Important Dates

    Papers due:
    14 April 2013
    28 April 2013 (extended)
  • Notification:
    15 May 2013
  • Pre-proceeding version due:
    10 June 2013
  • Final version due:
    14 July 2013
    (after the workshop)
  • Workshop:
    29 June 2013

Other Editions

STAST 2011:

STAST 2012:

STAST 2014:

Supported by







Workshop Venue

Workshop will be take place Saturday 29th, at the Newcomb Hall, Building 74, room B16 (basement).


Shuttles are available to go from the Crowne Plaza Hotel to Tulane University on Saturday at 7:30am and 8:30am. To go from the Tulane University back to Crowne Plaza Hotel, shuttles leaves at 5:45pm and 7:15pm. More information are available at the CSF web page

Accepted Papers

Accepted papers are all those in the programme


08:45 - 09:00 Welcome
09:00 - 10:00 Session 1: Keynote Talk
The ever changing Threat Model - A social-technical perspective
Jean E. Martina (Universidade Federal de Santa Catarina, Brasil)

Abstract: Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made on the technical side of information security in order to verify the protocols' claims against this type of attacker. Nowadays, the Dolev-Yao threat model is the most widely accepted attacker model for that. Consequently, we tend to consider systems when secure against an attacker under Dolev-Yao's assumptions. With the introduction of the human-centric security ideas we include human peers in our designs. With this addition we can potentially find and solve security flaws that were previously not detectable. In this talk, we will discuss that even though Dolev-Yao's threat model can represent the most powerful attacker possible, the attacker in this model is not realistic in certain scenarios, especially those related to the human peers. We look over other variations of threat models, including a dynamic threat model that can be adjusted according to each social-technical context. These new perspectives will help us to model and analyse security requirements in human-computer interaction always regarding to realistic scenarios without degrading security and improving usability.
10:00 - 10:30 Coffee Break
10:30 - 12:00 Session 2: Assessment and Perception of Risks
Applying the Lost-Letter Technique to Assess IT Risk Behaviour
Elmer Lastdrager, Lorena Montoya, Pieter Hartel and Marianne Junger (University of Twente)
How Privacy Flaws Affect Consumer Perception
Sadia Afroz, Aylin C. Islam, Jordan Santell, Aaron Chapin and Rachel Greenstadt (Drexel University)
Transparency enhancing tools (TETs): an overview
Milena Janic, Jan P. Wijbenga and Thijs Veugen (TNO)
12:00 - 12:30 Discussion
12:30 - 14:00 Lunch (on your own)
14:00 - 15:30 Session 3: Security Properties and Cultural Differences
Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definition
Carly Huth (CERT/SEI and CMU), David Mundie and Sam Perl (CERT/SEI)
American and Indian Conceptualizations of Phishing
Rucha Tembe, Kyung W. Hong, Christopher Mayhorn, Emerson Murphy-Hill and Christopher Kelley (North Carolina State University)
Adopting the CMU/APWG Anti-Phishing Landing Page idea for Germany
Melanie Volkamer, Simon Stockhardt, Steffen Bartsch and Michaela Kauer (TU Darmstadt)
15:30-16:00 Coffee Break
16:00-17:00 Panel Session
17:00-17:30 Discussion and Farewell