STAST 2019: Socio-Technical Aspects in Security Luxembourg, Luxembourg, September 26, 2019 |
Conference website | http://www.stast.uni.lu |
Submission link | https://easychair.org/conferences/?conf=stast2019 |
Submission deadline | July 10, 2019 |
STAST is a one-day workshop that intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences.
Concept. Successful attacks on information systems often combine social engineering practices with technical skills, exploiting technical vulnerabilities, insecure user behavior, poorly designed user interfaces, and unclear or unrealistic security policies. To improve security, technology must adapt to the users, because research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives. However, also adherence to reasonable security policies and corresponding behavioral changes should augment and support technical security.
Finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.
Submission Guidelines
All papers must be original and not simultaneously submitted to another journal or conference. The following paper categories are welcome:
- Full papers discussing original research, answering well-defined research questions, and presenting full and stable results
- Position papers that are original contributions discussing existing challenges and introducing and motivating new research problems
- Case studies describing lessons learned from design and deployment of security mechanisms and policies in research and in industry
- Work in progress describing original but unfinished research, which is nevertheless based on solid research questions or hypothesis soundly argued be innovative compared with the state of the art
General Guidelines
All papers must be written in English and they will be peer reviewed by at least three members of the Programme Committee. They will be judged on novelty, technical soundness/social scientific content, comparison to related work, validation aspects.
Both theoretical and applied research papers are welcome.
Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with published proceedings. Failure to clearly identify any duplication or overlap with other papers is ground for rejection without full review.
Submission
Submissions are anonymous.
Papers should be submitted in Portable Document Format (PDF). All submissions should follow the LNCS template up to date at submission time. Submitted papers should be at most 16 pages (using 10-point font), excluding the bibliography and well-marked appendices, and at most 20 pages total. Committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English. Papers must be submitted to the submission web site. Only pdf files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Authors of accepted papers must agree with Springer LNCS copyright and guarantee that their papers will be presented at the conference.
We accept (a) Full Papers; (b) Position Papers; (c) Case Studies; (d) Work in Progress.
Position Papers and Case Studies, and Work in Progress, should be preferably 8 pages long , and must have at the beginning of the paper's title the words "Position Paper:", "Case Study:", or "Work in Progress" respectively.
Submitted papers must adhere to the ACM Copyright Policy and the ACM Policy on Plagiarism.
STAST 2019 makes special provisions for research employing evidence-based methods, including
- allowing authors to highlight (anonymous) pre-registrations,
- seeking structured abstracts for pre-proceeding submissions, and
- encouraging authors to report p-values, test statistics, effect sizes and confidence intervals following the 6th edition of the APA guidelines.
We encourage authors to consider the submission page for further submission guidelines.
List of Topics
Contributions should focus on the interplay of technical, organizational and human factors in breaking and in achieving computer security, for example:
- Usability and user experience in security
- Requirements for socio-technical systems
- Feasibility of policies from the socio-technical perspective
- Threat models that combine technical and human-centered strategies
- Socio-technical factors in decision making in security and privacy
- Balance between technical measures and social strategies
- Studies of real-world security incidents socio-technical perspective
- Social factors in organizations security policies and processes
- Lessons from design and deployment of security mechanisms and policies
- Models of user behaviour and user interactions with technology
- Perceptions of security and risk, as well as their influence on humans
- Interplay of law, ethics and politics with security and privacy measures
- Social engineering, persuasion, and other deception techniques
- Socio-technical analysis of security incidents
- Strategies, methodology and guidelines cyber-security intelligence analysis
We welcome qualitative and quantitative research approaches from academia and industry.
We welcome meta-analytic as well as replication studies and consider them as original research eligible for full papers. We welcome negative or null results with sound methodology.
Committees
Program Committee
- Aimeur Esma (University of Montreal)
- Allodi Luca (TU/e Eindhoven)
- Anastasopoulou Kalliopi (University of Bristol)
- Andriotis Panagiotis (University of the West of England)
- Badillo-Urquiola Karla (University of Central Florida)
- Bednar Peter (Portsmouth University)
- Benenson Zinaida (University of Erlangen-Nuremberg)
- Carter Michael (Queen's University)
- Coles-Kemp Lizzie (Royal Holloway University of London)
- Diesburg Sarah (University of Northern Iowa)
- Dockal Jaroslav (School of Informatics and Communications, Brno, Czech Republic)
- Groß Thomas (University of Newcastle upon Tyne)
- Giustolisi Rosario (IT University of Copenhagen)
- Hartel Pieter (University of Twente)
- Hugl Ulrike (Innsbruck University)
- Jakobsson Markus (Amber Solutions)
- Karyda Maria (Aegean University)
- Kokolakis Spyros (Aegean University)
- Kowalski Steward (Norwegian University of Science and Technology)
- Krol Kat (Google UK)
- Li Shujun (University of Kent)
- Martina Jean (Universidade Federal de Santa Catarina)
- Mehrnezhad Maryam (University of Newcastle)
- Nishigaki Masakatsu (Shizuoka University)
- Nurse Jason (University of Kent)
- Radomirovic Saŝa (University of Dundee)
- Renaud Karen (Abertay University)
- Ryan, Peter Y. A. (University of Luxembourg)
- Stobert Elizabeth (Concordia University)
- Thomson Kerry-Lynn (Nelson Mandela Metropolitan University)
- Simon Parkin (University College London)
- Viganò Luca (King's College London)
- Volkamer Melanie (Karlsruhe Institute of Technology)
- Williams Emma (University of Bristol)
- Wrona Konrad (NCI Agency / Military University of Technology in Warsaw)
Organizing committee
PC Chairs:
- Theo Tryfonas (University of Bristol)
- Thomas Gross (Newcastle University)
Organizers:
- Giampaolo Bella (University of Catania)
- Gabriele Lenzini (University of Luxembourg)
Venue
The conference will be held in the Alvisse Parc Hotel, Luxembourg City, Luxembourg. Affiliated and co-located with the European Symposium on Research in Computer Security (ESORICS 2019) (cf. its venue page).
Contact
All questions about submissions should be emailed to Thep Tryfonas and Thomas Gross.