SOUPS 2024 Call for Papers

The Twentieth Symposium on Usable Privacy and Security (SOUPS 2024)
will take place August 11-13, 2024, and will be co-located with the
33rd USENIX Security Symposium in Philadelphia, PA, USA.

In cooperation with USENIX, the Advanced Computing Systems Association

Important Dates

All dates are at 23:59 AoE (Anywhere on Earth) time. These are firm
deadlines; no extensions will be granted.

    Mandatory Paper Registration Deadline: Thursday, February 8, 2024
    Paper Submission Deadline: Thursday, February 15, 2024
    Early Rejection Notification: Thursday, March 21, 2024
    Author Response Period: Thursday, April 18–Thursday, April 25, 2024
    Paper Notifications: Monday, May 13, 2024
    Camera Ready Deadline: Monday, June 10, 2024

Symposium Organizers
General Co-Chairs
Patrick Gage Kelley, Google
Apu Kapadia, Indiana University Bloomington
Technical Papers Co-Chairs
Katharina Krombholz, CISPA Helmholtz Center for Information Security
Mainack Mondal, IIT Kharagpur
Technical Papers Committee
Svetlana Abramova, University of Innsbruck
Taslima Akter, University of California, Irvine
Nalin Asanka Gamagedara Arachchilage, The University of Auckland
Hala Assal, Carleton University
Adam J. Aviv, The George Washington University
Alexandru Bardas, University of Kansas
Lujo Bauer, Carnegie Mellon University
Eleanor Birrell, Pomona College
Kevin Butler, University of Florida
Joe Calandrino, Federal Trade Commission
Sonia Chiasson, Carleton University
Camille Cobb, University of Illinois Urbana–Champaign
Lynne Coventry, Northumbria University
Sauvik Das, Carnegie Mellon University
Sascha Fahl, CISPA Helmholtz Center for Information Security
Cori Faklaris, University of North Carolina at Charlotte
Yuanyuan Feng, University of Vermont
Carrie Gates, Bank of America
Maximilian Golla, CISPA Helmholtz Center for Information Security
Julie Haney, National Institute of Standards and Technology
Jun Ho, Huh, Samsung Research
Bailey Kacsmar, University of Alberta
Hassan Khan, University of Guelph
Doowon Kim, University of Tennessee
Hyoungshick Kim, Sungkyunkwan University
Bart Knijnenburg, Clemson University
Maina Korir, University of Suffolk
Heather Lipford, University of North Carolina at Charlotte
Sana Maqsood, York University
Karola Marky, Ruhr University Bochum
Abigail Marsh, Macalester College
Peter Mayer, University of Southern Denmark
Michelle Mazurek, University of Maryland
Susan E. McGregor, Data Science Institute and Columbia University
Imani Munyaka, University of California, San Diego
Alena Naiakshina, Ruhr University Bochum
Simon Parkin, Delft University of Technology
Irwin Reyes, Two Six Technologies
Joshua Reynolds, New Mexico State University
Scott Ruoti, University of Tennessee
Florian Schaub, University of Michigan
Kent Seamons, Brigham Young University
Elizabeth Stobert, Carleton University
Jose Such, King's College London and Universitat Politecnica de Valencia
Zhibo (Eric) Sun, Drexel University
Nida ul Habib Bajwa, Saarland University
Kami Vaniea, University of Waterloo
Emanuel von, Zezschwitz, Google
Josephine Wolff, Tufts University Fletcher School
Yaxing Yao, Virginia Tech
Daniel Zappala, Brigham Young University
Yixin Zou, Max Planck Institute for Security and Privacy
Mary Ellen Zurko, MIT Lincoln Laboratory
Invited Talks Chair
Heather Lipford, University of North Carolina at Charlotte
Lightning Talks and Demos Co-Chairs
Taslima Akter, University of California Irvine
Alexandru Bardas, University of Kansas
Lightning Talks and Demos Junior Co-Chair
Eva Gerlitz, Fraunhofer FKIE
Karat Award Chair
Emilee Rader, University of Wisconsin—Madison
Posters Co-Chairs
Kovila P.L. Coopamootoo, King's College London
Joshua Reynolds, New Mexico State University
Posters Junior Co-Chair
Sophie Stephenson, University of Wisconsin—Madison
Tutorials and Workshops Co-Chairs
Kelsey Fulton, Colorado School of Mines
Daniel Votipka, Tufts University
Tutorials and Workshops Junior Co-Chair
Sabrina Amft, CISPA Helmholtz Center for Information Security
Mentoring Co-Chairs
Sauvik Das, Carnegie Mellon University
Sana Maqsood, York University
Mentoring Junior Co-Chairs
Nicholas Huaman, Leibniz University Hannover
Tanusree Sharma, University of Illinois at Urbana–Champaign
Publicity Co-Chairs
Yaxing Yao, Virginia Tech
Yixin Zou, Max Planck Institute Planck Institute
Email List Chair
Lorrie Faith Cranor, Carnegie Mellon University
Accessibility Chair
Liz Markel, USENIX Association
USENIX Liaison
Casey Henderson-Ross, USENIX Association

