By Topic

2014 Workshop on Socio-Technical Aspects in Security and Trust

18-18 July 2014

Filter Results

Displaying Results 1 - 18 of 18
  • [Front cover]

    Publication Year: 2014, Page(s): C4
    Request permission for commercial reuse | PDF file iconPDF (858 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2014, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (52 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2014, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (106 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2014, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (121 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2014, Page(s):v - vi
    Request permission for commercial reuse | PDF file iconPDF (125 KB)
    Freely Available from IEEE
  • Foreword from the Workshop Chairs

    Publication Year: 2014, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (117 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference committee

    Publication Year: 2014, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (151 KB)
    Freely Available from IEEE
  • Program Committee and Additional Reviewers

    Publication Year: 2014, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (143 KB)
    Freely Available from IEEE
  • Keynote: Tackling the Awareness-Behaviour Divide in Security (Step 1): Understand the User by Lynne Coventry

    Publication Year: 2014, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (102 KB)
    Freely Available from IEEE
  • Decision Justifications for Wireless Network Selection

    Publication Year: 2014, Page(s):1 - 7
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (333 KB) | HTML iconHTML

    A number of security risks are associated with the selection of wireless networks. We examined wireless network choices in a study involving 104 undergraduate social science students. One research goal was to examine the extent to which features (such as padlocks) and colours could be used to 'nudge' individuals towards more secure network and away from open (unsecured) network options. Another go... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

    Publication Year: 2014, Page(s):8 - 15
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1114 KB) | HTML iconHTML

    An enterprise's information security policy is an exceptionally important control as it provides the employees of an organisation with details of what is expected of them, and what they can expect from the organisation's security teams, as well as informing the culture within that organisation. The threat from accidental insiders is a reality across all enterprises and can be extremely damaging to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modelling User Devices in Security Ceremonies

    Publication Year: 2014, Page(s):16 - 23
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (501 KB) | HTML iconHTML

    User constrained devices such as smart cards are commonly used in human-protocol interaction. Modelling these devices as part of human-protocol interaction is still an open problem. Examining the interaction of these devices as part of security ceremonies offers greater insight. This paper highlights two such cases: modelling extra channels between humans and devices in the ceremony, and modelling... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Social Engineering Personality Framework

    Publication Year: 2014, Page(s):24 - 30
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (333 KB) | HTML iconHTML

    We explore Information and Communication Technology (ICT) security in a socio-technical world and focus in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. We use Cialdini's principles of influence to categorise social engineering attacks. First we show with a comprehensive literature review how exis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling Human Behaviour with Higher Order Logic: Insider Threats

    Publication Year: 2014, Page(s):31 - 39
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (340 KB) | HTML iconHTML

    In this paper, we approach the problem of modeling the human component in technical systems with a view on the difference between the use of model and theory in sociology and computer science. One aim of this essay is to show that building of theories and models for sociology can be compared to and implemented in Higher Order Logic. We validate this working hypothesis by revisiting Weber's underst... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What You Enter Is What You Sign: Input Integrity in an Online Banking Environment

    Publication Year: 2014, Page(s):40 - 47
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (483 KB) | HTML iconHTML

    One problem with most currently used transaction authentication methods is that they depend on the customer's computer for integrity of the information flow between customer and bank. This allows man-in-the-middle attacks to be conducted using malware for financial fraud. Some banks are implementing new authentication methods that allow customers to verify transactions received by a bank without d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Statistical Information to Communicate Android Permission Risks to Users

    Publication Year: 2014, Page(s):48 - 55
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (511 KB) | HTML iconHTML

    The Android OS has a permission-based security system that controls the third party applications' access to sensitive information on the smartphone. The risk evaluation is left to the user who has to evaluate whether or not the requested permissions are appropriate. However, former work has shown that users lack attention to and understanding of the permissions which makes it difficult for them to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2014, Page(s): 56
    Request permission for commercial reuse | PDF file iconPDF (55 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2014, Page(s): 58
    Request permission for commercial reuse | PDF file iconPDF (172 KB)
    Freely Available from IEEE