Workshop on Security and Human Behaviour (SHB 2021)

June 3-4, Cambridge – Working papers

Because of the pandemic, the physical workshop has been postponed to June 2022 and a virtual workshop will be held on June 3-4 2021. The sessions will take place between noon and 1700 BST. SHB is sponsored by the Cambridge Cybercrime Centre, Facebook, Google, Cisco and the NSF.

  • Max Abrahms, Northeastern University
  • Yasemin Acar, Hannover: Comparing the Usability of Cryptographic APIs; You Get Where You’re Looking For
  • Alessandro Acquisti, CMU: Secrets and Likes: The Drive for Privacy and the Difficulty of Achieving It in the Digital Age
  • Sadia Afroz, ICSI, UC Berkeley: Quantifying the Collateral Damage of IP Blacklisting
  • Luca Allodi, Eindhoven: Malware economics and attack innovation, Detection and response to phishing attacks
  • Ross Anderson, Cambridge: Taking Stock; Situational Awareness and Machine Learning – Robots, Manners and Stress
  • Robert Axelrod, Michigan: Vengeance and Cyber Conflict
  • Maria Bada, Cambridge: The Social and Psychological Impact of Cyber-Attacks, An exploration of the cybercrime ecosystem around Shodan
  • Zinaida Benenson, Erlangen: On system administrators' relationship with power, Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products; Security Managers Are Not the Enemy Either
  • Laura Brandimarte, Arizona
  • Maria Brincker, University of Massachussetts: Disoriented and alone in the "experience machine"
  • Jean Camp, Indiana: Measuring human resilience in the face of the global epidemiology of cyber attacks; and Cross-National Study on Phishing Resilience
  • Yi Ting Chua, Cambridge: Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours; and Turning Up the Dial: the Evolution of a Cybercrime Market Through Set-up, Stable, and COVID-19 Eras
  • Richard Clayton, Cambridge: Booting the booters: Evaluating the effects of police interventions in the market for Denial-of-Service attacks; Cybercrime is (often) boring: Maintaining the infrastructure of cybercrime economies
  • Ben Collier, Cambridge: Influence government: targeted advertising and the use of influence operations by the UK state for public policy; a video of that talk; Influence, infrastructure, and recentering cybercrime policing
  • Cassandra Cross, Queensland University of Technology: The reporting experiences and support needs of victims of online fraud, Reflections on the reporting of fraud in Australia
  • Judith Donath, Harvard: Is trust becoming obsolete in a world of ubiquitous surveillance?
  • Serge Egelman, Berkeley: 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System, A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions
  • Jeremy Epstein
  • Alisa Frik, ICSI and UC Berkeley: WiP:Factors Affecting the Implementation of Security and Privacy Practices in Software Development: A Narrative Review
  • Peter Grabosky, ANU: Dark humour and euphemism as facilitators of state excess
  • Tom Holt, Michigan: An analysis of jihadi cyberattacks reported in the extremist cybercrime database (ECCD)
  • Alice Hutchings, Cambridge: Booting the Booters: Evaluating the effects of police interventions in the market for denial-of-service attacks, Taking down websites to prevent crime
  • Anita Lavorgna, Southampton: To app or not to app? Understanding public resistance in using COVID-19 digital contact tracing
  • Eliot Lear, Cisco. IoT management and humans: What does it mean at work and at home?
  • Michael Levi, Cardiff: Fraud and its relationship to pandemics and economic crises: from Spanish flu to COVID-19
  • Alexander de Luca, Google: "If I press delete, it's gone" – User Understanding of Online Data Deletion and Expiration
  • Damon McCoy, NYU: SoK: Hate, Harassment and the Changing Landscape of Online Abuse; and "I'm a Professor, which isn't usually a dangerous job": Internet-Facilitated Harassment and its Impact on Researchers
  • Maryam Mehrnezhad, Newcastle: Caring for Intimate Data in Fertility Technologies
  • Alan Mislove, Northeastern: Ad delivery algorithms: The Hidden Arbiters of Political Messaging; Discrimination through Optimization:How Facebook’s Ad Delivery Can Lead to Biased Outcomes
  • Steven Murdoch, UCL: Evidence-critical systems, Designing for Dispute Resolution
  • Simon Parkin, Delft: Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours, Usability analysis of shared device ecosystem security: informing support for survivors of IoT-facilitated tech-abuse; You’ve left me no choices: Security economics to inform behaviour intervention support in organizations
  • Sergio Pastrana Portillo, Madrid: Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem
  • Katharina Pfeffer, SBA: On the Usability of Authenticity Checks for Hardware Security Tokens; User Mental Models of Cryptocurrency Systems - A Grounded Theory Approach
  • Elissa Redmiles, Microsoft Research: How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt; "Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response, Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions
  • Bruce Schneier, Harvard Kennedy School: The Coming AI Hackers
  • Daniel Thomas, Strathclyde: Evaluating the effects of police interventions in the market for Denial-of-Service attacks; Ethical issues in research using datasets of illicit origin
  • Sophie van der Zee, Erasmus University Rotterdam: Copycat and a liar: Nonverbal mimicry increases under the cognitive load of lying, A psychometric investigation into the structure of deception strategy use, Reporting cybercrime victimization: Determinants, motives, and previous experience
  • Tony Vance, Temple University: Inexpert Supervision: A Study on Boards of Directors' Oversight of Cybersecurity
  • Kami Vaniea, Edinburgh: I Don't Need an Expert! Making URL Phishing Features Human Comprehensible, Understanding Privacy-Related Questions on Stack Overflow
  • Marie Vasek, UCL: An Examination of the Cryptocurrency Pump and Dump Ecosystem
  • Rick Wash, Michigan State: How Experts Detect Phishing Scam Emails, How Non-Experts Try to Detect Phishing Scam Emails, Prioritizing Security Over Usability: Strategies for How People Choose Passwords
  • Lydia Wilson, Cambridge: Rewriting the narrative – territorial loss and the rebirth of ISIS; Prince Hassan's Progress, What I Discovered From Interviewing Imprisoned ISIS Fighters; Understanding the Appeal of ISIS
  • Jeff Yan, Linnkoping: Differential Imaging Forensics, Scams in modern societies: how does China differ from the world?, From Sicilian mafia to Chinese "scam villages"

    Registration: the workshop is invitational and numbers are limited. Invitations are now closed.

    This is the fourteenth SHB. Here are links to the liveblog, papers and audio recordings for the previous workshops: 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009 and 2008.