From lorrie at cs.cmu.edu Sun Jan 29 00:01:13 2017 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Sun, 29 Jan 2017 00:01:13 -0500 Subject: [Soups-announce] European Workshop on Usable Security (EuroUSEC'17) Message-ID: <5FFF29C4-D103-4B97-9807-14902F29BB70@cs.cmu.edu> European Workshop on Usable Security (EuroUSEC'17) April 29, 2017 at UPMC Campus Jussieu - Paris, France Co-located with the IEEE European Symposium on Security and Privacy (see http://www.ieee-security.org/TC/EuroSP2017/events.php) The European Workshop on Usable Security (EuroUSEC) is the European sister of the established USEC workshop, and thus as a premier forum for research in the area of human factors in security and privacy. It solicits previously unpublished work offering novel research contributions in any aspect of human factors in security and privacy for end-users and IT professional such as software developers and administrators of IT systems. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security and privacy as well as researchers and practitioners from other domains such as psychology, social science and economics. See https://usec.cispa.uni-saarland.de/eurousec17/ Important Dates Submissions Due March 17, 2017 (aoe) Notification to Authors March 31, 2017 (tentative) Final Papers Due TBA From lorrie at cs.cmu.edu Thu Feb 2 16:32:32 2017 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Thu, 2 Feb 2017 16:32:32 -0500 Subject: [Soups-announce] merging SOUPS email lists Message-ID: For many years we have maintained the soups-announce email list at CMU to send out announcements related to the SOUPS conference. The messages are mostly announcements about SOUPS deadlines, with occasional announcements we believe will also be of interest to the SOUPS community. Everyone on the list has opted in to receiving SOUPS email at some point. USENIX is now running SOUPS and has their own email list of people who opted-in to receiving SOUPS email. We are in the process of merging both lists so they both will have the same membership. If you would like to be removed from the merged lists, please email me at lorrie+soups at andrew.cmu.edu and we will remove you. If you receive this email multiple times, it probably indicates that more than one of your email addresses is on the merged list. Feel free to let me know which of your addresses we should keep and which we should remove. Lorrie Cranor For the latest SOUPS info see https://cups.cs.cmu.edu/soups/ Email lorrie+soups at andrew.cmu.edu to be removed from this email list From egelman at cs.berkeley.edu Fri Feb 3 20:06:29 2017 From: egelman at cs.berkeley.edu (Serge Egelman) Date: Fri, 3 Feb 2017 17:06:29 -0800 Subject: [Soups-announce] CFP: The 2017 New Security Paradigms Workshop (NSPW) Message-ID: ------------------------ CALL FOR PAPERS ------------------------ The 2017 New Security Paradigms Workshop (NSPW) October 2-4, Islamorada, FL, USA Since 1992, the New Security Paradigms Workshop (NSPW) has offered a unique forum for information security research involving high-risk, high-opportunity paradigms, perspectives, and positions. The workshop itself is highly interactive with presentations by authors prepared for in-depth discussions, and ample opportunity to exchange views with open-minded peers. NSPW is also distinguished by its deep-rooted tradition of positive feedback, collegiality, and encouragement. NSPW seeks embryonic, disruptive, and unconventional ideas that benefit from early feedback. The ideas are almost always not yet proven, and sometimes infeasible to validate to the extent expected in traditional forums. NSPW seeks ideas pushing the boundaries of science and engineering beyond what would typically be considered mainstream; papers that would be strong candidates in "conventional" information security venues are, as a rule of thumb, a poor fit for NSPW. We welcome papers with perspectives that augment traditional information security, both from computer science and other disciplines that study adversarial relationships (e.g., biology, economics, the social sciences). Submissions typically address current limitations of information security, directly challenge long-held beliefs or the very foundations of security, or view problems from an entirely novel angle leading to new solutions. In 2016, more than 50% of the presenters had never attended NSPW before. We are actively trying to continue this trend, and therefore we encourage submissions from new NSPW authors. #### IMPORTANT DATES Submissions: April 14, 2017 Author response period: May 26 - June 2, 2017 Acceptance notification: June 16, 2017 #### FINANCIAL AID NSF has provided financial aid especially for U.S.-based students and junior faculty. We have a limited amount of financial aid available for others, as well. We encourage submissions from students, junior faculty, and others, even if support may be required to attend. #### SUBMISSION INSTRUCTIONS Please see the full CFP available on our website: http://www.nspw.org/cfp/nspw2017-cfp.pdf Submissions should be made through EasyChair: https://www.easychair.org/conferences/?conf=nspw2017 #### ATTENDANCE The workshop itself is invitation-only, with typically 30--35 participants consisting of authors of about 10 accepted papers, panelists, program committee members, and organizers. One author of each accepted paper must attend; additional authors may be invited if space permits. All participants must commit to a "social contract": no one arrives late, no one leaves early, no laptops, and all attend all sessions of the 2.5 day program, sharing meals in a group setting. The workshop is preceded by an evening reception allowing attendees to meet each other beforehand. #### PROGRAM COMMITTEE Chair: Serge Egelman (egelman at cs.berkeley.edu), UC Berkeley / ICSI, U.S. Co-Chair: Anil Somayaji (soma at ccsl.carleton.ca), Carleton University, Canada Adam Aviv (U.S. Naval Academy, U.S.) Rainer B?hme (University of Innsbruck, Austria) Benjamin Edwards (IBM Research, U.S.) Joseph Lorenzo Hall (CDT, U.S.) Rachel Greenstadt (Drexel University, U.S.) Marian Harbach (Audi, Germany) Cormac Herley (Microsoft Research, U.S.) Heather Lipford (UNC-Charlotte, U.S.) Brandon Matthews (MIT Lincoln Laboratory, U.S.) Michelle Mazurek (University of Maryland, U.S.) Wolter Pieters (TU Delft, The Netherlands) Christian W. Probst (Technical University of Denmark) Jessica Staddon (NCSU, U.S.) Elizabeth Stobert (ETH Zurich, Switzerland) Julie Thorpe (UOIT, Canada) Tara Whalen (Google, U.S.) -- /* Serge Egelman, Ph.D. Research Director, Usable Security & Privacy International Computer Science Institute (ICSI) Research Scientist, Electrical Engineering and Computer Sciences (EECS) University of California, Berkeley */ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorrie at cs.cmu.edu Mon Feb 6 22:45:51 2017 From: lorrie at cs.cmu.edu (Lorrie Faith Cranor) Date: Mon, 6 Feb 2017 22:45:51 -0500 Subject: [Soups-announce] Fwd: Please consider submitting to BlackHat References: <20170206182418.GA25246@calypso.stonekeep.com> Message-ID: <6EABC15D-EB8E-448A-9542-E1CE2E7A8D57@cs.cmu.edu> Begin forwarded message: From: Adam Shostack Subject: Please consider submitting to BlackHat Date: February 6, 2017 at 1:24:18 PM EST To: Lorrie Faith Cranor Dear SOUPS community, I'm writing to encourage you to submit to BlackHat, where we again have a human factors track this year. The call for papers [1] is now open, and closes April 3. BlackHat is one of the largest information security conferences of the year, attracting thousands of security professionals to Las Vegas. The audience is looking for cutting edge content, presented in an edgy or fun way. As a member of the BlackHat review board, I would love to see more work on usable security presented there. Last year, I wrote a short blog post [2] on what we look for, and I think we had a a very interesting track [3]. The BlackHat CFP calls for work which has not been published elsewhere. We prefer fully original work, but will consider a new talk that explains work you've done in a way that's appropriate for the BlackHat audience. Oftentimes, Blackhat does not count as "Publication" in the view of academic program committees, and you may be able to present "work in progress" at BlackHat that you plan to publish later. (You should of course check with the other venue, and disclose that you're doing so to BlackHat.) If you're considering submitting, I encourage you to read review board member RSnake's How to Get Accepted at Blackhat" post from a few years back. [4] Respectfully, Adam [1] https://www.blackhat.com/us-17/call-for-papers.html [2] http://emergentchaos.com/archives/2016/04/humans-in-security-blackhat-talks.html [3] https://www.blackhat.com/us-16/briefings/schedule/index.html#track/human-factors [4] https://www.whitehatsec.com/blog/how-to-get-accepted-at-blackhat/ From patrickgage at gmail.com Wed Feb 22 16:31:13 2017 From: patrickgage at gmail.com (Patrick Gage Kelley) Date: Wed, 22 Feb 2017 13:31:13 -0800 Subject: [Soups-announce] SOUPS 2017 Paper Registration Deadline In One Week! Message-ID: <8EF0BBCD-F26C-4344-872D-3C37DC04B1E4@gmail.com> There is just one more week to register a paper for the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) Paper registration must be completed by Wednesday, March 1, 2017 and paper submissions are due the following Tuesday, March 7. https://www.usenix.org/conference/soups2017/call-for-papers We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. A sampling of topics of interest include: Innovative security or privacy functionality and design Security testing of new or existing usability features The impact of organizational policy or procurement decisions Lessons learned from the deployment and use of usable privacy and security features Please review the complete Call for Papers for additional details on suggested topics and submission instructions. We look forward to seeing your paper registration by Wednesday, March 1, 2017! https://www.usenix.org/conference/soups2017/call-for-papers For more information and frequent updates regarding SOUPS, please check out our Facebook page: https://www.facebook.com/SOUPSconference/ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SOUPS 2017 Banner.png Type: image/png Size: 101687 bytes Desc: not available URL: From kapadia at indiana.edu Wed Mar 8 16:49:27 2017 From: kapadia at indiana.edu (Kapadia, Apu Chandrasen) Date: Wed, 8 Mar 2017 21:49:27 +0000 Subject: [Soups-announce] [Call for Submissions] Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2017) Message-ID: [Apologies to those who receive multiple copies of this CFP] CALL FOR SUBMISSIONS - CV-COPS 2017 ================= The First International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2017) - in conjunction with the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) July 21, 2017 - Honolulu, Hawaii General information: http://vision.soic.indiana.edu/bright-and-dark-workshop-2017/ Submission server: https://cmt3.research.microsoft.com/CVCOPS2017 ================= IMPORTANT DATES Submission deadline: April 7, 11:59 PM PDT Author notification date: May 1 Camera ready deadline: May 15, 11:59 PM PDT ABOUT CV-COPS 2017 Computer vision is finally working in the real world, but what are the consequences on privacy and security? For example, recent work shows that vision algorithms can spy on smartphone keypresses from meters away, steal information from inside homes via hacked cameras, exploit social media to de-anonymize blurred faces, and reconstruct images from features like SIFT. Vision could also enhance privacy and security, for example through assistive devices for people with disabilities, phishing detection techniques that incorporate visual features, and image forensic tools. Some technologies present both challenges and opportunities: biometrics techniques could enhance security but may be spoofed, while surveillance systems enhance safety but create potential for abuse. We need to understand the potential threats and opportunities of vision to avoid creating detrimental societal effects and/or facing public backlash. This workshop will explore the intersection between computer vision and security and privacy to address these issues. SCOPE We welcome original research papers and extended abstracts on topics including, but not limited to: - Computer vision-based security and privacy attacks, - Biometric