From Gabriele.Lenzini at uni.lu Fri Feb 14 04:58:23 2014 From: Gabriele.Lenzini at uni.lu (Gabriele LENZINI) Date: Fri, 14 Feb 2014 09:58:23 +0000 Subject: [Soups-announce] C4P - STAST2014, Socio-Technical Aspects of Security and Trust Message-ID: apologies for multiple copies --- CALL FOR PAPERS --- * ********************************************************** * * 4th Int. Workshop on * * Socio-Technical Aspects of Security and Trust * * 18 July 2014 * * (STAST) - http://www.stast2014.uni.lu * * ---------------------------------------------------------- * * Co-located with * * Computer Security Foundation Symposium (CSF) * * Vienna, Austria * * ********************************************************** * IMPORTANT DATES ---------------- Papers due: 20 April 2014 Notification: 31 May 2014 Pre-proceeding: 6 July 2014 Final version: 27 July 2014 (after the workshop) SCOPE --------------------- Today, security threats are hardly sheer technical. They are rather socio-technical threats and come from adversaries who combine social engineering practices with technical skills to circumvent the defenses of information systems. Socio-technical attacks often succeed by exploiting the users' ill-understanding of security mechanisms or loopholes in poorly designed user interfaces and unclear security policies. In securing systems against these threats, humans obviously cannot be treated as machines. Humans have peculiar decision making processes. But they actions and behavioural patterns, despite apparently irrational, are perfectly justifiable from a cognitive and a social perspective. Computer security hence appears to acquire more and more the facets of an interdisciplinary science with roots in both interpretive and positivist research traditions. The workshop intends to foster an interdisciplinary discussion on how to model and analyse the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. We welcome experts from all involved and interested communities, including but by no means limited to social and behavioral sciences, philosophy and psychology and computer science. WORKSHOP TOPICS -------------- Relevant topics include but are not limited to: * Usability Analysis * System-User Interfaces * Psychology of Deception * Socio-Technical Attacks and Defenses * User Perception of Security and Trust * Cognitive Aspect in Human Computer Interaction * Human Practice and Behavioural Models * Design and Analysis of Socio-Technical Secure Systems * Social Engineering * Ceremonies and Workflows * Game Theoretical Approaches to Security * Cyber Crime Science * Threat and Adversary Models * Social Informatics and Networks * Security Ethics * Effects of Technology on Trust Building Behaviour * Socio-Technical Experiences and Test Cases PROGRAM COMMITTEE ----------------- Bishop, Matt (Univ. of California Davis, USA) Garg, Vaibhav (Drexel Univ., USA) Herley, Cormac (Microsoft Research, USA) Kammueller, Florian (Middlesex Univ., UK) Martina, Jean Everson (Univ. Federal de Santa Catarina, BR) Montoya, Lorena (Univ. of Twente, NL) Moore, Andrew P. (CERT/SEI, USA) Moore, Tyler (Souther Methodist Univ., USA) Morgan, H. Llewellyn (specularX, USA) Nadjm-Tehrani, Simin (Link?ping Univ., SE) Pellegrino, Giancarlo (Eurecom, FR) Ortlieb, Martin (Google, CH) Pieters, Wolters (Univ. of Twente and TU Delft, NL) Ryan, Peter Y. A. (Univ. of Luxembourg, LU) van Deursen, Nicole (Edinburgh Napier University, UK) Volkamer, Melanie (TU Darmstadt, DE) Wash, Rick (Michigan State University, USA) Woodruff, Alison (Google, USA) Yan, Jeff (Newcastle Univ., UK) PAPER SUBMISSION ---------------- Contributions should be at most 8 pages, including the bibliography and well-marked appendices, and should follow the IEEE 8.5" x 11" Two-Columns Format. Both theoretical and applied research papers are welcome. Please visit our web site for more submission guidelines. PROCEEDINGS ----------- Pre-proceedings will be made available at the venue. Authors will be given the opportunity to review their manuscripts, for the final post-proceedings, which will be published IEEE in the IEEE digital library after the workshop. ORGANIZING COMMITTEE -------------------- ** Workshop Chairs Bella, Giampaolo (Univ. of Catania, IT) Lenzini, Gabriele (Univ. of Luxembourg, L) ** Programme Chairs and Co-Chairs Probst, Christian W. (DTU, DK) Ashenden, Debi M. (Cranfield Uni., UK) -------------------------------------------------------------------- Dr. G. Lenzini - Associate Researcher Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg --------------------------------------------------------------------- T.: +352 466 644 5778?? -? F.: +352 466644 5669 Gabriele.Lenzini at Uni.Lu -------------------------------------------------------------------- 4, rue Alphonse?Weicker? L-2721?Luxembourg -------------------------------------------------------------------- From egelman at cs.cmu.edu Wed Feb 19 11:05:31 2014 From: egelman at cs.cmu.edu (Serge Egelman) Date: Wed, 19 Feb 2014 08:05:31 -0800 Subject: [Soups-announce] CfP: The 2014 Symposium on Usable Privacy and Security (SOUPS) [Paper Registration: Feb. 28] Message-ID: Symposium On Usable Privacy and Security 2014 In-cooperation with USENIX http://cups.cs.cmu.edu/soups/ July 9-11, 2014 Menlo Park, CA CALL FOR PAPERS http://cups.cs.cmu.edu/soups/2014/cfp.html The 2014 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held at Facebook in Menlo Park, CA. TECHNICAL PAPERS (see the SOUPS website for details on other types of submissions) We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to: - innovative security or privacy functionality and design, - new applications of existing models or technology, - field studies of security or privacy technology, - usability evaluations of new or existing security or privacy features, - security testing of new or existing usability features, - longitudinal studies of deployed security or privacy features, - the impact of organizational policy or procurement decisions, and - lessons learned from the deployment and use of usable privacy and security features, - reports of replicating previously published studies and experiments, - reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience. All submissions must relate to both usability and either security or privacy. Papers on security or privacy applications that do not address usability or human factors will not be considered. Papers must use the SOUPS formatting template (available for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplemental appendices containing study materials (e.g., surveys) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices so your paper should be self contained without them. Accepted papers will be published online with their supplemental appendices included. Submissions must be no more than 20 pages including bibliography and appendices. Submissions must be in PDF format and should be made electronically at http://cups.cs.cmu.edu/crp/soups2014/. New this year, reviewing is double blind: Author names and affiliations should not appear on the title page, and papers should avoid revealing the authors' identity in the text. Any references to own work should be made in the third person. Contact the program chairs if you have any questions. Submissions that violate these requirements may be rejected without review. Technical papers must be registered by 5pm, US Pacific time, Friday, Feb 28 and submitted by 5pm, US Pacific time, Thursday, Mar 6. This is a hard deadline! Authors will be notified of technical paper acceptance by May 5, and camera-ready final versions of technical papers will be due May 30. Accepted papers will be published by the USENIX Association, and will be freely available on the USENIX and SOUPS websites. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in a clearly-marked explanatory note at the front of the paper. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. As technical reports are not peer reviewed they are exempt from this rule. You may also release pre-prints of your accepted work to the public at your discretion. Authors are encouraged to review: Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them https://cups.cs.cmu.edu/soups/2010/howtosoups.pdf User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors are encouraged to include in their submissions explanation of how ethical principles were followed, and may be asked to provide such an explanation should questions arise during the review process. Technical Papers Committee Lujo Bauer, Carnegie Mellon University, USA (co-chair) Konstantin Beznosov, University of British Columbia, Canada Robert Biddle, Carleton University, Canada (co-chair) Sonia Chiasson, Carleton University, Canada Sunny Consolvo, Google, USA Alexander De Luca, University of Munich (LMU), Germany Simson Garfinkel, Naval Postgraduate School, USA Iulia Ion, Google, USA Maritza Johnson, Facebook, USA Apu Kapadia, Indiana University, USA Wenke Lee, Georgia Tech, USA Heather Lipford, UNC Charlotte, USA Michael K. Reiter, UNC Chapel Hill, USA Stuart Schechter, Microsoft Research, USA Matthew Smith, University of Bonn, Germany Melanie Volkamer, Technische Universit?t Darmstadt, Germany Yang Wang, Syracuse University, USA Tara Whalen, Carleton University, Canada Mary Ellen Zurko, Cisco Systems, USA SOUPS 2014 IMPORTANT DATES Early registration deadline - June 12 Conference - July 9-11 Technical papers Paper registration deadline - February 28, 5 pm US Pacific time -- papers must be registered! Submission deadline - March 6, 5 pm US Pacific time (hard deadline!) Notification of paper acceptance - May 5 Camera ready papers due - May 30 Posters Submission deadline - May 15, 5 pm US Pacific time Notification of acceptance - May 30 Tutorials and