Send email Copy Email Address

USEC 2022 Symposium on Usable Security and Privacy  

The Symposium on Usable Security and Privacy (USEC) serves as an international forum for research and discussion in the area of human factors in security and privacy. USEC is a Symposium with proceedings. 

USEC 2022 will be held on April 28, 2022 in conjunction with NDSS at the Catamaran Resort Hotel & Spa in San Diego, California.

It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of faded experiments. They must highlight the lessons learned and provide recommendations on how to avoid falling into the same traps.


Schedule Details
9:00-9:15 Opening Remarks
9:15-10:15 Keynote by Ross Anderson
10:15-10:50 Coffee Break

Security Awarness:

Session Chair: Aiping Xiong

PickMail: A Serious Game for Email Phishing Awareness Training
Gokul CJ (TCS Research, Tata Consultancy Services Ltd., Pune) 
Vijayanand Banahatti (TCS Research, Tata Consultancy Services Ltd., Pune) 
Sachin Lodha (TCS Research, Tata Consultancy Services Ltd., Pune) 

Phishing awareness and education – When to best remind?
Benjamin Maximilian Berens (SECUSO, Karlsruhe Institute of Technology) 
Katerina Dimitrova
Mattia Mossano (SECUSO, Karlsruhe Institute of Technology)  
Melanie Volkamer (SECUSO, Karlsruhe Institute of Technology) 

SoK: A Proposal for Incorporating Gamified Cybersecurity Awareness in the Disabled Community Informed by a Systematic Literature Review
June De La Cruz (INSPIRIT Lab, University of Denver) 
Sanchari Das (INSPIRIT Lab, University of Denver) 

Analyzing and Creating Malicious URLs: A Comparative Study on Anti-Phishing Learning Games
Vincent Drury (IT-Security Research Group, RWTH Aachen University) 
Rene Roepke (Learning Technologies Research Group, RWTH Aachen University)
Ulrik Schroeder (Learning Technologies Research Group, RWTH Aachen University) 
Ulrike Meyer (IT-Security Research Group, RWTH Aachen University) 


Emerging Themes:

Session Chair: Lea Gröber

Explainable AI in Cybersecurity Operations: Lessons Learned from xAI Tool Deployment
Authors :
Megan Nyre-Yu (Sandia National Laboratories) 
Elizabeth S. Morris (Sandia National Laboratories) 
Blake Moss (Sandia National Laboratories) 
Charles Smutz (Sandia National Laboratories) 
Michael R. Smith (Sandia National Laboratories) 

Effects of Knowledge and Experience on Privacy Decision-Making in Connected Autonomous Vehicle Scenarios
Authors :
Zekun Cai (Penn State University) 
Aiping Xiong (Penn State University) 

Usability of CoinJoin wallets JoinMarket, Wasabi, and Samourai
Authors :
Simin Ghesmati (TU Wien, SBA Research) 
Walid Fdhila (Uni Wien, SBA Research) 
Edgar Weippl (Uni Wien, SBA Research)

3:00-3:30 Coffee Break


Session Chair: Alena Naiakshina

Trust & Privacy Expectations during Perilous Times of Contact Tracing
Habiba Farzand (University of Glasgow) 
Florian Mathis (University of Glasgow) 
Karola Marky (University of Glasgow) 
Mohamed Khamis (University of Glasgow) 

“So I Sold My Soul'': Effects of Dark Patterns in Cookie Notices on End-User Behavior and Perceptions
Oksana Kulyk (ITU Copenhagen)
Willard Rafnsson (IT University of Copenhagen)
Ida Marie Borberg
Rene Hougard Pedersen 

A Study on Security and Privacy Practices in Danish Companies
Asmita Dalela (IT University of Copenhagen) 
Saverio Giallorenzo (Department of Computer Science and Engineering - University of Bologna) 
Oksana Kulyk (ITU Copenhagen) 
Jacopo Mauro (University of Southern Denmark) 
Elda Paja (IT University of Copenhagen) 



Ross Anderson: "Adversarial Usability: The New Frontier?"

