Workshop on Security and Human Behaviour (SHB 2009)
June 11-12, MIT - Working papers
The workshop will be held in MIT Classroom 32-124 in the Stata Center, Vassar Street.
As we prepare for the workshop, I'll be adding to each attendee's name one or
two links to papers that they might like others to look at in advance. Email me
your contributions!
Here is the workshop program.
Ross.Anderson at cl.cam.ac.uk
Alessandro Acquisti, CMU:
What
Can Behavioral Economics Teach Us About Privacy?; Privacy
in Electronic Commerce and the Economics of Immediate Gratification Andrew Adams, Reading: Regulating CCTV John Adams, UCL: Deus e
Brasileiro?; Can
Science Beat Terrorism?; Bicycle
bombs: a further inquiry
Ross Anderson, Cambridge: Database
State; Information
Security Economics - and Beyond; The Memorability
and Security of Passwords -- Some Empirical Results; book chapters on psychology and terror
Matt Blaze, UPenn; Toward a broader
view of security protocols
Caspar
Bowden, Microsoft
danah boyd, Microsoft Research: Taken Out of Context -
American Teen Sociality in Networked Publics
Bill Burns,
Decision Research: The
Diffusion of Fear: Modeling Community Response to a Terrorist Strike Jon Callas, PGP: Improving
Message Security With a Self-Assembling PKI Jean Camp, Indiana: Experimental Evaluation of
Expert and Non-expert Computer Users' Mental Models of Security Risks
Luke Church, Cambridge:
SHB
Position Paper; Usability
and the Common Criteria
Dave
Clark, MIT: A social
embedding of network security - Trust, constraint, power and control
Chris Cocking,
London Met: Effects of
social identity on responses to emergency mass evacuation
Lorrie Cranor, CMU: A Framework for Reasoning
About the Human in the Loop
Julie Downs,
CMU: Behavioral
Response to Phishing Risk; Parents'
vaccination comprehension and decisions; The Psychology of
Food Consumption
Mark
Frank, Buffalo; Human Behaviour and
Deception Detection
Jeffrey
Friedberg, Microsoft: End to End Trust and the Trust User Experience; Testimony
on "spyware"
Allan Friedman, Harvard
Dan Gardner, The Ottawa Citizen
Rachel Greenstadt, Drexel: Practical Attacks
Against Authorship Recognition Techniques (pre-print); Reinterpreting the
Disclosure Debate for Web Infections
Jeff
Hancock, Cornell: On Lying and
Being Lied To: A Linguistic Analysis of Deception in Computer-Mediated
Communication; Separating Fact
From Fiction: An Examination of Deceptive Self-Presentation in Online
Dating Profiles
Markus Jakobsson,
PARC: Social
Phishing; Love and
Authentication; Quantifying the Security
of Preference-Based Authentication
Richard
John, USC: Decision Analysis by
Proxy for the Rational Terrorist
Dominic Johnson, Edinburgh:
Paradigm
Shifts in Security Strategy; Perceptions of
victory and defeat
Eric
Johnson, Dartmouth: Access Flexibility with Escalation and Audit; Security through Information Risk
Management
Adam Joinson, Bath: Privacy,
Trust and Self-Disclosure Online; Privacy concerns and
privacy actions
Christine Jolls,
Yale
Mark
Levine, Lancaster: Intra-group
Regulation of Violence: Bystanders and the (De)-escalation of Violence
George
Loewenstein, CMU: Searching for
Privacy in all the Wrong Places: A behavioural economics perspective on
individual concern for privacy
David Mandel, DRDC
Toronto: Applied Behavioral
Science in Support of Intelligence Analysis, Radicalization:
What does it mean?; The
Role of Instigators in Radicalization to Violent Extremism
Jeff MacKie-Mason, Michigan
Betsy Masiello, Google
Tyler Moore, Harvard: The Consequences of
Non-Cooperation in the Fight Against Phishing; Information
Security Economics - and Beyond John Mueller, Ohio
State: Reacting
to Terrorism: Probabilities, Consequences, and the Persistence of Fear; Evaluating
Measures to Protect the Homeland from Terrorism; Terrorphobia:
Our False Sense of Insecurity
Peter Neumann, SRI: Holistic systems; Risks
Bashar Nuseibeh, Open
University: A
Multi-Pronged Empirical Approach to Mobile Privacy Investigation; Security
Requirements Engineering: A Framework for Representation and Analysis
Andrew Odlyzko, University
of Minnesota: Network Neutrality,
Search Neutrality, and the Never-Ending Conflict Between Efficiency and Fairness
in Markets, Economics,
psychology, and sociology of security Andrew Patrick, NRC Canada: Fingerprint
Concerns: Performance, Usability, and Acceptance of Fingerprint Biometric
Systems
James Pita. USC: Deployed
ARMOR Protection: The Application of a Game Theoretic Model for Security at
the Los Angeles International Airport
Rob Reeder, Microsoft: Expanding Grids for
Visualizing and Authoring Computer Security Policies
Mike Roe, Microsoft
Sasha Romanosky, CMU: Do Data Breach
Disclosure Laws Reduce Identity Theft?; Consumer Privacy
Costs and Personal Data Protection: Economic and Legal Perspectives
Angela Sasse, UCL: The
Compliance Budget: Managing Security Behaviour in Organisations; Human
Vulnerabilities in Security Systems
Stuart Schechter,
Microsoft: It's no
secret; The Emperor's New
Security Indicators
Bruce Schneier, Counterpane: How Perverse Incentives Drive Bad
Security Decisions; The
Kindness of Strangers
Adam Shostack, Microsoft: Experiences Threat Modeling at Microsoft
Diana Smetters,
PARC
David Livingstone Smith, University
of New England: Talk on Lying at
La Ciudad de Las Ideas; a subsequent discussion; Why War?
Frank Stajano, Cambridge: Understanding
victims: Six principles for systems security; Usability
of Security Management: Defining the Permissions of Guests
Mark
Stewart, University of Newcastle, NSW: A risk and
cost-benefit assessment of United States aviation security measures; Risk
and Cost-Benefit Assessment of Counter-Terrorism Protective Measures to
Infrastructure
Terence Taylor, ICLS:
Darwinian Security; Natural Security (A
Darwinian Approach to a Dangerous World)
Simon
Wessely, King's College London
Alma Whitten, Google: Why
Johnny can't encrypt: A usability evaluation of PGP 5.0