workshops Proposal submission deadline - January 24 Notification of proposal acceptance - February 14 Workshop paper submission deadline - May 15 Notification of workshop paper acceptance - May 30 Camera ready papers due - June 13 Panels and invited talks Panel proposal submission deadline - January 24 Speaker suggestion submission deadline - January 24 Lightning talks and demos Early submission deadline - May 15 Early submission notification - May 30 Submissions received after May 15 will be considered until the program is full Thanks to our sponsors: Facebook, Carnegie Mellon CyLab, and Carnegie Mellon MSIT-Privacy Engineering Masters Program -- /* I am Serge Egelman and I approve this message. */ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Sat Mar 1 14:38:05 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Sat, 1 Mar 2014 14:38:05 -0500 Subject: [Soups-announce] last chance to register SOUPS papers. Message-ID: There was some confusion about the paper registration deadline so we are giving you one more chance... get your paper titles and abstracts registered today. Then submit your full paper by March 6. http://cups.cs.cmu.edu/soups/2014/cfp.html From elizabeth.stobert at gmail.com Thu Mar 20 21:45:27 2014 From: elizabeth.stobert at gmail.com (Elizabeth Stobert) Date: Thu, 20 Mar 2014 21:45:27 -0400 Subject: [Soups-announce] CFP: Workshop: Who are you?! Adventures in Authentication Message-ID: Workshop: Who are you?! Adventures in Authentication Symposium on Usable Privacy and Security (SOUPS) July 9, 2014 Menlo Park, CA https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html Submission Deadline: May 15, 2014, 5pm PDT Notification Deadline: May 30, 2014 5pm PDT Description: Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid. The user?s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable. Topics of interest for this workshop include: ? Surveys and comparisons of known authentication techniques ? Novel metrics or comparisons of metrics for authentication strength ? Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user?s primary task ? New authentication techniques that target emerging computing environments such as mobile and embedded systems ? Approaches (including protocols) that enable weak authentication schemes to be more robust ? Existing authentication techniques applied in new environments or usage contexts ? Novel approaches to the design and evaluation of authentication systems The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. Panel discussions may be organized around topics of interest where the workshop participants will be given an opportunity to give presentations, which may include current or prior work in this area, as well as pose new challenges in authentication. We are soliciting 1-2 page position statements that express the nature of your interest in the workshop; these should include the aspects of authentication of interest to you, including the topic(s) that you would like to discuss during the workshop and panel discussions. Position statements must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded. Submissions should be made via EasyChair WAY 2014 web site: https://www.easychair.org/account/signin.cgi?key=8485659.ZnOnnFc1ZOOSBEj8 Workshop co-chairs: Larry Koved Elizabeth Stobert IBM T. J. Watson Research Center Carleton University koved at us.ibm.com elizabeth.stobert at carleton.ca Program chair: Elizabeth Stobert Carleton University elizabeth.stobert at carleton.ca Please send workshop inquiries to: AdventuresInAuthentication at gmail.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Tue Apr 1 23:17:29 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Tue, 1 Apr 2014 23:17:29 -0400 Subject: [Soups-announce] looking for hosts for SOUPS 2015 and 2016 Message-ID: We?re looking for institutions interested in hosting the SOUPS 2015 conference in North America and the SOUPS 2016 conference in Europe. We have had great success in the past with corporate hosts who have provided space and sponsored conference meals. We are also open to proposals from academic hosts who can provide free or low cost space, even if they cannot sponsor meals. We need space for about 200 people for a three-day conference, including space for 2 or 3 parallel workshops on the first day, a poster session, and lunch. We typically hold SOUPS in July. Proximity to reasonably-priced hotels and an international airport is a plus. If your institution is interested in hosting, please contact the SOUPS general chair, Lorrie Cranor lorrie at acm.org. From woodruff at google.com Wed Apr 2 14:33:32 2014 From: woodruff at google.com (Allison Woodruff) Date: Wed, 2 Apr 2014 11:33:32 -0700 Subject: [Soups-announce] CFP: Workshop on Privacy Personas and Segmentation (PPS) at SOUPS 2014 Message-ID: =================================================================== Privacy Personas and Segmentation (PPS) Workshop at the Symposium on Usable Privacy and Security (SOUPS) 2014 July 9, 2014, Menlo Park, CA SUBMISSION DEADLINE: May 15, 2014, 5pm PDT Further details at: https://cups.cs.cmu.edu/soups/2014/workshops/privacy.html =================================================================== Starting with Westin's Privacy Indexes - a non-contextual privacy measure - scholars and practitioners have been interested in understanding and measuring privacy attitudes and concerns, and their relationship with privacy behavior. Over time, an awareness has emerged of the importance of context in privacy concerns, and the complex relationship between concerns and actual behaviors. In recent years, proposals have been made to segment individuals into more granular and detailed categories of privacy concerns or behaviors, and classify or predict their privacy types, or personas. Such efforts have been motivated by the goals of better understanding the relationships between privacy attitudes, concerns and behaviors, and of helping end users make better privacy decisions. The focus of the PPS workshop is to bring together researchers and practitioners interested in privacy personas and segmentation, to encourage a paradigm shift in the measurement, modeling, and characterization of privacy concerns which recognizes the complex interaction of factors influencing it. Those interested in participating should submit a research or position paper on a relevant topic. Topics of interest include, but are not limited to: o The use of segmentations and personas for representing privacy concerns o Critiques of existing approaches and explorations of the inherent limitations of privacy segmentations or privacy personas o New paradigms and instruments for understanding, measuring, and modeling privacy concerns o Evaluations and critiques of existing instruments for measuring privacy concerns o The role of context, personality, experiences, and other traits in influencing privacy concerns o The relationship between privacy concerns, attitudes, and behavior o The influence of an organization's privacy behavior on users' privacy concerns o Other topics related to measuring, modeling, and characterizing privacy concerns Authors of accepted papers will be invited to present their ideas at the workshop. Accepted workshop papers will be available on the SOUPS website, but will not be included in the ACM Digital library. This means that the works will not be considered peer-reviewed publications from the perspective of SOUPS and hence should not preclude subsequent publication at another venue. SUBMISSION We invite authors to submit short research papers or position papers in PDF format. Papers should use the SOUPS 2-column formatting template (MS Word or LaTeX ). Submissions should be 1 to 6 pages in length, excluding references and appendices. The paper should be self-contained without requiring readers to also read the appendices. Submissions should not be blinded. Submissions should be made through the EasyChair PPS 2014 submission site: https://www.easychair.org/account/signin.cgi?key=10526348.xXcqYWqXQfwR0tjm IMPORTANT DATES Submission Deadline: May 15, 2014, 5pm PDT Notification: May 30, 2014 Workshop: July 9, 2014 ORGANIZERS Alessandro Acquisti, Carnegie Mellon University Anthony Morton, University College London Norman Sadeh, Carnegie Mellon University Allison Woodruff, Google Email inquiries may be sent to: anthony.morton.09 at ucl.ac.uk or woodruff at google.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From koved at us.ibm.com Tue Apr 15 08:34:50 2014 From: koved at us.ibm.com (Larry Koved) Date: Tue, 15 Apr 2014 08:34:50 -0400 Subject: [Soups-announce] CFP: Workshop: Who are you?! Adventures in Authentication In-Reply-To: References: Message-ID: Workshop: Who are you?! Adventures in Authentication Symposium on Usable Privacy and Security (SOUPS) July 9, 2014 Menlo Park, CA https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html Submission Deadline: May 15, 2014, 5pm PDT Notification Deadline: May 30, 2014 5pm PDT Description: Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid. The user?s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable. Topics of interest for this workshop include: ? Surveys and comparisons of known authentication techniques ? Novel metrics or comparisons of metrics for authentication strength ? Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user?s primary task ? New authentication techniques that target emerging computing environments such as mobile and embedded systems ? Approaches (including protocols) that enable weak authentication schemes to be more robust ? Existing authentication techniques applied in new environments or usage contexts ? Novel approaches to the design and evaluation of authentication systems The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. Panel discussions may be organized around topics of interest where the workshop participants will be given an opportunity to give presentations, which may include current or prior work in this area, as well as pose new challenges in authentication. We are soliciting 1-2 page position statements that express the nature of your interest in the workshop; these should include the aspects of authentication of interest to you, including the topic(s) that you would like to discuss during the workshop and panel discussions. Position statements must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded. Submissions should be made via EasyChair WAY 2014 web site: https://www.easychair.org/account/signin.cgi?key=8485659.ZnOnnFc1ZOOSBEj8 Workshop co-chairs: Larry Koved Elizabeth Stobert IBM T. J. Watson Research Center Carleton University koved at us.ibm.com elizabeth.stobert at carleton.ca Program chair: Elizabeth Stobert Carleton University elizabeth.stobert at carleton.ca Please send workshop inquiries to: AdventuresInAuthentication at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Gabriele.Lenzini at uni.lu Sat Apr 19 15:18:17 2014 From: Gabriele.Lenzini at uni.lu (Gabriele LENZINI) Date: Sat, 19 Apr 2014 19:18:17 +0000 Subject: [Soups-announce] C4P - STAST2014, Socio-Technical Aspects of Security and Trust Message-ID: apologies for multiple copies --- CALL FOR PAPERS --- * ********************************************************** * * 4th Int. Workshop on * * Socio-Technical Aspects of Security and Trust * * (STAST) - http://www.stast2014.uni.lu * * ---------------------------------------------------------- * * Co-located with * * Computer Security Foundation Symposium (CSF) * * Vienna, Austria * * ********************************************************** * IMPORTANT DATES ---------------- Papers (extended): 30 April Notification: 31 May Pre-proceeding: 6 July Final version: 27 July (after the workshop) SCOPE --------------------- Today, security threats are hardly sheer technical. They are rather socio-technical threats and come from adversaries who combine social engineering practices with technical skills to circumvent the defenses of information systems. Socio-technical attacks often succeed by exploiting the users' ill-understanding of security mechanisms or loopholes in poorly designed user interfaces and unclear security policies. In securing systems against these threats, humans obviously cannot be treated as machines. Humans have peculiar decision making processes. But they actions and behavioural patterns, despite apparently irrational, are perfectly justifiable from a cognitive and a social perspective. Computer security hence appears to acquire more and more the facets of an interdisciplinary science with roots in both interpretive and positivist research traditions. The workshop intends to foster an interdisciplinary discussion on how to model and analyse the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. We welcome experts from all involved and interested communities, including but by no means limited to social and behavioral sciences, philosophy and psychology and computer science. WORKSHOP TOPICS -------------- Relevant topics include but are not limited to: * Usability Analysis * System-User Interfaces * Psychology of Deception * Socio-Technical Attacks and Defenses * User Perception of Security and Trust * Cognitive Aspect in Human Computer Interaction * Human Practice and Behavioural Models * Design and Analysis of Socio-Technical Secure Systems * Social Engineering * Ceremonies and Workflows * Game Theoretical Approaches to Security * Cyber Crime Science * Threat and Adversary Models * Social Informatics and Networks * Security Ethics * Effects of Technology on Trust Building Behaviour * Socio-Technical Experiences and Test Cases PROGRAM COMMITTEE ----------------- Bishop, Matt (Univ. of California Davis, USA) Garg, Vaibhav (Drexel Univ., USA) Herley, Cormac (Microsoft Research, USA) Kammueller, Florian (Middlesex Univ., UK) Martina, Jean Everson (Univ. Federal de Santa Catarina, BR) Montoya, Lorena (Univ. of Twente, NL) Moore, Andrew P. (CERT/SEI, USA) Moore, Tyler (Souther Methodist Univ., USA) Morgan, H. Llewellyn (specularX, USA) Nadjm-Tehrani, Simin (Linkoping Univ., SE) Pellegrino, Giancarlo (Eurecom, FR) Ortlieb, Martin (Google, CH) Pieters, Wolters (Univ. of Twente and TU Delft, NL) Ryan, Peter Y. A. (Univ. of Luxembourg, LU) van Deursen, Nicole (Edinburgh Napier University, UK) Volkamer, Melanie (TU Darmstadt, DE) Wash, Rick (Michigan State University, USA) Woodruff, Alison (Google, USA) Yan, Jeff (Newcastle Univ., UK) PAPER SUBMISSION ---------------- Contributions should be at most 8 pages, including the bibliography and well-marked appendices, and should follow the IEEE 8.5" x 11" Two-Columns Format. Both theoretical and applied research papers are welcome. Please visit our web site for more submission guidelines. PROCEEDINGS ----------- Pre-proceedings will be made available at the venue. Authors will be given the opportunity to review their manuscripts, for the final post-proceedings, which will be published IEEE in the IEEE digital library after the workshop. ORGANIZING COMMITTEE -------------------- ** Workshop Chairs Bella, Giampaolo (Univ. of Catania, IT) Lenzini, Gabriele (Univ. of Luxembourg, L) ** Programme Chairs and Co-Chairs Probst, Christian W. (DTU, DK) Ashenden, Debi M. (Cranfield Uni., UK) From lorrie at cs.cmu.edu Thu May 1 22:25:05 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Thu, 1 May 2014 22:25:05 -0400 Subject: [Soups-announce] Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE) Message-ID: This workshop is not affiliated with SOUPS, but likely to be of interest to SOUPS folks. Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE) http://appanalysis.org/upside http://ubicomp.org/ubicomp2014/attending/workshops.php The UPSIDE workshop is an opportunity for researchers and practitioners to discuss research challenges and experiences around the usable privacy and security of wearable devices and other consumer sensors and domestic devices (e.g., home automation systems; smart appliances in the home; smart meters; domestic healthcare devices). The workshop will be held in conjunction with the UbiComp 2014 conference --- http://ubicomp.org/ubicomp2014/, in Seattle, WA, USA. [Import dates] Submission deadline: May 28 (Wed), 2014, 5pm PDT Notification deadline: June 18 (Wed), 2014, 5pm PDT Camera-ready due: July 2 (Wed), 2014, 5pm PDT Anonymization: Papers are NOT to be anonymized Papers: <= 6 pages excluding bibliography & appendices Formatting: Use SIGCHI MS Word or LaTeX templates Workshop date: 9/14/2014 (Sun), 2014 [Scope and focus] The workshop seeks two types of original submissions: (1) short papers describing research outcomes and (2) position papers describing new research challenges and worthy topics to discuss in all areas of usable privacy and security of wearables and other consumer sensors and domestic devices. Submissions should relate to both human factors and either privacy or security properties of the devices in question. Topics may include (but are not limited to): - potential security attacks against in-home technologies and their impact on residents - potential security attacks against wearable devices and their impact on people wearing them - access control for sharing data captured by these devices (e.g., photos, sensor data) - access control for shared data among neighbors (e.g., smart meter data, security camera data) - user authentication on devices - understanding user privacy concerns/expectations regarding consumer sensing systems - designing privacy notifications for recording devices - user testing of security or privacy features Short papers may cover research results, work in progress, or experience reports focused on any workshop topic. Papers should describe the purpose and goals of the work, cite related work, and clearly state the contributions to the field (innovation, lessons learned). Position papers present an arguable opinion about an issue. A position paper may include new ideas or discussions of topics at various stages of completeness. Position papers that present speculative or creative out-of-the-box ideas are welcome. While completed work is not required, position papers should still provide reasonable evidence to support their claims. Workshop papers will be available on the UPSIDE website (if chosen by the authors), and will be given an option to be included in the ACM Digital library. This means that unless the authors choose to publish their work (opt-in), the work will not be considered a peer-reviewed publication from the perspective of Ubicomp/UPSIDE and hence should not preclude subsequent publication at another venue. Authors of accepted papers will be invited to present their work at the workshop. [Submissions] We invite authors to submit papers using the SIGCHI templates. Submissions should be 2 to 6 pages in length, excluding references and appendices. The paper should be self-contained without requiring that readers also read the appendices. All submissions must be in PDF format and should not be blinded. Papers should be submitted using the electronic submission system available from the Workshop website (http://appanalysis.org/upside). User experiments should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors may be asked to include explanation of how ethical principles were followed in their final papers should questions arise during the review process. Email inquiries to: jjung at microsoft.com or yoshi at cs.washington.edu [Program committee] Dirk Balfanz (Google, USA) Landon Cox (Duke University, USA) Serge Egelman (ICSI & UC Berkeley, USA) Jaeyeon Jung (Microsoft Research, USA), co-chair Apu Kapadia (Indiana University, USA) Tadayoshi Kohno (University of Washington, USA), co-chair Ratul Mahajan (Microsoft Research, USA) Shwetak Patel (University of Washington, USA) Matthew Smith (Leibniz Universit?t Hannover, Germany) David Wagner (UC Berkeley, USA) From koved at us.ibm.com Mon May 5 11:59:45 2014 From: koved at us.ibm.com (Larry Koved) Date: Mon, 5 May 2014 11:59:45 -0400 Subject: [Soups-announce] CFP: Workshop: Who are you?! Adventures in Authentication - May 15 In-Reply-To: References: Message-ID: Workshop: Who are you?! Adventures in Authentication Symposium on Usable Privacy and Security (SOUPS) July 9, 2014 Menlo Park, CA https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html Submission Deadline: May 15, 2014, 5pm PDT Notification Deadline: May 30, 2014 5pm PDT Description: Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid. The user?s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable. Topics of interest for this workshop include: ? Surveys and comparisons of known authentication techniques ? Novel metrics or comparisons of metrics for authentication strength ? Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user?s primary task ? New authentication techniques that target emerging computing environments such as mobile and embedded systems ? Approaches (including protocols) that enable weak authentication schemes to be more robust ? Existing authentication techniques applied in new environments or usage contexts ? Novel approaches to the design and evaluation of authentication systems The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. Panel discussions may be organized around topics of interest where the workshop participants will be given an opportunity to give presentations, which may include current or prior work in this area, as well as pose new challenges in authentication. We are soliciting 1-2 page position statements that express the nature of your interest in the workshop; these should include the aspects of authentication of interest to you, including the topic(s) that you would like to discuss during the workshop and panel discussions. Position statements must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded. Submissions should be made via EasyChair WAY 2014 web site: https://www.easychair.org/account/signin.cgi?key=8485659.ZnOnnFc1ZOOSBEj8 Workshop co-chairs: Larry Koved Elizabeth Stobert IBM T. J. Watson Research Center Carleton University koved at us.ibm.com elizabeth.stobert at carleton.ca Program chair: Elizabeth Stobert Carleton University elizabeth.stobert at carleton.ca Please send workshop inquiries to: AdventuresInAuthentication at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Tue May 6 22:31:05 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Tue, 6 May 2014 22:31:05 -0400 Subject: [Soups-announce] SOUPS travel scholarships Message-ID: <543E3D67-8950-4F9B-972A-209FB9C50162@cs.cmu.edu> Thanks to a grant from NSF, SOUPS has scholarships available for students who attend US universities to travel to SOUPS. To apply for a scholarship, please complete our online form at https://docs.google.com/spreadsheet/viewform?formkey=dDNENDZVaWJVaUYyTXo1cVVoQ1pHM2c6MA by May 27, 2014. From Marc.Busch at ait.ac.at Thu May 8 11:59:59 2014 From: Marc.Busch at ait.ac.at (Busch Marc) Date: Thu, 8 May 2014 15:59:59 +0000 Subject: [Soups-announce] Workshop on Insecure Interfaces @ SOUPS 2014, July 9-11, 2014, Menlo Park, CA In-Reply-To: References: <453A3DBB1229644C9B72731BF8236EDB1E9D0FB2@w2k8r2ex.cure-vienna.org> Message-ID: [Apologies for cross-posting] ----------------------------------- +++ CALL FOR PAPERS +++ * Workshop on Insecure Interfaces - Learning from User Interfaces that lead to Circumvention of Organizational Information Security Policies (http://cups.cs.cmu.edu/soups/2014/workshops/insecure.html) * Co-located at SOUPS 2014 - July 9-11, 2014, Menlo Park, CA (http://cups.cs.cmu.edu/soups/2014/) ----------------------------------- IMPORTANT DATES * Submission deadline: May 15, 2014 * Notification of acceptance: May 30, 2014 * Camera-ready submission deadline: June 13, 2014 SCOPE AND FOCUS We aim to bring together researchers and practitioners from different disciplines to create, explore, evaluate, and discuss cases for weaknesses in organizational security resulting from user interface and usability considerations. From these cases, we will derive anti-patterns, anti-guidelines, and anti-heuristics to apply the "learn from mistakes" approach, which can lead to better UI design practice in the area of corporate information security. Employee compliance with information security policies is critical for companies. Breaches of information security caused by employees can have a range of negative consequences. Critical and sensitive information may be compromised, potentially harming customers and employees, benefitting competitors, inviting legal and regulatory challenges, and damaging the reputation of the company. In the realm of information security policies, it is typically advocated that all business information technology be designed in a way that enables and promotes employee compliance with the employer's information security policies. User Interfaces play a critical role in communicating security policies and ensuring employee compliance. This workshop, however, turns this design practice around. Similar to the previous workshop "A Turn for the Worse: Trustbusters for User Interfaces" at SOUPS 2013, we aim to "learn from mistakes" and will explore examples of user interfaces in enterprise systems that lead employees to circumvent security policies and undermine the company's information security. A deeper understanding of factors that underlie circumvention and non-compliance with official security guidance can then be applied to "make interfaces better". SUBMISSIONS We invite original papers in PDF format describing/providing examples in which security is undermined by interface and usability aspects, including: * a position, research, or anecdotal paper on use of a design that leads to circumvention of corporate security policies, * screenshots of design(s) leading to circumvention of official security policies, or * videos or audio material that demonstrate how interface design and usability aspects could weaken corporate information security. Papers should use the SOUPS formatting template (LaTeX or MS Word). Submissions should be 2 to 4 pages in length, excluding appendices. The paper should be self-contained without requiring readers to read the appendices. The appendices need not conform to the formatting template. Submissions should not be anonymized. Supplemental material such as screenshots and videos should be made available in downloadable format. Accepted submissions will not be considered archival. Authors may choose whether to include the full paper or only the abstract on the Workshop Web site. Inquiries can be emailed to: marc.busch at ait.ac.at Please email submissions to: marc.busch at ait.ac.at (Note: There is a 10MB size limit on email attachments; for larger submissions, please provide a link to downloadable content.) ORGANIZERS Marc Busch & Christina Hochleitner AIT Austrian Institute of Technology GmbH, marc.busch at ait.ac.at & christina.hochleitner at ait.ac.at & CURE - Center for Usability Research & Engineering (busch,hochleitner)@cure.at Manfred Tscheligi ICT&S Center, University of Salzburg, manfred.tscheligi at sbg.ac.at & AIT Austrian Institute of Technology GmbH, manfred.tscheligi at ait.ac.at Sameer Patil Helsinki Institute for Information Technology HIIT / Aalto University sameer.patil at hiit.fi Jean Camp School of Informatics and Computing, Indiana University ljcamp at indiana.edu MARC BUSCH Scientist Innovation Systems Department Business Unit Technology Experience AIT Austrian Institute of Technology GmbH Business Park Marximum Modecenterstrasse 17/Object 2 | 1110 Vienna | Austria T +43 50550-4535 | M +43 664 88964935 | F +43 50550-4599 marc.busch at ait.ac.at | http://www.ait.ac.at FN: 115980 i HG Wien | UID: ATU14703506 www.ait.ac.at/Email-Disclaimer -------------- next part -------------- An HTML attachment was scrubbed... URL: From koved at us.ibm.com Tue May 13 21:51:23 2014 From: koved at us.ibm.com (Larry Koved) Date: Tue, 13 May 2014 21:51:23 -0400 Subject: [Soups-announce] CFP: Workshop: Who are you?! Adventures in Authentication - Deadline Extension -- May 22 In-Reply-To: References: Message-ID: Workshop: Who are you?! Adventures in Authentication Symposium on Usable Privacy and Security (SOUPS) July 9, 2014 Menlo Park, CA https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html Submission Deadline: May 22, 2014, 5pm PDT Notification Deadline: May 30, 2014 5pm PDT Description: Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid. The user?s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable. Topics of interest for this workshop include: ? Surveys and comparisons of known authentication techniques ? Novel metrics or comparisons of metrics for authentication strength ? Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user?s primary task ? New authentication techniques that target emerging computing environments such as mobile and embedded systems ? Approaches (including protocols) that enable weak authentication schemes to be more robust ? Existing authentication techniques applied in new environments or usage contexts ? Novel approaches to the design and evaluation of authentication systems The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. Panel discussions may be organized around topics of interest where the workshop participants will be given an opportunity to give presentations, which may include current or prior work in this area, as well as pose new challenges in authentication. We are soliciting 1-2 page position statements that express the nature of your interest in the workshop; these should include the aspects of authentication of interest to you, including the topic(s) that you would like to discuss during the workshop and panel discussions. Position statements must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded. Submissions should be made via EasyChair WAY 2014 web site: https://www.easychair.org/account/signin.cgi?key=8485659.ZnOnnFc1ZOOSBEj8 Workshop co-chairs: Larry Koved Elizabeth Stobert IBM T. J. Watson Research Center Carleton University koved at us.ibm.com elizabeth.stobert at carleton.ca Program chair: Elizabeth Stobert Carleton University elizabeth.stobert at carleton.ca Please send workshop inquiries to: AdventuresInAuthentication at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From egelman at cs.cmu.edu Wed May 14 11:47:27 2014 From: egelman at cs.cmu.edu (Serge Egelman) Date: Wed, 14 May 2014 11:47:27 -0400 Subject: [Soups-announce] Workshops Extended! Message-ID: This is just a reminder that the deadline for SOUPS workshops has been extended to May 22nd! http://cups.cs.cmu.edu/soups/2014/ -- /* I am Serge Egelman and I approve this message. */ -------------- next part -------------- An HTML attachment was scrubbed... URL: From Marc.Busch at ait.ac.at Wed May 14 08:13:58 2014 From: Marc.Busch at ait.ac.at (Busch Marc) Date: Wed, 14 May 2014 12:13:58 +0000 Subject: [Soups-announce] CFP Ext.DL 22.05: Workshop on Insecure Interfaces @ SOUPS 2014, July 9-11, 2014, Menlo Park, CA Message-ID: Extended DL 22.05 [Apologies for cross-posting] ----------------------------------- +++ CALL FOR PAPERS +++ * Workshop on Insecure Interfaces - Learning from User Interfaces that lead to Circumvention of Organizational Information Security Policies (http://cups.cs.cmu.edu/soups/2014/workshops/insecure.html) * Co-located at SOUPS 2014 - July 9-11, 2014, Menlo Park, CA (http://cups.cs.cmu.edu/soups/2014/) ----------------------------------- IMPORTANT DATES * NEW Submission deadline: May 22, 2014 * Notification of acceptance: May 30, 2014 * Camera-ready submission deadline: June 13, 2014 SCOPE AND FOCUS We aim to bring together researchers and practitioners from different disciplines to create, explore, evaluate, and discuss cases for weaknesses in organizational security resulting from user interface and usability considerations. From these cases, we will derive anti-patterns, anti-guidelines, and anti-heuristics to apply the "learn from mistakes" approach, which can lead to better UI design practice in the area of corporate information security. Employee compliance with information security policies is critical for companies. Breaches of information security caused by employees can have a range of negative consequences. Critical and sensitive information may be compromised, potentially harming customers and employees, benefitting competitors, inviting legal and regulatory challenges, and damaging the reputation of the company. In the realm of information security policies, it is typically advocated that all business information technology be designed in a way that enables and promotes employee compliance with the employer's information security policies. User Interfaces play a critical role in communicating security policies and ensuring employee compliance. This workshop, however, turns this design practice around. Similar to the previous workshop "A Turn for the Worse: Trustbusters for User Interfaces" at SOUPS 2013, we aim to "learn from mistakes" and will explore examples of user interfaces in enterprise systems that lead employees to circumvent security policies and undermine the company's information security. A deeper understanding of factors that underlie circumvention and non-compliance with official security guidance can then be applied to "make interfaces better". SUBMISSIONS We invite original papers in PDF format describing/providing examples in which security is undermined by interface and usability aspects, including: * a position, research, or anecdotal paper on use of a design that leads to circumvention of corporate security policies, * screenshots of design(s) leading to circumvention of official security policies, or * videos or audio material that demonstrate how interface design and usability aspects could weaken corporate information security. Papers should use the SOUPS formatting template (LaTeX or MS Word). Submissions should be 2 to 4 pages in length, excluding appendices. The paper should be self-contained without requiring readers to read the appendices. The appendices need not conform to the formatting template. Submissions should not be anonymized. Supplemental material such as screenshots and videos should be made available in downloadable format. Accepted submissions will not be considered archival. Authors may choose whether to include the full paper or only the abstract on the Workshop Web site. Inquiries can be emailed to: marc.busch at ait.ac.at Please email submissions to: marc.busch at ait.ac.at (Note: There is a 10MB size limit on email attachments; for larger submissions, please provide a link to downloadable content.) ORGANIZERS Marc Busch & Christina Hochleitner AIT Austrian Institute of Technology GmbH, marc.busch at ait.ac.at & christina.hochleitner at ait.ac.at & CURE - Center for Usability Research & Engineering (busch,hochleitner)@cure.at Manfred Tscheligi ICT&S Center, University of Salzburg, manfred.tscheligi at sbg.ac.at & AIT Austrian Institute of Technology GmbH, manfred.tscheligi at ait.ac.at Sameer Patil Helsinki Institute for Information Technology HIIT / Aalto University sameer.patil at hiit.fi Jean Camp School of Informatics and Computing, Indiana University ljcamp at indiana.edu MARC BUSCH Scientist Innovation Systems Department Business Unit Technology Experience AIT Austrian Institute of Technology GmbH Business Park Marximum Modecenterstrasse 17/Object 2 | 1110 Vienna | Austria T +43 50550-4535 | M +43 664 88964935 | F +43 50550-4599 marc.busch at ait.ac.at | http://www.ait.ac.at FN: 115980 i HG Wien | UID: ATU14703506 www.ait.ac.at/Email-Disclaimer -------------- next part -------------- An HTML attachment was scrubbed... URL: From woodruff at google.com Wed May 14 09:29:35 2014 From: woodruff at google.com (Allison Woodruff) Date: Wed, 14 May 2014 06:29:35 -0700 Subject: [Soups-announce] CFP: Workshop on Privacy Personas and Segmentation (PPS) at SOUPS 2014 (DEADLINE EXTENDED TO MAY 22) Message-ID: =============================================================== Privacy Personas and Segmentation (PPS) Workshop at the Symposium on Usable Privacy and Security (SOUPS) 2014 July 9, 2014, Menlo Park, CA SUBMISSION DEADLINE: May 22, 2014, 5pm PDT Further details at: https://cups.cs.cmu.edu/soups/2014/workshops/privacy.html =============================================================== Starting with Westin's Privacy Indexes - a non-contextual privacy measure - scholars and practitioners have been interested in understanding and measuring privacy attitudes and concerns, and their relationship with privacy behavior. Over time, an awareness has emerged of the importance of context in privacy concerns, and the complex relationship between concerns and actual behaviors. In recent years, proposals have been made to segment individuals into more granular and detailed categories of privacy concerns or behaviors, and classify or predict their privacy types, or personas. Such efforts have been motivated by the goals of better understanding the relationships between privacy attitudes, concerns and behaviors, and of helping end users make better privacy decisions. The focus of the PPS workshop is to bring together researchers and practitioners interested in privacy personas and segmentation, to encourage a paradigm shift in the measurement, modeling, and characterization of privacy concerns which recognizes the complex interaction of factors influencing it. Those interested in participating should submit a research or position paper on a relevant topic. Topics of interest include, but are not limited to: o The use of segmentations and personas for representing privacy concerns o Critiques of existing approaches and explorations of the inherent limitations of privacy segmentations or privacy personas o New paradigms and instruments for understanding, measuring, and modeling privacy concerns o Evaluations and critiques of existing instruments for measuring privacy concerns o The role of context, personality, experiences, and other traits in influencing privacy concerns o The relationship between privacy concerns, attitudes, and behavior o The influence of an organization's privacy behavior on users' privacy concerns o Other topics related to measuring, modeling, and characterizing privacy concerns Authors of accepted papers will be invited to present their ideas at the workshop. Accepted workshop papers will be available on the SOUPS website, but will not be included in the ACM Digital library. This means that the works will not be considered peer-reviewed publications from the perspective of SOUPS and hence should not preclude subsequent publication at another venue. SUBMISSION We invite authors to submit short research papers or position papers in PDF format. Papers should use the SOUPS 2-column formatting template (MS Word or LaTeX ). Submissions should be 1 to 6 pages in length, excluding references and appendices. The paper should be self-contained without requiring readers to also read the appendices. Submissions should not be blinded. Submissions should be made through the EasyChair