Important Dates
-
Papers due:
- Notification:
31 May 2014 - Pre-proceeding version due:
6 July 2014 - Final version due:
27 July 2014
(after the workshop)
30 April 2014 (extended)
- Workshop:
18 July 2014
Previous Editions
STAST 2011:
stast2011.uni.lu
STAST 2012:
stast2012.uni.lu
STAST 2013:
stast2013.uni.lu
Main Event
Supported by
Accepted Papers
Accepted papers are all those in the programme. Talks last 45 minutes including questions and answers.
Programme
| 08:45 - 09:00 | Welcome and Opening | |
| 09:00 - 10:15 | Session 1: Keynote Talk | |
| Tackling the Awareness-Behaviour Divide in Security: (step 1) Understand the User | ||
|
Lynne Coventry (Psych. and Comm. Tech. Lab,
Univ. of Northumbria)
Abstract: Various factors influence user's behaviour and interactions with technology. This means security has a socio-technical element, that continues to present a challenge in research and attempts to improve security behaviour. Users may not be the enemy but their (un)intentional (mis)use of technology is certainly part of the problem in security. To solve this problem, we must do more than simply pay lip service to the need to address the human element; we need to systematically explore the environmental, social and personal influencers of behaviour within the context of cybersecurity. Those who seek to ensure cybersecurity must learn to utilise such influencers as efficiently as those who seek to exploit them. Awareness training is touted as the solution, awareness may be necessary but it is seldom sufficient. Psychological research and organisational reports suggest that increased user awareness alone is insufficient when it comes to changing actual behaviour. This may make users' behaviours seem irrational, but they are understandable if you appreciate the cognitive biases people are prone to and the heuristics they use when the time, effort and knowledge required to follow a "rational" decision making process outweighs the benefits perceived by the user. This talk provides a short overview of the issues worthy of exploration in security research and suggests several strategies on how to tackle the security awareness - behaviour divide". |
||
| 10:15 - 10:45 | Coffee Break | |
| 10:45 - 13:00 | Session 2: Security Ceremonies and Policies | |
| Decision Justifications for Wireless Network Selection | ||
| Debora Jeske, Lynne Coventry and Pam Briggs (Northumbria Univ.) | ||
| Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat | ||
| Oliver Buckley, Jason Nurse, Philip Legg, Michael Goldsmith and Sadie Creese ( Oxford Univ.) | ||
| Modelling User Devices in Security Ceremonies | ||
| Taciane Martimiano, Jean Everson Martina (Univ. Fed. de Santa Catarina), Maina Olembo (CASED, TU Darmstadt) and Marcelo Carlos (RHUL) | ||
| 13:00 - 14:30 | Lunch | |
| 14:30 - 16:00 | Session 3: Security and Human Behaviour | |
| The Social Engineering Personality Framework | ||
| Sven Uebelacker and Susanne Quiel (Hamburg Univ. of Technology) | ||
| Modeling Human Behaviour with Higher Order Logic: Insider Threats | ||
| Jaap Boender (Middlesex Univ.), Marieta Georgieva Ivanova (DTU), Florian Kammueller and Giuseppe Primiero (Middlesex Univ.) | ||
| 16:00 - 16:30 | Coffee Break | |
| 16:30-18:00 | Session 4: Socio-Technical Security | |
| What You Enter Is What You Sign: Input Integrity in an Online Banking Rnvironment | ||
| Sven Kiljan, Harald Vranken (Open Univ.) and Marko van Eekelen (Radboud Univ. Nijmegen) | ||
| Using Statistical Information to Communicate Android Permission Risks to Users | ||
| Lydia Kraus, Ina Wechsung and Sebastian Möller (Telekom Innovation Labs/ TU Berlin) | ||
| 18:00-18:10 | Closing and Farewell |