SOUPS 2024 Call for Workshops Submissions

The Twentieth Symposium on Usable Privacy and Security (SOUPS 2024) will take place August 11–13, 2024, and will be co-located with the 33rd USENIX Security Symposium in Philadelphia, PA, USA.

Sponsored by USENIX, the Advanced Computing Systems Association.

Important Dates

All dates are at 23:59 AoE (Anywhere on Earth) time.

  • Workshop paper submission deadline: Thursday, May 23, 2024 23:59 AoE
  • Workshop paper acceptance notification to authors: Thursday, June 6, 2024
  • Workshop final papers due: Wednesday, June 20, 2024


Workshops and Beyond Co-Chairs

Kelsey Fulton, Colorado School of Mines

Daniel Votipka, Tufts University

Workshops and Beyond Junior Co-Chair

Sabrina Amft, CISPA Helmholtz Center for Information Security

Workshop Schedule

Please check each workshop's website for the specific program schedule.

SOUPS 2024 Virtual Workshop on Usable Cybersecurity and Privacy for Immersive Technologies

Advances in computer vision, data processing, and other technologies has laid the foundation for novel virtual reality (VR), augmented reality (AR), and mixed reality (MR) solutions, collectively called immersive technologies. Immersive technologies are hardware and software systems that create interactive digital visual or spatial environments. These technologies hold promise to drive innovation and economic growth in numerous areas such as workforce, accessibility, and healthcare, but they challenge existing assumptions and practices for digital technologies. For example, large amounts of data may be collected from or about people to create digital worlds or augment the real world, and users can interact with immersive technologies in different ways than other technologies. Cybersecurity and privacy related to immersive technologies must be considered carefully. Immersive technologies may create cybersecurity and privacy risks, some perhaps novel and unique that will need to be managed, but they may also have potential for cybersecurity and privacy protections and other risk mitigations. All the while, users are at the center of these technologies, making usability considerations for immersive technologies critical for cybersecurity and privacy. For example, certain communication modalities may be more effective (i.e. due to use of audio and visual features); whereas, modalities that only include text or menus to navigate content are less effective for delivering cybersecurity and privacy information via immersive technologies. Not considering usability in this context risks users not using or misusing cybersecurity features, privacy features, or the technologies themselves. This virtual workshop is a pre-symposium event related to the Twentieth Symposium on Usable Privacy and Security, and it will explore immersive technologies and the cybersecurity and privacy considerations they introduce. We invite submissions on the following topics:

  • Usable cybersecurity and privacy considerations for immersive technologies, with particular interest in novel considerations.
  • Potential approaches for usable cybersecurity and privacy (e.g., risk mitigations) for immersive technology solutions and use cases.
  • Potential usable cybersecurity and privacy mitigations that may utilize immersive technologies to deliver protections.
  • How usable cybersecurity and privacy impact, or are impacted by, other trust factors (i.e., safety, resiliency, reliability) for immersive technology solutions and use cases.
  • Insights for standards and standards development for immersive technologies and use cases.

View the Call for Papers

The 3rd Annual Workshop on Privacy Threat Modeling

The Workshop on Privacy Threat Modeling seeks participation in the form of research findings, new ideas, and constructive feedback. The purpose of the workshop is to bring together researchers, practitioners, industry specialists, and government representatives to collaborate on the topic of privacy threat modeling. While aspects of privacy risk modeling are relatively well-developed, such as constructions of privacy harms, there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.

The workshop will include an informative session and a collaborative session. The informative session will include a keynote, brief updates on prominent existing privacy threat models, including MITRE PANOPTIC™ and LINDDUN, and presentations selected from participant submissions. In the collaborative session we will discuss the role of threat modeling in environmental privacy threat assessment.

Topics of interest include:

  • Definitions of a privacy incident, attack, threat, and breach
  • Distinctions between privacy threats, privacy vulnerabilities, and privacy harms
  • Describing or categorizing privacy threats, including taxonomies or ontologies for privacy incidents, attacks, threats, and breaches
  • Applicability and limitations of security threat modeling techniques for privacy
  • Integration of threat models in risk models and risk management
  • Privacy threat-informed defense
  • Qualitative versus quantitative threat modeling
  • Trade-offs between specific and general models
  • Operationalizing privacy threat models
  • Privacy threat case studies

View the Call for Papers

9th Workshop on Inclusive Privacy and Security (WIPS)

This workshop is a continuation of eight workshops which have focused on security and privacy in the contexts of disability, access, and the needs of people from vulnerable or marginalized groups or who are in vulnerable situations. Since these groups have traditionally been underrepresented in research efforts, we aim to continue building this community and expanding the body of work that is focused on these groups. While this research area is expanding, studies focused on inclusive privacy and security are often labor intensive, require access to difficult-to-find populations, and generate findings that may be heavily circumstance-dependent, including circumstances that may extend well outside the digital realm. Privacy and security challenges are accelerating at an incredible pace. We must work as a community to likewise accelerate the research in this space. We do this by building off of one another’s work, learning from one another, and bringing together the body of work in academia with insights from other sources to be able to detect larger trends, identify new vulnerable populations, privacy challenges, and design patterns that can help (or hinder) users.

