Workshop on Security and Human Behaviour (SHB 2020)

June 18-19, Cambridge – Working papers

Because of the pandemic, the physical workshop has been postponed to June 3-4 2021 while a virtual workshop will be held on June 18-19 2020. It is sponsored by the Cambridge Cybercrime Centre, Facebook, Google, Cisco and the NSF.

  • Max Abrahms, Northeastern University
  • Yasemin Acar, Hannover: Comparing the Usability of Cryptographic APIs; You Get Where You’re Looking For
  • Alessandro Acquisti, CMU: Privacy and human behavior in the age of information, The Economics of Privacy
  • Andrew Adams, Meiji University
  • Sadia Afroz, ICSI, UC Berkeley: Quantifying the Collateral Damage of IP Blacklisting
  • Luca Allodi, Eindhoven: Malware economics and attack innovation, Detection and response to phishing attacks
  • Ross Anderson, Cambridge: Book chapter: Psychology and Usability; The gift of the gab: Are rental scammers skilled at the art of persuasion?
  • Scott Atran, University of Michigan: It Takes Social Science to Counter the Power of Russia's Malign Influence Campaign; How People Become Radicalized
  • Robert Axelrod, Michigan: Interpersonal Aspects of Cyber Security
  • Zinaida Benenson, Erlangen: Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products; Security Managers Are Not the Enemy Either
  • Laura Brandimarte: Would a Privacy Fundamentalist Sell Their DNA for $1000… If Nothing Bad Happened Thereafter?; Beyond the Turk: Alternative platforms for crowdsourcing behavioral research
  • Maria Brincker, University of Massachussetts: Privacy in public and the contextual conditions of agency
  • Jean Camp, Indiana: Instrumenting Simple Risk Communication for Safer Browsing, How Safe is Safe Enough: The Online Version
  • Yi Ting Chua, Cambridge: Examining the risk reduction strategies of online actors in criminal markets; Gendering cybercrime
  • Nicolas Christin, CMU
  • Richard Clayton, Cambridge: Booting the booters: Evaluating the effects of police interventions in the market for Denial-of-Service attacks; Cybercrime is (often) boring: Maintaining the infrastructure of cybercrime economies
  • Ben Collier, Cambridge: Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies, The power to structure: exploring social worlds of privacy, technology and power in the Tor Project
  • Sunny Consolvo, Google: "They don’t leave us alone anywhere we go" Digital Abuse Challenges and Coping Practices Among South Asian Women, Tough Times at Transitional Homeless Shelters: Considering the Impact of Financial Insecurity on Digital Security and Privacy
  • Cassandra Cross, Queensland University of Technology: The reporting experiences and support needs of victims of online fraud, Reflections on the reporting of fraud in Australia
  • Judith Donath, Harvard: , Ethical issues in our relationship with artificial entities
  • Serge Egelman, Berkeley: 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System, A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions
  • Jeremy Epstein
  • Alisa Frik, ICSI and UC Berkeley: A Qualitative Model of Older Adults' Contextual Decision-Making About Information Sharing, Privacy and Security Threat Models and Mitigation Strategies of Older Adults, Investigating Users' Preferences and Expectations for Always-Listening Voice Assistants
  • Leigh-Anne Galloway, Cyber R&D Lab: Art as a Methodology for Security Research, https://leigh-annegalloway.com/art-as-a-methodology-for-security-research/
  • Peter Grabosky, ANU: Online Undercover Investigations and the Role of Private Third Parties; The Vengeful State
  • Tom Holt, Michigan
  • Alice Hutchings, Cambridge: Leaving on a Jet Plane: The trade in fraudulently obtained airline tickets, Interviewing cybercrime offenders
  • Frank Krueger, GMU: Toward a Model of Interpersonal Trust Drawn from Neuroscience, Psychology and Economics
  • Anita Lavorgna, Southampton: Cyber-organised crime. A case of moral panic?; Serious, therefore Organised? A Critique of the Emerging "Cyber-Organised Crime" Rhetoric in the United Kingdom; Organised Cybercrime or Cybercrime that is Organised? An Assessment of the Conceptualisation of Financial Cybercrime as Organised Crime
  • Eliot Lear, Cisco. IoT management and humans: What does it mean at work and at home?
  • David Livingstone Smith, UNE: The Problem of Humanity and the Problem of Monstrosity, Demonizing Black Men
  • Damon McCoy, NYU: A Security Analysis of the Facebook Ad Library
  • Maryam Mehrnezhad, Newcastle: PiSHi: click the images and I tell if you are a human; Stealing PINs via mobile sensors: actual risk versus user perception
  • Alan Mislove, Northeastern: Ad delivery algorithms: The Hidden Arbiters of Political Messaging; Discrimination through Optimization:How Facebook’s Ad Delivery Can Lead to Biased Outcomes
  • Tyler Moore, Tulsa: Cyber Warranties: Market Fix or Marketing Trick?, Does insurance have a future in governing cybersecurity?
  • Steven Murdoch, UCL: Transparency Enhancing Technologies to MakeSecurity Protocols Work for Humans, Verifiable Auditing of Access to Confidential Data
  • Simon Parkin, UCL: Usability analysis of shared device ecosystem security: informing support for survivors of IoT-facilitated tech-abuse; You’ve left me no choices: Security economics to inform behaviour intervention support in organizations
  • Sergio Pastrana Portillo, Madrid: Measuring eWhoring; A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
  • Katharina Pfeffer, SBA: If HTTPS Were Secure, I Wouldn’t Need 2FA; Formal Verification of the Security for Dual Connectivity in LTE
  • Elissa Redmiles, Microsoft Research: How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt; "Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response, Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions
  • Bruce Schneier, Harvard Law School: The Battle for Power on the Internet; You Have No Control Over Security on the Feudal Internet; Our Security Models with Never Work – No Matter What We Do
  • Lisa Sugiura, Portsmouth: Momo challenge shows how even experts are falling for digital hoaxes
  • Daniel Thomas, Strathclyde: Evaluating the effects of police interventions in the market for Denial-of-Service attacks; Ethical issues in research using datasets of illicit origin
  • Sophie van der Zee, Erasmus University Rotterdam: A personal model of trumpery: Deception detection in a real-world high-stakes setting; A Psychometric Investigation into the Structure of Deception Strategy Use
  • Kami Vaniea, Edinburgh: Tales of Software Updates
  • Federico Varese, Oxford: What is organised crime?
  • Marie Vasek, UCL: An Examination of the Cryptocurrency Pump and Dump Ecosystem
  • Rick Wash, Michigan State: Human Interdependencies in Security Systems; Can People Self-Report Security Accurately?
  • Matthew Williams, Cardiff
  • Lydia Wilson, Oxford: Trying to fix the fault lines, What I Discovered From Interviewing Imprisoned ISIS Fighters; Understanding the Appeal of ISIS
  • Jeff Yan, Linnkoping: From Sicilian mafia to Chinese "scam villages", How Does Match-Fixing Inform Computer Game Security?

    Registration: the workshop is invitational and numbers are limited. Invitations are now closed.

    This is the tenth SHB. Here are links to the liveblog, papers and audio recordings for the previous workshops: 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009 and 2008.