STAST is a unique workshop that brings together researchers and practitioners to discuss the confluence of both the social and technical aspects of creating a secure computing environment that is trusted by end users. There is a dynamic that exists between the technical implementations of security and the social aspects behind how that technology is used. While this dynamic includes user interfaces, it also extends out to the cognitive, emotional and social aspects of secure behavior and its impact on policies and technology.
Proceeding Downloads
Digital privacy and social capital on social network sites. friends or foes?
Previous1 literature indicates that SNSs users, and especially Facebook ones, are willing to share information and consequently "sacrifice" their digital privacy in order to obtain bonding or bridging social capital. Additionally, most of the previous ...
Can Johnny finally encrypt?: evaluating E2E-encryption in popular IM applications
Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in ...
Influence tokens: analysing adversarial behaviour change in coloured petri nets
Social Engineers can use influential techniques to exploit human behaviour. For a security officer, simulating and analysing such attacks would provide useful insights towards possible countermeasures. We propose the notion of influence tokens, which a ...
Case study: predicting the impact of a physical access control intervention
We investigate a planned physical security intervention at a partner organisation site, to determine the potential individual cost of security upon employees when replacing a secure door with a turnstile. Systems modelling techniques are applied to ...
Is your data gone?: measuring user perceptions of deletion
Previous studies have shown that many users do not use effective data deletion techniques upon sale or surrender of storage devices. A logical assumption is that many users are still confused concerning proper sanitization techniques of devices upon ...
Why do people use unsecure public wi-fi?: an investigation of behaviour and factors driving decisions
Public Wi-Fi networks are now widely available in many countries. Though undoubtedly convenient, such networks have potential security and privacy risks. The aim of this study was to understand if people are aware of those risks, and - if so - why they ...
User trust assessment: a new approach to combat deception
Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a broad array of attacks, including ransomware distribution, enterprise-facing cons, and mass-deployed phishing attacks. It is widely believed that this is ...
"I had no idea this was a thing": on the importance of understanding the user experience of personalized transparency tools
Personalization has the potential to improve the effectiveness of "generic" privacy notices and policies, however, little is known about the user impact of the personalized transparency tools available today. While regulators consistently endorse ...
Proposing ambient visualization and pre-attentive processing for threat detection
Computer threats have gradually become the Achilles heel of the modern world, tearing tendon from bone in high security enterprise information systems and desktop computers alike. Even the most ardent advocates of computer security acknowledge the ...
- Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust