SOUPS: Symposium On Usable Privacy and Security



Past:   Proceedings on DBLP

Future:  Post a CFP for 2018 or later   |   Invite the Organizers Email


All CFPs on WikiCFP

Event When Where Deadline
SOUPS 2017 Symposium on Usable Privacy and Security
Jul 12, 2017 - Jul 14, 2017 Santa Clara, CA Mar 7, 2017 (Mar 1, 2017)
SOUPS 2016 Symposium On Usable Privacy and Security
Jun 22, 2016 - Jun 24, 2016 Denver, CO Mar 4, 2016 (Mar 1, 2016)
SOUPS 2015 Symposium On Usable Privacy and Security
Jul 22, 2015 - Jul 24, 2015 Ottawa, Canada Mar 13, 2015 (Mar 6, 2015)
SOUPS 2014 Symposium On Usable Privacy and Security
Jul 9, 2014 - Jul 11, 2014 Menlo Park, CA Mar 6, 2014 (Feb 28, 2014)
SOUPS 2013 Symposium On Usable Privacy and Security (SOUPS)
Jul 24, 2013 - Jul 26, 2013 Newcastle, UK Mar 8, 2013
SOUPS 2012 Symposium on Usable Privacy and Security
Jul 11, 2012 - Jul 13, 2012 Washington, DC Mar 9, 2012
SOUPS 2011 Symposium On Usable Privacy and Security
Jul 20, 2011 - Jul 22, 2011 Pittsburgh, PA Mar 11, 2011
SOUPS 2010 Symposium On Usable Privacy and Security 2010
Jul 14, 2010 - Jul 16, 2010 Redmond, WA USA Mar 5, 2010
SOUPS 2009 Symposium On Usable Privacy and Security
Jul 15, 2009 - Jul 17, 2009 Mountain View, CA, USA Feb 27, 2009

Present CFP : 2017

The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature:

Technical papers, including replication papers
* Workshops and tutorials
* A poster session
* Lightning talks
We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:

Technical Papers
* Innovative security or privacy functionality and design
* Field studies of security or privacy technology
* Usability evaluations of new or existing security or privacy features
* Security testing of new or existing usability features
* Longitudinal studies of deployed security or privacy features
* Studies of administrators or developers and support for security and privacy
* The impact of organizational policy or procurement decisions
* Lessons learned from the deployment and use of usable privacy and security features

Replication Papers (emphasized in 2017)
Reports of replicating previously published studies and experiments. There are several options within this category:

* Full replication: Same study protocol, same type of sample.
* Variation: One design variable is changed. For instance, re-running an MTurk study with a different sample; conducting a study with a sample from different countries, etc.
* Triangulation: Same study goal but different design. For instance, conducting a field study instead of a self-reporting survey; using a different measurement instrument to measure a variable.

Authors should clearly state why they conducted a replication study, which type of replication study they conducted, and describe the methodological differences precisely as well as comparing their new results with the results being replicated. The abstracts of replication papers should contain a sentence summarizing their contribution to the field and literature. Replication papers do not necessarily need to offer new or unexpected findings. Papers confirming previous findings are considered contributions. Please prefix the title of these papers with the word "Replication:" for the review process. Since this is a new category please feel free to contact the PC chairs with any questions.

All submissions must relate to the human aspects of security or privacy. Papers on security or privacy that do not address usability or human factors will not be considered. Likewise, papers on usability or human factors that do not address security or privacy will not be considered. The determination of a paper’s scope will be solely at the discretion of the program committee chairs.

Papers need to describe the purpose and goals of the work, cite related work, show how the work effectively integrates usability or human factors with security or privacy, and clearly indicate the innovative aspects of the work or lessons learned, as well as the contribution of the work to the field.

Papers must use the SOUPS formatting template (available here soon for MS Word or LaTeX) and be up to 12 pages in length, excluding the bibliography and any supplemental appendices. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of your paper, on which your work is to be evaluated. Reviewers are not required to read any appendices, so your paper should be self contained without them. Accepted papers will be published online with their supplementary appendices included. Submissions must be no more than 12 pages in length and up to 20 pages total including bibliography and appendices. For the body of your paper, brevity is appreciated, as evidenced by the fact that many papers in prior years have been well under this limit. All submissions must be in PDF format and must be blinded.

