Interdisciplinary Workshop on Security and Human Behaviour (SHB 2008)

Working papers

As we prepare for the workshop, I'll be adding to each attendee's name one or two links to papers that they might like others to look at in advance. Email me your contributions!

Ross.Anderson@cl.cam.ac.uk

  • Alessandro Acquisti, CMU: What Can Behavioral Economics Teach Us About Privacy?; Privacy in Electronic Commerce and the Economics of Immediate Gratification
  • Andrew Adams, Reading: Regulating CCTV
  • John Adams, UCL: Three Framing Devices for Managing Risk
  • Ross Anderson, Cambridge: Information Security Economics - and Beyond; The Memorability and Security of Passwords -- Some Empirical Results; book chapters on psychology and terror
  • Matt Blaze, UPenn; Toward a broader view of security protocols.
  • Bill Burns, Decision Research: The Diffusion of Fear: Modeling Community Response to a Terrorist Strike
  • Jon Callas, PGP: Improving Message Security With a Self-Assembling PKI
  • Jean Camp, Indiana: Experimental Evaluation of Expert and Non-expert Computer Users' Mental Models of Security Risks
  • Ralph Chatham, fornerly DARPA: Frank-Ekman Experiments Summary; Games for Training - the Good Bad and Ugly; Training Superiority and Training Surprise
  • Luke Church, Cambridge: End User Security: The democratisation of security usability
  • Dave Clark, MIT: A social embedding of network security - Trust, constraint, power and control
  • Dick Clarke, former terrorism adviser to President Clinton and President Bush
  • Ron Clarke, Rutgers: Situational Crime Prevention
  • Lorrie Cranor, CMU: A Framework for Reasoning About the Human in the Loop
  • Paul Ekman, UCSF: Darwin, Deception, and Facial Expression
  • Ed Felten, Princeton
  • Mark Frank, Buffalo; Human Behaviour and Deception Detection
  • Frank Furedi, Kent: The Market in Fear; The only thing we have to fear is the `culture of fear' itself; Thou shalt not hug
  • Nicholas Humphrey, LSE: papers from 1982 and 1998
  • Markus Jakobsson, Indiana: Social Phishing; Love and Authentication; Quantifying the Security of Preference-Based Authentication
  • Richard John, USC
  • Eric Johnson, Dartmouth: Information Security Field Study
  • George Loewenstein, CMU: Searching for Privacy in all the Wrong Places: A behavioural economics perspective on individual concern for privacy
  • Tyler Moore, Cambridge: Information Security Economics - and Beyond; How brain type influences online safety
  • Carey Morewedge, CMU: The Least Likely of Times - How Remembering the Past Biases Forecasts of the Future
  • John Mueller, Ohio State: Reacting to Terrorism: Probabilities, Consequences, and the Persistence of Fear
  • Peter Neumann, SRI: Holistic systems; Risks
  • Bashar Nuseibeh, Open University: Keeping Ubiquitous Computing to Yourself, Security Requirements Engineering
  • Andrew Odlyzko, University of Minnesota: Economics, psychology, and sociology of security
  • Charles Perrow, Yale: Software Failures, Security and Cyberterrorism
  • Tom Pyszczynski, University of Colorado: Scared to death
  • James Randi, James Randi Educational Foundation
  • Mike Roe, Microsoft
  • Sasha Romanosky, Carnegie Mellon University: Do Data Breach Disclosure Laws Reduce Identity Theft?
  • Angela Sasse, UCL: Human Vulnerabilities in Security Systems, Transforming the 'weakest link'
  • Stuart Schechter, Microsoft: The Emperor's New Security Indicators
  • Bruce Schneier, Counterpane: The Psychology of Security; The Evolutionary Brain Glitch That Makes Terrorism Fail
  • Paul Shambroom, photographer
  • Uri Simonsohn, U Penn: Friends of Victims: Personal Experience and Prosocial Behavior
  • David Livingstone Smith, University of New England: Why War?
  • Frank Stajano, Cambridge: Usability of Security Management: Defining the Permissions of Guests
  • Brad Stone, New York Times
  • Cass Sunstein, Chicago: The Polarization of Extremes
  • Doug Tygar, Berleley: Why Johnny can't encrypt: A usability evaluation of PGP 5.0
  • Hal Varian, Google and UC Berkeley: Who Signed Up for the Do-Not-Call List?
  • Alma Whitten, Google: Why Johnny can't encrypt: A usability evaluation of PGP 5.0
  • Henry Willis, Rand: Using Probabilistic Terrorism Risk Modeling For Regulatory Benefit-Cost Analysis
  • Richard Zeckhauser, Harvard: Paltering, The World of Transnational Threats