The 2024 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners
in human computer interaction, security, and privacy. The program will
    Technical papers, including replication papers and systematization
       of knowledge papers
    Workshops and tutorials
    A poster session
    Lightning talks

Technical Papers

We invite authors to submit previously unpublished papers describing
research or experience in all areas of usable privacy and security. We
welcome a variety of research methods, including both qualitative and
quantitative approaches. Papers will be judged on their scientific
quality, overall quality, and contribution to the field. Topics
include, but are not limited to:

    Innovative security or privacy functionality and design
    Field studies of security or privacy technology
    Usability evaluations of new or existing security or privacy features
    Security testing of new or existing usability features
    Longitudinal studies of deployed security or privacy features
    Studies of administrators or developers and support for security and privacy

    Organizational policy or procurement decisions and their impact on
      security and privacy
    Lessons learned from the deployment and use of usable privacy and
      security features
    Foundational principles of usable security or privacy
    Ethical, psychological, sociological, or anthropological aspects
      of usable security and privacy
    Usable security and privacy implications/solutions for specific
      domains (e.g., IoT, medical, vulnerable populations)
    Replicating or extending important previously published studies
      and experiments
    Systematization of knowledge papers that integrate and systematize
    existing knowledge to provide new insight into a previously
    studied area

Paper Registration: Technical papers must be registered by February 8,
2024. Registration is mandatory for all papers. Registering a paper in
the submission system requires filling out all the fields of the
online form that describe the submission, but does not require
uploading a PDF of the paper. This information must describe the paper
accurately, in sufficient detail to assign appropriate
reviewers. Placeholder, incomplete, or inaccurate titles and abstracts
may result in rejection without review.

Paper Submission: Technical papers must be uploaded as PDFs by
February 15, 2024 (but note the mandatory February 8 registration
deadline above). All submissions must follow the guidelines described
below. Submissions that violate any of the requirements below may be
rejected without review.

Contact the program chairs prior to submission at if you have any questions about these

Format and Page Limits: Papers must use the SOUPS formatting template
(available for MS Word or LaTeX) and be submitted as a PDF via the web
submission system. Submissions must be no more than 12 pages
(excluding acknowledgments, bibliography, and appendices). For the
body of your paper, brevity is appreciated, as evidenced by the fact
that many published papers in prior years have been well under this

Submissions may include as many additional pages as needed for
references and for supplementary material in appendices. The paper
should stand alone without the supplementary material. We encourage
authors to use the appendices for content that is peripheral to the
main contributions of the paper but that may interest some readers or
that may facilitate replication. Note that members of the program
committee are free to not read this material when reviewing the
paper. Camera-ready versions of accepted papers have an official limit
of 12 pages (excluding acknowledgments, bibliography, and appendices)
and 20 pages total including references and appendices. The program
committee chairs will grant any extension they determine reasonable to
accommodate references and supplemental material.

Paper Content: Papers need to describe the purpose and goals of the
work, cite related work, show how the work effectively integrates
usability or human factors with security or privacy, and clearly
indicate the innovative aspects of the work or lessons learned as well
as the contribution of the work to the field. The paper abstracts
should contain a sentence summarizing the contribution to the field
and literature.

All submissions must clearly relate to the human aspects of security
or privacy. Papers on security or privacy that do not address
usability or human factors will not be considered. Likewise, papers on
usability or human factors that do not address security or privacy
will not be considered. The determination of whether a paper is within
scope will be solely at the discretion of the program committee

Your paper and research approach—including research instruments—should
be inclusive and respectful. A variety of guidance exists on this
topic. Please be sure to follow guidance on language use from the
USENIX statement on racism and Black, African-American, and African
Diaspora inclusion.

