Yasemin Acar, Paderborn University
- Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations
- Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
- The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts
Dr Andrew A. Adams, Meiji University, Tokyo, Japan
- What’s Yours Is Mine and What’s Mine’s My Own: Joint Accounts and Digital Identity
- Theorizing Deception: A Scoping Review of Theory in Research on Dark Patterns and Deceptive Design
- Superheroes on Screen:Real Life Lessons for Security Debates
Sharmin Ahmed, University of Utah
Florian Alt, LMU Munich
- Human-centered Behavioral and Physiological Security
- “Your Eyes Tell You Have Used This Password Before”: Identifying Password Reuse from Gaze and Keystroke Dynamics
- Evaluating the Influence of Targets and Hand Postures on Touch-based Behavioural Biometrics
Bonnie Anderson, Brigham Young University
France Belanger, Virginia Tech
Zinaida Benenson, University of Erlangen
- Employees’ Attitudes Towards Phishing Simulations: “It’s Like When a Child Reaches onto the Hot Hob”
- Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities
- Achieving Resilience: Data Loss and Recovery on Devices for Personal Use in Three Countries
Matt Blaze, Georgetown University
Burcu Bulgurcu, Toronto Metropolitan University
Sunny Consolvo, Google
Joseph Da Silva, Johnson Matthey
- Protection, Expertise and Domination: Cyber Masculinity in Practice
- “Cyber Security Is a Dark Art”: The CISO as Soothsayer
- Cyber Security and the Leviathan
Judith Donath, Berkman-Klein Center Harvard University
Serge Egelman, UC Berkeley / ICSI
- Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps
- “Protect Me Tomorrow”: Commitment Nudges to Remedy
Compromised Passwords - Log: It’s Big, It’s Heavy, It’s Filled with Personal Data!
Measuring the Logging of Sensitive Information
in the Android Ecosystem
Christian Eichenmüller, University of Erlangen-Nuremberg
Vaibhav Garg, Comcast Cable
- All the AI Risks We Cannot See
- Covenants Without the Sword: Market Incentives for Cybersecurity Investment
- A Lemon by Any Other Label
Mia Hassoun, University of Cambridge / Google
Jonas Hielscher, CISPA, Germany
- “Employees Who Don’t Accept the Time Security Takes Are Not Aware Enough”: The CISO View of Human-Centred Security
- Selling Satisfaction: A Qualitative Analysis of Cybersecurity Awareness Vendors’ Promises
- “What Keeps People Secure is That They Met the Security Team”:
Deconstructing Drivers And Goals of Organizational Security Awareness
Jack Hughes, University of Cambridge
Alice Hutchings, University of Cambridge
- Stop Following Me! Evaluating the Malicious Uses of Personal Item Tracking Devices and Their Anti-Stalking Features
- No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment
- The Amplification of Online Deviancy Through the Language of Violent Crime, War, and Aggression
Adam Joinson, University of Bath
- Internet Memes as Stabilizers of Conspiracy Culture: A Cognitive Anthropological Analysis
- Not All Interventions Are Made Equal: Harnessing Design and Messaging to Nudge Bystander Intervention
- Adopting a Systemic Design Approach to Cyber Security Incident Response
Jan H. Klemmer, CISPA Helmholtz Center for Information Security
- Transparency in Usable Privacy and Security Research: Scholars’ Perspectives, Practices, and Recommendations
- Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
- Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security
Laura Kocksch, Aalborg University Copenhagen
- Caring for IT Security: Accountabilities, Moralities, and Oscillations in IT Security Practices
- The Mundane Art of Cybersecurity: Living with Insecure IT in Danish Small- and Medium-Sized Enterprises
- Can Security Become a Routine?: A Study of Organizational Change in an Agile Software Development Group
Eliot Lear, Cisco Systems
Jon Lindsay, Georgia Institute of Technology
- Cyber Conflict Vs. Cyber Command: Hidden Dangers in the American Military Solution to a Large-Scale Intelligence Problem
- War Is from Mars, AI Is from Venus: Rediscovering the Institutional Context of Military Automation
- Abducted by Hackers: Using the Case of Bletchley Park to Construct a Theory of Intelligence Performance That Generalizes to Cybersecurity
Jonathan Lusthaus, University of Oxford
- Reconsidering Crime and Technology: What Is This Thing We Call Cybercrime?
