Socio-Technical Aspects in Security and Trust: 9th International Workshop, STAST 2019, Luxembourg City, Luxembourg, September 26, 2019, Revised Selected Papers (Security and Cryptology)

✍ Scribed by Thomas Groß (editor), Theo Tryfonas (editor)

Publisher: Springer
Year: 2021
Tongue: English
Leaves: 238
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

The open access volume LNCS 11739 constitutes the proceedings of the 9th International Workshop on Socio-Technical Aspects in Security, STAST 2019, held in Luxembourg, in September 2019. The total of 9 full papers together with 1 short paper was carefully reviewed and selected from 28 submissions. The papers were organized in topical sections named as follows: Methods for Socio-Technical Systems focused on instruments, frameworks and re ections on research methodology and also System Security considered security analyses and attacks on security systems. Finally, Privacy Control incorporated works on privacy protection and control as well as human factors in relation to these topics.

✦ Table of Contents

Preface
Message from the Workshop Organizers
Organization
Contents
Methods for Socio-Technical Systems
Fidelity of Statistical Reporting in 10 Years of Cyber Security User Studies
1 Introduction
2 Background
2.1 Importance and Impact of Statistical Reporting
2.2 Reporting and Methodology Guidelines
2.3 Analysis of Statistical Reporting
2.4 Related Works
3 Aims
4 Method
4.1 Ethics
4.2 Sample
4.3 Procedure
4.4 Grounded Coding
4.5 Evaluation of statcheck
4.6 Multinomial Logistic Regression
5 Results
5.1 Sample
5.2 Exploration of the Distribution
5.3 Prevalence of Statistical Misreporting
5.4 Comparison with JMP
5.5 Reporting Test Outcomes by Venue and Year
5.6 Qualitative Analysis
5.7 Significance Detection Performance
5.8 Supporting the STAST 2019 PC in Checking Statistics
6 Discussion
6.1 Limitations
7 Recommendations
8 Conclusion
A Details on Qualitative Analysis
A.1 Errors Committed by statcheck
A.2 Errors Committed by Authors
A.3 Composition of Incomplete p-Values
References
`I Don't Know Too Much About It'': On the Security Mindsets of Computer Science Students 1 Introduction 2 Related Work 3 Methodology 3.1 Interview Design 3.2 Recruitment 3.3 Participants 3.4 Pilot 3.5 Interview Analysis 4 Results 4.1Computer Security' Word Association Results
4.2 Interview Themes
5 Discussion
6 Limitations
7 Future Work
8 Conclusions
References
Data, Data, Everywhere: Quantifying Software Developers' Privacy Attitudes
1 Introduction
2 Background and Related Work
2.1 Understanding Privacy Attitudes
2.2 Quantifying Privacy Attitudes
3 Development of the SDPA Scale and Model
3.1 Adapting the IUIPC Scale to Software Development
3.2 Deploying the Adapted Scale
3.3 Constructing the SDPA Model
3.4 Assessing Model–Variable Correlations
3.5 Constructing the Final Instrument
3.6 Threats to Validity
4 Discussion – Use Cases for the SDPA Scale
4.1 Identifying Mismatches Between Attitude and (Self-perceived) Behavior
4.2 Investigating Monetization's Effect on Privacy Attitude
4.3 Theory Development Through Combined Application of the Scale
5 Conclusion
A Questionnaire
B Detailed Item Adaption
References
You've Left Me No Choices: Security Economics to Inform Behaviour Intervention Support in Organizations
1 Introduction
2 Related Work
3 Applying Economics to Organizational Security
3.1 Rational vs. Bounded Decision-Making
3.2 Why We Are Here, with Too Few Choices
4 A Framework for Security Choices
4.1 Toward a Consistent Strategy
4.2 Bounded Security Decision-Making
4.3 Framework Implementation
5 Worked Example – Software Security Updates
5.1 Process
5.2 Available Policy Choices
5.3 Decision-Maker Choices
6 Future Directions
6.1 A Security Diet
6.2 Just Culture and the Genuine Choice Architecture
6.3 Policy Concordance
6.4 Security Investment Forecasting
7 Conclusion
References
System Security
What We Know About Bug Bounty Programs - An Exploratory Systematic Mapping Study
1 Introduction
2 Methodology
3 Results
3.1 Product Owner
3.2 Bug Hunter Crowd
3.3 Vulnerability Market Mechanisms
4 Discussion and Concluding Remarks
References
Association Attacks in IEEE 802.11: Exploiting WiFi Usability Features
1 Introduction
2 Background Information: AP Selection Phase and Related Functionality in IEEE 802.11
2.1 Access Point Selection in 802.11
2.2 Usability Features Related to AP Selection
3 Association Attacks: A Taxonomy
3.1 Automatic Association Attacks
3.2 Association Attacks Requiring Interaction
3.3 Association Attacks Exploitability
4 Analysis of Network Managers' Behavior
4.1 Attack Implementation
4.2 Result Analysis
5 Conclusions
References
A Security Analysis of the Danish Deposit Return System
1 Introduction
2 Modelling the Ceremony
2.1 The Reverse Vending Machines
2.2 The Machine-Readable Serial Number (SN1)
2.3 Ceremony Description
3 Formal Analysis
3.1 Modelling Choices
3.2 Human Rules
4 Findings
4.1 Discussion
5 Related Work
6 Conclusion
References
Moving to Client-Side Hashing for Online Authentication
1 Introduction
2 Password Hashing Today
2.1 Best Practices
2.2 Recent Database Leaks
3 Detecting Client-Side Hashing
3.1 Syntactic and Semantic Analyses
3.2 Computing Load Analysis
3.3 Manually Checking the Alexa Top 50
3.4 Why Is Client-Side Hashing Rare?
4 Cost Analysis of Client-Side Hashing
4.1 Advantages
4.2 Drawbacks
5 Making Changes to the Hashing Process
5.1 A Service-Centric View
5.2 A User-Centric View
6 Discussion
References
Privacy Control
A Privacy-Preserving Infrastructure for Driver's Reputation Aware Automotive Services
1 Introduction
2 Related Work
3 Defining Driver Reputation
4 Our Privacy Preserving Infrastructure
4.1 Secure Two Party Computation
5 Privacy-Preserving Reputation-Aware Vehicular Services
6 Prototype of Privacy-Preserving Functions
6.1 Evaluation
7 Discussion
8 Conclusion and Future Work
References
Case Study: Disclosure of Indirect Device Fingerprinting in Privacy Policies
1 Introduction
2 Device Fingerprinting
2.1 Direct Fingerprinting
2.2 Inference-Based, or Indirect, Fingerprinting
3 What Do Privacy Policies Say About Fingerprinting?
3.1 Methodology
3.2 Results
3.3 Observations
3.4 Consumer Responses
4 Indirect Fingerprinting Shifts the Balance Between Individuals and Websites
4.1 Disturbing a Delicate Armistice
4.2 A Path Forward
References
Investigating the Effect of Incidental Affect States on Privacy Behavioral Intention
1 Introduction
2 Background
2.1 Affect, Emotion, and Mood
2.2 Affect Elicitation
2.3 Affect Measurement
3 Related Work
4 Aims
5 Method
5.1 Experiment Design Evaluation
5.2 Sampling
5.3 Ethics
5.4 Procedure
5.5 PBI Measurement
5.6 Manipulation
5.7 Manipulation Check
6 Results
6.1 Manipulation Check: PANAS-X
6.2 Privacy Behavioral Intention
6.3 PBI Sub-scales
6.4 Interactions
6.5 Regression
7 Discussion
7.1 Incidental Affect Impacts PBI and Protection Intention
7.2 PBI Sub-constructs Are Affected Differently
7.3 Consulting the Circumplex Model for a Hypothetical Explanation: Arousal
7.4 Limitations
8 Conclusion
A Within-Subjects Study Variants
B Sample
C Descriptives
References
Which Properties Has an Icon? A Critical Discussion on Data Protection Iconography
1 Introduction
2 An Overview of Projects on Data Protection Icons
3 Methods and Tools
4 Icon Properties
4.1 Properties of Graphical Symbols
4.2 Properties of the Referent
4.3 Properties of the Interpretant
4.4 Properties of an Icon Set
4.5 Interdependencies Among Properties
5 Icons in Context
6 Mapping Properties to GDPR's Requirements
7 Methods of Icons' Evaluation
8 Discussion
9 Conclusions and Future Work
References
Author Index