spoofing, defenses and liveness detection, - Impact of ubiquitous cameras on society, - Captchas and other visual Turing tests for online security, - Privacy of visual data, - Privacy-preserving visual features and representations, - Reversibility of image transformations, - Secure/encrypted computer vision and image processing, - Wearable camera privacy, - Attacks against computer vision systems, - Copyright violation detection, - Counterfeit and forgery detection, - Privacy implications of large-scale visual social media, - Other relevant topics. PROGRAM CHAIRS David Crandall, Indiana University Jan-Michael Frahm, University of North Carolina at Chapel Hill Apu Kapadia, Indiana University PROGRAM COMMITTEE Denise Anthony, Dartmouth College Lujo Bauer, Carnegie Mellon University Terrance Boult, University of Colorado Colorado Springs Thomas Brox, University of Freiburg Bojan Cukic, University of North Carolina at Charlotte Serge Egelman, University of California at Berkeley Andrea Frome, Clarifai, Inc. Suman Jana, Columbia University Yu-Gang Jiang, Fudan University Ioannis Kakadiaris, University of Houston Sanjeev Koppal, University of Florida Xiaoming Liu, Michigan State University Ashwin Machanavajjhala, Duke University Donald Madden, ObjectVideo, Inc. Fabian Monrose, University of North Carolina at Chapel Hill Arvind Narayanan, Princeton University Gang Qian, ObjectVideo, Inc. Michael Ryoo, Indiana University Harpreet Sawhney, SRI International Bernt Schiele, Max Planck Institute Andrew Senior, Google Robert Templeman, U.S. Navy Michael Wilber, Cornell Tech TWO CATEGORIES OF SUBMISSIONS *Research papers* should contain original, unpublished research, and be 4-8 pages (excluding references). Research papers will be published in the CVPR Workshop Proceedings and archived on IEEE eXplore and the Computer Vision Foundation websites. *Extended abstracts* about preliminary, ongoing or published work should be up to 2 pages (including references). Extended abstracts will be published and archived on this website. AUTHOR INSTRUCTIONS All submissions should be anonymized and will undergo double-blind peer review. Papers and abstracts must be formatted according to the CVPR guidelines and submitted via the Conference Management Toolkit website at https://cmt3.research.microsoft.com/CVCOPS2017. Accepted submissions will be invited for oral or poster presentation at the workshop. Submission deadline: April 7, 11:59 PM Pacific Daylight Time (PDT) Author notification date: May 1 Camera ready deadline: May 15, 11:59 PM PDT -- Apu Kapadia, Ph.D. Associate Professor School of Informatics and Computing Indiana University Bloomington http://www.cs.indiana.edu/~kapadia/, @apukapadia IU Privacy Lab: http://private.soic.indiana.edu/, @IUPrivLab From kapadia at indiana.edu Wed Mar 29 15:27:21 2017 From: kapadia at indiana.edu (Kapadia, Apu Chandrasen) Date: Wed, 29 Mar 2017 19:27:21 +0000 Subject: [Soups-announce] [Call for Submissions] Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2017) Message-ID: <8A631EC6-23FB-4D01-A679-8EF830D527D8@indiana.edu> [Apologies to those who receive multiple copies of this CFP] *** Deadline approaching - April 7. *** CALL FOR SUBMISSIONS - CV-COPS 2017 ================= The First International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2017) - in conjunction with the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) July 21, 2017 - Honolulu, Hawaii General information: http://vision.soic.indiana.edu/bright-and-dark-workshop-2017/ Submission server: https://cmt3.research.microsoft.com/CVCOPS2017 ================= IMPORTANT DATES Submission deadline: April 7, 11:59 PM PDT Author notification date: May 1 Camera ready deadline: May 15, 11:59 PM PDT ABOUT CV-COPS 2017 Computer vision is finally working in the real world, but what are the consequences on privacy and security? For example, recent work shows that vision algorithms can spy on smartphone keypresses from meters away, steal information from inside homes via hacked cameras, exploit social media to de-anonymize blurred faces, and reconstruct images from features like SIFT. Vision could also enhance privacy and security, for example through assistive devices for people with disabilities, phishing detection techniques that incorporate visual features, and image forensic tools. Some technologies present both challenges and opportunities: biometrics techniques could enhance security but may be spoofed, while surveillance systems enhance safety but create potential for abuse. We need to understand the potential threats and opportunities of vision to avoid creating detrimental societal effects and/or facing public backlash. This workshop will explore the intersection between computer vision and security and privacy to address these issues. SCOPE We welcome original research papers and extended abstracts on topics including, but not limited to: - Computer vision-based security and privacy attacks, - Biometric spoofing, defenses and liveness detection, - Impact of ubiquitous cameras on society, - Captchas and other visual Turing tests for online security, - Privacy of visual data, - Privacy-preserving visual features and representations, - Reversibility of image transformations, - Secure/encrypted computer vision and image processing, - Wearable camera privacy, - Attacks against computer vision systems, - Copyright violation detection, - Counterfeit and forgery detection, - Privacy implications of large-scale visual social media, - Other relevant topics. PROGRAM CHAIRS David Crandall, Indiana University Jan-Michael Frahm, University of North Carolina at Chapel Hill Apu Kapadia, Indiana University PROGRAM COMMITTEE Denise Anthony, Dartmouth College Lujo Bauer, Carnegie Mellon University Terrance Boult, University of Colorado Colorado Springs Thomas Brox, University of Freiburg Bojan Cukic, University of North Carolina at Charlotte Serge Egelman, University of California at Berkeley Andrea Frome, Clarifai, Inc. Suman Jana, Columbia University Yu-Gang Jiang, Fudan University Ioannis Kakadiaris, University of Houston Sanjeev Koppal, University of Florida Xiaoming Liu, Michigan State University Ashwin Machanavajjhala, Duke University