10th Workshop on Security Information Workers (WSIW'24)

The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security and privacy information workers who develop, use, and manipulate privacy and security-related information and data as a significant part of their jobs.

Submit your research working with

Software Developers Administrators IT Professionals Intelligence analysts Security Consultans and Educators Privacy Engineers and Professionals

Workshop

The workshop will feature a keynote talk and paper presentations, as well as breakout sessions to provide an opportunity for smaller group interactive discussion about related topics of interest, which may include methods, challenges, and future directions in security information workers research.

Important Dates

Happening	Date (23:59 AoE)
Submission Deadline	~~Thursday, May 23, 2024~~	Tuesday, June 4, 2024
Acceptance Notification	~~Thursday, June 6, 2024~~	Tuesday, June 18, 2024
Camera-Ready Papers Due	Thursday, June 20, 2024
Workshop	Sunday, August 11, 2024

Venue

Picture of the front of Philadelphia Marriot

Philadelphia Marriott Downtown

1201 W Market Street
Philadelphia, PA 19107
USA
+1 215.625.2900

Agenda

Sunday, August 11, 2024, 2:30pm – 6:00pm Eastern Daylight Time

2:30pm - 2:40pm

Welcome, Introduction, and Workshop Agenda

2:40pm - 3:50pm - Paper Session

The Threat Modeling Naturally Tool: An Interactive Tool Supporting More Natural Flexible and Ad-Hoc Threat Modeling

Ronald E. Thompson (Tufts University), Madison Red (Tufts University), Richard Zhang (Tufts University), Yaejie Kwon (Swathmore College), Lisa Dang (Tufts University), Christopher Pellegrini (Northeastern University), Esam Nesru (University of Maryland, Baltimore County), Mira Jain (Tufts University), Caroline Chin (Tufts University), and Daniel Votipka (Tufts University)

Understanding Symbolic Execution Workflow from Security Analysts (Position Paper)

Zeming Yu (Arizona State University), James Mattei (Tufts University), Selina Li (Arizona State University), Ruoyu Wang (Arizona State Univeristy), Daniel Votipka (Tufts University), and TIffany Bao (Arizona State Univeristy)

Usability for Digital Forensics Professionals (Work in Progress)

Prakruthi Reddy and Cori Faklaris (University of North Carolina at Charlotte)

3:50pm - 4:00pm - Break

4:00pm - 5:00pm - Keynote Presentation

Factoring Humans into power systems cybersecurity: rethinking the weakest link - Katya Le Blanc

Katya is a senior human factors scientist who has been conducting research in the energy sector for 14 years. She leads human factors research in several complex, multidisciplinary subjects including nuclear power, electric grid, human-automation and human-AI interaction, and cybersecurity. Her research in nuclear power plant modernization has led to transformational change in the way field operators conduct procedures and has improved operator interfaces for control of nuclear power plant equipment in the field and in the control room. Her cybersecurity work includes cyber risk characterization in nuclear power and critical infrastructure, visualization to support coordination between system operators and cybersecurity professionals, and addressing the technical and regulatory risks related to cyber security in nuclear power. She is deputy national technical director for the DOE NE advanced reactors safeguards and security program where she directs cybersecurity research. Katya has over 100 technical publications in human factors in the energy sector. She is a senior member of IEEE and holds a PhD and master’s degree in cognitive psychology from New Mexico State University and a BS in psychology from New Mexico Institute of Mining and Technology.

5:00pm - 5:15pm - Break

5:15pm - 6:00pm

Breakout groups and discussion

Registration

WSIW'24 will happen in-person. Registration costs $75 and can be completed through the SOUPS Website.

Call for Papers

We solicit papers describing new research contributions in the area of security and privacy information workers, as well as case studies, work in progress, preliminary results, novel ideas, and position papers. Successful submissions to this workshop will explicitly be informed by an understanding of how security/privacy information workers do their jobs, and the results will explicitly address how we understand these workers.

Information Workers

The area of security/privacy information workers includes:

Software developers, who design and build software that manages and protects sensitive information;
Security and system administrators, who deploy and manage security-sensitive software and hardware systems;
IT professionals, whose decisions have impact on end users' security and privacy;
Intelligence analysts, who collect and analyze data about security matters to understand information and make predictions;
Security consultants and educators, who provide guidance to individuals and organizations on practicing good security behaviors and implementing security technologies; and
Privacy engineers and professionals, who ensure that privacy considerations are built into products and who help develop privacy policie.

Topics

This workshop aims to develop and stimulate discussion about security information workers. We will consider topics including but not limited to:

Empirical studies of security/privacy information workers, including case studies, experiments, field studies, and surveys;
New tools designed to assist security/privacy information workers;
Infrastructure for better understanding security/privacy information workers;
Information visualization and other techniques designed to help security/privacy information workers do their jobs;
Evaluations of tools and techniques for security/privacy information workers

Submission

The deadline for submissions is Thursday, May 23, 2024 23:59 AoE (Anywhere on Earth).

Format:

Papers should be atmost 6 pages (excluding references).
Using the SOUPS template format (MS Word, LaTeX).
Submissions should be fully anonymized.

Submissions may be made at: https://wsiw2024.usenix.hotcrp.com/.

Submission: Papers should be succinct, but thorough in presenting the work. Typical papers will be 5–6 pages long (plus references) but papers can be shorter (e.g., 2–3 pages) if, for example, they present a novel idea with limited preliminary results or a position likely to drive a lively discussion. Shorter, more focused papers are encouraged and will be reviewed like any other paper. If you only need 2 or 4 pages (plus references) to clearly explain your work or idea, please submit a paper of that length. Reviewers will be instructed to assess the value of the talk to the workshop audience irrespective of the paper length; however, we stress again that the presentation should be sufficiently thorough for reviewers to make this evaluation.

Workshop papers will be made available to attendees prior to the workshop. However, they will not appear in the official SOUPS proceedings.

Presentation: Paper presentations will be approximately 12–13 minutes in length followed by 5 minutes of questions and answers. Presentations can be in-person or remotely using Zoom.

Organization

Program Committee

Omer Akgul, Carnegie Mellon University
Kelsey Fulton, Colorado School of Mines
Clement Fung, Carnegie Mellon University
Ron Thompson, Tufts University
Daniel Votipka, Tufts University