- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Thu, 4 Jan 2007 11:06:14 -0500
- To: public-wsc-wg@w3.org
- Message-ID: <OF36909353.3C35ED43-ON85257259.0057D92C-85257259.00587A3A@LocalDomain>
And on top of all those challenges, how do we integrate security user studies into the standards process? I'd very much like to see a position paper and at least one attendee from this WG, with an emphasis on the special considerations of integrating security user studies into standards processes. Is anyone already pursuing this, or willing to? The deadline is tight, and right on top of our deadline for draft input on our Note for the editor (Tyler), but this is an important topic for the success of our recommendations. Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect Erika Shehan <erika@CC.GATECH.EDU> Sent by: "ACM SIGCHI General Interest Announcements (Mailing List)" <CHI-ANNOUNCEMENTS@LISTSERV.ACM.ORG> 01/02/2007 12:00 PM Please respond to Erika Shehan <erika@CC.GATECH.EDU> To CHI-ANNOUNCEMENTS@LISTSERV.ACM.ORG cc Subject CHI 2007 Workshop CFP: Security User Studies ** Security User Studies: Methodologies and Best Practices ** Workshop at CHI 2007 http://www.verbicidal.org/hcisec-workshop/ Position Paper Deadline: January 12th, 2007, 5:00PM PDT Notification: February 1st, 2007 Workshop Date: April 28th, 2007 Location: San Jose, CA, USA PURPOSE: As networked computing weaves itself into many aspects of daily life, ensuring the security of networked systems is becoming vitally important. Interest in usable security -- the research, development, and study of systems that are both usable and secure -- has been growing both in the human-computer interaction and information security communities in the past several years. Despite this growing interest, however, the process of conducting effective, ethical security-related user studies remains daunting. Users deal with security infrequently and irregularly, and most do not notice or care about security until it is missing or broken. Security is rarely a primary goal or task of users, making many traditional HCI evaluation techniques difficult or even impossible to use. This workshop, held in conjunction with the ACM CHI2007 (http://www.chi2007.org/) conference, will bring together researchers and practitioners from the HCI and information security communities to explore methodological challenges and best practices for conducting security-related user studies, including: *Study Design: How can evaluators design studies that are faithful to the fact that in the real world, security is almost never a primary goal? How can evaluators motivate study participants to complete security-related tasks without overemphasizing security? How should evaluators even decide what to test in a security user study? How can researchers handle the problem that users may claim to take particular steps to protect their security, but in reality do something else? *Ethical Issues: How can evaluators conduct realistic studies involving attacks on users, yet at the same time protect study participants from harm or embarrassment? When is it appropriate to launch security attacks or employ deception in studies? *Lessons Learned & Best Practices: Why have previous security user studies succeeded or failed? What are best practices for security user studies? What would security user study processes, checklists, and criteria look like? PARTICIPATING: People interested in joining the workshop should submit a position paper of up to four pages along with a cover letter describing their research interests and background in this area to Erika Shehan (erika@cc.gatech.edu) by January 12, 2007. We encourage submissions from practitioners as well as researchers interested and involved in all forms of empirical usable security research. Position papers may describe prior empirical work in usable security (including successes or difficulties encountered), discussions of specific problems associated with security-related user studies, and proposals for possible user studies (both realistic and outlandish). Position papers will be reviewed for relevance, overall quality, and potential to generate discussion. To facilitate interaction, the workshop will be limited to twenty participants. Prior experience with security user studies is recommended, but submissions from enthusiastic newcomers to usable security will be warmly welcomed. Please note that at least one of the authors of an accepted paper needs to register for the workshop and one day of the CHI 2007 conference. ORGANIZERS: Serge Egelman, Carnegie Mellon University Jen King, Yahoo! Inc Robert C. Miller, MIT CS & AI Laboratory Nick Ragouzis, Enosis LLC Erika Shehan, Georgia Tech --------------------------------------------------------------- To unsubscribe, send an empty email to mailto:chi-announcements-unsubscribe-request@listserv.acm.org For further details of CHI lists see http://sigchi.org/listserv ---------------------------------------------------------------
Received on Thursday, 4 January 2007 16:06:41 UTC