EuroUSEC 2021

The 2021 European Symposium on Usable Security
October 11 & 12, 2021 - Online

The 2021 European Symposium on Usable Security

The European Symposium on Usable Security (EuroUSEC) serves as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC solicits previously unpublished work offering novel research contributions or clearly articulated research visions in any aspect of human-centered security and privacy. The aim of EuroUSEC is to bring together an interdisciplinary group of researchers and practitioners in human-computer interaction, security, and privacy. Participants are researchers, practitioners, and students from domains including computer science, engineering, psychology, the social sciences, and economics.

Given the pandemic-struck world we currently live in, EuroUSEC 2021 will be a virtual-only event. It will take a slightly different shape than last year's virtual-only edition, in order to address points raised during the discussions after last year’s EuroUSEC and in reflection of the virtual academic events held last year:

  1. Most importantly, EuroUSEC will be an independent event, not associated to any conference. This is motivated by the benefits of revision options in the review process and allowing a deadline after the SOUPS and NSPW notifications. Moreover, due to the (Asia)USEC and SOUPS deadlines in February, we felt that a third deadline for the usable security and privacy community in March would have been excessive and a later submission option, in the summer, would be better for everyone involved. Unfortunately, neither is feasible while maintaining a continued association to Euro S&P.
  2. The technology will basically be the same we used last year. We will hold the event using Zoom for the talks and Slack for the discussions. However, differently than last year, as an independent event, this allows us to make attendance free, enhancing EuroUSEC’s accessibility.
  3. On the same note, we have secured funding to pay for the proceedings to be published in the ACM ICPS. The funding will also allow us to pay for the open access options of ICPS, meaning the proceedings will be open access through the EuroUSEC 2021 website.
  4. We want to accommodate as many time zones as possible, but also allow for breaks so as to reduce Zoom-overload and fatigue. Therefore, EuroUSEC will potentially be a 2-day event. This is of course dependent on the submission numbers.
  5. In light of the changes listed above, it was decided by the Steering Committee to pick up one additional aspect mentioned by participants during the discussion after the last EuroUSEC and enact a small name change: EuroUSEC 2021’s official long name will be 2021 European Symposium on Usable Security.

We want EuroUSEC to be a community-driven event and would love to hear any questions, comments, or concerns you might have regarding these changes from last year. Therefore we want to encourage everyone to join the EuroUSEC Slack . You can also send us an email at eurousec21-chairs@lists.kit.edu.


Program

Keynote
George Finney is a Chief Information Security Officer that believes that people are the key to solving our cybersecurity challenges. George is the bestselling author of several cybersecurity books, including the award-winning book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. George has worked in Cybersecurity for over 20 years and has helped startups, global telecommunications firms, and nonprofits improve their security posture.