Donald Madden, ObjectVideo, Inc. Fabian Monrose, University of North Carolina at Chapel Hill Arvind Narayanan, Princeton University Gang Qian, ObjectVideo, Inc. Michael Ryoo, Indiana University Harpreet Sawhney, SRI International Bernt Schiele, Max Planck Institute Andrew Senior, Google Robert Templeman, U.S. Navy Michael Wilber, Cornell Tech TWO CATEGORIES OF SUBMISSIONS *Research papers* should contain original, unpublished research, and be 4-8 pages (excluding references). Research papers will be published in the CVPR Workshop Proceedings and archived on IEEE eXplore and the Computer Vision Foundation websites. *Extended abstracts* about preliminary, ongoing or published work should be up to 2 pages (including references). Extended abstracts will be published and archived on this website. AUTHOR INSTRUCTIONS All submissions should be anonymized and will undergo double-blind peer review. Papers and abstracts must be formatted according to the CVPR guidelines and submitted via the Conference Management Toolkit website at https://cmt3.research.microsoft.com/CVCOPS2017. Accepted submissions will be invited for oral or poster presentation at the workshop. Submission deadline: April 7, 11:59 PM Pacific Daylight Time (PDT) Author notification date: May 1 Camera ready deadline: May 15, 11:59 PM PDT -- Apu Kapadia, Ph.D. Associate Professor School of Informatics and Computing Indiana University Bloomington http://www.cs.indiana.edu/~kapadia/, @apukapadia IU Privacy Lab: http://private.soic.indiana.edu/, @IUPrivLab From kapadia at indiana.edu Thu Apr 6 07:24:11 2017 From: kapadia at indiana.edu (Kapadia, Apu Chandrasen) Date: Thu, 6 Apr 2017 11:24:11 +0000 Subject: [Soups-announce] Postdoctoral Fellowship: Human Factors + Security/Privacy @ Indiana University Message-ID: <357EC1CB-7EBE-4462-94DE-9A8EFDA09C1C@indiana.edu> Dear Colleagues, We are seeking a postdoctoral fellow to study privacy and security issues related to the use of wearable and environment sensors in the workplace (see details below). This is an exciting opportunity at the cross-section of HCI/Ubicomp/CSCW/Privacy&Security. If you are interested, please contact us ASAP (full consideration until May 8th). And please help us spread the word by forwarding to anyone who might be interested. Thanks! Apu and Sameer ----------------- Postdoctoral Fellow in Center for Security Informatics The Center for Security Informatics (http://csi.soic.indiana.edu/) at Indiana University is seeking a postdoctoral researcher to study privacy and security issues related to the use of wearable and environment sensors for monitoring a workplace. The appointment is a part of a collaborative project across seven institutions: Notre Dame University, University of California, Irvine, Carnegie Mellon University, Georgia Institute of Technology, Dartmouth College, University of Colorado, Boulder, and Indiana University Bloomington. The fellow will join a dynamic and interdisciplinary team of computer and social scientists at these institutions. The postdoc will work with Profs. Apu Kapadia and Sameer Patil at Indiana University in Bloomington, Indiana on privacy and security aspects related to the project. Minimum Qualifications: A PhD is required, ideally in Computer Science, Informatics, Human Computer Interaction, Information Systems, Cognitive Science, Psychology, Communication or a related discipline with a strong background and relevant experience in usable security and privacy, research methods, and statistics. Applicants should have a record of conducting independent research and communicating results via publications and presentations. In addition, applicants should demonstrate ability for effective participation in collaborative, interdisciplinary research while at residence at Indiana University. Salary: The position has a starting annual salary of $55,000 - $65,000 commensurate with experience, plus generous benefits. Rank: Postdoctoral Fellow (RSP) Appointment Type: The initial position is full-time for 1 year, renewable for up to 2.5 additional years based on performance and availability of funds. The appointment will be in the Department of Computer Science or the Department of Informatics, depending on fit with the successful candidate?s academic background and interests. Apply Online at: http://indiana.peopleadmin.com/postings/3770 Special Instructions: Interested applicants should upload a letter of interest, CV, and contact information for three professional references using the above application link. Questions may be sent to kapadia at indiana.edu For Best Consideration Apply By: May 8, 2017 Ideal Start Date for position: Aug 1, 2017 Indiana University is an equal employment and affirmative action employer and a provider of ADA services. All qualified applicants will receive consideration for employment without regard to age, ethnicity, color, race, religion, sex, sexual orientation or identity, national origin, disability status or protected veteran status. ----------------- -- Apu Kapadia, Ph.D. Associate Professor School of Informatics and Computing Indiana University Bloomington http://www.cs.indiana.edu/~kapadia/, @apukapadia IU Privacy Lab: http://private.soic.indiana.edu/, @IUPrivLab From elizabeth.stobert at gmail.com Mon May 15 03:20:05 2017 From: elizabeth.stobert at gmail.com (Elizabeth Stobert) Date: Mon, 15 May 2017 09:20:05 +0200 Subject: [Soups-announce] [CFP] WAY 2017: Who are you?! Adventures in Authentication Workshop at SOUPS 2017 Message-ID: Please consider submitting to the 3rd WAY workshop on authentication. New this year, we are seeking 4-5 page research or position papers, as well as panel submissions. Apologies if you receive this multiple times. