The Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023) will be co-located with the 32nd USENIX Security Symposium, August 6–8, 2023, in Anaheim, CA, USA.
Sponsored by USENIX, the Advanced Computing Systems Association.
Important Dates
All dates are at 23:59 AoE (Anywhere on Earth) time.
- Workshop paper submission deadline:
Thursday, May 25, 2023 23:59 AOEThursday, June 1, 2023 23:59 AOE - Workshop paper acceptance notification to authors: Thursday, June 8, 2023
- Workshop final papers due: Wednesday, June 22, 2023
Organizers
Tutorials and Workshops Co-Chairs
Daniel Votipka, Tufts University
Yaxing Yao, University of Maryland, Baltimore County
Tutorials and Workshops Junior Co-Chair
Kelsey Fulton, University of Maryland, College Park
Workshop Schedule
Please check each workshop's website for the specific program schedule.
- Workshop on Deconstructing Gamified Approaches to Security and Privacy (DGASP 2023): Sunday, August 6, 2023, 10:00 am–1:30 pm
- Privacy Engineering in Practice '23 (PEP '23): Sunday, August 6, 2023, 10:00 am–1:30 pm
- Workshop on Privacy Threat Modeling (WPTM 2023): Sunday, August 6, 2023, 2:30 pm–6:00 pm
- Workshop on Security (and Privacy) Information Workers (WSIW 2023): Sunday, August 6, 2023, 2:30 pm–6:00 pm
- 8th Workshop on Inclusive Privacy and Security (WIPS 2023): Sunday, August 6, 2023, 9:00 am–5:00 pm (Virtual Event)
- Workshop on Kids' Online Privacy and Safety (KOPS 2023): Sunday, August 6, 2023, 1:00 pm–5:00 pm (Virtual Event)
Workshop on Deconstructing Gamified Approaches to Security and Privacy (DGASP 2023)
The importance of understanding and interpreting knowledge in the areas of security and privacy is paramount as we observe the rise of the Internet of Things (IoT), Artificial Intelligence (AI), and many other influential technologies. Unfortunately, many aspects of security and privacy are often undermined by perceptions of steep learning curves, a requirement of specialist knowledge and a lack of appropriate training and funding within organisations. In particular, this may relate more to non-technical individuals and those who may use computing equipment and write software code without any formal software engineering training. As a solution to this, the use of gamified approaches can be employed to increase user awareness and engagement in activities related to security and privacy, such as training and risk management, which can lead to better understanding and outcomes related to best practices in security and privacy.
This workshop aims to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. We will consider topics including, but not limited to:
- Novel experimental games, environments and interactions in the area of security and privacy
- Design challenges related to gamified approaches in security and privacy
- Game dynamics, game mechanics and learning mechanics applicable to security and privacy
- Serious games in cybersecurity
- Misuse of gamified approaches
View the Call for Papers
Workshop on Privacy Engineering in Practice (PEP '23)
This workshop aims to stimulate discussion among diverse stakeholders about how privacy engineering can be used to push the envelope on privacy regulatory compliance.
We will consider topics including but not limited to:
- Novel applications and research related to privacy engineering
- Technical standards, heuristics and best practices for privacy engineering
- Privacy design patterns and privacy-preserving architectures
- Privacy Enhancing Technologies (PETs)
- Translating privacy laws into privacy technical requirements
- Integrating law and policy compliance into the development or data lifecycle
- Privacy requirements elicitation and analysis methods
- Privacy-adjacent requirements for ethics, transparency, fairness, trust
- Case studies that discuss compliance challenges or lessons learned
- Pilots and new tools designed to assist privacy engineers/practitioners
- Tools and formal languages supporting privacy engineering
- Interdisciplinary studies on privacy engineering current state
- Implementing privacy for emerging use cases and unregulated domains
- Scaling privacy engineering programs
- Privacy assurance and validation techniques
View the Call for Papers
2nd Workshop on Privacy Threat Modeling (WPTM 2023)
The Workshop on Privacy Threat Modeling seeks participation in the form of research findings, new ideas, and constructive feedback. The purpose of the workshop is to bring together researchers, practitioners, industry specialists, and government representatives to collaborate on the topic of privacy threat modeling. While aspects of privacy risk modeling are relatively well-developed, such as constructions of privacy harms there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.
Topics of interest include:
- Definitions of a privacy incident, attack, threat, and breach
- Distinctions between privacy threats, privacy vulnerabilities, and privacy harms
- Describing or categorizing privacy threats, including taxonomies or ontologies for privacy incidents, attacks, threats, and breaches
- Applicability and limitations of security threat modeling techniques for privacy
- Integration of threat models in risk models and risk management
- Privacy threat-informed defense
- Qualitative versus quantitative threat modeling
- Trade-offs between specific and general models
- Operationalizing privacy threat models
- Privacy threat case studies
View the Call for Submissions
9th Workshop on Security Information Workers (WSIW 2023)
The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security and privacy information workers who develop, use, and manipulate privacy and security-related information and data as a significant part of their jobs.
View the Call for Papers
8th Workshop on Inclusive Privacy and Security (WIPS 2023)
Security and privacy challenges confront all participants in modern society, but particular groups may experience unique or uneven privacy and security concerns. These groups may face distinctive obstacles to addressing issues, and their particular needs and concerns may not be well understood beyond those groups. Traditionally, inclusive design has addressed physical accessibility as well as needs arising from age, disability, or environment. While this work remains critical, our community also increasingly recognizes the importance of accounting for the needs of vulnerable users and marginalized groups. The workshop deliberately avoids any concrete definitions of what "vulnerable" means in this context. Instead, we encourage a diverse discussion of groups and situations without prejudice.
In this workshop, we explore the privacy and security experiences and needs of vulnerable user groups (and affected non-users). We are also interested in populations or roles in our society (e.g., lawyers, journalists, politicians, activists, medical providers) that support and/or affect the lives of vulnerable individuals. We will endeavor to uncover new ways of taking a more inclusive approach to appreciating and addressing privacy and security challenges. We also seek to identify the unintended harms resulting from privacy and security technology.
The objectives of our workshop are as follows:
- To broaden participants' awareness of diverse privacy and security concerns
- To map out fundamental research questions for the emerging field of inclusive privacy and security
- To share and compile design guidelines and best practices that are relevant to inclusive design
- To form collaborations among researchers in this space
View the Call for Papers
Workshop on Kids' Online Privacy and Safety (KOPS 2023)
The second workshop on Kids' Online Privacy and Safety (KOPS) is soliciting extended abstracts in privacy and online safety where the focus is on minors. Through KOPS, we aim to grow an interdisciplinary community focused on research related to the online privacy or safety of minors. Submissions may include papers describing novel research in this area as well as case studies, work in progress, preliminary results, novel ideas, and position papers. Papers on both the technical and human perspective are encouraged.
Accepted abstracts will be invited for a 15-minute talk at the workshop, with an additional 5 minutes for questions and discussion. Following the workshop, abstracts will be posted publicly. We are interested in talks from researchers, industry practitioners, lawyers, and safety advocates to discuss these issues. Example topics of interest include, but are not limited to:
- Resilience factors associated with minors' crime and safety
- Challenges in minors' online safety
- Methodology and lessons learned from designing studies in the minors' safety and privacy domain.
View the Call for Papers