📜 SIMILAR VOLUMES

Computer Security: ESORICS 2019 Internat

📁 Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Luxembourg City, Luxembourg, September 26–27, 2019 Revised Selected Papers (Security and Cryptology)

✍ Sokratis Katsikas (editor), Frédéric Cuppens (editor), Nora Cuppens (editor), Co 📂 Library 📅 2020 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First In

Computer Security: ESORICS 2019 Internat

📁 Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers (Security and Cryptology)

✍ Apostolos Fournaris; Manos Athanatos; Konstantinos Lampropoulos; Sotiris Ioannid 📂 Library 🌐 English

Socio-Technical Aspects in Security and

📁 Socio-Technical Aspects in Security and Trust: 10th International Workshop, STAST 2020, Virtual Event, September 14, 2020, Revised Selected Papers (Security and Cryptology)

✍ Thomas Groß (editor), Luca Viganò (editor) 📂 Library 📅 2021 🏛 Springer 🌐 English

This book constitutes the refereed post-conference proceedings of the 10th International Workshop on Socio-Technical Aspects in Security and Trust, STAST 2020, held as a virtual event, in September 2020.The 8 full papers and 3 short papers presented in this volume were c

Security and Trust Management: 15th Inte

📁 Security and Trust Management: 15th International Workshop, STM 2019, Luxembourg City, Luxembourg, September 26–27, 2019, Proceedings

✍ Sjouke Mauw, Mauro Conti 📂 Library 📅 2019 🏛 Springer International Publishing 🌐 English

This book constitutes the proceedings of the 15th International Workshop on Security and Trust Management, STM 2019, held in Luxembourg City, Luxembourg, in September 2019, and co-located with the 24th European Symposium Research in Computer Security, ESORICS 2019. The 9 full papers and 1 shor

Emerging Technologies for Authorization

📁 Emerging Technologies for Authorization and Authentication: Second International Workshop, ETAA 2019, Luxembourg City, Luxembourg, September 27, 2019, Proceedings (Security and Cryptology)

✍ Andrea Saracino (editor), Paolo Mori (editor) 📂 Library 📅 2020 🏛 Springer 🌐 English

This book constitutes the proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019, held in Luxembourg, in September 2019. The 10 full papers presented in this volume were carefully reviewed and selected from numerous submiss

Formal Aspects of Security and Trust: 7t

📁 Formal Aspects of Security and Trust: 7th International Workshop, FAST 2010, Pisa, Italy, September 16-17, 2010. Revised Selected Papers

✍ Dusko Pavlovic (auth.), Pierpaolo Degano, Sandro Etalle, Joshua Guttman (eds.) 📂 Library 📅 2011 🏛 Springer-Verlag Berlin Heidelberg 🌐 English

This book constitutes the thoroughly refereed post-proceedings of the 7th International Workshop on Formal Aspects of Security and Trust, FAST 2010, held as part of the 8th IEEE International Conference on Software Engineering and Formal Methods, SEFM 2010 in Pisa, Italy in September 2010. The