* ********************************************************** * 7th Int. Workshop on * Socio-Technical Aspects in Security and Trust * (STAST) - http://stast.uni.lu * December 5, 2017 * ---------------------------------------------------------- * Affiliated with * the Annual Computer Security Application Conference * (ACSAC 2017) * Orlando, Florida, USA * ********************************************************** IMPORTANT DATES ---------------- Title and Abstract: September 27, 2017, 23.59 AoE (= UTC-12) Full Paper: October 2, 2017, 23.59, AoE (= UTC-12) Notification: November 6, 2017 Camera Ready: November 20, 2017 SUBMISSION ---------- We accept (1) Full Papers; (2) Position Papers; (3) Case Studies; (4) Work in Progress. For more details, please visit our web page CONCEPT AND GOAL ---------------- Successful attacks on information systems often combine social engineering practices with technical skills. Research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives and to improve security, technology must adapt to the users. However, finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions. The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences. PROCEEDINGS ----------- The final proceedings will be published with the ACM International Conference Proceedings Series WORKSHOP TOPICS -------------- * Requirements for socio-technical systems * Feasibility of policies from the socio-technical perspective * Threat models that combine technical and human-centered strategies * Technical and social factors that influence decision making in security and privacy * Balance between technical measures and social strategies in ensuring security and privacy * Studies of real-world security incidents from the socio-technical perspective * Social factors that influence changes in organizations security policies and processes * Lessons learned from holistic design and deployment of security mechanisms and policies * Models of user behaviour and user interactions with technology * Perceptions of security, risk and trust and their influence on human behaviour * Interplay of law, ethics and politics with security and privacy measures * Social engineering, persuasion, and other deception techniques * Socio-technical analysis of security incidents * Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis We welcome qualitative and quantitative research approaches from academia and industry PROGRAM COMMITTEE ----------------- (see web page) KEYNOTE SPEAKER ----------------- Robert L. Biddle (Carleton University) ORGANIZING COMMITTEE -------------------- ** Programme Chairs Zinaida Benenson (University of Erlangen-Nuremberg) Daniela Oliveira (University of Florida) ** Workshop Organizers Giampaolo Bella (University of Catania) Gabriele Lenzini (University of Luxembourg)