PPS 2014 submission site: https://www.easychair.org/account/signin.cgi?key=10526348.xXcqYWqXQfwR0tjm IMPORTANT DATES Submission Deadline: May 22, 2014, 5pm PDT Notification: May 30, 2014 Workshop: July 9, 2014 ORGANIZERS Alessandro Acquisti, Carnegie Mellon University Anthony Morton, University College London Norman Sadeh, Carnegie Mellon University Allison Woodruff, Google Email inquiries may be sent to: anthony.morton.09 at ucl.ac.uk or woodruff at google.com Allison Woodruff User Experience Researcher Google Privacy -------------- next part -------------- An HTML attachment was scrubbed... URL: From Marc.Busch at ait.ac.at Wed May 21 10:51:47 2014 From: Marc.Busch at ait.ac.at (Busch Marc) Date: Wed, 21 May 2014 14:51:47 +0000 Subject: [Soups-announce] Last CFP Ext.DL 22.05: Workshop on Insecure Interfaces @ SOUPS 2014, July 9-11, 2014, Menlo Park, CA Message-ID: Last CFP - Extended DL 22.05 [Apologies for cross-posting] ----------------------------------- +++ CALL FOR PAPERS +++ * Workshop on Insecure Interfaces - Learning from User Interfaces that lead to Circumvention of Organizational Information Security Policies (http://cups.cs.cmu.edu/soups/2014/workshops/insecure.html) * Co-located at SOUPS 2014 - July 9-11, 2014, Menlo Park, CA (http://cups.cs.cmu.edu/soups/2014/) ----------------------------------- IMPORTANT DATES * NEW Submission deadline: May 22, 2014 * Notification of acceptance: May 30, 2014 * Camera-ready submission deadline: June 13, 2014 SCOPE AND FOCUS We aim to bring together researchers and practitioners from different disciplines to create, explore, evaluate, and discuss cases for weaknesses in organizational security resulting from user interface and usability considerations. From these cases, we will derive anti-patterns, anti-guidelines, and anti-heuristics to apply the "learn from mistakes" approach, which can lead to better UI design practice in the area of corporate information security. Employee compliance with information security policies is critical for companies. Breaches of information security caused by employees can have a range of negative consequences. Critical and sensitive information may be compromised, potentially harming customers and employees, benefitting competitors, inviting legal and regulatory challenges, and damaging the reputation of the company. In the realm of information security policies, it is typically advocated that all business information technology be designed in a way that enables and promotes employee compliance with the employer's information security policies. User Interfaces play a critical role in communicating security policies and ensuring employee compliance. This workshop, however, turns this design practice around. Similar to the previous workshop "A Turn for the Worse: Trustbusters for User Interfaces" at SOUPS 2013, we aim to "learn from mistakes" and will explore examples of user interfaces in enterprise systems that lead employees to circumvent security policies and undermine the company's information security. A deeper understanding of factors that underlie circumvention and non-compliance with official security guidance can then be applied to "make interfaces better". SUBMISSIONS We invite original papers in PDF format describing/providing examples in which security is undermined by interface and usability aspects, including: * a position, research, or anecdotal paper on use of a design that leads to circumvention of corporate security policies, * screenshots of design(s) leading to circumvention of official security policies, or * videos or audio material that demonstrate how interface design and usability aspects could weaken corporate information security. Papers should use the SOUPS formatting template (LaTeX or MS Word). Submissions should be 2 to 4 pages in length, excluding appendices. The paper should be self-contained without requiring readers to read the appendices. The appendices need not conform to the formatting template. Submissions should not be anonymized. Supplemental material such as screenshots and videos should be made available in downloadable format. Accepted submissions will not be considered archival. Authors may choose whether to include the full paper or only the abstract on the Workshop Web site. Inquiries can be emailed to: marc.busch at ait.ac.at Please email submissions to: marc.busch at ait.ac.at (Note: There is a 10MB size limit on email attachments; for larger submissions, please provide a link to downloadable content.) ORGANIZERS Marc Busch & Christina Hochleitner AIT Austrian Institute of Technology GmbH, marc.busch at ait.ac.at & christina.hochleitner at ait.ac.at & CURE - Center for Usability Research & Engineering (busch,hochleitner)@cure.at Manfred Tscheligi ICT&S Center, University of Salzburg, manfred.tscheligi at sbg.ac.at & AIT Austrian Institute of Technology GmbH, manfred.tscheligi at ait.ac.at Sameer Patil Helsinki Institute for Information Technology HIIT / Aalto University sameer.patil at hiit.fi Jean Camp School of Informatics and Computing, Indiana University ljcamp at indiana.edu MARC BUSCH Scientist Innovation Systems Department Business Unit Technology Experience AIT Austrian Institute of Technology GmbH Business Park Marximum Modecenterstrasse 17/Object 2 | 1110 Vienna | Austria T +43 50550-4535 | M +43 664 88964935 | F +43 50550-4599 marc.busch at ait.ac.at | http://www.ait.ac.at FN: 115980 i HG Wien | UID: ATU14703506 www.ait.ac.at/Email-Disclaimer -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Tue May 27 11:56:29 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Tue, 27 May 2014 11:56:29 -0400 Subject: [Soups-announce] SOUPS hotel deadline June 8 Message-ID: <6D8DB11A-605C-4813-A055-766E488E9810@cs.cmu.edu> We have reserved a block of rooms for SOUPS 2014 attendees at the Aloft Silicon Valley hotel, 8200 Gateway Blvd., Newark, CA 94560 (phone: 510-494-8800). Book your reservation online at https://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=1404027187&key=2089F7CB King rooms are available for $150/night plus tax. Double rooms (two beds) are available for $160/night plus tax. Up to four people can stay in a double room and rollaway beds are available. The number of rooms is limited so reserve early. This rate is only available until June 8, 2014. All guest rooms are suites with kitchenettes. Included is complimentary self-parking, complimentary access to the 24/7 fitness center, and complimentary wi-fi. The Aloft hotel is about 7 miles from Facebook. SOUPS will provide free shuttle service before the first session and after the last session each day between the hotel and Facebook. Details will be provided closer to the conference. Parking will be available at Facebook for attendees who wish to drive. From richter at uncc.edu Fri May 30 11:16:05 2014 From: richter at uncc.edu (Lipford, Heather) Date: Fri, 30 May 2014 15:16:05 +0000 Subject: [Soups-announce] CFP: Workshop on Security Information Workers at CCS Message-ID: <66EDF142850B1743B4A48D572DDC0388F494D0@RPITSEXMS4.its.uncc.edu> =============================================================== Workshop on Security Information Workers In conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, Scottsdale, AZ SUBMISSION DEADLINE: July 7, 2014 Further details at: http://hci.uncc.edu/~SecInfoWorkers/ =============================================================== The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security information worker. Security information workers include: *Software developers, who design and build software that manages and protects sensitive information; *System administrators, who deploy and manage security-sensitive software and hardware systems; and *Intelligence analysts, who collect and analyze data about security matters to understand information and make predictions. This workshop aims to develop and stimulate discussion about security information workers. We will consider papers including, but not limited to: *Empirical studies of security information workers, including experiments, field studies, and surveys; *New tools designed to assist security information workers? *Infrastructure for better understanding security information workers? *Techniques designed to help security information workers do their jobs? *Evaluations of tools and techniques for security information workers. Much security research could be considered about security information workers; for instance, tools that automatically find defects in program code could be construed to help software developers. However, successful submissions to this workshop will explicitly be informed by an understanding of how security information workers do their jobs, and the results will explicitly address how we understand security information workers. SUBMISSIONS We invite original paper submissions in PDF format. Papers should use the ACM double-column format (http://www.acm.org/sigs/publications/ proceedings-templates). Full paper submissions should be at most 8 pages, including bibliography and appendices, while short papers should be at most 4 pages. Submissions should not be anonymized. Submissions should be made to the submission website at https://www.easychair.org/conferences/?conf=wsiw14. Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees and will be included in the ACM Digital Library. Each accepted paper must be presented by an author, who will have to be registered by the early-bird registration deadline. Email questions or inquiries to wsiw14 at easychair.org. IMPORTANT DATES *Submission deadline: July 7, 2014 *Notification of acceptance: August 8, 2014 *Camera-ready submission: August 24, 2014 =============================================================== ORGANIZERS Emerson Murphy-Hill, North Carolina State University Heather Lipford, University of North Carolina at Charlotte Bill Chu, University of North Carolina at Charlotte Robert Biddle, Carlton University PROGRAM COMMITTEE Brian Barry, Bedarra Research Labs Konstantin Beznosov, University of British Columbia Robert Biddle, Carlton University Bill Chu, University of North Carolina at Charlotte Luke Church, Google Simson Garfinkel, Naval Postgraduate School Eben Haber, IBM Kirstie Hawkey, Dalhousie University Cormac Herley, Microsoft Iulia Ion, Google James Keiser, National Security Agency Lucas Layman, Fraunhofer Center for Experimental Software Engineering Heather Lipford, University of North Carolina at Charlotte Emerson Murphy-Hill, North Carolina State University Celeste Paul, University of Maryland Baltimore County Mary Ellen Zurko, Cisco Systems From egelman at cs.berkeley.edu Wed Jun 4 14:15:40 2014 From: egelman at cs.berkeley.edu (Serge Egelman) Date: Wed, 4 Jun 2014 11:15:40 -0700 Subject: [Soups-announce] SOUPS Early Registration Deadline Approaching (June 6th) Message-ID: The program for the 10th annual Symposium on Usable Privacy and Security (SOUPS) has been posted online: http://cups.cs.cmu.edu/soups/2014/program.html HIGHLIGHTS: -21 refereed papers will be presented -Chris Soghoian of the ACLU will be giving a keynote entitled, "Sharing the blame for the NSA's dragnet surveillance program." -Three full-day workshops will precede the conference: --Who are you?! Adventures in Authentication: WAY Workshop --2014 EFF Crypto Usability Prize (EFF CUP) Workshop --Workshop on Privacy Personas and Segmentation (PPS) -The poster session will feature over 30 posters featuring recent and ongoing research. REGISTRATION: The early registration deadline is this Friday, June 6th: https://soups.ece.cmu.edu/ The hotel reservation deadline is this Sunday, June 8th: http://cups.cs.cmu.edu/soups/2014/venue.html -- /* Serge Egelman, Ph.D. Research Scientist International Computer Science Institute (ICSI) and Department of Electrical Engineering and Computer Sciences (EECS) University of California, Berkeley */ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Tue Jun 10 19:42:38 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Tue, 10 Jun 2014 19:42:38 -0400 Subject: [Soups-announce] SOUPS 2014 registration almost full! Message-ID: <470E9A86-E99E-4EC1-AA13-B98FFD3E86CB@cs.cmu.edu> If you are thinking about attending SOUPS 2014 and have not registered yet, don?t wait?. we are close to our maximum capacity. Once we are full we will not be able to accept additional registrations. To guarantee your spot, register today! http://cups.cs.cmu.edu/soups/2014/ From richter at uncc.edu Wed Jun 25 16:05:11 2014 From: richter at uncc.edu (Lipford, Heather) Date: Wed, 25 Jun 2014 20:05:11 +0000 Subject: [Soups-announce] New deadline July 22 - CCS Workshop on Security Information Workers Message-ID: <66EDF142850B1743B4A48D572DDC0388F6BC63@RPITSEXMS4.its.uncc.edu> =============================================================== Workshop on Security Information Workers In conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, Scottsdale, AZ SUBMISSION DEADLINE: July 22, 2014 Further details at: http://hci.uncc.edu/~SecInfoWorkers/ =============================================================== The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security information worker. Security information workers include: *Software developers, who design and build software that manages and protects sensitive information; *System administrators, who deploy and manage security-sensitive software and hardware systems; and *Intelligence analysts, who collect and analyze data about security matters to understand information and make predictions. This workshop aims to develop and stimulate discussion about security information workers. We will consider papers including, but not limited to: *Empirical studies of security information workers, including experiments, field studies, and surveys; *New tools designed to assist security information workers; *Infrastructure for better understanding security information workers; *Techniques designed to help security information workers do their jobs; *Evaluations of tools and techniques for security information workers. Much security research could be considered about security information workers; for instance, tools that automatically find defects in program code could be construed to help software developers. However, successful submissions to this workshop will explicitly be informed by an understanding of how security information workers do their jobs, and the results will explicitly address how we understand security information workers. SUBMISSIONS We invite original paper submissions in PDF format. Papers should use the ACM double-column format (http://www.acm.org/sigs/publications/ proceedings-templates). Full paper submissions should be at most 8 pages, including bibliography and appendices, while short papers should be at most 4 pages. Submissions should not be anonymized. Submissions should be made to the submission website at https://www.easychair.org/conferences/?conf=wsiw14. Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees and will be included in the ACM Digital Library. Each accepted paper must be presented by an author, who will have to be registered by the early-bird registration deadline. Email questions or inquiries to wsiw14 at easychair.org. IMPORTANT DATES *Submission deadline: July 22, 2014 *Notification of acceptance: August 25, 2014 *Camera-ready submission: September 5, 2014 =============================================================== ORGANIZERS Emerson Murphy-Hill, North Carolina State University Heather Lipford, University of North Carolina at Charlotte Bill Chu, University of North Carolina at Charlotte Robert Biddle, Carlton University PROGRAM COMMITTEE Brian Barry, Bedarra Research Labs Konstantin Beznosov, University of British Columbia Robert Biddle, Carlton University Bill Chu, University of North Carolina at Charlotte Luke Church, Google Simson Garfinkel, Naval Postgraduate School Eben Haber, IBM Kirstie Hawkey, Dalhousie University Cormac Herley, Microsoft Iulia Ion, Google James Keiser, National Security Agency Lucas Layman, Fraunhofer Center for Experimental Software Engineering Heather Lipford, University of North Carolina at Charlotte Emerson Murphy-Hill, North Carolina State University Celeste Paul, University of Maryland Baltimore County Mary Ellen Zurko, Cisco Systems From lorrie at cs.cmu.edu Fri Oct 31 15:55:09 2014 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Fri, 31 Oct 2014 15:55:09 -0400 Subject: [Soups-announce] consider submitting usable security papers to WWW References: Message-ID: <38000C44-E0AF-4109-89B6-15BA66D94DBF@cs.cmu.edu> Begin forwarded message: > From: Matthew Smith > Subject: WWW CfP -> SOUPS > Date: October 29, 2014 at 8:05:44 PM EDT > To: Lorrie Faith Cranor > > Dear Lorrie, > > could you please be so kind and publicise the WWW CfP on the SOUPS mailing list. I would like to see some good usable security and privacy papers at WWW and we haven't yet received much in that area yet. The abstract deadline is on the 3rd of November. > > http://www.www2015.it/security-and-privacy/ > > Best wishes > > Matthew > > -- > Prof. Dr. Matthew Smith > Rheinische Friedrich-Wilhelms-Universit?t Bonn > Friedrich-Ebert-Allee 144 > D-53113 Bonn > Tel: +49-228-73-54218 > Fax: +49-228-73-4571 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kapadia at indiana.edu Sun Nov 16 13:32:33 2014 From: kapadia at indiana.edu (Apu Kapadia) Date: Sun, 16 Nov 2014 13:32:33 -0500 Subject: [Soups-announce] PETS 2015 (Round 1) papers due Nov 22nd! Message-ID: <92353199-98D7-46AE-B677-F64F00477419@indiana.edu> Dear SOUPS colleagues, Please consider submitting papers related to human factors and privacy enhancing technologies to PETS! If you can't make Nov 22nd, no worries, submit to Round 2 by Feb 15 instead. --Apu [Apologies to those who receive multiple copies of this CFP] CALL FOR PAPERS - PETS 2015 PETS will now have 5 deadlines a year; submit whenever you feel ready! The first deadline is coming soon: Nov 22, 2014. The next is Feb 15, 2015. Read the CFP below for more details on our new hybrid conference/journal model (based on the PVLDB model), which includes the option to resubmit with minor/major revisions to a subsequent deadline. Papers will need to be submitted via the submission server for Issue 1 at: https://submit.petsymposium.org/hotcrp/pets2015-01/. We look forward to your submissions! ___________________________________________________ 15th Privacy Enhancing Technologies Symposium (PETS) Drexel University, Philadelphia, PA, USA June 30 - July 2, 2015 https://www.petsymposium.org/ ___________________________________________________ The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy and anonymity experts from around the world to discuss recent advances and new perspectives. PETS addresses the design and realization of privacy services for the Internet and other data systems and communication networks. PETS seeks paper and panel submissions for its 15th event to be held in Drexel University, Philadelphia, PA, USA on June 30 - July 2, 2014. Papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions in a number of both well-established and some emerging privacy-related topics. *** New starting this year ***: Papers will undergo a journal-style reviewing process and be published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs will be published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/), which has over 260 years of publishing history. Authors can submit papers to one of several submission deadlines during the