"When we started work on usable security at the turn of the century, we tackled problems for which we thought there might be simple and durable answers. Can people actually use your encryption program safely? What sort of password advice can you give people, and with what results? Could experiments lead us to sound engineering design? But as time passed, we realised that the hackers were not our only adversaries. Banks designed systems so their customers had to write their passwords down, and used that to hold them liable for fraud. Governments produced stupid advice, such as monthly password changes, which audit firms imposed worldwide. Big service firms changed their privacy mechanisms whenever enough of their users figured out how to opt out of surveillance. Usability for developers is another issue, and recent experience with attacks based on coding has some interesting lessons to teach. And as dark patterns proliferate from scammers to regular businesses, the FTC started last year to run workshops on the problem. Research on usable security is lagging research on consumer protection! Yet security economics warns us to analyse not just the perspectives of users, but those of companies and regulators too. The implications are broad. To take just one example, the likely future benefits and harms from machine learning will depend on who controls it, what it's used for, and how easy it is to fix problems. A world where nudge becomes sludge and evolves into smart sludge could be tiresome; and the history of cookie banners suggests that pushing back on adversarial usability by direct regulation may be hard."


Program Chairs

Katharina Krombholz, CISPA Helmholtz Center for Information Security

Prashanth Rajivan, University of Washington

Program Commitee

Aiping Xiong

Penn State University

Alena Naiakshina

Ruhr-University Bochum

Diane Staheli

MIT Lincoln Lab

Fariza Sabrina

Central Queensland University

Hyoungshick Kim

Sungkyunkwan University

Imani N. S. Munyaka

University of California, San Diego

Josiah Dykstra

National Security Agency

Karima Boudaoud

University of Nice Sophia Antipolis

Katharina Krombholz 

CISPA Helmholtz Center for Information Security

Kuldeep Singh

University of Texas El Paso

Lea Gröber

CISPA Helmholtz Center for Information Security

Leah Zhang-Kennedy

University of Waterloo

Matthias Fassl

CISPA Helmholtz Center for Information Security

Megan Nyre-Yu

Sandia National Labs

David Schuster

San Jose State University.

Palvi Aggarwal

University of Texas El Paso

Pardis Emami-Naeini

University of Washington

Prashanth Rajivan 

University of Washington

Sanchari Das

University of Denver

Simson Garfinkel

George Washington University

Varun Dutt

Applied Cognitive Science Lab, Indian Institute of Technology Mandi, Kamand, Himachal Pradesh, India – 175005

Verena Distler

University of Luxembourg



Submission Information

All submissions must be original work; authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. All papers should be written in English. 

Format: The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Use the NDSS USEC format found at:

Paper length: We are looking for submissions of 5 to 10 pages, excluding references and supplementary materials. We encourage authors to submit papers of appropriate length for the research contribution. If your research contribution only requires 5-7 pages, please only submit 5-7 pages (plus references). Shorter papers with be reviewed like any other paper and not penalized. Papers shorter than 5 pages or longer than 10 pages (excluding references) will not be considered.

Submitting supplementary material that adds depth to the contribution and/or contributes to the submission’s replicability is strongly encouraged. Supplemental material must be linked to in the paper in an anonymous way as we cannot support direct upload to the submission system.

Anonymous Submission: Reviewing will be double blind. Author names and affiliations should not appear in the paper. The authors should make a reasonable effort not to reveal their identities or institutional affiliation in the text, figures, photos, links, or other data that is contained in the paper. Authors’ prior work should be preferably referred to in the third person; if this is not feasible, the references should be blinded. Submissions that violate these requirements will be rejected without review. The list of authors cannot be changed after the acceptance decision is made unless approved by the Program Chairs.

Conflict of Interest: Authors and Program Committee members are required to indicate any conflict of interest and its nature. Advisors and those that they are advising, as well as authors and PC members with an institutional relationship are considered to share a conflict of interest. Professional collaborations (irrespective of whether they resulted in publication or funding) that occurred in the past 2 years and close personal relationships equally constitute a conflict of interest. PC members, including chairs, that have a conflict of interest with a paper, will be entirely excluded from the evaluation of that paper.

The submission site is