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Who are you?! Adventures in Authentication When: July 12, 2017 Where: Santa Clara, California, USA (Co-located with SOUPS 2017) https://www.usenix.org/conference/soups2017/call-for-papers-way2017 The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable. Authentication, or the act of proving that someone is who they claim to be, is a cornerstone of security. The importance of authentication continues to grow as users must prove their identity to maintain a continuous presence with a wide variety of computing devices and services. Our most common method of authentication continues to be based on the outmoded assumption of a person using a keyboard or touchscreen device. As well, there has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions are no longer valid. The time for each interaction with a device, application or service is becoming much briefer. The user?s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. Target Audience: Researchers and practitioners interested in the topics outlined below. We expect that researchers from both industry and academia will find relevant material in the workshop. Topics of interest for this workshop include: ? Surveys and comparisons of known authentication techniques ? Novel metrics or comparisons of metrics for authentication strength ? Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user?s primary task ? New authentication techniques that target emerging computing environments such as mobile and embedded systems ? Approaches (including protocols) that enable weak authentication schemes to be more robust ? Existing authentication techniques applied in new environments or usage contexts ? Novel approaches to the design and evaluation of authentication systems The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as healthcare, automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. We are soliciting 4-5 page submissions. Submission may be formatted as either research papers, describing on-going or completed work, or position papers that take a stance on an issue relating to authentication. Submissions must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded. NEW THIS YEAR: We are seeking panel submissions. We would like to assemble one panel discussion with 4 speakers on a topic relating to authentication. Panel proposals should be formatted as 1-2 page abstracts, and contain the phrase ?Panel Proposal? in the title. Accepted submissions will be posted to the SOUPS workshop website. We encourage participants to also make their workshop presentations available on the website. These submissions will not be considered ?published? works, and as such, should not preclude publication elsewhere. Submissions should be made via the WAY 2017 website: https://way2017.usenix.hotcrp.com Please send workshop inquiries to: way2017 at usenix.org Workshop co-chairs: Elizabeth Stobert ETH Z?rich estobert at inf.ethz.ch Larry Koved IBM T. J. Watson Research Center larry.k.biz at gmail.com Program Committee: Heather Crawford (Florida Institute of Technology) Markus D?rmuth (Ruhr-University Bochum) Serge Egelman (UC Berkeley) Lydia Kraus (TU Berlin) Sana Maqsood (Carleton University) Scott Ruoti (MIT Lincoln Laboratory) Raghav Sampangi (Dalhousie University) Kent Seamons (Brigham Young University) Jonathan Voris (New York Institute of Technology) -------------- next part -------------- An HTML attachment was scrubbed... URL: From Gabriele.Lenzini at uni.lu Mon Jul 10 11:22:32 2017 From: Gabriele.Lenzini at uni.lu (Gabriele LENZINI) Date: Mon, 10 Jul 2017 15:22:32 +0000 Subject: [Soups-announce] PhD position in Socio-Technical Security - University of Luxembourg Message-ID: Dear colleagues, The University of Luxembourg is currently looking to fill a PhD positions in Socio-Technical Security and Privacy for System Protection, at the University of Luxembourg. Here is the announcement: - http://emea3.mrted.ly/1hhsh This particular position is about an interdisciplinary research in socio-technical security. It is meant to address questions relatively to the design and analysis of secure and private human security protocols. Part of a wider program of the Doctoral Training Unit (DTU), this position is meant to foster interdisciplinary research between two socio-technical security and user experience human-computer-interaction. Please feel free to forward it, Yours, Gabriele Lenzini ----------------------------- Dr. G. Lenzini - Senior Scientific Researcher SnT - Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg 29 Avenue J. F. Kennedy, L-1855 Luxembourg Please consider to subscribe to the new mailing list on socio-technical security https://listserver.uni.lu/sympa/info/sociotech-security From zinaida.benenson at fau.de Thu Aug 3 08:11:28 2017 From: zinaida.benenson at fau.de (Zinaida Benenson) Date: Thu, 3 Aug 2017 14:11:28 +0200 Subject: [Soups-announce] CfP: 7th STAST Workshop (Socio-Technical Aspects in Security and Trust) Message-ID: <8b764549-3b5a-57a7-16dd-ef1e044383b2@fau.de> ********************************************************** 7th Int. Workshop on Socio-Technical Aspects in Security and Trust (STAST) - http://stast.uni.lu December 4 or 5, 2017 (date under negotiation) ---------------------------------------------------------- Affiliated with the Annual Computer Security Application Conference (ACSAC 2017) San Juan, Puerto Rico, USA ********************************************************** IMPORTANT DATES ---------------- Title and Abstract: September 20, 2017, 23.59 AoE (= UTC-12) Full Paper: September 25, 2017, 23.59, AoE (= UTC-12) Notification: October 30, 2017 Camera Ready: November 20, 2017 SUBMISSION ---------- We accept: (1) Full Papers; (2) Position Papers; (3) Case Studies For more details, please visit our web page: http://stast.uni.lu CONCEPT AND GOAL ---------------- Successful attacks on information systems often combine social engineering practices with technical skills. Research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives and to improve security, technology must adapt to the users. However, finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions. The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences. PROCEEDINGS ----------- The final proceedings will be published with the ACM International Conference Proceedings Series WORKSHOP TOPICS -------------- * Requirements for socio-technical systems * Feasibility of policies from the socio-technical perspective * Threat models that combine technical and human-centred strategies * Technical and social factors that influence decision making in security and privacy * Balance between technical measures and social strategies