View the Call for Papers

Societal & User-Centered Privacy in AI (SUPA 2024)

Privacy is critical to the responsible development of AI. However, the rapid evolution of AI, including the rapid deployment of generative AI, has resulted in new privacy risks with far-reaching societal consequences. In this half-day workshop, we aim to bring together academics, practitioners, designers, and advocates across civil society and regulation to evaluate the challenges and opportunities for user-centered privacy in AI.

The SOUPS 2024 Workshop on Societal & User-Centered Privacy in AI (SUPA) aims to develop a community of experts to share ideas and collaborate on research addressing critical issues at the intersection of user-centered privacy and AI. We anticipate that it will provide a dedicated space to exchange (and in the future create and develop) knowledge around the methods, tools and policy considerations for user-centered privacy in interaction with AI, as well as reporting empirical research on societal impacts.

We welcome participants who work on topics related to societal and user-centered privacy in AI. Interested participants will be asked to contribute a short paper to the workshop. Topics of interest include but are not limited to:

  • Challenges in implementing privacy measures, including issues in Usability and User Trust and interactions with AI privacy
  • Empirical studies that gather attitudinal or behavioral insights related to privacy expectations for AI, privacy solutions or techniques
  • Effects of emerging AI technologies (e.g., generative AI) on the privacy of at-risk, vulnerable or marginalized populations (e.g., persons with disabilities, underrepresented populations, children, or gender communities)
  • Case studies showcasing successful user experience (UX) strategies in privacy-preserving AI applications
  • Open-source tools to demonstrate the integration of privacy measures into AI models
  • Best practices for UX design in choosing appropriate privacy parameters and associated trade-offs
  • Ethical considerations for AI and user privacy
  • Challenges and opportunities in improving and enforcing regulation that protects privacy in AI

View the Call for Papers

Designing Effective and Accessible Approaches for DigitalProduct Cybersecurity Education and Awareness

This Design-A-Thon will explore creating effective and accessible education and awareness materials addressing the cybersecurity for digital products, drawing together the decades of research and expertise of the Symposium on Usable Privacy and Security (SOUPS) community. Teams will develop an education and awareness strategy for different types of digital products (e.g., smart thermostat, public electric-vehicle charger) that can inform users about:

  • The product’s cybersecurity capabilities;
  • How to maintain the product during its lifetime and after the period of security support;
  • How the product can be securely re-provisioned or disposed of;
  • Vulnerability management options that could be leveraged by users; and
  • Additional product cybersecurity information users may need to know.

The purpose of the design-a-thon is to develop a series of case studies that provide experience in considering the human element of cybersecurity from a variety of perspectives.

View the Call for Submissions

Workshop on Creating Engaging Security and Privacy Educational Interfaces for Educators and Families (S&PEI)

This workshop aims to pioneer the development of educational tools and interfaces that cater specifically to the privacy and security learning needs of teenagers, children, and multi-generational family groups. This initiative seeks to bridge the knowledge gap in digital privacy and security education by fostering an environment that encourages the collaborative creation of resources that are both engaging and informative. The workshop will serve as a platform for researchers, educators, and developers to share insights, challenges, and breakthroughs in crafting educational content that resonates with youth and families.

The objectives of our workshop are as follows:

  1. Encourage the development of novel tools and interfaces (such as educational tangible interfaces) that engage youth and their families to learn about privacy and security concepts together;
  2. Create interactive and immersive educational experiences that captivate the interest of children and teenagers, making learning about privacy and security a compelling part of their digital lives;
  3. Generate actionable ideas and strategies that can be implemented to protect family privacy in an increasingly AI world.

View the Call for Papers

Gender, Online Safety, and Sexuality Workshop (GOSS)

The Gender, Online Safety, and Sexuality (GOSS) workshop aims to foster community around the study of online safety through the lenses of gender and sexuality. GOSS specifically seeks to share ideas, stimulate conversations, and build collaborations by creating space for current perspectives and future directions related to gender, sexuality, and online safety. Given the growing number of security and privacy researchers who study and work to mitigate online harms that impact communities and individuals marginalized by gender or sexuality, this effort includes but is not limited to addressing intimate partner violence (IPV), image-based sexual abuse (IBSA), as well as LGBTQIA+ and women and girls' online safety.

GOSS is interested in advancing the integration of feminist, queer, and critical theories into SOUPS scholars' research. Our topics of interest bridge qualitative inquiry from social science with technical security and privacy towards building enduring online safety for people of all genders and sexualities. We welcome scholars in user-centered security, privacy, online safety, HCI, gender and sexuality studies, legal and policy, trust and safety, or at any of the intersections of the above.

View the Call for Participation

10th Workshop on Security Information Workers (WSIW 2024)

The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security and privacy information workers who develop, use, and manipulate privacy and security-related information and data as a significant part of their jobs.

We solicit papers describing new research contributions in the area of security and privacy information workers, as well as case studies, work in progress, preliminary results, novel ideas, and position papers. Successful submissions to this workshop will explicitly be informed by an understanding of how security/privacy information workers do their jobs, and the results will explicitly address how we understand these workers.

View the Call for Papers