August 19, 2016

6th Int. Workshop on SocioTechnical Aspects of Security and Trust (STAST2016) Colocated with 32nd Annual Computer Security Application Conference Los Angeles, USA


  • Submission: 23 September 2016
  • Notification: 21 October 2016
  • Camera Ready: [after the workshop]
  • Workshop: December 5, 2016        


We accept

  • (1) full papers;
  • (2) position papers;
  • (3) case studies 

For more details, please visit our web page:


Successful attacks on information systems often combine social engineering practices with technical skills, exploiting technical vulnerabilities, insecure user behavior, poorly designed user interfaces, and unclear or unrealistic security policies. To improve security, technology must adapt to the users, because research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives.  However, also adherence to reasonable security policies and corresponding behavioral changes should augment and support technical security.

Finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop.  Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together.  There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.


The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with nonexpert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences.


  • Matt Bishop (Univ. California Davis)


Relevant topics include but are not limited to:

  • Requirements for sociotechnical systems
  • Feasibility of  policies from the sociotechnical perspective
  • Threat models that combine technical and humancentred strategies
  • Technical and social factors that influence decision making in security and privacy
  • Balance between technical measures and social strategies in ensuring security and privacy
  • Studies of realworld security incidents from the sociotechnical perspective
  • Social and technical factors that influence changes in security policies and processes
  • Lessons learned from holistic design and deployment of security mechanisms and policies
  • Models of user behaviour and user interactions with technology
  • Perceptions of security, risk and trust and their influence on human behaviour
  • Social engineering, persuasion, and other deception techniques
  • Root cause analysis and analysis of incidents for sociotechnical security incidents
  • Strategies, methodology and guidelines for sociotechnical and cybersecurity intelligence analysis
  • Nudging to improve security
  • User experience with security technologies


Blocki, Jeremiah (Purdue University), Coventry, Lynne (Northumbria University) Jakobsson, Markus (Agari) Jenkinson, Graeme (Univ. of Cambridge) Kowalski, Stewart (Stockholm Univ.) Mannan, Mohammad (Concordia Univ.) Montoya, Lorena (Univ. of Twente) Oliveira, Daniela (Univ. of Florida) Parkin, Simon (Univ. College London) Petrocchi, Marinella (Inst. of Inf. and TelematicsCNR), Probst, Christian W. (DTU), Radomirovic, Sasa (ETH Zurich) Renaud, Karen (Univ. of Glasgow) Ryan, Peter (Univ. Luxembourg) Stobert, Elizabeth (Carleton University), Weippl, Edgar (SBA Research) Yan, Jeff (Lancaster Univ.) Yu, Ilsun (Soonchunhyang Univ.) Zurko, Mary Ellen (Cisco Systems)


Programme Chairs

  • Benenson, Zinaida (Univ. of ErlangenNuremberg ) Gates, Carrie (Independent Contractor)

 Workshop Organizers

  • Bella, Giampaolo (Univ. of Catania)
  • Lenzini, Gabriele (Univ. of Luxembourg)