in ensuring security and privacy * Studies of real-world security incidents from the socio-technical perspective * Social factors that influence changes in organizations security policies and processes * Lessons learned from holistic design and deployment of security mechanisms and policies * Models of user behaviour and user interactions with technology * Perceptions of security, risk and trust and their influence on human behaviour * Interplay of law, ethics and politics with security and privacy measures * Social engineering, persuasion, and other deception techniques * Socio-technical analysis of security incidents * Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis We welcome qualitative and quantitative research approaches from academia and industry INVITED SPEAKER ----------------- Robert L. Biddle (Carleton University) ORGANIZINGATION -------------------- ** Programme Chairs Zinaida Benenson (University of Erlangen-Nuremberg) Daniela Oliveira (University of Florida) ** Workshop Organizers Giampaolo Bella (University of Catania) Gabriele Lenzini (University of Luxembourg) ** Programme Committee Adam Aviv (United States Naval Academy) Matt Bishop (University of California, Davis) Lynne Coventry (University of Northumbria) Sarah Diesburg (University of Northern Iowa) Natalie Ebner (University of Florida) Ben Edwards (IBM) Thomas Gro? (University of Newcastle) Markus Jakobsson (Agari) Lydia Kraus (Technische Universit?t Berlin) Kat Krol (University of Cambridge) Mohammad Mannan (Concordia University) Brandon Matthews (MIT Lincoln Laboratory) Maryam Mehrnezhad (University of Newcastle) Simon Parkin (University College London) Sasa Radomirovic (University of Dundee) Karen Renaud (University of Glasgow) Volker Roth (Freie Universit?t Berlin) Scott Ruoti (MIT Lincoln Laboratory) Jessica Staddon (Google) Julie Thorpe (University of Ontario Institute of Technology) Melanie Volkamer (Karlstad Univerity) Chenxi Wang (Twistlock) Pamela Wisniewski (University of Central Florida) Rick Wash (Michigan State University) Jeff Yan (University of Lancaster) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5403 bytes Desc: S/MIME Cryptographic Signature URL: From zinaida.benenson at fau.de Mon Sep 4 08:44:02 2017 From: zinaida.benenson at fau.de (Zinaida Benenson) Date: Mon, 4 Sep 2017 14:44:02 +0200 Subject: [Soups-announce] 2nd CfP: 7th STAST Workshop (Socio-Technical Aspects in Security and Trust) Message-ID: <0ca9f888-2eee-43c6-60a6-b77828f266e9@fau.de> ********************************************************** 7th Int. Workshop on Socio-Technical Aspects in Security and Trust (STAST) - http://stast.uni.lu December 5, 2017 ---------------------------------------------------------- Affiliated with the Annual Computer Security Application Conference (ACSAC 2017) San Juan, Puerto Rico, USA ********************************************************** IMPORTANT DATES ---------------- Title and Abstract: September 20, 2017, 23.59 AoE (= UTC-12) Full Paper: September 25, 2017, 23.59, AoE (= UTC-12) Notification: October 30, 2017 Camera Ready: November 20, 2017 SUBMISSION ---------- We accept: (1) Full Papers; (2) Position Papers; (3) Case Studies For more details, please visit our web page: http://stast.uni.lu CONCEPT AND GOAL ---------------- Successful attacks on information systems often combine social engineering practices with technical skills. Research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives and to improve security, technology must adapt to the users. However, finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions. The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences. PROCEEDINGS ----------- The final proceedings will be published with the ACM International Conference Proceedings Series WORKSHOP TOPICS -------------- * Requirements for socio-technical systems * Feasibility of policies from the socio-technical perspective * Threat models that combine technical and human-centred strategies * Technical and social factors that influence decision making in security and privacy * Balance between technical measures and social strategies in ensuring security and privacy * Studies of real-world security incidents from the socio-technical perspective * Social factors that influence changes in organizations security policies and processes * Lessons learned from holistic design and deployment of security mechanisms and policies * Models of user behaviour and user interactions with technology * Perceptions of security, risk and trust and their influence on human behaviour * Interplay of law, ethics and politics with security and privacy measures * Social engineering, persuasion, and other deception techniques * Socio-technical analysis of security incidents * Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis We welcome qualitative and quantitative research approaches from academia and industry INVITED SPEAKER ----------------- Robert L. Biddle (Carleton University) Online Security and Social Support: How Can We Help Each Other Online? ORGANIZINGATION -------------------- ** Programme Chairs Zinaida Benenson (University of Erlangen-Nuremberg) Daniela Oliveira (University of Florida) ** Workshop Organizers Giampaolo Bella (University of Catania) Gabriele Lenzini (University of Luxembourg) ** Programme Committee Adam Aviv (United States Naval Academy) Matt Bishop (University of California, Davis) L. Jean Camp (Indiana University) Lynne Coventry (University of Northumbria) Sarah Diesburg (University of Northern Iowa) Natalie Ebner (University of Florida) Ben Edwards (IBM) Thomas Gro? (University of Newcastle) Markus Jakobsson (Agari) Lydia Kraus (Technische Universit?t Berlin) Kat Krol (University of Cambridge) Mohammad Mannan (Concordia University) Brandon Matthews (MIT Lincoln Laboratory) Maryam Mehrnezhad (University of Newcastle) Simon Parkin (University College London) Sasa Radomirovic (University of Dundee) Karen Renaud (University of Glasgow) Volker Roth (Freie Universit?t Berlin) Scott Ruoti (MIT Lincoln Laboratory) Jessica Staddon (Google) Julie Thorpe (University of Ontario Institute of Technology) Melanie Volkamer (Karlstad Univerity) Chenxi Wang (Twistlock) Pamela Wisniewski (University