List of accepted papers
Research Track
  • Careless Participants Are Essential For Our Phishing Study: Understanding the Impact of Screening Methods
    Tenga Matsuura (Waseda University); Ayako A. Hasegawa, Mitsuaki Akiyama (NTT), Tatsuya Mori (Waseda University / NICT / RIKEN AIP)
  • Comparing the Efficacy of a Text-based to a Video-based Delivery in Motivating Users to Adopt a Password Manager
    John Liu, Yusuf Albayram, Stivi Cangonj (Central Connecticut State University)
  • Dark Patterns in the Wild: Review of Cookie Disclaimer Designs on Top 500 German Websites
    Chiara Krisam, Heike Dietmann, Melanie Volkamer (KIT); Oksana Kulyk (IT University of Copenhagen)
  • Finding Secret Treasure? Improving Memorized Secrets Through Gamification
    Katrin Hartwig, Atlas Englisch, Jan Pelle Thomson, Christian Reuter (Technische Universität Darmstadt)
  • Measuring User Perceptions in Smartphone Security and Privacy in Germany
    Maxim Schessler, Maximilian Häring, Matthew Smith (University of Bonn); Eva Gerlitz (Fraunhofer FKIE)
  • Microsoft Office Macro Warnings: A Design Comedy of Errors with Tragic Security Consequences - A Mixed-Methods Experimental Study
    Marco Gutfleisch, Maximilian Peiffer, Selim Erk, Angela Sasse (Ruhr University Bochum)
  • Nudge or Restraint: How do People Assess Nudging in Cybersecurity - A Representative Study in Germany
    Katrin Hartwig, Christian Reuter (Technische Universität Darmstadt)
  • Peeking Into the Black Box: Towards Understanding User Understanding of E2EE
    Leonie Schaewitz, David Lakotta, Angela Sasse, Nikol Rummel (Ruhr-Universität Bochum)
  • Plug-and-Play: Framework for Remote Experimentation in Cyber Security
    Klaudia Krawiecka, Jack Sturgess, Alina Petrova, Ivan Martinovic (University of Oxford)
  • Replicating a Study of Ransomware in Germany
    Anna-Marie Ortloff, Maike Vossen, Christian Tiefenau (University of Bonn)
  • SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software
    Azadeh Mokhberi, Konstantin Beznosov (University of British Columbia)
  • The Inconsistency in the Effect of Power Use on Users' Intention and Actual Use When Installing and Granting Permissions to Mobile Applications
    Moses Namara, Reza Ghaiumy Anaraky, Bart P. Knijnenburg (Clemson University); Pamela Wisniewski (University of Central Florida); Xinru Page (Brigham Young University)
  • Understanding Young People’s Experiences of Cybersecurity
    James Nicholson (Northumbria University); Julia Terry, Helen Beckett, Pardeep Kumar (Swansea University)
  • Using a Participatory Toolkit to Elicit Youth’s Workplace Privacy Perspectives
    William Berkley Easley (Apple); Amy Hurst (New York University); Helena M. Mentis, Foad Hamidi (University of Maryland, Baltimore County)
  • What breach? Measuring online awareness of security incidents by studying real-world browsing behavior
    Sruti Bhagavatula, Lujo Bauer (Carnegie Mellon University); Apu Kapadia (Indiana University Bloomington)
Vision Track
  • Vision: A Noisy Picture or a Picker Wheel to Spin? Exploring Suitable Metaphors for Differentially Private Data Analyses
    Farzaneh Karegar, Fischer-Hübner (Karlstad University)
  • Vision: Computing and Authentication Practices in Global Oil and Gas Fields
    Mary Rose Martinez, Shriram Krishnamurthi (Brown University)
  • Vision: Developing a Broad Usable Security & Privacy Questionnaire
    Franziska Herbert, Florian M. Farke, Marvin Kowalewski, Markus Dürmuth (Ruhr University Bochum)
  • Vision: Security-Usability Threat Modelling for Industrial Control Systems
    Karen Li, Awais Rashid, Anne Roudaut (University of Bristol)
  • Vision: Stewardship of Smart Devices Security for the Aging Population
    Lorenzo De Carli, Erin Solovey (Worcester Polytechnic Institute); Indrakshi Ray (Colorado State University)
  • Vision: Usable Security and Aesthetics: Designing for engaging online security warnings and cautions to optimise user security whilst affording ease of use
    Fiona Carroll (Cardiffmet University)
  • Vision: What Johnny learns about Password Security from Videos posted on YouTube
    Mathieu Christmann (Technische Universität Darmstadt); Peter Mayer, Melanie Volkamer (Karlsruhe Institute of Technology)

Registration

Attendance of EuroUSEC is free of charge for everyone this year. However, registration is mandatory. At the end of registration you will be sent an email with all important infos and links.

Register Now »

Call for Papers

We invite you to submit a paper and join us at EuroUSEC 2021, which will be held on October 11 & 12, 2021 online. EuroUSEC 2021 will be an independent event with proceedings published by ACM.

We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches.

We accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions, which started with EuroUSEC 2019, aims to include researchers at all stages of their career and at all stages of their projects.

Topics include, but are not limited to:

  • innovative security or privacy functionality and design
  • accessible cyber privacy and security
  • cyber diplomacy
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological, and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodologies for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

We have observed that the most effective workshops are those that encourage discussion between attendees. Each paper presentation will be followed by about 15 minutes of discussion to promote engagement and helpful feedback.

For accepted papers, at least one author must attend the workshop.


Important Dates

Paper registration deadline (mandatory):       Monday, 7th June, 2021 (Anywhere on Earth)                
Paper submission deadline: Friday, 11th June, 2021(Anywhere on Earth)
Notification: Thursday, 8th July, 2021
   
Revision decision re-submission deadline: Friday, 23rd July, 2021 (Anywhere on Earth)
Revision notification: Friday, 6th August, 2021
   
Camera ready: 10th August, 2021
EuroUSEC: 11th & 12th October, 2021


Submission Instructions

Papers must be written in English and must be anonymized for review. EuroUSEC 2021 will use a double-blind review process such that reviewers are not revealed to the authors and authors are not revealed to reviewers. Please refer to your own related work in the third person, as though someone else had written it. This requirement also applies to data sets and artifacts. (For example, "We received data from the authors of Smith et al. [31] that we reused for this experiment.") Do not blind citations except in extraordinary circumstances.

All submissions must be original work. Authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the EuroUSEC chairs if there are questions about this policy.

All submissions must be use the ACM Word or LaTeX templates. These templates can be obtained on the ACM author submission information website. Due to the changes in the templates by ACM last year, submissions to EuroUSEC will be possible in either the new ACM one-column submission format or the old two-column format. Note that for the camera-ready submission to The ACM Publishing System (TAPS), you will need to use the one-column format, so it might be worth it to use it already for your submission. Please see below in the descriptions for the Research Track and the Vision Trackfor more details. Contact the EuroUSEC chairs if there are any questions.

