The 2024 European Symposium on Usable Security

Dates and Location: September 30 & October 1, 2024, Karlstad, Sweden.

Join us in Karlstad for EuroUSEC 2024, where the future of usable privacy and security intersects with the unparalleled beauty and heritage of Sweden. Let's explore, learn, and innovate together in a city that bridges the past with the future, nature with technology, and people with ideas.

The European Symposium on Usable Security (EuroUSEC) is a forum for research and discussion on human factors in security and privacy. EuroUSEC solicits previously unpublished work offering novel research contributions in any aspect of human-centred security and privacy. EuroUSEC aims to bring together researchers, practitioners, and students from diverse backgrounds including computer science, engineering, psychology, the social sciences, and economics to discuss issues related to human-computer interaction, security, and privacy.

Exciting news: We are pleased to announce that the authors of selected best papers from the EuroUSEC 2024 event will be invited to submit an extended version for possible publication in a special section/issue of the Information and Computer Security Journal, pending approval. These submissions will undergo a fast-track review process.

EuroUSEC is part of the USEC family of events. You can find more info about all USEC events at:

The 2024 EuroUSEC is an independent event in Karlstad without any affiliation to any conference. By doing this, we strive to keep registration costs to a minimum.

We want EuroUSEC to be a community-driven event and would love to hear any questions, comments, or concerns you might have regarding these changes from last year. Therefore, we want to encourage everyone to join the EuroUSEC Slack. Alternatively, you can email the program chairs with any questions or concerns.

Keynote Speakers

Dr. Rebecca Balebako

Talk Title: PETs are all you need?

Talk Abstract: Privacy Enhancing Technologies (PETs) enable amazing use cases from healthcare research to fraud prevention, while protecting personal data. But are policy-makers and academics focusing on the right solutions? This talk delves into how we define PETs and why that matters. What are the adoption challenges of PETs across small, medium, and large companies in Europe? Are PETs only relevant to companies building AI models? We'll dissect key criteria for selecting PETs and explore the pitfalls of promoting one technology over another. We'll also highlight key areas of research that might enable data protection in medium-sized companies. 

Biography: Dr. Rebecca Balebako has been working on privacy since 2010. She has helped start-ups, large tech companies, and specialized government agencies define strategies for machine learning and privacy. Rebecca has published numerous academic papers on usable privacy and security. Dr. Balebako is also an IAPP Fellow of Information Privacy (CIPP/E and CIPT) and is trained in AI Governance and Machine Learning. She holds a Ph.D. in Engineering and Public Policy, focusing on privacy, as well as degrees in Software Engineering and Math. As a former lead of the Google Privacy Red Team, she improved the privacy infrastructure and reduced risk for terabytes of data, thousands of machine learning models, and hundreds of third-party apps. Previous work on AI led to improvements in early speech recognition as well as a framework for responsible face recognition.

Prof. Awais Rashid

Talk Title: Equitable Privacy: Understanding Privacy Requirements of Marginalised and Vulnerable Populations

Talk Abstract: Digital technologies are becoming pervasive in society, from online shopping and social interactions to finance, banking, and transportation. With a future vision of smart cities, driven by a real-time, data-driven, digital economy, privacy is paramount. It is critical to engendering trust in the digital fabric on which society relies and is enshrined as a fundamental human right in the Universal Declaration of Human Rights and regulations such as GDPR.

Significant efforts have been made to provide users with more agency in understanding, controlling, and assuring the way their data and information are processed and shared. However, this ability to control, understand, and assure is not equitably experienced across society. For instance, individuals from lower-income groups often have to share devices to access services that may include sensitive information. In the case of victims of intimate partner violence, an innocuous app (such as Find My Phone) or digital device (such as a smart doorbell) may be used to monitor their activities and there are significant risks in using online reporting tools for fear of traceability. Such vulnerable and marginalised populations have nuanced privacy and information control needs as well as threat models. These needs and requirements are not typically foregrounded to software developers. The challenge is compounded by the fact that developers are neither privacy experts nor typically have the training, tools, support, and guidance to design for the diverse privacy needs of marginalised and vulnerable groups.

In this talk, I will discuss insights from an ongoing multi-year programme of research on understanding the privacy requirements of such populations and highlight a research agenda on how to support software developers in systematically addressing them.

