USEC 2015 : NDSS Workshop on Usable Security 2015

Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. <br>However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy fro... Read more

Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. <br>However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security. <br>The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. USEC 2015 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology. <br>We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to: <br>Evaluation of usability issues of existing security and privacy models or technology <br>Design and evaluation of new security and privacy models or technology <br>Impact of organizational policy or procurement decisions <br>Lessons learned from designing, deploying, managing or evaluating security and privacy technologies <br>Foundations of usable security and privacy <br>Methodology for usable security and privacy research <br>Ethical, psychological, sociological and economic aspects of security and privacy technologies <br>We further encourage submissions that contribute to the research community’s knowledge base: <br>Reports of replicating previously published studies and experiments <br>Reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience. <br>It is the aim of USEC to contribute to an increase of the scientific quality of usable security and privacy research. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely underrepresented in usable security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community.