Uncategorized

CFP: 6th Int. Workshop on Socio-Technical Aspects of Security and Trust

Leave a comment

* **********************************************************
* 6th Int. Workshop on
* Socio-Technical Aspects of Security and Trust
* (STAST) – http://www.stast2016.uni.lu
* December 5, 2016
* ———————————————————-
* Co-located with
* 32nd Annual Computer Security Application Conference
* Los Angeles, USA
* **********************************************************

IMPORTANT DATES
—————-
Submission: 23 September 2016
Notification: 21 October 2016
Camera Ready: [after the workshop]

SUBMISSION
———-
We accept
(1) full papers; (2) position papers; (3) case studies
For more details, please visit our web page: http://www.stast2016.uni.lu

CONCEPT
——-
Successful attacks on information systems often combine social engineering practices with technical skills, exploiting technical vulnerabilities, insecure user behavior, poorly designed user interfaces, and unclear or unrealistic security policies. To improve security, technology must adapt to the users, because research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives. However, also adherence to reasonable security policies and corresponding behavioral changes should augment and support technical security.

Finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.

GOAL
—-
The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences.

INVITED SPEAKER
—————-
Matt Bishop (Univ. California Davis)

WORKSHOP TOPICS
————–
Relevant topics include but are not limited to:

* Requirements for socio-technical systems
* Feasibility of policies from the socio-technical perspective
* Threat models that combine technical and human-centred strategies
* Technical and social factors that influence decision making in security and privacy
* Balance between technical measures and social strategies in ensuring security and privacy
* Studies of real-world security incidents from the socio-technical perspective
* Social and technical factors that influence changes in security policies and processes
* Lessons learned from holistic design and deployment of security mechanisms and policies
* Models of user behaviour and user interactions with technology
* Perceptions of security, risk and trust and their influence on human behaviour
* Social engineering, persuasion, and other deception techniques
* Root cause analysis and analysis of incidents for socio-technical security incidents
* Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis
* Nudging to improve security
* User experience with security technologies

PROGRAM COMMITTEE
—————–
Blocki, Jeremiah (Purdue University)
Coventry, Lynne (Northumbria University)
Jakobsson, Markus (ZapFraud)
Jenkinson, Graeme (Univ. of Cambridge)
Kowalski, Stewart (Stockholm Univ.)
Mannan, Mohammad (Concordia Univ.)
Montoya, Lorena (Univ. of Twente)
Oliveira, Daniela (Univ. of Florida)
Parkin, Simon (Univ. College London)
Petrocchi, Marinella (Inst. of Inf. and Telematics-CNR)
Pieters, Wolter (Univ. of Twente & TU Delft)
Radomirovic, Sasa (ETH Zurich)
Renaud, Karen (Univ. of Glasgow)
Ryan, Peter (Univ. Luxembourg)
Volkamer, Melanie (TU Darmstadt & Karlstad Univ.)
Weippl, Edgar (SBA Research)
Yan, Jeff (Lancaster Univ.)
Yu, Ilsun (Soonchunhyang Univ.)
Zurko, Mary Ellen (Cisco Systems)

ORGANIZING COMMITTEE
——————–
** Programme Chairs
Benenson, Zinaida (Univ. of Erlangen-Nuremberg )
Gates, Carrie (Independent Contractor)

** Workshop Organizers
Bella, Giampaolo (Univ. of Catania)
Lenzini, Gabriele (Univ. of Luxembourg)

Authentication, Passwords

Passwords 2015 call for papers

Leave a comment

The 9th International Conference on Passwords will be held at Cambridge, UK on 7-9 December 2015.

Launched in 2010 by Per Thorsheim, Passwordscon is a lively and entertaining conference series dedicated solely to passwords. Passwordscon’s unique mix of refereed papers and hacker talks encourages a kind of cross-fertilization that I’m sure you’ll find both entertaining and fruitful.

Paper submissions are due by 7 September 2015. Selected papers will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series.

We hope to see lots of you there!

Graeme Jenkinson, Local arrangements chair

Authentication, Passwords, Security, Technology, Usability

Why password managers (sometimes) fail

Link Leave a comment

In a paper the Pico team are about to present at the Passwords 2014 conference in Trondheim, we introduce our proposal for Password Manager Friendly (PMF) semantics. PMF semantics are designed to give developers and maintainers of password managers a bit of a break and, more importantly, to improve the user experience.

For the details of the PMF proposal please read my post Why password managers (sometimes) fail on the Lightbluetouchpaper blog (the blog of the Security research group at the University of Cambridge).

All my thoughts that are fit to print