STAST 2024 14th International Workshop on Socio-Technical Aspects in SecuriTy https://stast.uni.lu Affiliated with the 9th IEEE European Symposium on Security and Privacy (IEEE S&P) https://eurosp2024.ieee-security.org/ *** IMPORTANT DATES - Paper Submission: 25 March 2024 (AoE) - Notification: 30 April 2024 (AoE) - Workshop final papers: 15 May 2024 (AoE) - Workshop Date: 12 July 2024 *** CONCEPT Successful attacks on information systems often exploit not only IT systems and networks but also the human element in the system. Therefore, it is critical to limit technical vulnerabilities as well as insecure user behavior, poorly designed user interfaces, and unclear or unrealistic security policies. To improve the security of systems, technology designers and policymakers must consider user needs and characteristics. Social science and usable security researchers have shown that insecure user behavior stems from cognitive, emotional, and social perspectives. When there is a good 'fit' of technology for users, workable security policies and targeted behavioral support can augment technical security. Finding the right balance between technical and social security measures remains largely unexplored, which motivates the need for the STAST workshop. Currently, different computer security communities (theoretical security, systems security, usable security, and security management) rarely work together. The respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions. Thus, there remains a need for focused, holistic research on socio-technical security. *** GOALS The STAST workshop intends to stimulate an exchange of ideas on how to design systems that are secure in the real world where they interact with users of varying lived experiences and diverse needs. The workshop aims at bringing together experts working in various areas of computer security as well as in social and behavioral sciences. *** WORKSHOP TOPICS Contributions should focus on the interplay of technical, organizational, and human factors in achieving or breaking security, privacy, and trust. For example: - Usability and user experience - Models of user behaviour and user interactions with technology - Perceptions of related risks, as well as their influence on humans - Social engineering, persuasion, and other deception techniques - Requirements for socio-technical systems - Decision making in/for socio-technical systems - Feasibility of policies, standards, and regulations from a socio-technical perspective - Social factors in organizations' policies and processes - Interplay of law, ethics, and politics with security and privacy measures - Balance between technical measures and social strategies - Threat models that combine technical and human-centered strategies - Socio-technical analysis of incidents and vulnerabilities - Studies of real-world vulnerabilities/incidents from a socio-technical perspective - Lessons from design, deployment, and enforcement of mechanisms, policies, standards, and regulations - Strategies and guidelines for analysis of intelligence and data from a socio-technical perspective - Marginalized and disadvantaged user groups in the lifecycle of socio-technical systems - Methodologies and methodological reflections in pursuit of these goals *** TYPE OF CONTRIBUTIONS We will accept papers in several formats. All papers must be original contributions and not simultaneously submitted to another workshop, conference, or journal. The following paper formats are welcome: - Full Papers discussing original research, answering well-defined research questions, and presenting full and stable results; - Position Papers discussing existing challenges and introducing and motivating new research problems; - Work-in-Progress Papers describing original but unfinished piece of work, which is nevertheless based on solid research questions or hypotheses. We welcome qualitative and quantitative research approaches from academia and industry. We welcome meta-analytic as well as replication studies and consider them as original research eligible for full papers. We also welcome negative or null results with sound methodology. Full papers should be at most 10 pages, excluding the bibliography and well-marked appendices. Position Papers and Work-in-Progress papers should be at most 6 pages long, excluding the bibliography and well-marked appendices. They must have at the beginning of the paper's title the words "Position Paper:" or "Work in Progress:", respectively. Submitted papers must adhere to the IEEE policy and template. Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template available here "https://www.ieee-security.org/TC/EuroSP2023/eurosp2023-template.zip">eurosp2023-template.zip Please do not use other IEEE templates. *** PROCEEDINGS The proceedings will be via publication through IEEE Xplore in a volume accompanying the main IEEE EuroS&P '24 proceedings. *** WORKSHOP ORGANIZERS - Giampaolo Bella (University of Catania) - Gabriele Lenzini (University of Luxembourg) *** PROGRAMME CHAIRS - Ruba Abu-Salma (King's College London, UK) - Mark Warner (University College London, UK) *** REVIEW AND PUBLICATION Contributions should be submitted electronically via EasyChair (https://easychair.org/conferences/?conf=stast24). STAST adopts a double-blind review policy. Papers will be reviewed by at least three PC members. The authors can declare any conflicts of interest at the time of submission or by informing the PC chairs or organizers. Submissions are anonymous. Papers should be submitted in Portable Document Format (PDF). All submissions should follow the up-to-date IEEE conference proceeding template at submission time. Committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English. Only PDF files will be accepted. Submissions not meeting these guidelines will be rejected without consideration of their merits. Authors of accepted papers must agree with IEEE Xplore copyright and guarantee that their papers will be presented at the workshop.