The Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) will be co-located with the 31st USENIX Security Symposium, August 7–9, 2022, in Boston, MA, USA.
Sponsored by USENIX, the Advanced Computing Systems Association.
All dates are at 23:59 AoE (Anywhere on Earth) time.
- Workshop paper submission deadline: Thursday, May 26, 2022
- Workshop paper acceptance notification to authors: Thursday, June 9, 2022
- Workshop final papers due: Thursday, June 23, 2022
Tutorials and Workshops Co-Chairs
Leah Zhang-Kennedy, University of Waterloo
Yaxing Yao, University of Maryland, Baltimore County
Tutorials and Workshops Junior Co-Chair
Harjot Kaur, Leibniz University Hannover
Please check each workshop's website for the specific program schedule.
- 8th Workshop on Security Information Workers (WSIW 2022): Sunday, August 7, 2022, 9:00 am–12:30 pm
- Workshop on Kids' Online Privacy and Safety (KOPS 2022): Sunday, August 7, 2022, 1:30 pm–5:00 pm (Virtual Event)
- Workshop on Privacy Threat Modeling (WPTM 2022): Sunday, August 7, 2022, 1:30 pm–5:00 pm
- 7th Workshop on Inclusive Privacy and Security (WIPS 2022): Sunday, August 7, 2022, 9:00 am–5:00 pm (Virtual Event)
8th Workshop on Security Information Workers (WSIW 2022)
The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security and privacy information workers who develop, use, and manipulate privacy and security-related information and data as a significant part of their jobs. Security/privacy information workers include:
- Software developers, who design and build software that manages and protects sensitive information;
- Security and system administrators, who deploy and manage security-sensitive software and hardware systems;
- IT professionals whose decisions have impact on end users' security and privacy;
- Intelligence analysts, who collect and analyze data about security matters to understand information and make predictions;
- Security consultants and educators, who provide guidance to individuals and organizations on practicing good security behaviors and implementing security technologies; and
- Privacy engineers and professionals, who ensure that privacy considerations are built into products and who help develop privacy policies
This workshop aims to develop and stimulate discussion about security information workers. We will consider topics including but not limited to:
- Empirical studies of security/privacy information workers, including case studies, experiments, field studies, and surveys;
- New tools designed to assist security/privacy information workers;
- Infrastructure for better understanding security/privacy information workers;
- Information visualization and other techniques designed to help security/privacy information workers do their jobs;
- Evaluations of tools and techniques for security/privacy information workers
View the Call for Papers
Workshop on Kids' Online Privacy and Safety (KOPS 2022)
The first workshop on Kids' Online Privacy and Safety (KOPS) is soliciting extended abstracts in privacy and online safety where the focus is on children and teens. Submissions can include work-in-progress papers, draft proposals, exemplars of ethical research practices in data handling or experimental protocols, pilot demonstrations, or analyses of deployed systems. Accepted abstracts will be invited for a 10-minute talk at the workshop. Abstracts will be made available on SSRN for other participants to read and share. Accepted abstracts will also be made available to workshop attendees ahead of the workshop.
We are interested in talks from researchers, industry practitioners, lawyers, and safety advocates to discuss these issues, especially for children and young adults. Topics include:
- Factors associated with online child crime and misinformation campaigns
- Challenges in child and youth online safety and strategies and thought experiments for addressing these challenges
- Methodology and lessons learnt from designing studies in child online manipulation, including ethical considerations
- Risks of online manipulation, personal information disclosure of child and youth information
View the Call for Submissions
Workshop on Privacy Threat Modeling (WPTM 2022)
The Workshop on Privacy Threat Modeling brings together researchers, practitioners, government representatives, and industry specialists to collaborate on the topic of privacy threats. While aspects of privacy risk modeling are relatively well-developed, such as constructions of privacy harms (Solove’s Taxonomy of Privacy and Calo’s subjective/objective privacy harms for instance), there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.
We will explore how the community defines a privacy threat, incident, breach, or attack and the bounds of each term. We aim to develop better ways of creating datasets of privacy threats which can be used to generate threat models and better understand the privacy threat environment. We will discuss methods of categorizing and describing privacy threats using taxonomies and other ontological structures. The break-out sessions will be focused on innovative approaches to the research challenges in this space.
Topics of interest include:
- Definitions of a privacy incident, attack, threat, and breach
- Differences and similarities between privacy and cybersecurity threats
- Distinctions between privacy threats, privacy harms, and privacy vulnerabilities
- Identifying and building datasets of privacy incidents, attacks, threats, and breaches
- Describing or categorizing privacy threats, including taxonomies or ontologies for privacy incidents, attacks, threats, and breaches
- Applicability and limitations of security threat modeling techniques for privacy
- Integration of threat models in risk models and risk management
- Role of risk modeling in privacy risk management
- Privacy threat-informed defense
- Qualitative versus quantitative threat modeling
- Privacy threat case studies
View the Call for Submissions
7th Workshop on Inclusive Privacy and Security (WIPS 2022)
Security and privacy challenges confront all participants in modern society, but particular groups may experience unique or uneven privacy and security concerns. These groups may face distinctive obstacles to addressing issues, and their particular needs and concerns may not be well understood beyond those groups. Traditionally, inclusive design has addressed physical accessibility as well as needs arising from age, disability, or environment. While this work remains critical, our community also increasingly recognizes the importance of accounting for the needs of vulnerable users and marginalized groups. The workshop deliberately avoids any concrete definitions of what "vulnerable" means in this context. We encourage a diverse discussion of groups and situations, without prejudice.
In this workshop, we explore the privacy and security experiences and needs of vulnerable user groups (and affected non-users). We are also interested in populations or roles in our society (e.g., lawyers, journalists, politicians, activists, medical providers) that support and/or affect the lives of vulnerable individuals. We will endeavor to uncover new ways of taking a more inclusive approach to appreciating and addressing privacy and security challenges. We also seek to identify the unintended harms that can result from privacy and security technology.
The objectives of our workshop are as follows:
- To broaden participants' awareness of diverse privacy and security concerns.
- To map out fundamental research questions for the emerging field of inclusive privacy and security.
- To share and compile design guidelines and best practices that are relevant to inclusive design.
- To form collaborations among researchers in this space.
View the Call for Papers