Workshop on Security Fatigue

Call for Papers

Security Fatigue is Real. What are we going to do about it?

We spend ever more time focusing on security, but the security situation keeps getting worse. It seems that no matter what we do, there’s always another security patch to install, another vulnerability that’s being exploited, a fundamentally new attack that nobody had previously imagined. At the same time, we are seeing these challenges across an increasing range of devices, and facing a growing diversity of security-related settings and decisions throughout our day-to-day use of technology. We can’t win, we can’t break even, and we can’t even get out of the game.

In broad terms, fatigue is a by-product of security becoming visible to us for the wrong reasons, and then further emphasized by factors such as performance impacts and poor usability. The feeling of fatigue is then manifested in how we regard and treat security, with the resulting risk that negative perceptions ultimately serve to undermine our protection. The goal of the workshop would be to more extensively characterize the security fatigue phenomena, to determine if there is one effect or multiple effects, to map out a plan of action, and to create a report that will be drafted and published by interested participants. Ideally this report will be used as the basis for future research in the field.

Bring us your papers. Bring us your ideas. Bring us your data.

Important Dates

  • Workshop paper submission deadline: Thursday, May 19, 2016 Deadline extended!
  • Notification of workshop paper acceptance: Friday, May 27, 2016
  • Camera ready workshop papers due: Sunday, June 5, 2016
  • Workshop date: Wednesday, June 22, 2016

Camera-ready versions of the papers will be posted online and distributed to workshop attendees.

Scope and Focus

The workshop seeks three types of original submissions: (1) short papers describing original research (ongoing or outcomes); (2) literature reviews of any length (please indicate if the review is a work-in-progress or a finished work); (3) data sets with preliminary analysis that demonstrate a security fatigue effect. Position papers are discouraged.

Topics may include (but are not limited to):

  • Characteristics and impacts of security fatigue
  • Security fatigue in information systems
  • Security fatigue in physical security environments (e.g. aviation security, building access)
  • Correlations and interactions between security fatigue and other social trends
  • Complexity of security systems
  • Fatigue of security administrators
  • Case studies of fatigue, both in security and in other domains, with the latter to include analysis of how resulting lessons could be applied to security.

Short papers may cover research results, work in progress, or experience reports focused on any workshop topic. Papers should describe the purpose and goals of the work, cite related work, and clearly state the contributions to the field (innovation, lessons learned).

Workshop papers will be selected by the workshop organizers and made available on the Usenix website, but will not be considered peer-reviewed publications from the perspective of SOUPS and hence should not preclude subsequent publication at another venue. Authors of accepted papers will be invited to present their work at the workshop. The goal of this workshop is to set the ground work for the production of a final report that will be published in another venue by the end of 2016.

Submissions

We invite authors to submit the following types of papers using the SOUPS 2-column formatting template for MS Word or LaTeX. Submissions should be 1 to 6 pages in length, excluding references and appendices. Literature reviews may be of any length. The paper should be self-contained without requiring that readers also read the appendices. Data sets should be accompanied by a brief paper explaining where the data are and how to download them.

All submissions must be in PDF format and should not be blinded. Please submit your papers to security-fatigue@nist.gov.

Workshop Organizers

  • Simson L. Garfinkel, National Institute of Standards and Technology (NIST)
  • Mary Theofanos, National Institute of Standards and Technology (NIST)
  • Brian Stanton, National Institute of Standards and Technology (NIST)
  • Steven Furnell, Plymouth University