[cap-talk] [Fwd: [hcisec] CFP: Security User Studies Workshop at CHI07 [1/12]]

Mark S. Miller markm at cs.jhu.edu
Thu Nov 2 00:49:13 CST 2006

-------- Original Message --------
Subject: [hcisec] CFP: Security User Studies Workshop at CHI07 [1/12]
Date: Wed, 01 Nov 2006 17:00:29 -0500
From: Serge Egelman <egelman at cs.cmu.edu>
To: hcisec at yahoogroups.com

Please forward:

** Security User Studies: Methodologies and Best Practices
** Workshop at CHI07


CFP Deadline: January 12th, 2007, 5:00PM PDT
Notification: February 1st, 2007
Workshop Date: April 28th, 2007
Location: San Diego, CA, USA


As networked computing weaves itself into many aspects of daily life,
ensuring the security of networked systems is becoming vitally
important. Interest in usable security -- the research, development, and
study of systems that are both usable and secure -- has been growing
both in the human-computer interaction and information security
communities in the past several years. Despite this growing interest,
however, the process of conducting effective, ethical security-related
user studies remains daunting. Users deal with security infrequently and
irregularly, and most do not notice or care about security until it is
missing or broken. Security is rarely a primary goal or task of users,
making many traditional HCI evaluation techniques difficult or even
impossible to use.

This workshop, held in conjunction with the ACM CHI2007
(http://www.chi2007.org/) conference, will bring together researchers
and practitioners from the HCI and information security communities to
explore methodological challenges and best practices for conducting
security-related user studies, including:

	*Study Design: How can evaluators design studies that are faithful to
the fact that in the real world, security is almost never a primary
goal? How can evaluators motivate study participants to complete
security-related tasks without overemphasizing security? How should
evaluators even decide what to test in a security user study? How can
researchers handle the problem that users may claim to take particular
steps to protect their security, but in reality do something else?

	*Ethical Issues: How can evaluators conduct realistic studies involving
attacks on users, yet at the same time protect study participants from
harm or embarrassment? When is it appropriate to launch security attacks
or employ deception in studies?

	*Lessons Learned & Best Practices: Why have previous security user
studies succeeded or failed? What are best practices for security user
studies? What would security user study processes, checklists, and
criteria look like?


People interested in joining the workshop should submit a position paper
of up to four pages along with a cover letter describing their research
interests and background in this area to Erika Shehan
(erika at cc.gatech.edu) by January 12, 2007.

We encourage submissions from practitioners as well as researchers
interested and involved in all forms of empirical usable security
research. Position papers may describe prior empirical work in usable
security (including successes or difficulties encountered), discussions
of specific problems associated with security-related user studies, and
proposals for possible user studies (both realistic and outlandish).
Position papers will be reviewed for relevance, overall quality, and
potential to generate discussion.

To facilitate interaction, the workshop will be limited to twenty
participants. Prior experience with security user studies is
recommended, but submissions from enthusiastic newcomers to usable
security will be warmly welcomed. Please note that at least one of the
authors of an accepted paper needs to register for the workshop and one
day of the CHI 2007 conference.


Serge Egelman, Carnegie Mellon University
Jen King, Yahoo! Inc
Robert C. Miller, MIT CS & AI Laboratory
Nick Ragouzis, Enosis LLC
Erika Shehan, Georgia Tech

Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students

Yahoo! Groups Links

<*> To visit your group on the web, go to:

<*> Your email settings:
     Individual Email | Traditional

<*> To change settings online go to:
     (Yahoo! ID required)

<*> To change settings via email:
     mailto:hcisec-digest at yahoogroups.com
     mailto:hcisec-fullfeatured at yahoogroups.com

<*> To unsubscribe from this group, send an email to:
     hcisec-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list