Biography: Awais Rashid is Professor of Cyber Security at the University of Bristol. His research spans cyber security and software engineering, with a particular focus on cyber-physical systems security, software security and usable security and privacy. He is Director of the UK’s National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN) and Director of the EPSRC Centre for Doctoral Training in Trust, Identity, Privacy and Security in Large-Scale Infrastructures. He is also the lead and editor-in-chief of CyBOK, the Cyber Security Body of Knowledge. He also leads research on readiness of software engineers and developers to work with new secure hardware as part of the Digital Security by Design programme. He also previously led projects as part of the UK Research Institute on Trustworthy Industrial Control Systems (RITICS), the UK Research Institute on Socio-technical Cyber Security (RISCS) and the National Centre of Excellence on Cyber Security of Internet of Things (PETRAS). He was also a Fellow of the Alan Turing Institute (2018-2021).

Call for Papers

We invite you to submit a paper and join us in Karlstad, Sweden, at EuroUSEC 2024.

We welcome submissions containing unpublished original work describing research, visions, or experiences in all areas of usable security and privacy. We also welcome the systematization of knowledge with a clear connection to usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches. Note that All submissions must clearly relate to human aspects of security or privacy. We won't accept papers on security or privacy that don't address usability or human factors. The same applies to usability or human factors papers that do not address security or privacy.

Topics include, but are not limited to:

  • usable security and privacy implications or solutions for specific domains (such as IoT, ehealth, and vulnerable populations)
  • methodologies for usable security and privacy research
  • field studies of security or privacy technology
  • longitudinal studies of deployed security or privacy features
  • new applications of existing privacy/security models or technology
  • innovative security or privacy functionality and design
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience
  • papers with negative results
  • reports of replicating previously published important studies and experiments
  • psychological, sociological, cultural, or economic aspects of security and privacy
  • studies of administrators or developers and support for security and privacy
  • studies on the adoption or acceptance of security or privacy technologies
  • systematization of knowledge papers
  • impact of organizational policy or procurement decisions on security and privacy

We aim to provide a venue for researchers at all stages of their careers and at all stages of their projects.

The submissions can be either standard-length papers (at most 16 pages) or short papers (up to 8 pages), reporting mature work. All papers will use the one-column submission format (See Submission Instructions: Microsoft Word, Latex: use the “manuscript” call to create a single column format) and bibliography and appendices are excluded from the page count. Using supplementary appendices, authors can include study materials (e.g., surveys, interview guides, etc.) that would otherwise occupy valuable space within the body of the paper. Reviewers are not required to read appendices, so your paper should be self-contained without them. ACM also allows the publication of additional supplemental materials and we want to encourage authors to take advantage of this option to provide research artifacts (e.g., builds of their own software used in the study).

Similar to last year, EuroUSEC 2024 proceedings volume will be a part of the International Conference Proceedings Series (ICPS) published by ACM.

It is mandatory for at least one author of each accepted paper to attend and present the paper in person. In certain circumstances, people who cannot travel may present their papers virtually.

Important Dates

Paper registration deadline (mandatory):       Monday, 27th May, 2024 (Anywhere on Earth (AoE))                
Paper submission deadline: Friday, 31st May, 2024(AoE)
Notification: Monday, 8th July, 2024 (AoE)
Re-submission deadline: Monday, 22nd July, 2024 (AoE)
Revision notification: Monday, 5th August, 2024(AoE)
Camera ready: TBA

Submission Instructions

Upload your submission via this link:

  1. All submissions must report original work.
    • Authors must clearly document any overlap with previously or simultaneously submitted papers from any of the authors (email the chairs a PDF document outlining this).
  2. Papers must be written in English.
  3. Papers must be anonymized for review: No author names or affiliations should be included in the title page or the body of the paper. As well, acknowledgments should be removed, and papers should not reveal authors' identities.
  4. Refer to your own related work in the third person: do not use personal pronouns.
    • This requirement also applies to data sets and artifacts. (For example, "We reused data from the authors of Smith et al. [31] in our experiment.")
  5. Do not blind citations except in extraordinary circumstances. If in doubt, contact the chairs.
  6. All submissions must use the ACM Word or LaTeX templates.
    • These templates can be obtained from the ACM author submission information website. To submit your paper to be reviewed, use the one-column format (e.g. for latex use: \documentclass[manuscript]{acmart}).
  7. Systematization of Knowledge paper titles must begin with SOK:

Simultaneous submission of the same paper to another venue with proceedings or a journal is prohibited. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the EuroUSEC chairs if there are questions about this policy.