Research Track: The research track is intended to report on more mature work that has been completed. The goal of the EuroUSEC's research track is to disseminate results of interest to the broader usable security and privacy community. Papers must not be more than 10 pages in length when using the two-column format or 16 pages in length when using the new one-column submission format, in both cases excluding the bibliography. Try to scale the length of the paper according to the contributions you describe therein. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices, so your paper should be self-contained without them. ACM also allows publication of additional supplemental materials and we want to encourage all authors to use this option to provide research artifacts if applicable (e.g., builds of own software used in the study).

Vision Track: The vision track is intended to report on work in progress or concrete ideas for work that has yet to begin. The focus in the vision track is to spark discussion with the goal to provide the authors helpful feedback, pointers to potentially related investigations, and new ideas to explore. Suitable submissions to the vision track include traditional work-in-progress pieces such as preliminary results of pre-studies, but also research proposals and position papers outlining future research. Papers must be up to 6 pages in length when using the two-column-format or up to 9 pages in length when using the one-column format, in both cases including the bibliography and with no appendices. Submissions to the vision track should have a title beginning with the prefix "Vision: ".

Submission Site

Please upload your submission via this link: HotCRP Submission

Proceedings

The EuroUSEC 2021 proceedings will be published through ACM as part of their International Conference Proceedings Series (ICPS). ACM will put the full-text of the proceedings papers into the ACM Digital Library. There will be no hard copies.


Program Committee Chairs

The chairs can be contacted at eurousec21-chairs@lists.kit.edu

Publicity Chairs

  • Sanchari Das, University of Denver (USA)
  • Anne Hennig, Karlsruhe Institute of Technology (Germany)
  • Theodor Schnitzler, Ruhr University Bochum (Germany)

Program Committee

  • Ali Farooq, University of Turku (Finland)
  • Benjamin Berens, Karlsruhe Institute of Technology (Germany)
  • Christian Reuter, Technische Universität Darmstadt (Germany)
  • Christian Stransky, Leibniz University Hannover (Germany)
  • Craig Orgeron, Amazon Web Services (USA)
  • Daniel Thomas, Strathclyde University (UK)
  • Daricia Wilson, Clemson University (USA)
  • Florian Alt, Bundeswehr University Munich (Germany)
  • Heinrich Hußmann, Ludwig-Maximilians-Universität München (Germany)
  • Ingolf Becker, University College London (UK)
  • Ivano Bongiovanni, University of Queensland (Australia)
  • James Nicholson, Northumbria University (UK)
  • Jan-Willem Bullee, University of Twente (Netherlands)
  • Jeremiah Onaolapo, University of Vermont (USA)
  • Jurlind Budurushi, Cloudical Deutschland GmbH (Germany)
  • Karl van der Schyff, Rhodes University (South Africa)
  • Karoline Busse, University of Applied Administrative Sciences Lower Saxony (Germany)
  • Kévin Huguenin, University of Lausanne (Switzerland)
  • Kevin Roundy, NortonLifeLock Research Group (USA)
  • Lydia Kraus, Masaryk University (Czech Republic)
  • Lisa Short, University of Johannesburg (South Africa)
  • Nina Gerber, Technische Universität Darmstadt (Germany)
  • Nora Abdullah, King Saud University (Saudi Arabia)
  • Norbert Nthala, Michigan State University (USA)
  • Oliver Wiese, FU Berlin (Germany)
  • Oksana Kulyk, IT University Copenhagen (Denmark)
  • Oshrat Ayalon, Max Planck Institute for Software Systems (Germany)
  • Patricia Aria-Cabarcos, Karlsruhe Institute of Technology (Germany)
  • Peter Gorski, INFODAS GmbH (Germany)
  • Paul Van Schaik, Teesside University (UK)
  • Rahul Chatterjee, University of Wisconsin Madison (USA)
  • Reinhardt Botha, Nelson Mandela University (South Africa)
  • Richard Shay, MIT Lincoln Laboratory (USA)
  • Sana Maqsood, Carleton University (Canada)
  • Sanchari Das, University of Denver (USA)
  • Scott Ruoti, The University of Tennessee (USA)
  • Simon Parkin, TU Delft (Netherlands)
  • Tatsuya Mori, Waseda University (Japan)
  • Thomas Gross, Newcastle University (UK)
  • Verena Distler, University of Luxembourg (Luxembourg)
  • Yixin Zou, University of Michigan (USA)

Steering Committee

  • Angela Sasse, Ruhr University Bochum / Ruhr-Universität Bochum (Germany)
  • Matthew Smith, University of Bonn / Rheinische Friedrich-Wilhelms-Universität Bonn (Germany)
  • Melanie Volkamer, Karlsruhe Institute of Technology (Germany)
  • Charles Weir, Lancaster University (UK)

Sponsors