W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2007

Fw: fyi Fw: CHI 2007 Workshop CFP: Security User Studies

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 4 Jan 2007 11:06:14 -0500
To: public-wsc-wg@w3.org
Message-ID: <OF36909353.3C35ED43-ON85257259.0057D92C-85257259.00587A3A@LocalDomain>
And on top of all those challenges, how do we integrate security user 
studies into the standards process? I'd very much like to see a position 
paper and at least one attendee from this WG, with an emphasis on the 
special considerations of integrating security user studies into standards 
processes. Is anyone already pursuing this, or willing to? The deadline is 
tight, and right on top of our deadline for draft input on our Note for 
the editor (Tyler), but this is an important topic for the success of our 


Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

Erika Shehan <erika@CC.GATECH.EDU> 
Sent by: "ACM SIGCHI General Interest Announcements (Mailing List)" 
01/02/2007 12:00 PM
Please respond to
Erika Shehan <erika@CC.GATECH.EDU>


CHI 2007 Workshop CFP: Security User Studies

** Security User Studies: Methodologies and Best Practices
** Workshop at CHI 2007


Position Paper Deadline: January 12th, 2007, 5:00PM PDT
Notification: February 1st, 2007
Workshop Date: April 28th, 2007
Location: San Jose, CA, USA


As networked computing weaves itself into many aspects of daily life,
ensuring the security of networked systems is becoming vitally
important. Interest in usable security -- the research, development, and
study of systems that are both usable and secure -- has been growing
both in the human-computer interaction and information security
communities in the past several years. Despite this growing interest,
however, the process of conducting effective, ethical security-related
user studies remains daunting. Users deal with security infrequently and
irregularly, and most do not notice or care about security until it is
missing or broken. Security is rarely a primary goal or task of users,
making many traditional HCI evaluation techniques difficult or even
impossible to use.

This workshop, held in conjunction with the ACM CHI2007
(http://www.chi2007.org/) conference, will bring together researchers
and practitioners from the HCI and information security communities to
explore methodological challenges and best practices for conducting
security-related user studies, including:

    *Study Design: How can evaluators design studies that are faithful to
the fact that in the real world, security is almost never a primary
goal? How can evaluators motivate study participants to complete
security-related tasks without overemphasizing security? How should
evaluators even decide what to test in a security user study? How can
researchers handle the problem that users may claim to take particular
steps to protect their security, but in reality do something else?

    *Ethical Issues: How can evaluators conduct realistic studies 
attacks on users, yet at the same time protect study participants from
harm or embarrassment? When is it appropriate to launch security attacks
or employ deception in studies?

    *Lessons Learned & Best Practices: Why have previous security user
studies succeeded or failed? What are best practices for security user
studies? What would security user study processes, checklists, and
criteria look like?


People interested in joining the workshop should submit a position paper
of up to four pages along with a cover letter describing their research
interests and background in this area to Erika Shehan
(erika@cc.gatech.edu) by January 12, 2007.

We encourage submissions from practitioners as well as researchers
interested and involved in all forms of empirical usable security
research. Position papers may describe prior empirical work in usable
security (including successes or difficulties encountered), discussions
of specific problems associated with security-related user studies, and
proposals for possible user studies (both realistic and outlandish).

Position papers will be reviewed for relevance, overall quality, and
potential to generate discussion.

To facilitate interaction, the workshop will be limited to twenty
participants. Prior experience with security user studies is
recommended, but submissions from enthusiastic newcomers to usable
security will be warmly welcomed. Please note that at least one of the
authors of an accepted paper needs to register for the workshop and one
day of the CHI 2007 conference.


Serge Egelman, Carnegie Mellon University
Jen King, Yahoo! Inc
Robert C. Miller, MIT CS & AI Laboratory
Nick Ragouzis, Enosis LLC
Erika Shehan, Georgia Tech

                To unsubscribe, send an empty email to
    For further details of CHI lists see http://sigchi.org/listserv
Received on Thursday, 4 January 2007 16:06:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:13 UTC