By Topic

2013 Third Workshop on Socio-Technical Aspects in Security and Trust

Date 29-29 June 2013

Filter Results

Displaying Results 1 - 18 of 18
  • Title Page i

    Publication Year: 2013, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (32 KB)
    Freely Available from IEEE
  • Title Page iii

    Publication Year: 2013, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (87 KB)
    Freely Available from IEEE
  • Copyright Page

    Publication Year: 2013, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (120 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2013, Page(s):v - vi
    Request permission for commercial reuse | PDF file iconPDF (126 KB)
    Freely Available from IEEE
  • Foreword from the Workshop Chairs

    Publication Year: 2013, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (121 KB) | HTML iconHTML
    Freely Available from IEEE
  • Foreword from the Programme Chairs

    Publication Year: 2013, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (26 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2013, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (88 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2013, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (101 KB)
    Freely Available from IEEE
  • Additional Reviewers

    Publication Year: 2013, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (15 KB)
    Freely Available from IEEE
  • The Ever Changing Threat Model: A Social-Technical Perspective

    Publication Year: 2013, Page(s): 1
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (228 KB)

    Summary form only given. Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made on the technical side of information security in order to verify the protocols' claims against this type of attacker. Nowadays, the Dolev-Yao threat model is the most widely accepted attacker model for that. Consequently, we tend to consider systems when secure against an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the Lost-Letter Technique to Assess IT Risk Behaviour

    Publication Year: 2013, Page(s):2 - 9
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (270 KB) | HTML iconHTML

    Information security policies are used to mitigate threats for which a technical prevention is not feasible. Compliance with information security policies is a notoriously difficult issue. Social sciences could provide tools to empirically study compliance with policies. We use a variation of the lost-letter technique to study IT risk behaviour, using USB keys instead of letters. The observational... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How Privacy Flaws Affect Consumer Perception

    Publication Year: 2013, Page(s):10 - 17
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1079 KB) | HTML iconHTML

    We examine how consumers perceive publicized instances of privacy flaws and private information data breaches.Using three real-world privacy breach incidents, we study how these flaws affected consumers' future purchasing behavior and perspective on a company's trustworthiness. We investigate whether despite a lack of widespread privacy enhancing technology (PET) usage, consumers are taking some b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transparency Enhancing Tools (TETs): An Overview

    Publication Year: 2013, Page(s):18 - 25
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (169 KB) | HTML iconHTML

    As the amount of users' information collected and exchanged on the Internet is growing, so are, consequently, the users' concerns that their privacy might be violated. Some studies have shown that a large number of users avoid engaging in online services due to privacy concerns. It has been suggested that increased transparency of privacy related mechanisms may promote users' trust. This paper rev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions

    Publication Year: 2013, Page(s):26 - 36
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (319 KB) | HTML iconHTML

    The lack of standardization of the terms insider and insider threat has been a noted problem for researchers in the insider threat field. This paper describes the investigation of 42 different definitions of the terms insider and insider threat, with the goal of better understanding the current conceptual model of insider threat and facilitating communication in the research community. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • American and Indian Conceptualizations of Phishing

    Publication Year: 2013, Page(s):37 - 45
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (500 KB) | HTML iconHTML

    Using Amazon's Mechanical Turk, fifty American and sixty-one Indian participants completed a survey that assessed characteristics of phishing attacks, asked participants to describe their previous phishing experiences, and report phishing consequences. The results indicated that almost all participants had been targets, yet Indian participants were twice as likely to be successfully phished as Ame... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adopting the CMU/APWG Anti-phishing Landing Page Idea for Germany

    Publication Year: 2013, Page(s):46 - 52
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1257 KB) | HTML iconHTML

    Phishing attacks still pose a significant problem and purely technical solutions cannot solve this problem. While research literature in general shows that educating users in security is hard, the Anti-Phishing Landing Page proposed by CMU researchers seems promising as it appears in the most teachable moment -- namely once someone clicked on a link and was very likely to fall for phishing. While ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author Index

    Publication Year: 2013, Page(s): 53
    Request permission for commercial reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2013, Page(s): 54
    Request permission for commercial reuse | PDF file iconPDF (164 KB)
    Freely Available from IEEE