September 29, 2016

6th Int. Workshop on Socio-Technical Aspects of Security and Trust (STAST)  

December 5, 2016

Co-located with 32nd Annual Computer Security Application Conference Los Angeles, USA Proceedings published by ACM


Submission: 30 September 2016 (extended)

Notification: 4 November 2016

Camera Ready: [after the workshop]


We accept

(1) full papers; (2) position papers; (3) case studies For more details, please visit our web page:


Successful attacks on information systems often combine social engineering practices with technical skills, exploiting technical vulnerabilities, insecure user behavior, poorly designed user interfaces, and unclear or unrealistic security policies. To improve security, technology must adapt to the users, because research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives. 

However, also adherence to reasonable security policies and corresponding behavioral changes should augment and support technical security.

Finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.


The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences.


Matt Bishop (Univ. California Davis)


Relevant topics include but are not limited to:

  •  Requirements for socio-technical systems
  •  Feasibility of  policies from the socio-technical perspective
  •  Threat models that combine technical and human-centred strategies
  •  Technical and social factors that influence decision making in security and privacy
  •  Balance between technical measures and social strategies in ensuring security and privacy
  •  Studies of real-world security incidents from the socio-technical perspective
  •  Social and technical factors that influence changes in security policies and processes
  •  Lessons learned from holistic design and deployment of security mechanisms and policies
  •  Models of user behaviour and user interactions with technology
  •  Perceptions of security, risk and trust and their influence on human behaviour
  •  Social engineering, persuasion, and other deception techniques
  •  Root cause analysis and analysis of incidents for socio-technical security incidents
  •  Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis
  •  Nudging to improve security
  •  User experience with security technologies


Blocki, Jeremiah (Purdue University)

Budurushi, Jurlind (Univ. of Darmstadt/Secuso) Coventry, Lynne (Northumbria University) Jakobsson, Markus (Agari) Jenkinson, Graeme (Univ. of Cambridge) Kowalski, Stewart (Stockholm Univ.) Mannan, Mohammad (Concordia Univ.) Montoya, Lorena (Univ. of Twente) Neumann, Stephan (Univ. of Darmstadt/Secuso) Oliveira, Daniela (Univ. of Florida) Parkin, Simon (Univ. College London) Petrocchi, Marinella (IIT-CNR) Probst, Christian W. (DTU) Radomirović, Saša (ETH Zurich) Renaud, Karen (Univ. of Glasgow) Ryan, Peter (Univ. Luxembourg) Stobert, Elizabeth (ETH Zurich) Weippl, Edgar (SBA Research) Yan, Jeff (Lancaster Univ.) You, Ilsun (Soonchunhyang University) Zurko, Mary Ellen (Cisco Systems)


Programme Chairs

Benenson, Zinaida (Univ. of Erlangen-Nuremberg ) Gates, Carrie (Independent Contractor)

Workshop Organizers

Bella, Giampaolo (Univ. of Catania)

Lenzini, Gabriele (Univ. of Luxembourg)