannover and head of the junior research group at the Helmholtz Center for IT Security at the Saarland University. Moreover, he was member of Google’s Chrome Security Team and research associate at Fraunhofer Institute for Communication, Information Processing and Ergonomics. In 2017, Fahl was presented the Google Faculty Research Award and the John Karat Usable Privacy and Security Student Research Award. Moreover, he and his team came first in the NSA’s Best Scientific Cybersecurity Competition.

Further information are available here.