of Central Florida) Rick Wash (Michigan State University) Jeff Yan (University of Lancaster) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5403 bytes Desc: S/MIME Cryptographic Signature URL: From zinaida.benenson at fau.de Thu Sep 21 07:33:16 2017 From: zinaida.benenson at fau.de (Zinaida Benenson) Date: Thu, 21 Sep 2017 13:33:16 +0200 Subject: [Soups-announce] deadlines extended: 7th STAST Workshop (Socio-Technical Aspects in Security and Trust) Message-ID: <3d572b28-6518-9c31-ee1c-c855939a99f3@fau.de> ********************************************************** 7th Int. Workshop on Socio-Technical Aspects in Security and Trust (STAST) - http://stast.uni.lu December 5, 2017 ---------------------------------------------------------- Affiliated with the Annual Computer Security Application Conference (ACSAC 2017) San Juan, Puerto Rico, USA ********************************************************** IMPORTANT DATES ---------------- Title and Abstract: September 27, 2017, 23:59 AoE (= UTC-12) Full Paper: October 2, 2017, 23:59 AoE (= UTC-12) Notification: November 6, 2017 SUBMISSION ---------- We accept: (1) Full Papers; (2) Position Papers; (3) Case Studies; (4) Work in Progress For more details, please visit our web page: http://stast.uni.lu CONCEPT AND GOAL ---------------- Successful attacks on information systems often combine social engineering practices with technical skills. Research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives and to improve security, technology must adapt to the users. However, finding the right balance between the technical and the social security measures remains largely unexplored, which motivates the need for this workshop. There is no established holistic research in security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions. The workshop intends to stimulate an exchange of ideas and experiences on how to design systems that are secure in the real world where they interact with non-expert users. It aims at bringing together experts in various areas of computer security and in social and behavioral sciences. PROCEEDINGS ----------- The final proceedings will be published with the ACM International Conference Proceedings Series WORKSHOP TOPICS -------------- * Requirements for socio-technical systems * Feasibility of policies from the socio-technical perspective * Threat models that combine technical and human-centred strategies * Technical and social factors that influence decision making in security and privacy * Balance between technical measures and social strategies in ensuring security and privacy * Studies of real-world security incidents from the socio-technical perspective * Social factors that influence changes in organizations security policies and processes * Lessons learned from holistic design and deployment of security mechanisms and policies * Models of user behaviour and user interactions with technology * Perceptions of security, risk and trust and their influence on human behaviour * Interplay of law, ethics and politics with security and privacy measures * Social engineering, persuasion, and other deception techniques * Socio-technical analysis of security incidents * Strategies, methodology and guidelines for socio-technical and cyber-security intelligence analysis We welcome qualitative and quantitative research approaches from academia and industry INVITED SPEAKER ----------------- Robert L. Biddle (Carleton University) Online Security and Social Support: How Can We Help Each Other Online? ORGANIZATION -------------------- ** Programme Chairs Zinaida Benenson (University of Erlangen-Nuremberg) Daniela Oliveira (University of Florida) ** Workshop Organizers Giampaolo Bella (University of Catania) Gabriele Lenzini (University of Luxembourg) ** Programme Committee Adam Aviv (United States Naval Academy) Matt Bishop (University of California, Davis) L. Jean Camp (Indiana University) Lynne Coventry (University of Northumbria) Sarah Diesburg (University of Northern Iowa) Natalie Ebner (University of Florida) Ben Edwards (IBM) Thomas Gro? (University of Newcastle) Markus Jakobsson (Agari) Lydia Kraus (Technische Universit?t Berlin) Kat Krol (University of Cambridge) Mohammad Mannan (Concordia University) Brandon Matthews (MIT Lincoln Laboratory) Maryam Mehrnezhad (University of Newcastle) Simon Parkin (University College London) Sasa Radomirovic (University of Dundee) Karen Renaud (University of Glasgow) Volker Roth (Freie Universit?t Berlin) Scott Ruoti (MIT Lincoln Laboratory) Jessica Staddon (Google) Julie Thorpe (University of Ontario Institute of Technology) Melanie Volkamer (Karlstad Univerity) Chenxi Wang (Twistlock) Pamela Wisniewski (University of Central Florida) Rick Wash (Michigan State University) Jeff Yan (University of Lancaster) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5403 bytes Desc: S/MIME Cryptographic Signature URL: From sadeh at cs.cmu.edu Fri Sep 22 14:11:10 2017 From: sadeh at cs.cmu.edu (Norman Sadeh) Date: Fri, 22 Sep 2017 14:11:10 -0400 Subject: [Soups-announce] Call for Submission/Participation - Privacy Engineering Research and the GDPR: A Trans-Atlantic Initiative - tight deadline (Sept 24) Message-ID: Consider responding to the call for participation in the upcoming workshop on "Privacy Engineering Research and the GDPR: A Trans-Atlantic Initiative." : https://fpf.org/2017/08/30/privacy-engineering-research- gdpr-trans-atlantic-initiative/ Responses can be in the form of a short expression of interest and a short bio or in the form of a recent (and relevant) article (published or not). The deadline is September 24. The workshop will take place in Leuven (Belgium) on Nov 10 (right after the IAPP Europe Congress) and will feature representatives from government (EU and US), industry and academia. Norman -- Prof. Norman M. Sadeh ? www.normsadeh.org ISR - School of Computer Science Carnegie Mellon University 5000 Forbes Avenue -- Pittsburgh, PA 15213 Lab Manager: Ms. Linda Moreci ? laf20 at cs.cmu.edu - Tel: 412-268-9934 <(412)%20268-9934> -- Prof. Norman M. Sadeh ? www.normsadeh.org ISR - School of Computer Science Carnegie Mellon University 5000 Forbes Avenue -- Pittsburgh, PA 15213 Lab Manager: Ms. Linda