Workshop on Security and Human Behaviour (SHB 2014)

June 9-10, Cambridge – Working papers

The workshop will be held in the Computer Laboratory, University of Cambridge. It is sponsored by Trustonic, Bromium, Good, Google and Facebook.

This is the seventh SHB, and here is the programme.

Here are links to the liveblog, papers and audio recordings for the previous workshops 2013. 2012, 2011, 2010, 2009 and 2008.

As we prepare for the workshop, I'll be adding to each attendee's name one or two links to papers that they might like others to look at in advance. Email me your contributions!

Ross.Anderson at

  • Alessandro Acquisti, CMU: Faces of Facebook: Privacy in the Age of Augmented Reality
  • Andrew Adams, Meiji: A Non-Militarised Approach to Cyber-Security
  • Bonnie Anderson, BYU: Using measures of risk perception to predict information security behaviour: insights from electrencephalography (EEG); How users perceive and respond to security messages
  • Ross Anderson, Cambridge: Reading this May Harm Your Computer: The Psychology of Malware Warnings; book chapters on psychology and terror
  • Scott Atran, John Jay College, CNRS and University of Michigan: Sacred values and cultural conflict; Black and White and Red All Over – How the hyperkinetic media is breeding a new generation of terrorists; Countering Violent Extremism
  • Michelle Baddeley: A Behavioural Analysis of Online Privacy and Security; Herding, social influence and economic decision-making: socio-psychological and neuroscientific analyses
  • Laura Brandimarte: Misplaced Confidences: Privacy and the Control Paradox; Gone in 15 Seconds: The Limits of Privacy Transparency and Control
  • Jon Callas, Silent Circle
  • Jean Camp, Indiana: How Safe is Safe Enough: The Online Version
  • Bhismadev Chakrabarti, Reading: Autistic traits modulate mimicry of social but not nonsocial rewards; The role of empathy in choosing rewards from another's perspective
  • Nicolas Christin, CMU: It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice
  • Dave Clark, MIT: A social embedding of network security - Trust, constraint, power and control
  • Richard Clayton, Cambridge
  • Chris Cocking, Brighton: Hillsborough’s lesson – don’t fear the crowd; Water cannon; Effects of social identity on responses to emergency mass evacuation
  • Serge Egelman, Berkeley: The effect of online privacy information on purchasing behaviour: an experimental study; You've been warned: An empirical study of the effectiveness of web browser phishing warnings
  • Mark Frank, Buffalo; Human Behaviour and Deception Detection
  • Shannon French, Case Western Reserve: The Obligation of Officers to Preserve the Humanity of Their Troops; Dehumanizing the Enemy: The Intersection of Neuroethics and Military Ethics
  • Frank Furedi, Kent; How authority became a dirty word
  • Diego Gambetta, EUI: Natural and Strategic Generosity as Signals of Trustworthiness; More hedgehog than fox; Trust — Making and breaking cooperative relations
  • Jon Geater, Trustonic; Usable Hardware Security for Android on ARM devices
  • Brian Glass, UCL: Modelling Misrepresentation in Online Seller-Buyer Interactions
  • Jeff Hancock, Cornell: Finding Deceptive Opinion Spam by Any Stretch of the Imagination; Separating Fact From Fiction: An Examination of Deceptive Self-Presentation in Online Dating Profiles
  • Richard Harper, Microsoft: glancephones, wayve devices and the cloud mouse; Trust, Computing, and Society
  • Cormac Herley, Microsoft: Is Everything We Know About Password Stealing Wrong?; Why do Nigerian Scammers Say They are from Nigeria?
  • Nick Humphrey, Cambridge
  • Alice Hutchings, Cambridge
  • John Kaag, UML: The Use of Unmanned Aerial Vehicles in Contemporary Conflict: A Legal and Ethical Analysis; The moral hazard of drones; Drones, Ethics and the Armchair Soldier
  • Sharon Leal, Portsmouth
  • John Lyle, Facebook
  • Samantha Mann, Portsmouth
  • David Modic, Cambridge: We Will Make You Like Our Research: The Development of a Susceptibility-to-Persuasion Scale; Reading this May Harm Your Computer: The Psychology of Malware Warnings
  • Tyler Moore, SMU: Fashion crimes; Information Security Economics - and Beyond
  • David Murakami Wood, Queens
  • Masashi Nishihata, Toronto
  • Jussi Palomaki, Helsinki: Losing More by Losing It: Poker Experience, Sensitivity to Losses and Tilting Severity; Anticipatory electrodermal activity and decision making in a computer poker-game
  • Jeunese Payne, Cambridge: Gendering the Machine
  • Yuliy Pisetski, Facebook
  • Adrienne Porter Felt, Google: How to Ask For Permission; Experimenting at Scale with Google Chrome's SSL Warning
  • Ian Pratt, Bromium: Micro-virtualization – Retrofitting robust isolation to commodity OSes for security and privacy
  • Wojtek Przepiorka, Oxford: Natural and Strategic Generosity as Signals of Trustworthiness
  • Peter Robinson, Cambridge: Computing with emotions
  • Angela Sasse, UCL: Learning from "Shadow Security"; How users bypass access control – and why; Federated identity to access e-government services – are citizens ready for this
  • Stuart Schechter, Microsoft: The User IS the Enemy, and (S)he Keeps Reaching for that Bright Shiny Power Button!; Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore
  • Bruce Schneier, Harvard Law School: The Battle for Power on the Internet; You Have No Control Over Security on the Feudal Internet; Our Security Models with Never Work – No Matter What We Do
  • David Livingstone Smith, Maine: Inspiration for Evil; Dehumanization, Essentialism, and Moral Psychology; Horor Sanguinis
  • Frank Stajano, Cambridge: Understanding scam victims: seven principles for systems security; It's the Anthropology, Stupid
  • Peter Swire, Georgia Tech: Liberty and Security in a Changing World
  • Aron Szekely, Oxford
  • Harold Thimbleby, Swansea: Improving safety in medical devices and systems
  • Jodok Troy, Innsbruck: The Power of the Zealots: Religion, Violence, and International Relations
  • Sophie van der Zee, Cambridge: The effect of cognitive load on nonverbal mimicry in interview settings; Automated measurement and analysis of body motion
  • Aldert Vrij, Portsmouth: Outsmarting the liars: toward a cognitive lie detection approach; Pitfalls and Opportunities in Nonverbal and Verbal Lie Detection; Deception detection: Effects of conversational involvement and probing
  • Rick Wash, Michigan State: Betrayed By Updates; Stories as Informal Lessons About Security
  • Jeff Yan, Newcastle: Security and usability of CAPTCHAs; The memorability and security of passwords – some empirical results

    Accommodation: as the workshop takes place in term, we unfortunately cannot offer college rooms. However there are hotel rooms in Cambridge to suit all pockets.

    Registration: the workshop is invitational and numbers are limited. If you want to be invited, please contact Ross Anderson, Bruce Schneier or Alessandro Acquisti.