- Mapping the Global Geography of Cybercrime with the World Cybercrime Index
- Industry of Anonymity: Inside the Business of Cybercrime
Michele Maasberg, US Naval Academy
Damon McCoy, NYU
- Into the Driver’s Seat with Social Media Content Feeds
- Measurement and Metrics for Content Moderation: The Multi-Dimensional Dynamics of Engagement and Content Removal on Facebook
Tom Meurs, University of Twente/Dutch Police
- Ransomware Economics: A Two-Step Approach to Model Ransom Paid
- Deception in Double Extortion Ransomware Attacks: An Analysis of Profitability and Credibility
- Ransomware: How Attacker’s Effort, Victim Characteristics and Context Influence Ransom Requested, Payment and Financial Loss
Steven Murdoch, University College London
Alena Naiakshina, University of Cologne
- Defying the Odds: Solana’s Unexpected Resilience in Spite of the Security Challenges Faced by Developers
- Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative Survey
- ChatGPT-Resistant Screening Instrument for Identifying Non-Programmers
Rebekah Overdorf, Ruhr University Bochum
- Characterizing and Detecting Propaganda-Spreading Accounts on Telegram
- Misleading Repurposing on Twitter
Yanna Papadodimitraki, University of Cambridge
Sunoo Park, New York University
Simon Parkin, Delft University of Technology
- Selling Satisfaction: A Qualitative Analysis of Cybersecurity Awareness Vendors’ Promises
- An Analysis of Phishing Reporting Activity in a Bank
- “The Trivial Tickets Build the Trust”: A Co-Design Approach to Understanding Security Support Interactions in a Large University
Sameer Patil, University of Utah
- From the Childhood Past: Views of Young Adults on Parental Sharing of Children’s Photos
- Layering Sociotechnical Cybersecurity Concepts Within Project-Based Learning
- Do Regional Variations Affect the CAPTCHA User Experience? A Comparison of CAPTCHAs in China and the United States
Samantha Phillips, The University of Tulsa
- Leveraging Situational Judgment Tests to Measure Behavioral Information Security
- Measuring Dimensions of Information Security Culture Across Industries with Situational Judgement Tests
Harshini Sri Ramulu, Paderborn University
- Security and Privacy Software Creators’ Perspectives on Unintended Consequences
- “Always Contribute Back”: A Qualitative Study on Security Challenges of the Open Source Supply Chain
- “It’s Time. Time for Digital Security.”: An End User Study on Actionable Security and Privacy Advice
Michael Specter, Georgia Tech
Elissa Redmiles, Georgetown University
- From the Childhood Past: Views of Young Adults on Parental Sharing of Children’s Photos
- SoK (Or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security Behaviors
- Violation of My Body: Perceptions of AI-Generated Non-Consensual (Intimate) Imagery
Felix Reichmann, Ruhr University Bochum
M. Angela Sasse, Ruhr University Bochum
- Simulated Stress: A Case Study of the Effects of a Simulated Phishing Campaign on Employees’ Perception, Stress and Self-Efficacy
- Digital Security—A Question of Perspective: a Large-Scale Telephone Survey with Four at-Risk User Groups
- Caring Not Scaring
Arianna Schuler Scott, Virginia Tech
Ryan Shandler, Georgia Tech
- The Hidden Threat of Cyber-Attacks—Undermining Public Confidence in Government
- Cyber Terrorism and Public Support for Retaliation—A Multi-Country Survey Experiment
- Introduction: Cyber-Conflict—Moving from Speculation to Investigation
Adam Shostack, Shostack + Associates
Frank Stajano, University of Cambridge
- Sleepwalking into Disaster? Requirements Engineering for Digital Cash (Position Paper)
- Understanding Scam Victims: Seven Principles for Systems Security
- The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
Anna Talas, University of Cambridge
- Threat Me Right: A Human HARMS Threat Model for Technical Systems
- Love Bytes Back: Cybercrime Following Relationship Breakdown
- Hacker’s Paradise: Analysing Music in a Cybercrimeforum
Kieron Ivy Turk, University of Cambridge
Tony Vance, Virginia Tech
Kami Vaniea, University of Waterloo
- Not as Easy as Just Update: Survey of System Administrators and Patching Behaviours
- I Didn’t Click: What Users Say When Reporting Phishing
- Twitter has a Binary Privacy Setting, are Users Aware of How
It Works?
Varad Vishwarupe, Department of Computer Science and Institute for Ethics in AI, University of Oxford
- Bringing Humans at the Epicenter of Artificial Intelligence: A Confluence of AI, HCI and Human Centered Computing
- Explainable AI and Interpretable Machine Learning: A Case Study in Perspective
- Designing a Human-centered AI-based Cognitive Learning Model for Industry 4.0 Applications
Anh V. Vu, University of Cambridge
- Assessing the Aftermath: the Effects of a Global Takedown against DDoS-for-hire Services
- No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment
- Yet Another Diminishing Spark: Low-level Cyberattacks in the Israel-Gaza Conflict
Luna Wang, University of Cambridge
Josephine Wolff, Tufts University
Daniel W. Woods, University of Edinburgh