Stay connected






8:00-8:45 Registration (Conference desk)
8:45-9:00 Welcome by the Chair (Room 004)
9:00-10:00 Keynote Talk
Speaker: Sascha Fahl (Leibniz University Hannover)


A Holistic Approach to Secure Programming and Usable Security Research


In the age of digitalization, we see a persistent gap between the theoretical security of e.g., cryptographic algorithms and real-world vulnerabilities, data breaches, and possible attacks. As a result, secure programming and usable security challenges impact all actors involved in the creation and use of technology, ranging from system designers across administrators and developers to end-users. To successfully prevent involuntary loss of control over data and empower end-users to retain power over their security, we must take all involved actors into account. It is crucial to find the weak points and empowering all actors to strengthen the overall security. For end-users, this means e.g., working with warning messages, security indicators, and authentication mechanisms; for developers, improving APIs, documentation and developer tools; for system administrators, improving configuration languages and tools. In this talk, I demonstrate how a holistic approach to usability and secure programming helps close the gap between theoretical security and real-world deployments.

10:00 - 10:30 Coffee Break
10:30 - 12:00 Session 1: Methods for Socio-Technical Systems
Chair: Zinaida Benenson (University of Erlangen-Nuremberg)
Fidelity of Statistical Reporting in 10 Years of Cyber Security User Studies
Thomas Gross (Newcastle University)
"I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students
Mohammad Tahaei, Adam Jenkins, Kami Vaniea and Maria Wolters (The University of Edinburgh)
Data, data, everywhere: quantifying software developers' privacy attitudes
Dirk van der Linden (University of Bristol), Irit Hadar (University of Haifa), Matthew Edwards and Awais Rashid (University of Bristol)
You've left me no choices: Security economics to inform behaviour intervention support in organizations
Albesë Demjaha (University College London, The Alan Turing Institute), Simon Parkin and David Pym (University College London)
12:00 - 13:30 Lunch
13:30 - 15:00 Session 2: System Security
Chair: Gabriele Lenzini (Univ. of Luxembourg)
What We Know About Bug Bounty Programs - an Exploratory Systematic Mapping Study
Ana Magazinius, Niklas Mellegård and Linda Olsson (RISE ICT Viktoria)
Association Attacks in IEEE 802.11: Exploiting WiFi Usability Features
George Chatzisofroniou and Panayiotis Kotzanikolaou (University of Piraeus)
A Security Analysis of the Danish Deposit Return System
Ivan Garbacz, Rosario Giustolisi, Kasper Møller Nielsen and Carsten Schuermann (IT University of Copenhagen)
Moving to client-sided hashing for online authentication
Nikola K. Blanchard (Digitrust, Loria, Université de Lorraine), Xavier Coquand (42) and Ted Selker (University of California at Berkeley, CITRIS)
15:00 - 15:30 Coffee Break
15:30 - 17:00 Session 3: Privacy Control
Chair: Kami Vaniea (University of Edinburgh's School of Informatics)
A Privacy-Preserving Infrastructure for Driver's Reputation Aware Automotive Services
Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci and Paolo Santi (IIT-CNR)
Case study: Disclosure of indirect device fingerprinting in privacy policies
Julissa Milligan, Sarah Scheffler, Andrew Sellars, Trishita Tiwari, Ari Trachtenberg and Mayank Varia (Boston University)
Investigating the Effect of Incidental Affect States on Privacy Behavioural Intention
Uchechi Phyllis Nwadike and Thomas Gross (Newcastle University)
Which Properties Has an Icon? A Critical Discussion on Evaluation Methods for Standardised Data Protection Iconography
Arianna Rossi and Gabriele Lenzini (SnT-University of Luxembourg)
17:30-17:45 Workshop Closing and Best Paper Award
17:45-20:30 Social Activity
20:30-22:00 Gala Dinner