July 14-16, 2010
Redmond, WA


Call for participation





Usable Security Experiment Reports (USER) Workshop


Call for Papers: [plain text] [PDF]

The USER workshop is an opportunity for researchers to discuss their experiences in conducting user studies in usable security, and for newcomers to learn from this collective experience. We hope to bring together researchers with backgrounds in security or usability, to share knowledge of how to collect appropriate data for conducting suitable security analysis and meaningful usability evaluation.

We seek papers describing your experiences in conducting usable security user studies. These should describe the experimental design and its reasoning, challenges and how these were addressed, insight to improve future studies, and reflections on the effectiveness or limitations of the study. We are also interested in novel approaches to quantitative or qualitative data analysis to evaluate either security or usability, perhaps drawing from approaches in other disciplines.

Topics may include (but are not limited to):

  • designing studies that reflect realistic user behaviour,
  • conducting realistic attack studies that fall within ethical guidelines,
  • collecting data that allows for appropriate security and usability analysis,
  • novel analysis techniques for security or usability,
  • designing studies that allow for meaningful results while meeting ethical guidelines,
  • quantitative and qualitative methods of analysis


Wednesday, July 14, 2010 - Microsoft Commons, Capitol Hill Room


Welcome and opening remarks


Conducting Usable Privacy & Security Studies with Amazon's Mechanical Turk
Patrick Gage Kelley

One Experience Collecting Sensitive Mobile Data
Yuan Niu, Elaine Shi, Richard Chow, Philippe Golle, Marjus Jakobsson

"I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours
Andreas Sotirakopoulos, Kirstie Hawkey, Konstantin Beznosov

Gathering Realistic Authentication Performance Data Through Field Trials
Adam Beautement, M. Angela Sasse




The Challenges of Understanding Users' Security-related Knowledge, Behaviour, and Motivations
Sara Motiee, Kirstie Hawkey, Konstantin Beznosov

An experimental microworld for evaluating the tradeoffs between usability and security
Noam Ben-Asher, Joachim Meyer, Yisrael Parmet, Sebastian Moeller, Roman Englert

Studying Password Use in the Wild: Practical Problems and Possible Solutions
Philip Inglesant, M. Angela Sasse

Challenges in evaluating complex IT security management systems
Pooya Jaferian, Kirstie Hawkey, Konstantin Beznosov




Panel: Referee's Dilemma: How to Assess Usable Security Research

Usable security involves issues of user behaviour and system security, and both can be challenging to assess: the research methods, forms of analysis, and scope must all be considered. Perhaps most challenging is that system security and user behaviour are related, so a focus on one must involve consideration of the effects on the other.

Given these challenges, how should referees assess research work, and how should researchers prepare for assessment? In particular, how should the relationship between system security and user behaviour be addressed?


  • Lorrie Cranor, Carnegie Mellon University
  • Cormac Herley, Microsoft Research
  • Philip Inglesant, University College London
  • Stuart Schechter, Microsoft Research


Closing remarks


Sonia Chiasson
Carleton University, Ottawa Canada

Robert Biddle,
Carleton University, Ottawa Canada