One cannot have security and privacy without considering both the technical and human aspects thereof. If the user is not given due consideration in the development process, the system is likely to enable users to protect their privacy and security in the Internet.
Usable security and security is more complicated than traditional usability. This is because traditional usability principles cannot always be applied. For example, one of the cornerstones of usability is that people are given feedback on their actions, and are helped to recover from errors. In authentication, we obfuscate password entry (a usability fail) and we give people no assistance to recover from errors. Moreover, security is often not related to the actual functionality of the system, so people often see it as a bolt-on, and an annoying hurdle. These and other usability challenges of security are the focus of this workshop.
We invite submissions on all aspects of human factors including mental models, adoption, and usability in the context of security and privacy. USEC 2017 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence, machine learning and theoretical computer science as well as researchers from other domains such as economics, legal scientists, social scientists, and psychology. We particularly encourage collaborative research from authors in multiple disciplines.
Topics include, but are not limited to:
- Human factors related to the deployment of the Internet of Things (New topic for 2017)
- Usable security / privacy evaluation of existing and/or proposed solutions
- Mental models that contribute to, or complicate, security or privacy
- Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
- Foundations of usable security and privacy incl. usable security and privacy patterns
- Ethical, psychological, sociological, economic, and legal aspects of security and privacy technologies
We further encourage submissions that contribute to the research community’s knowledge base:
- Reports of replicating previously published studies and experiments
- Reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.
It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely underrepresented in human factors in security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of failed experiments, since their publication will serve to prevent others falling into the same traps.