You are free to publish a pre-print of your paper on arXiv, SSRN or similar, if you wish to.

Contact EuroUSEC chairs if there are any questions.

Program Committee Chairs

The chairs can be contacted at pc.chairs.eurousec

Program Committee

  • Yasmeen Abdrabou, Lancaster University (UK)
  • Shimaa Ahmed, VISA research (USA)
  • Mamtaj Akter, Vanderbilt University (USA)
  • Elham Al Qahtani, University of Jeddah (Saudi Arabia)
  • Patricia Arias Cabarcos, University of Paderborn (Germany)
  • Hala Assal, Carleton University (Canada)
  • David Balash, University of Richmond (USA)
  • Louise Barkhuus, IT University of Copenhagen (Denmark)
  • Ingolf Becker, University College London (UK)
  • Zinaida Benenson, University of Erlangen-Nuremberg (Germany)
  • Sabid Bin Habib Pias, Indiana University (USA)
  • Dawn Branley-Bell, Northumbria University (UK)
  • Bernardo Breve, University of Salerno (Italy)
  • Annalina Buckmann, Ruhr University Bochum (Germany)
  • Jurlind Budurushi, Baden-Wuerttemberg Cooperative State University (Germany)
  • Jan-Willem Bullee, University of Twente (Netherlands)
  • Karoline Busse, University of Applied Administrative Sciences Lower Saxony (Germany)
  • Rahul Chatterjee, University of Wisconsin Madison (USA)
  • Giuseppe Desolda, University of Bari Aldo Moro (Italy)
  • Nicolas E. Díaz Ferreyra, Hamburg University of Technology (Germany)
  • Verena Distler, University of the Bundeswehr Munich (Germany)
  • N'guessan Yves-Roland Douha, Nara Institute of Science and Technology (Japan)
  • Lynette Drevin, North West University (South Africa)
  • Jide Edu, University of Strathclyde (UK)
  • Edwin Frauenstein, Walter Sisulu University (South Africa)
  • Diana Freed, Hardvard University (USA)
  • Sepideh Ghanavati, University of Maine (USA)
  • Ryan Gibson, University of Strathclyde (UK)
  • Thomas Gross, Newcastle University (UK)
  • Anne Henning, Karlsruhe Institute of Technology (Germany)
  • Yousra Javed, Illinois State University (USA)
  • Naurin Khan, Riphah International University (Pakistan)
  • Agnieszka Kitkowska, Jönköping university (Sweden)
  • Jingjie Li, University of Edinburgh (UK)
  • Maryam Mehrnezhad, Royal Holloway University of London (UK)
  • Ola Michalec, Bristol University (UK)
  • Mathias Mujinga, University of South Africa (South Africa)
  • Collins Munyendo, The George Washington University (USA)
  • Alaa Nehme, Mississippi State University (USA)
  • James Nicholson, Northumbria University (UK)
  • Emma Nicol, University of Strathclyde (UK)
  • Jan Nold, Ruhr University Bochum (Germany)
  • Anna-Marie Ortloff, University of Bonn (Germany)
  • Simon Parkin, Delft University of Technology (Netherlands)
  • Scott Ruoti, University of Tennessee (USA)
  • Kavous Salehzadeh Niksirat, EPFL (Switzerland)
  • Cigdem Sengul, Brunel University (UK)
  • Raphael Serafini, Ruhr University Bochum (Germany)
  • Madiha Tabassum, Northeastern University (USA)
  • Sotirios Terzis, University of Strathclyde (UK)
  • Daniel Thomas, University of Strathclyde (UK)
  • Christian Tiefenau, University of Bonn (Germany)
  • Jan Tolsdorf, The George Washington University (USA)
  • Christine Utz, Radboud University (Netherlands)
  • Stephan Wiefling, & Vodafone (Germany)
  • Shan Xiao, Gonzaga Uvniversity (USA)
  • Verena Zimmermann, ETH Zürich (Switzerland)

