Wed, 4 Feb 2004 18:20:33 -0000
[Please think about submitting an article on HCI-SEC issues to this
IEEE Security and Privacy, George Cybenko, Editor.
Simson L. Garfinkel and Lorrie Faith Cranor
Special issue on Security and Usability: September/October Issue
(Submissions due May 3, 2004)
Conventional wisdom holds that security and usability are two
goals in system design. A classic example is passwords: systems
without passwords are thought to be usable, but not very secure, while
systems with long passwords that must be frequently changed are
thought to be secure, but not very usable.
Think conventional wisdom is wrong?
There is an alternative view that holds that the expanded use of
computers by the general public has turned the traditional tradeoff of
security-for-usability on its head: unless designers create systems
that are both secure *and* usable, they will build systems that are
neither. That's because systems that are secure but not usable will
fail to gain market acceptance, while systems that are usable but not
secure will be hacked and rendered useless.
The September/October issue of IEEE Security and Privacy will be
devoted to Security and Usability --- what some academics are calling
HCI-SEC (Human Computer Interaction---Security). Papers dealing with
the following topics are welcome:
- Techniques for increasing security and usability
- Metrics for quantifying user interfaces
- Security education: successes and failures
- User perceptions and expectation of security and privacy
- User studies involving security and security-related topics
- Theory vs. practice: why some security initiatives succeed while
- Security and privacy visualization tools.
- Passwords and biometrics: reports form the field
Feature articles should be no longer than 6,000 words (tables and
figures count as 250 words each). Be sure to include all author names,
professional affiliations, mailing addresses, daytime telephone
numbers, and email addresses. Submissions should be in the form of a
source file (Microsoft Word or LaTeX) and one PostScript or PDF file
sent by email to [log in to unmask] with the subject line "HCI-SEC
Submission". Questions can be sent [log in to unmask] with the
subject line "HCI-SEC Question".