Submit your paper electronically via the Web submission form, which will be available here soon.
Anonymization: Reviewing is double blind. No names or affiliations should appear on the title page, and papers should avoid revealing the authors' identities in the text. Any references to the authors' own work should be made in the third person. Contact the program chairs at if you have any questions.

Submissions that violate these requirements may be rejected without review.

Registering and submitting your paper: Technical papers must be registered and submitted by the deadlines listed above. These are hard deadlines! (Registering a paper in the submission system requires filling out all the fields that describe the submission, but does not require uploading a PDF of the paper. Placeholder or incomplete titles and abstracts may be rejected without review.)

Rebuttals: The rebuttal period will be held after all reviews have been submitted so that the authors have a chance to correct factual errors in the reviews before final decisions are made. Due to time constraints, the rebuttal period is fairly short. Please ensure that you reserve enough time between May 2 and May 9 for the rebuttal process. Late rebuttals will not be accepted.

Accepted papers will be published by the USENIX Association, and will be freely available on the USENIX and SOUPS Web sites. Authors will retain copyright of their papers. Submitted papers must not significantly overlap papers that have been published or that are simultaneously submitted to a peer-reviewed venue or publication. Any overlap between your submitted paper and other work either under submission or previously published must be documented in explanatory and sent to the chairs. State precisely how the two works differ in their goals, any use of shared experiments or data sources, and the unique contributions. If the other work is under submission elsewhere, the program committee may ask to review that work to evaluate the overlap. Please note that program committees frequently share information about papers under review and reviewers usually work on multiple conferences simultaneously. Technical reports (e.g., arXiv reports) are exempt from this rule. If in doubt, please contact the program chairs at for advice. You may also release pre-prints of your accepted work to the public at your discretion.

Authors are encouraged to review: "Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them." Note that this paper addresses research work taking an experimental and quantitative approach, with hypothesis testing and statistical inference. However, SOUPS welcomes submissions that take other approaches, and recognizes that other methodological considerations will be appropriate.

User studies should follow the basic principles of ethical research (e.g., beneficence (maximizing the benefits to an individual or to society while minimizing harm to the individual), minimal risk (appropriateness of the risk versus benefit ratio), voluntary consent, respect for privacy, and limited deception). Authors are encouraged to include in their submissions explanation of how ethical principles were followed, and may be asked to provide such an explanation should questions arise during the review process. If your organization or institution requires formal approval, your paper may be rejected if approval was not obtained. However, such an approval does not guarantee acceptance and the program committee may reject a paper on ethical grounds.

Symposium Organizers
General Chair
Mary Ellen Zurko, Cisco Systems

Technical Papers Co-Chairs
Matthew Smith, University of Bonn
Sonia Chiasson, Carleton University

Technical Papers Committee

Related Resources

RAID 2017   20th International Symposium on Research in Attacks, Intrusions and Defenses
Future_Internet-SI 2017   Futute Internet - Special Issue on Security and Privacy in Wireless and Mobile Networks
ESORICS 2017   Twenty-second European Symposium on Research in Computer Security
SMGSSP 2017   Smart Micro-Grid Systems Security and Privacy
SECURWARE 2017   The Eleventh International Conference on Emerging Security Information, Systems and Technologies
INSERT 2017   1st International Conference on Security, Privacy, and Trust (INSERT'17)
ASPMI 2018   Advances in Security and Privacy of Multimodal Interfaces
ICISIP 2017   The 5th IIAE International Conference on Intelligent Systems and Image Processing 2017
JISA-SI: Mobile-SPT 2017   JISA: SPECIAL ISSUE ON “Mobile Networks and Devices Security, Privacy and Trust”
MobiSec 2017   Special Issue on Mobile Systems, Mobile Networks and Mobile Cloud: Security, Privacy and Digital Forensics