Publication Co-chair

  • Steven Furnell, University of Nottingham (UK)

Publicity Chairs

  • Anastasia Sergeeva, Luxembourg University (Luxembourg)
  • Scott Harper, Newcastle University (UK)

Steering Committee

  • Oksana Kulyk, IT University of Copenhagen (Denmark)
  • Karen Renaud, University of Strathclyde (UK)
  • Peter Mayer, University of Southern Denmark (Denmark)
  • Angela Sasse, Ruhr University Bochum / Ruhr-Universität Bochum (Germany)
  • Melanie Volkamer, Karlsruhe Institute of Technology (Germany)
  • Charles Weir, Lancaster University (UK)

Event Logistics

EuroUSEC 2024 will be held on September 30 and October 1 in Karlstad, Sweden. Discover the perfect synergy of technology, innovation, and tranquility as EuroUSEC 2024 makes its way to the charming city of Karlstad.

Karlstad, located in Värmland County at the meeting point of Scandinavia's longest river, Klarälven, and Europe's largest lake, Vänern, is a city with a rich history dating back to the Viking Age. It was officially recognized as a city in the 16th century by King Charles IX of Sweden, earning its name "Charles's city." Traditionally known for its forest-based industries, Karlstad and Värmland have recently made significant advancements in the IT and technology sectors, including cybersecurity, software development, and IT services. Karlstad University plays a pivotal role in this shift, offering specialized programs and fostering collaboration between academia, industry, and government. This combination of industrial heritage and IT innovation positions Karlstad as an ideal location for hosting conferences like EuroUSEC 2024.

The city's vibrant downtown area, particularly around Stora Torget (the “big square”), is a cultural and social hub featuring dining, entertainment, and historic sites like the Sandgrund Lars Lerin art gallery (which we will visit in the second day of the conference), the Värmland County Museum, and Karlstad Cathedral.

Event location: Eva Erikssonsalen (House 21: 21A 342) at Karlstad University (Directions to KAU)

Travelling to Karlstad : Traveling to Karlstad from Oslo, Gothenburg, and Stockholm offers somewhat similar travel times, making it convenient regardless of your starting airport. From Oslo, the journey involves a train or bus with travel times around 3 to 4 hours. The travel time from Gothenburg and Stockholm to Karlstad is similarly manageable (between 3 and 4 hours). In spite of this, it is important to note that the only direct way to Karlstad is by taking a bus from Arlanda Airport (Stockholm). For the two other airports in Oslo and Gothenburg, you must first travel to the central station in Oslo or Gothenburg, then take the bus or train to Karlstad. As a result of this accessibility, we hope that our participants for EuroUSEC 2024 will be able to choose their preferred travel route based on their needs. Tips: Compared to trains, in Sweden, buses provide better reliability regarding travel times when you have a choice. More information on how to travel to Karlstad.

Traveling within Karlstad : The nearest bus stop to the university is ‘Universitet’ bus station (directly outside House 1 or the main entrance). Regularly, from Stora Torget different buses go to the university bus stop. The bus lines 1, 2 and 3 all go to the university, but no. 1 is the fastest (around 12 minutes) and these depart from Stop Point B in Stora Torget. The simplest way to buy tickets is via the Karlstadsbuss app for iPhone or Android, which is available in English.

Social Contract

To make EuroUSEC as effective as possible for everyone, we ask that all participants commit to our social contract:

  1. Engage and actively participate (to the degree you feel comfortable) with each talk.
  2. Be sure your feedback is constructive, forward-looking, and meaningful.
  3. The usable security & privacy community has earned a reputation for being inclusive and welcoming to newcomers; please keep it that way.
  4. We encourage attendees to aim to meet at least three new people from this year's EuroUSEC. The meal breaks and the participatory activity are the perfect opportunities for this.
  5. We strongly encourage tweeting under the hashtag "#EuroUSEC2024" and otherwise spreading the word about work you find exciting at EuroUSEC. However, please do not record EuroUSEC itself or further distribute comments made on our Slack instance.
  6. EuroUSEC 2024 follows the USABLE events Code of Conduct.