(apologies for cross-posting)

              *** Security User Studies Workshop ***

        at the Symposium On Usable Privacy and Security (SOUPS 2006)
                 July 12, 2006, Pittsburgh, PA USA

                       CALL FOR PARTICIPATION

Submission deadline: April 7, 2006
Web site: http://cups.cs.cmu.edu/soups/2006/user-studies-workshop.html


Researchers and designers of security systems are increasingly coming
to the understanding that both usability and security need to be
evaluated with carefully-designed user studies.  But security user
studies have special requirements that make them hard to design.

- How can users be motivated to defend their security in a study without
   putting undue emphasis on security?

- How should attack studies be designed so that they are faithful to
   the fact that in the real world, security is almost never the user's
   primary goal?

- How do we choose what the security goals are, and therefore what
   security aspects to test?

- How can we balance ethical concerns for protecting subjects with the
   need to make realistic attacks that reveal just how secure they are?

The Security User Studies workshop will be a one day workshop at SOUPS
2006, on the design, implementation and challenges of conducting
Security User Studies.  The workshop will be an opportunity for
researchers to share experiences, materials, and ideas, and for
newcomers to learn about problems and best practices.

We seek two kinds of submissions to the workshop (described in more
detail below):

- "construction kits": compilations of security user study materials

- user study proposals: short descriptions of past or future
   security user studies

Construction Kits

Every user study involves a variety of materials that are rarely
included in published articles about the study, making it harder to
reproduce the results and preventing researchers from building on each
others' efforts.

We are soliciting these kinds of materials -- "construction kits" for
reproducing security user studies -- for compilation and dissemination
in connection with the workshop.  Construction kits might include:

- scenarios
- briefings
- questionnaires
- code
- tasks
- measurement techniques and instrumentation design
- advertisements and recruiting posters
- methods of sampling user populations
- references to useful third-party tools
- Institutional Review Board (IRB) applications

Submissions should include an overview of the materials (i.e., a
"README" file).  Preference will be given to materials related to a
published or in-submission user study, which should be cited in the

The construction kits will be included in the SOUPS 2006 electronic
proceedings (web site and DVD), but will not published in the ACM
Digital Library. They will not be peer-reviewed. The kits will not be
considered submitted for publication, and may be simultaneously
submitted to other workshops or conferences.

Authors submitting user studies to the refereed SOUPS papers track are
encouraged to submit their materials to this workshop.  Note, however,
that the refereed paper submission must stand on its own, and will be
judged independently of the workshop materials.

Submitters of construction kits will be invited to give short talks
about the experience of running the study.

User Study Proposals

  From all interested workshop participants, we are soliciting short
descriptions of past or future security user studies.  Proposals may
be serious or outlandish, realistic or hypothetical.

These descriptions will be compiled and distributed to all workshop
attendees for a mock review session during the workshop.  The review
session will discuss study design, possible value of the research
findings, and any ethical concerns that the research might raise. It
is expected that submitters of proposals will benefit from the
discussion and the generation of new ideas.

User study proposals should be 1-2 pages long, PDF format.  The PDF
submission should be anonymized -- omitting experimenter names and
institutions.  During the workshop, attendees will have the option of
identifying a proposal under discussion as theirs or having the
proposal remain anonymous.

User study proposals will NOT be included in the SOUPS 2006
proceedings and will only be distributed in paper form at the

Submission Information

Construction kits and user study proposals should be submitted to the
organizers by email no later than April 7, 2006.


This workshop is associated with the Symposium On Usable Privacy and
Security (SOUPS 2006), July 12-14, 2006, in Pittsburgh PA.  The main
SOUPS web site is http://cups.cs.cmu.edu/soups/


Simson Garfinkel
[log in to unmask]

Rob Miller
[log in to unmask]

                To unsubscribe, send an empty email to
     mailto:[log in to unmask]
    For further details of CHI lists see http://sigchi.org/listserv