Moreci ? laf20 at cs.cmu.edu - Tel: 412-268-9934 -------------- next part -------------- An HTML attachment was scrubbed... URL: From patil at indiana.edu Sun Dec 17 23:14:00 2017 From: patil at indiana.edu (Sameer Patil) Date: Sun, 17 Dec 2017 23:14:00 -0500 Subject: [Soups-announce] Final CFP: Workshop on Usable Security (USEC) 2018 Message-ID: We have extended the abstract submission deadline to be the same as the submission deadline. So please submit by the paper deadline (19th December) even if you haven?t yet submitted your abstract. Sameer and Yasemin Workshop on Usable Security (USEC) 2018 (co-located with NDSS 2018) San Diego, California February 18, 2018 Ensuring effective security and privacy in real-world technology requires considering technical as well as human aspects. Enabling people to manage privacy and security necessitates giving due consideration to the users and the larger operating context within which technology is embedded. Ensuring effective security and privacy in real-world technology requires considering technical as well as human aspects. Enabling people to manage privacy and security necessitates giving due consideration to the users and the larger operating context within which technology is embedded. We invite submissions on all aspects of human factors including adoption and usability in the context of security and privacy. USEC 2018 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence, machine learning, and theoretical computer science as well as researchers from other domains such as economics and psychology. We particularly encourage collaborative research from authors in multiple disciplines. Topics include, but are not limited to: ? Usable security/privacy evaluation of existing and/or proposed solutions. ? Mental models that contribute to, or complicate, security and privacy. ? Lessons learned from designing, deploying, managing, or evaluating security and privacy technologies. ? Foundations of usable security and privacy incl. usable security and privacy patterns. ? Ethical, psychological, sociological and economic aspects of security and privacy technologies. ? Usable security and privacy research that targets information professionals (e.g. administrators or developers). ? Reports on replications of previously published studies and experiments. ? Reports on failed usable security studies or experiments, with the focus on the lessons learned from such experience. ? Human factors related to the deployment of the Internet of Things (IoT). It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of failed experiments, since their publication will serve to highlight the lessons learned and prevent others falling into the same traps. * SUBMISSION INSTRUCTIONS All submissions must be original work; authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. We are looking for submissions of up to 10 pages, excluding references and supplementary materials using the NDSS format found at: https://www.ndss-symposium.org/ndss2018/ndss-2018-templates/. Submitting supplementary material that adds depth to the contribution and/or contributes to the submission?s replicability is strongly encouraged. Supplemental material must be linked to in the paper in an anonymous way as we cannot support direct upload to the submission system. Reviewing will be double blind. * WORK IN PROGRESS USEC 2018 will accept Work in Progress submissions. These submissions must be clearly marked work in progress and follow the same formatting instructions as full submissions, but with a page limit of 5 pages excluding references. If accepted, authors will need to prepare a poster that will be presented at USEC 2018. Accepted Work in Progress submissions will be included in the USEC proceedings and be citable, but they will be marked clearly as Work in Progress. These publications can be republished with a ?significant? revision that contains at least 25% new content. For determining the ?significance? of a revision, USEC will follow ACM policies on Pre-publication Evaluation (https://www.acm.org/publications/policies/pre-publication-evaluation) and Prior Publication and Simultaneous Submissions (https://www.acm.org/publications/policies/simultaneous-submissions). USEC 2018 is open to submissions here: https://easychair.org/conferences/?conf=usec2018 * PROCEEDINGS Accepted papers will be included in official proceedings published by the Internet Society after the workshop. For the workshop, a pre-print will be made available on the workshop webpage. Important Dates (tentative) ? Abstract submission: 15 December 2017 ? Paper submission: 19 December 2017 ? Acceptance Notification: 19 January 2018 ? Early registration: 26 January 2018 ? Camera-ready: 5 February 2018 ? Workshop: 18 February 2018 (co-located with NDSS 2018) USEC 2018 CO-CHAIRS Yasemin Acar, Leibniz University, Hannover Sameer Patil, Indiana University Bloomington USEC 2018 PROGRAM COMMITTEE Andrew Adams, Meiji University Adam Aviv, United States Naval Academy Adam Bates, University of Illinois at Urbana-Champaign Zinaida Benenson, University of Erlangen-Nuremberg Matt Bishop, University of California, Davis Joseph Bonneau, New York University Pamela Briggs, Northumbria University Marshini Chetty, Princeton University Heather Crawford, Florida Institute of Technology Sascha Fahl, Leibniz University Hannover Simson Garfinkel, US Census Bureau Vaibhav Garg, Comcast Jens Grossklags, Technical University of Munich Julie Haney, University of Maryland, Baltimore County Apu Kapadia, Indiana University Bloomington Patrick Kelley, Google Katharina Krombholz, SBA Research Janne Lindqvist, Rutgers University Heather Lipford, University of North Carolina, Charlotte Luigi Lo Iacono, Technische Hochschule K?ln Bradley Reaves, North Carolina State University Scott Ruoti, MIT Lincoln Laboratory Angela Sasse, University College, London Florian Schaub, University of Michigan Divya Sharma, Google Mary Theofanos, NIST Blase Ur, University of Chicago Melanie Volkamer, Karlstad University Rick Wash, Michigan State University Charles Weir, Lancaster University Tara Whalen, Google Pamela Wisniewski, University of Central Florida Mary Ellen Zurko, MIT Lincoln Laboratory