The 3rd European Workshop on Usable Security
UCL, Chandler House - London, England
April 23, 2018

The European Workshop on Usable Security (EuroUSEC) is the European sister of the USEC workshop, serving as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC 2018 will be co-located with the 3rd IEEE European Symposium on Security and Privacy (EuroS&P 2018) and it will be held in London, UK on April 23, 2018.

The European Workshop on Usable Security solicits previously unpublished work offering novel research contributions in any aspect of human-centered security and privacy. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy as well as researchers and practitioners from other domains such as psychology, social science, and economics.

For each paper, we'll have a 15 minute talk by the presenter, followed by a 20 minute group discussion.
Social Contract: To make the workshop as effective as possible for everyone, we ask that all participants commit to our social contract: don't arrive late or leave early for individual talks; don't use electronics other than explicitly for engagement (live tweeting, following along in the paper); provide constructive and meaningful feedback for all papers. If you need to check your email or do some work (we know it happens!), please take a break for a particular paper or session and go do it, and then come back ready to engage again.

(Credit to the New Security Paradigms Workshop for the concept of the social contract.)


Registration, Coffee & Refreshments

08:45 - 09:30

Welcome from chairs

09:30 - 09:45

Session #1: Users and security

09:45 - 11:00

User Perception and Expectations on Deleting Instant Messages —or— "What Happens If I Press This Button?"
Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth
"This Website Uses Cookies": Users' Perceptions and Reactions to the Cookie Disclaimer
Oksana Kulyk, Nina Gerber, Annika Hilt, Melanie Volkamer

Short coffee break

11:00 - 11:15

Session #2: Rethinking principles and patterns

11:15 - 13:00

A Usability Study of Secure Email Deletion
Tyler Monson, Joshua Reynolds, Trevor Smith, Scott Ruoti, Daniel Zappala, Kent Seamons
Rethinking Home Network Security
Norbert Nthala, Ivan Flechais
Consolidating Principles and Patterns for Human-centred Usable Security Research and Development
Luigi Lo Iacono, Matthew Smith, Emanuel von Zezschwitz, Peter Leo Gorski, Peter Nehren

Lunch Break

13:00 - 14:30

Return from lunch warm-up

14:30 - 14:45

Session #3: Privacy expectations and calculations

14:45 - 16:00

The Role of Privacy Violations in Privacy Calculus
Maija Poikela, Sebastian Möller
What Can't Data Be Used For? User Privacy Expectations about Smart TVs
Nathan Malkin, Julia Bernd, Maritza Johnson, Serge Egelman

Coffee Break

16:00 - 16:30

Session #4: Teaching Configuration

16:30 - 17:45

Permission Impossible: Teaching Firewall Configuration in a Game Environment
Sibylle Sehl, Kami Vaniea
The 'Retailio' Privacy Wizard: Assisting Users with Privacy Settings for Intelligent Retail Stores
Frederic Raber, David Ziemann, Antonio Krueger

Call for Papers

We are excited to welcome original work describing research or experience, as well as position papers, in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. We explicitly welcome work on evaluating existing or experimental research methods. Topics include, but are not limited to:
  • innovative security or privacy functionality and design
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodology for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience
  • this topic list is not exhaustive
We've observed that the most effective workshops are those that encourage discussion between delegates. Such formats have been used very effectively in recent events such as FSE/ESEC2017 and SHB17, and we're glad to be introducing a similar format for EuroUSEC.

For accepted papers, please arrange for at least one author to attend the workshop.

Important Dates (tentative)

Paper submission deadlineWednesday, March 7, 2018 (Anywhere on Earth)
NotificationFriday, March 23, 2018
Camera readySunday, April 8, 2018
WorkshopMonday, April 23, 2018

Submission Instructions

Papers should be written in English. Papers must be up to 10 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices, so your paper should be self-contained without them.

Accepted papers will be published online with their supplementary appendices included.

Submissions must be no more than 20 pages total including bibliography and appendices. Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls in Compsoc Conference Mode.

Please prefer U.S. spelling and grammar rules.

Submissions should be anonymized for review. Please refer to your own related work in the third person, as though someone else had written it. This also includes, e.g., data sets: "We received data from the authors of [31] which we reused for this experiment." Do not blind citations except in extraordinary circumstances.

In keeping with IEEE guidelines, all submissions must be original work; authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the program committee chair if there are questions about this policy.

Submission Site

Please submit your submission to our HotCRP.


The proceedings will be published by the Internet Society after the workshop. For the workshop, a pre-print will be made available on the workshop webpage.

Steering Committee

Program Committee Chairs

Program Committee


Venue and Registration

The workshop is colocated with the 3rd IEEE European Symposium on Security and Privacy (EuroS&P 2018). Please refer to the conference website for further information and registration.

Go to the registration