A number of seminal papers appeared towards the end of the 20th century calling for more attention to be paid to the human in the security loop. For example, Anne Adams and Angela Sasse’s “Users are not the Enemy” and Mark Ackerman and Lorrie Cranor’s “Privacy critics: UI components to safeguard users’ privacy.” The research field of Usable Security was thereby launched, and quickly garnered interest amongst academics and in industry. Almost two decades later this field has achieved independent status with a number of conferences and workshops being dedicated to this research field. USEC is a proud member of these bespoke conferences, rubbing shoulders with SOUPS, EuroUSEC and STAST. Other international conferences, such as CHI, HICSS and IEEE S&P, have strands dedicated to usable security, demonstrating a growing recognition of this field as a serious research endeavour.
Just before NDSS 2017 this year, we’ll hold the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This is the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This year we received an unprecedented 58 submissions, a gratifying confirmation of the growing number of researchers working in the field, all doing great research and wanting to share it with others. It also means that USEC, as a workshop, is firmly on the map, being deemed a worthy venue for publishing and presenting valuable research results.
Unlike the situation in the 20th century, we no longer have to convince anyone of the importance of the human in the security loop. Hardly a day goes by that the newspapers do not carry a report about a successful hack, and many of these are facilitated by the humans who own and use the computers that have been hacked, either deliberately or inadvertently. Much of the research in this area works to help users to understand security and privacy concepts, to help them to gain the skills to repel the efforts of myriad hackers and to provide end users with tools to bolster their personal and organisational security more effectively.
The papers we accepted for USEC 2017 fall into three rough groups. The first is authentication. Any conference of this kind receives a number of authentication-related papers. This is not unusual since this is the point where end-users and security are guaranteed to meet. This is the space that causes both security professionals and end-users a great deal of pain. The second group of papers addresses perceptions – contemplating how people perceive security and privacy aspects of systems. The final group addresses new topics in the research area – perhaps we can refer to these as stretch papers.
We’re looking forward to an excellent workshop, with much to discuss, think about and explore in future research. Above all, this is a great opportunity to make new friends, catch up with old ones and enjoy the wonderful San Diego weather.
The USEC workshop depends on the highly-valued contributions of our sterling Programme Committee, who do the reviewing without remuneration. We extend our heartfelt thanks to them. We also thank our Steering Committee: Angela Sasse, Jean Camp, Jim Blythe, Matthew Smith and Andrew Adams, for their guidance and assistance.