Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Socio-Technical Aspects in Security and Trust (STAST), 2012 Workshop on

Date 25-25 June 2012

Filter Results

Displaying Results 1 - 19 of 19
  • [Front and back cover]

    Publication Year: 2012 , Page(s): C4
    Save to Project icon | Request Permissions | PDF file iconPDF (1767 KB)  
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2012 , Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (29 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2012 , Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (137 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2012 , Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (124 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2012 , Page(s): v - vi
    Save to Project icon | Request Permissions | PDF file iconPDF (120 KB)  
    Freely Available from IEEE
  • Foreword from the Workshop Chairs - STAST 2012

    Publication Year: 2012 , Page(s): vii
    Save to Project icon | Request Permissions | PDF file iconPDF (84 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Foreword from the Programme Chairs - STAST 2012

    Publication Year: 2012 , Page(s): viii
    Save to Project icon | Request Permissions | PDF file iconPDF (68 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2012 , Page(s): ix
    Save to Project icon | Request Permissions | PDF file iconPDF (61 KB)  
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2012 , Page(s): x
    Save to Project icon | Request Permissions | PDF file iconPDF (68 KB)  
    Freely Available from IEEE
  • Additional reviewers

    Publication Year: 2012 , Page(s): xi
    Save to Project icon | Request Permissions | PDF file iconPDF (50 KB)  
    Freely Available from IEEE
  • Trust Engineering via Security Protocols

    Publication Year: 2012 , Page(s): 1 - 2
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (231 KB) |  | HTML iconHTML  

    Security protocols form a central part of the trust infrastructure of the online world. They allow principals to make decisions that authorize or prohibit actions of other principals, and to make those decisions based on information gathered from other principals. In this invited talk at Socio-Technical Aspects in Security and Trust 2012 (STAST), a view of protocol design that can serve as a trust infrastructure is described. “Trust engineering” is a process leading to protocols that reflect participants' concerns for authentication, confidentiality, controlling commitments, and repudiability or its opposite. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SpoofKiller: You Can Teach People How to Pay, but Not How to Pay Attention

    Publication Year: 2012 , Page(s): 3 - 10
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (374 KB) |  | HTML iconHTML  

    We describe a novel approach to reduce the impact of spoofing by a subtle change in the login process. At the heart of our contribution is the understanding that current antispoof technologies fail largely as a result of the difficulties to communicate security and risk to typical users. Accordingly, our solution is oblivious to whether the user was tricked by a fraudster or not. We achieve that by modifying the user login process, and letting the browser or operating system cause different results of user login requests, based on whether the site is trusted or not. Experimental results indicate that our new approach, which we dub "SpoofKiller", will address approximately 80% of spoofing attempts. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a Model to Support the Reconciliation of Security Actions across Enterprises

    Publication Year: 2012 , Page(s): 11 - 18
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (297 KB) |  | HTML iconHTML  

    As an increasing amount of businesses look towards collaborations to gain a strategic advantage in the marketplace, the importance of systems to support these collaborative activities significantly increases. Within this area, arguably one of the most important issues is supporting interaction security. This is both at the initial, higher level of humans from businesses agreeing on joint security needs and the lower level of security technologies (communication protocols, VPNs, and so on). As there has been a substantial amount of work on the latter level, this work-in-progress paper tries to restore some of the balance by considering the problem of supporting companies at the business (and more social/human) level of interactions. We focus particularly on the initial tasks of negotiating and reconciling their high-level security needs. Our specific aim is therefore to explore the design of a model which replicates the human decision-making process with regards to the reconciliation of conflicting security needs at this higher level. The modelling of such a process is a prime area for research in the socio-technical field because it seeks to formalise several social aspects not typically modelled in a technical sense. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Socio-Technical and Resilience Frameworks to Anticipate Threat

    Publication Year: 2012 , Page(s): 19 - 26
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (682 KB) |  | HTML iconHTML  

    This paper explores how frameworks based on socio-technical systems thinking and theories of resilience can be applied within the field of business security in order to help anticipate and subsequently prevent organizational threats. The paper applies a socio-technical framework to two fictional terrorism scenarios as exemplars, namely a cyber systems attack at the London 2012 Olympics and poisoning of the UK's water supply in order to anticipate the key contributors to these threats. The resilience factors are proposed as features of interrelating systems that should also be considered to analyze and adjust to threats effectively. Within this paper the resilience factor of anticipation is applied to terrorist scenarios, along with the socio-technical framework. This paper highlights the dangers associated with holding myopic views of threats and concludes that by using the socio-technical framework and considering the six resilience factors it is possible for organizations to anticipate in a more systemic way, to become more resilient to a variety of organizational attacks. Ideas for future research are discussed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improved Visual Preference Authentication

    Publication Year: 2012 , Page(s): 27 - 34
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1125 KB) |  | HTML iconHTML  

    We describe an improved preference-based password reset scheme in which both security and usability of previous approaches are dramatically improved on. We report on experimental findings supporting these claims. Our experiment shows a false negative rate on the order of 0.9% and a false positive rate on the order of 0.5% for a choice of parameters that result in a registration time of 100 seconds and an authentication time of 40 seconds. The improvements are due to a tertiary classification during authentication, instead of a binary classification, which allows a reduction in the number it items to be classified. Preference-based authentication schemes offer higher retention rates and lower risks for data-mining based attacks than comparable knowledge-based authentication schemes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Information Trustworthiness Advice in Decision Making

    Publication Year: 2012 , Page(s): 35 - 42
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (856 KB) |  | HTML iconHTML  

    In a society at the brink of information overload, using a measurement of trustworthiness to focus attention and ultimately reduce risks faced by individuals is an increasingly attractive option in supporting well-conceived decisions. As such, this paper seeks to advance discussions on trustworthiness and decision-making research by critically investigating individuals' ability to cognitively combine trustworthiness measures and the information content that they relate to, to make decisions. This is an often assumed reality but one that is lacking focused analysis in the socio-technical field. In our experiments, as we present trustworthiness information using visualisations on a computer screen, we also conduct a secondary assessment of a range of visualisation techniques to determine whether there are any better or generally preferred approaches to support decisions. Findings from both evaluations are relatively positive and insightful, and amongst other aspects, reaffirm humans as optimal assessors and identify a particularly strong dependence on trustworthiness levels in influencing to decision-making. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Optimal Security Investments in Networks of Varying Size and Topology

    Publication Year: 2012 , Page(s): 43 - 47
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (564 KB) |  | HTML iconHTML  

    This paper looks at network security from a game-theoretic point of view. Through the formulation and examination of increasingly complex scenarios, we formulate a model for utility-based security decisions. We look at the decision for one person to buy security software for herself and to buy security software in the context of two or more people. By modeling security as a public good, we examine externalities that players impose upon each other. We then examine Olson's theory of groups in a network security context to evaluate the effect of network size on optimal decision-making. We also discuss network topologies to investigate the limitations of the common game-theoretic interdependent security models. We conclude that these models work well for small to medium-sized networks with fairly uniform topologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2012 , Page(s): 48
    Save to Project icon | Request Permissions | PDF file iconPDF (51 KB)  
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2012 , Page(s): 50
    Save to Project icon | Request Permissions | PDF file iconPDF (159 KB) |  | HTML iconHTML  
    Freely Available from IEEE