The 4th European Workshop on Usable Security
Stockholm, Sweden
June 20, 2019

The European Workshop on Usable Security (EuroUSEC) is the European sister of the USEC workshop, serving as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC 2019 will be co-located with the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019) and it will be held in Stockholm, Sweden on June 20, 2019.

The European Workshop on Usable Security solicits previously unpublished work offering novel research contributions in any aspect of human-centered security and privacy. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy as well as researchers and practitioners from other domains such as psychology, social science, and economics.



Program (Thursday, June 20, 2019)

For each paper, we'll have a 15 minute talk by the presenter followed by a 15 minute group discussion. We also have an interactive group session right after lunch.

To make the workshop as effective as possible for everyone, we ask that all participants commit to our social contract: don’t arrive late or leave early for individual talks; don’t use electronics other than explicitly for engagement (live tweeting, following along in the paper); provide constructive and meaningful feedback for all papers. If you need to check your email or do some work (we know it happens!), please take a break for a particular paper or session and go do it, and then come back ready to engage again.


08:30 - 08:45Registration

08:45 - 09:00Opening Remarks

09:00 - 10:00Users' Security Attitudes
Why Johnny Fails to Protect his Privacy
Nina Gerber (Karlsruhe Institute of Technology); Verena Zimmermann (Technische Universität Darmstadt); Melanie Volkamer (Karlsruhe Institute of Technology)
"Don't punish all of us": Measuring User Attitudes about Two-Factor Authentication
Jonathan Dutson, Danny Allen, Dennis Eggett, and Kent Seamons (Brigham Young University)

10:00 - 10:30Coffee Break

10:30 - 11:30Developer-Centred Security
A Survey on Developer-Centred Security
Mohammad Tahaei and Kami Vaniea (University of Edinburgh)
How Could Serious Games Support Secure Programming? Designing a Study Replication and Intervention
Manuel Maarek and Léon McGregor (Heriot-Watt University); Sandy Louchart and Ross McMenemy (Glasgow School of Art)

11:30 - 12:30Visions of the Smart Home
Vision: Shining Light on Smart Homes – Supporting Informed Decision-Making of End Users
Verena Zimmermann, Ernestine Dickhaut, Paul Gerber, and Joachim Vogt (Technische Universität Darmstadt)
Vision: Exploring Challenges and Opportunities for Usable Authentication in the Smart Home
Sarah Prange (Bundeswehr University); Emanuel von Zezschwitz (University of Bonn); Florian Alt (Bundeswehr University)

12:30 - 14:00Lunch

14:00 - 14:30Passwords
Comparative Analysis of Three Language Spheres: Are Linguistic and Cultural Differences Reflected in Password Selection Habits?
Keika Mori (Waseda University); Takuya Watanabe (NTT Secure Platform Laboratories); Yunao Zhou (Waseda University); Ayako Akiyama Hasegawa (NTT Secure Platform Laboratories); Mitsuaki Akiyama (NTT Secure Platform Laboratories); Tatsuya Mori (Waseda University / RIKEN AIP / NICT)

14:30 - 15:30Interactive Group Design Activity

15:30 - 16:00Coffee Break

16:00 - 17:30Dealing with Security Threats
Detecting Misalignments Between System Security and User Perceptions: A Preliminary Socio-Technical Analysis of an E2E Email Encryption System
Borce Stojkovski, Itzel Vazquez Sandoval, and Gabriele Lenzini (University of Luxembourg)
A Review of Human- and Computer-Facing URL Phishing Features
Kholoud Althobaiti (University of Edinburgh / Taif University); Ghaidaa Rummani (Hood College); Kami Vaniea (University of Edinburgh)
2 Fast 2 Secure: A Case Study of Post-Breach Security Changes
Albesë Demjaha, Tristan Caulfield, M. Angela Sasse, and David Pym (University College London)

17:30 - 18:00Closing Remarks and Wrap-Up Session


Call for Papers

We invite you to submit a paper and join us at the EuroUSEC workshop, which will be held on June 20, 2019 in Stockholm, Sweden. The workshop will be co-located with the 4th IEEE European Symposium on Security and Privacy (EuroS&P). The EuroUSEC website is at https://eusec.cs.uchicago.edu

We are excited to welcome original work describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. We explicitly welcome work on evaluating existing or experimental research methods.

NEW FOR 2019: This year, we will accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions aims to include researchers at all stages of their career and at all stages of their projects.

Topics include, but are not limited to:

  • innovative security or privacy functionality and design
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological, and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodologies for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

We have observed that the most effective workshops are those that encourage discussion between delegates. As with EuroUSEC last year, each paper will be given a longer time slot in order to promote discussion, engagement, and helpful feedback.

For accepted papers, please arrange for at least one author to attend the workshop.



Important Dates

Paper submission deadlineThursday, March 7, 2019 Tuesday, March 12, 2019 (Anywhere on Earth)
NotificationFriday, April 5, 2019
Camera readyFriday, April 19, 2019
WorkshopThursday, June 20, 2019



Submission Instructions

Papers should be written in English. Submissions should be anonymized for review. Please refer to your own related work in the third person, as though someone else had written it. This also includes, e.g., data sets: "We received data from the authors of [31] which we reused for this experiment." Do not blind citations except in extraordinary circumstances.

In keeping with IEEE guidelines, all submissions must be original work; authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the workshop chairs if there are questions about this policy.

Papers must be typeset in A4 format (not "US Letter") using the IEEE conference proceeding template with the appropriate options [LaTeX template, LaTeX template instructions, Word template]. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Research Track: The research track is intended to report on more mature work that has been completed. The goal of the workshop’s research track is to disseminate results of interest to the broader usable security and privacy community. Papers must be up to 10 pages in length including the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices, so your paper should be self-contained without them. Accepted papers will be published on the workshop website with their supplementary appendices included, but will be published in IEEE Xplore without these supplemental appendices.

Vision Track: The vision track is intended to report on work in progress, or even concrete ideas for work that has yet to begin. The goal of the workshop’s vision track is to provide the authors helpful feedback, pointers to potentially related investigations, and new ideas to explore. Papers must be up to 5 pages in length including the bibliography, and with no appendices. Submissions to the vision track should have a title beginning with the prefix "Vision: ".

Submission Site

Please upload your submission to our HotCRP instance, which is now open for submissions.

Proceedings

The proceedings will be published by the IEEE after the workshop and will be made available in IEEE Xplore. To facilitate discussion at the workshop itself, we plan to post pre-prints on this webpage shortly before the workshop.



Steering Committee

Program Committee Chairs

Program Committee

Publicity Chairs



Venue and Registration

The workshop is colocated with the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019). Registration details are available on the EuroS&P website. EuroUSEC is one of the post-conference workshops.


Social Contract

To make the workshop as effective as possible for everyone, we ask that all participants commit to our social contract: don't arrive late or leave early for individual talks; don't use electronics other than explicitly for engagement (live tweeting, following along in the paper); provide constructive and meaningful feedback for all papers. If you need to check your email or do some work (we know it happens!), please take a break for a particular paper or session and go do it, and then come back ready to engage again.
(Credit to the New Security Paradigms Workshop for the concept of the social contract.)