Workshop on Security and Human Behaviour (SHB 2017)

May 25-6, Cambridge – Working papers

The workshop will be held Lecture Theatre 2 in the Computer Laboratory, University of Cambridge. It is sponsored by the Cambridge Cybercrime Centre, Facebook, Cisco and the NSF.

Attendees are also invited to the Wheeler Lecture and reception on May 24th (for which there is free registration here). The SHB sessions start the following morning; the schedule is here.

  • Yasemin Acar, Saarland: : Comparing the Usability of Cryptographic APIs; You Get Where You’re Looking For
  • Alessandro Acquisti, CMU: Privacy and human behavior in the age of information, The Economics of Privacy
  • Ross Anderson, Cambridge: When Lying Feels the Right Thing to Do; The Emotional and Financial Impact of Internet Fraud; Experimental Measurement of Attitudes Regarding Cybercrime
  • Robert Axelrod, Michigan: Challenges in researching terrorism from the field, Timing of cyber conflict; Strategic aspects of cyberattack, attribution, and blame
  • Zinaida Benenson, Erlangen; Unpacking Spear Phishing Susceptibility; All your bulbs are belong to us, Maybe Poor Johnny Really Cannot Encrypt – The Case for a Complexity Theory for Usable Security
  • Howard Bowman: Oscillations and episodic memory; Countering countermeasures: Detecting identity lies by detecting conscious breakthrough
  • Laura Brandimarte: Would a Privacy Fundamentalist Sell Their DNA for $1000… If Nothing Bad Happened Thereafter?; Beyond the Turk: Alternative platforms for crowdsourcing behavioral research
  • Jean Camp, Indiana: Instrumenting Simple Risk Communication for Safer Browsing, How Safe is Safe Enough: The Online Version
  • Yi Ting Chua, MSU: Examining the risk reduction strategies of online actors in criminal markets; Gendering cybercrime
  • Richard Clayton, Cambridge
  • Britanny Davidson, Bath
  • Serge Egelman, Berkeley: Android Permissions Remystified; Scaling the Security Wall; Is Our Children's Apps learning?
  • Ame Elliott, Berlin; What raves can teach us about infosec, Learning from drones; Blink and you’ll miss it: Notifications in an AI world
  • Claudia Exeler, Facebook
  • Sascha Fahl, Saarland: Comparing the Usability of Cryptographic APIs; You Get Where You’re Looking For
  • Sarah Gold, Projects by IF: We need new design patterns for data sharing
  • Rachel Greenstadt, Drexel
  • Richard Harper, Lancaster: Trusting oneself: an anthology of digital things and personal competence
  • Nick Humphrey, Cambridge
  • Alice Hutchings, Cambridge: Exploring the provision of online booter services; Taking down websites to prevent crime
  • Richard John, USC: Jurors’ Presumption of Innocence
  • Adam Joinson, Bath: The extended ‘chilling effect’ of Facebook:the cold reality of ubiquitous social networking; Characterizing the linguistic chameleon:personal and social correlates of linguistic style accommodation; Privacy as a fuzzy concept: A new conceptualization of privacy for practitioners
  • Ben Laurie, Google Deepmind: Trust, confidence and Verifiable Data Audit
  • Eliot Lear, Cisco; Manufacturer Usage Description Specification
  • John Lyle, Facebook
  • Dominique Machuletz, Munster; Users Protect Their Privacy If They Can: Determinants of Webcam Covering Behavior
  • Nathan Malkin, Berkeley: Recovering High-Value Secrets with SGX and Social Authentication
  • Maryam Mehrnezhad, Newcastle: PiSHi: click the images and I tell if you are a human; Stealing PINs via mobile sensors: actual risk versus user perception
  • David Modic, Cambridge: We Will Make You Like Our Research: The Development of a Susceptibility-to-Persuasion Scale; It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud
  • Harvey Molotch, NYU: Against Security; Default to Decency
  • John Mueller, Ohio State:Misoverestimating ISIS; The curse of the Black Swan, How Safe Are We? Asking the Right Questions about Terrorism
  • David Murakami Wood, Queens: Power Down; Urban surveillance after the end of globalization; Spatial sorting
  • Arvind Narayanan, Princeton: Semantics derived automatically from language corpora contain human-like biases; On the Instability of Bitcoin Without the Block Reward; The Future of Ad Blocking
  • Melody Zhifang Ni, Imperial
  • Bekah Overdorf, Drexel: Blogs, Twitter Feeds, amd Reddit Comments: Cross-domain Authorship Attribution
  • Emilee Rader, MSU: Conceptualizing Derived Data as a Common Pool Resource
  • Elissa Redmiles, Maryland: I Think They’re Trying to Tell Me Something – Advice Sources and Selection for Digital Security; Where is the digital divide? A survey of security, privacy, and socioeconomics
  • Angela Sasse, UCL: From Paternalistic to User-Centred Security; Productive Security; Barriers to Usable Security?
  • Bruce Schneier, Harvard Law School: The Battle for Power on the Internet; You Have No Control Over Security on the Feudal Internet; Our Security Models with Never Work – No Matter What We Do
  • Marc Schuilenburg, Amsterdam: To resist = to create?; Behave or be banned? Banning orders and selective exclusion from public space; From Biopolitics to Mindpolitics. Nudging in Safety and Security Management
  • Frank Stajano, Cambridge: Pico in the Wild: Replacing Passwords, One Site at a Time; Cambridge2Cambridge; Understanding scam victims
  • Elizabeth Stobert, ETH Zurich: Expert password management
  • Sander van der Linden, Cambridge: The conspiracy effect; Inoculating the Public against Misinformation about Climate Change
  • Sophie van der Zee, Amsterdam: The human factor in cybercrime and cybersecurity; When Lying Feels the Right Thing to Do; Measuring cues for stand-off deception detection based on full-body non-verbal features in body-worn cameras
  • Tony Vance, Brigham Young: What do we really know about how habituation to warnings occurs over time? ; Tuning Out Security Warnings: A Longitudinal Examination of Habituation through fMRI, Eye Tracking, and Field Experiments
  • Kami Vaniea, Edinburgh: Tales of Software Updates
  • Rick Wash, Michigan State: Human Interdependencies in Security Systems; Can People Self-Report Security Accurately?
  • Charles Weir, Lancaster: How to improve the security skills of mobile app developers
  • Monica Whitty, Warwick: The scammers persuasive techniques model
  • Lydia Wilson, Oxford: What I Discovered From Interviewing Imprisoned ISIS Fighters; Understanding the Appeal of ISIS
  • Jeff Yan, Lancaster: "To Bluff like a Man or Fold like a Girl?" – Gender Biased Deceptive Behavior in Online Poker, Machiavelli as a poker mate

    There are hotel rooms in Cambridge to suit all pockets.

    Registration: the workshop is invitational and numbers are limited. Invitations are now closed.

    This is the tenth SHB. Here are links to the liveblog, papers and audio recordings for the previous workshops: 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009 and 2008.