year. Papers are provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for publication by May 15th will be presented at that year's symposium. Note that accepted papers must be presented at PETS. Please visit https://www.petsymposium.org/2015/cfp.php for more information and submission instructions. Authors are encouraged to view our FAQ about the submission process:https://www.petsymposium.org/2015/faq.php *** Important Dates for PETS 2015 *** All deadlines are 23:59:59 EST (UTC-5). Issue 1: Paper submission deadline: Nov 22, 2014 (firm) Author notification: Jan 15, 2015 Camera-ready deadline for accepted papers and minor revisions (if accepted by the shepherd): Feb 15, 2015 Major revisions deadline: Submit to either of next two deadlines (February and April 2015) up to 2 weeks late, but register abstract by paper submission deadline. Issue 2: Paper submission deadline: Feb 15, 2015 (firm) Author notification: April 15, 2015 Camera-ready deadline for accepted papers and minor revisions (if accepted by the shepherd): May 15, 2015 Major revisions deadline: Submit to the next deadline (August 2015) up to 2 weeks late, but register abstract by paper submission deadline. (Note that only the August 2015 deadline is offered because the June 2015 deadline is skipped in lieu of planning for the PETS event. If accepted, papers will appear at PETS 2016.) Suggested topics include but are not restricted to: Behavioural targeting Building and deploying privacy-enhancing systems Crowdsourcing for privacy Cryptographic tools for privacy Data protection technologies Differential privacy Economics of privacy and game-theoretical approaches to privacy Forensics and privacy Human factors, usability and user-centered design for PETs Information leakage, data correlation and generic attacks to privacy Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology Location and mobility privacy Measuring and quantifying privacy Obfuscation-based privacy Policy languages and tools for privacy Privacy and human rights Privacy in ubiquitous computing and mobile devices Privacy in cloud and big-data applications Privacy in social networks and microblogging systems Privacy-enhanced access control, authentication, and identity management Profiling and data mining Reliability, robustness, and abuse prevention in privacy systems Surveillance Systems for anonymous communications and censorship resistance Traffic analysis Transparency enhancing tools General Chair (gc15 at petsymposium.org): Rachel Greenstadt, Drexel University Program Chairs/Co-Editors-in-Chief (pets15-chairs at petsymposium.org): Apu Kapadia, Indiana University Bloomington Steven Murdoch, University College London Program Committee/Editorial Board: Sadia Afroz, UC Berkeley N. Asokan, Aalto University and University of Helsinki Adam Aviv, United States Naval Academy Erman Ayday, Indiana University Purdue University, Indianapolis (IUPUI) Lujo Bauer, Carnegie Mellon University Marina Blanton, University of Notre Dame Joseph Bonneau, Princeton University Nikita Borisov, University of Illinois at Urbana-Champaign Kevin Butler, University of Florida Kelly Caine, Clemson University Jan Camenisch, IBM Research - Zurich Srdjan Capkun, ETH Zurich Claude Castelluccia, INRIA Rhone-Alpes Kostas Chatzikokolakis, Lix Ecole Polytechnique Graham Cormode, University of Warwick Lorrie Cranor, Carnegie Mellon University Anupam Datta, Carnegie Mellon University Roberto Di Pietro, Bell Labs France Claudia Diaz, KU Leuven Serge Egelman, UC Berkeley William Enck, NC State University Zekeriya Erkin, TU Delft Adrienne Porter Felt, Google Simone Fischer-H?bner, Karlstad University Carl Gunter, University of Illinois at Urbana-Champaign Ryan Henry, Indiana University Bloomington Amir Herzberg, Bar Ilan University Raquel Hill, Indiana University Bloomington Nick Hopper, University of Minnesota Amir Houmansadr, University of Massachusetts, Amherst Rob Jansen, U.S. Naval Research Laboratory Mohamed-Ali (Dali) Kaafar, NICTA Australia Stefan Katzenbeisser, TU Darmstadt Negar Kiyavash, University of Illinois at Urbana-Champaign Markulf Kohlweiss, Microsoft Research Yoshi Kohno, University of Washington Adam J. Lee, University of Pittsburgh Wenke Lee, Georgia Institute of Technology Brian Levine, University of Massachusetts, Amherst Marc Liberatore, University of Massachusetts, Amherst Anna Lysyanskaya, Brown University Ashwin Machanavajjhala, Duke University Z. Morley Mao, University of Michigan Nick Mathewson, The Tor Project Prateek Mittal, Princeton University Steven Myers, Indiana University Bloomington Helen Nissenbaum, New York University Claudio Orlandi, Aarhus University Kenny Paterson, Royal Holloway, University of London Michael Reiter, UNC Chapel Hill Thomas Ristenpart, University of Wisconsin-Madison Reihaneh Safavi-Naini, University of Calgary Micah Sherr, Georgetown University Reza Shokri, ETH Zurich Radu Sion, Stony Brook University Adam Smith, Pennsylvania State University Jessica Staddon, Google Paul Syverson, U.S. Naval Research Laboratory Patrick Traynor, University of Florida Carmela Troncoso, Gradiant Eugene Vasserman, Kansas State University Yang Wang, Syracuse University Matthew Wright, UT Arlington Publicity Chair (publicity15 at petsymposium.org): Sadia Afroz, UC Berkeley HotPETs Chairs (hotpets15 at petsymposium.org): Kelly Caine, Clemson University Michael Brennan, SecondMuse Aaron Johnson, U.S. Naval Research Laboratory Submission Guidelines Papers to be submitted to the PET Symposium must be at most 10 pages excluding bibliography and appendices and 15 pages total in double-column ACM format (http://www.acm.org/sigs/publications/proceedings-templates). PC members are not required to read the appendices, which should only be used to support evidence of the submission's technical validity, e.g., for detailed security proofs. Also, all papers must be anonymized (more information below). Papers not following these instructions risk being rejected without consideration of their merits. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. The paper should start with the title and an abstract. The introduction should give some background and summarize the contributions of the paper at a level appropriate for a non-specialist reader. Anonymization of Submissions All submitted papers will be judged based on their quality and relevance through double-blind reviewing, where the identities of the authors are withheld from the reviewers. As an author, you are required to make a good-faith effort to preserve the anonymity of your submission, while at the same time allowing the reader to fully grasp the context of related past work, including your own. Minimally, please take the following steps when preparing your submission: Remove the names and affiliations of authors from the title page. Remove acknowledgment of identifying names and funding sources. Use care in referring to related work, particularly your own. Do not omit references to provide anonymity, as this leaves the reviewer unable to grasp the context. Instead, reference your past work in the third person, just as you would any other piece of related work by another author. Ethics Papers describing experiments with users or user data (e.g., network traffic, passwords, social network information), should follow the basic principles of ethical research, e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception. Authors are encouraged to include a subsection on Ethical Principles if human subjects research is conducted, and such a discussion may be required if deemed necessary during the review process. Authors are encouraged to contact PC chairs before submitting to clarify any doubts. Copyright Accepted papers will be published as an Open Access Journal by De Gruyter Open, the world's second largest publisher of Open Access academic content, and part of the De Gruyter group, which has over 260 years of publishing history. Authors retain copyright of their work. Papers will be published under an open-access policy using a Creative Commons Attribution-NonCommercial-NoDerivs (http://creativecommons.org/licenses/by-nc-nd/3.0/) license. Best Student Paper Award The Andreas Pftzmann PETS 2015 Best Student Paper Award will be selected at PETS 2015. Papers written solely or primarily by a student who is presenting the work at PETS 2015 are eligible for the award. Submission Papers will need to be submitted via the PETS 2015 submission server. Details will be published on the PETS 2015 website closer to the deadline. HotPETs As with the last several years, part of the symposium will be devoted to HotPETs - the "hottest," most exciting research ideas still in a formative state. Further information will be published on the PETS 2015 website soon. Panel Submissions We also invite proposals of up to 2 pages for panel discussions or other relevant presentations. In your proposal, (1) describe the nature of the presentation and why it is appropriate to the symposium, (2) suggest a duration for the presentation (ideally between 45 and 90 minutes), and (3) suggest some possible presenters. Submit your proposal in the same manner as a PoPETs paper by the Feb 15 deadline. (All panel proposals received by the Feb 15 deadline will receive full consideration for that year's PETS.) Please begin your panel title with "Panel Proposal:". The program committee will consider panel proposals along with other symposium events and will respond by the paper decision date with an indication of its interest in scheduling the event. -- Apu Kapadia, Ph.D. Assistant Professor School of Informatics and Computing Indiana University Bloomington http://www.cs.indiana.edu/~kapadia/, @apukapadia IU Privacy Lab: http://private.soic.indiana.edu/, @IUPrivLab