Important Dates
-
Papers due:
- Notification:
15 May 2013 - Pre-proceeding version due:
10 June 2013 - Final version due:
14 July 2013
(after the workshop)
28 April 2013 (extended)
- Workshop:
29 June 2013
Other Editions
STAST 2011:
stast2011.uni.lu
STAST 2012:
stast2012.uni.lu
STAST 2014:
stast2012.uni.lu
Supported by
Workshop Venue
Workshop will be take place Saturday 29th, at the Newcomb Hall, Building 74, room B16 (basement).Transportation
Shuttles are available to go from the Crowne Plaza Hotel to Tulane University on Saturday at 7:30am and 8:30am. To go from the Tulane University back to Crowne Plaza Hotel, shuttles leaves at 5:45pm and 7:15pm. More information are available at the CSF web pageAccepted Papers
Accepted papers are all those in the programme
Programme
| 08:45 - 09:00 | Welcome | |
| 09:00 - 10:00 | Session 1: Keynote Talk | |
| The ever changing Threat Model - A social-technical perspective | ||
|
Jean E. Martina (Universidade Federal de Santa Catarina, Brasil)
Abstract: Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made on the technical side of information security in order to verify the protocols' claims against this type of attacker. Nowadays, the Dolev-Yao threat model is the most widely accepted attacker model for that. Consequently, we tend to consider systems when secure against an attacker under Dolev-Yao's assumptions. With the introduction of the human-centric security ideas we include human peers in our designs. With this addition we can potentially find and solve security flaws that were previously not detectable. In this talk, we will discuss that even though Dolev-Yao's threat model can represent the most powerful attacker possible, the attacker in this model is not realistic in certain scenarios, especially those related to the human peers. We look over other variations of threat models, including a dynamic threat model that can be adjusted according to each social-technical context. These new perspectives will help us to model and analyse security requirements in human-computer interaction always regarding to realistic scenarios without degrading security and improving usability. |
||
| 10:00 - 10:30 | Coffee Break | |
| 10:30 - 12:00 | Session 2: Assessment and Perception of Risks | |
| Applying the Lost-Letter Technique to Assess IT Risk Behaviour | ||
| Elmer Lastdrager, Lorena Montoya, Pieter Hartel and Marianne Junger (University of Twente) | ||
| How Privacy Flaws Affect Consumer Perception | ||
| Sadia Afroz, Aylin C. Islam, Jordan Santell, Aaron Chapin and Rachel Greenstadt (Drexel University) | ||
| Transparency enhancing tools (TETs): an overview | ||
| Milena Janic, Jan P. Wijbenga and Thijs Veugen (TNO) | ||
| 12:00 - 12:30 | Discussion | |
| 12:30 - 14:00 | Lunch (on your own) | |
| 14:00 - 15:30 | Session 3: Security Properties and Cultural Differences | |
| Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definition | ||
| Carly Huth (CERT/SEI and CMU), David Mundie and Sam Perl (CERT/SEI) | ||
| American and Indian Conceptualizations of Phishing | ||
| Rucha Tembe, Kyung W. Hong, Christopher Mayhorn, Emerson Murphy-Hill and Christopher Kelley (North Carolina State University) | ||
| Adopting the CMU/APWG Anti-Phishing Landing Page idea for Germany | ||
| Melanie Volkamer, Simon Stockhardt, Steffen Bartsch and Michaela Kauer (TU Darmstadt) | ||
| 15:30-16:00 | Coffee Break | |
| 16:00-17:00 | Panel Session | |
| 17:00-17:30 | Discussion and Farewell |