Systematization of Knowledge Papers: We are soliciting Systematization
of Knowledge (SoK) papers that integrate and systematize existing
knowledge to provide new insight into a previously studied area of
usable security or privacy. SoK papers should draw on prior work to
put forth a new taxonomy, argument, or observation in an area in which
substantial work has already been done. SoK papers should be more than
a survey or summary of prior work in an area. SoK papers will be held
to the same scientific and presentation standards as other technical
papers. Please prefix the title of these papers with "SoK:" and check
the SoK checkbox on the submission form to flag them for the review

Replication Papers: In addition to original work, we are soliciting
well-executed replication studies that meaningfully confirm, question,
or clarify the result under consideration. Please prefix the title of
these papers with the word "Replication:" for the review process.

Replication papers should aim to replicate important/influential
findings from the literature. They may not necessarily offer new or
unexpected findings; papers confirming previous findings are also
considered contributions. Replication of a result that has already
been replicated many times is less valuable. Replication of an obscure
study that originally had only minimal influence on the community is
less valuable. Authors should clearly state why they conducted a
replication study, describe the methodological differences precisely,
and compare their findings with the results from the original study.

Replication papers will be held to the same scientific standards as
other technical papers. They should use currently accepted
methodologies and technologies. Authors should not reuse outdated
methods/technologies simply because they were used in the original
paper. Replications may follow the same protocol as the original
study, or may vary one or more key variables to see whether the result
is extensible (e.g., re-running a study with a sample from a different

Anonymous Submission: Reviewing is anonymous. No names or affiliations
should appear on the title page or in the body of the paper,
acknowledgments should be removed, and papers should avoid revealing
the authors' identities in the text (e.g., don't name a specific
organization's ethics review board or similar) or in the PDF
metadata. Any references to the authors' own work should be made in
the third person, as if it was work by someone else. Appendices and
figures should also be de-identified (e.g., do not leave logos or
contact info on study materials, and remove identifying URLs from
screenshots). Please ensure all author names, affiliations, URLs,
etc. have been removed; even minor mistakes may result in rejection
without review. Contact the program chairs at
if you have any questions.

Overlap with Previous Papers: USENIX policy prohibits simultaneous
submission of the same work to multiple venues, submission of
previously published work, and plagiarism. SOUPS further prohibits the
submission of substantially similar work to multiple venues. On the
recommendation of a program chair, USENIX may take action against
authors who have committed these practices. Any overlap between your
submitted paper and other work either under submission, previously
published, or submitted elsewhere before the SOUPS notification
deadline must be documented in an explanatory note sent to the
chairs. If a subsequent overlapping submission is made during the
review process, the chairs should be notified. State precisely how the
two works differ in their goals, share experiments or data sources,
and offer unique contributions. If the other work is under submission
elsewhere, the program committee may ask to review that work to
evaluate the overlap. Please note that program committees frequently
share information about papers under review and reviewers usually work
on multiple conferences simultaneously. Technical reports, e.g., arXiv
reports, are exempt from this rule. If in doubt, please contact the
program chairs at for advice.

Self-plagiarism includes verbatim or near-verbatim use of one's own
published work without citing the original source, and is generally
not acceptable. In some cases, it may be acceptable to include a brief
portion of selected content from the introduction, background, related
work, or methods of a closely related paper. In these cases, the
original paper must be explicitly referenced and the overlap should be
clear to the reader. The reused content must not be part of the main
contributions of the paper and, where possible, rewriting the text is
preferred. Papers with significant text reuse may be rejected because
of too much overlap. If in doubt, please contact the program chairs at for advice.

Appendices: Authors may attach to their paper supplementary appendices
containing study materials (e.g., survey instruments, interview
guides, etc.) that would not otherwise fit within the body of the
paper. These appendices may also include any material that could
assist reviewers with questions that fall outside the stated
contribution of your paper on which your work is to be
evaluated. Appendices can include links (e.g. to a working prototype
or source code repository or data repository); please include full
links (not shortened ones), and try to use long-term archives like or Dataverse for online appendices. Reviewers are not required
to read any appendices, so your paper should be self contained without
them. We note that in recent years, inclusion of study materials as
appendices has become very common, and reviewers may choose to refer
to appendices for clarification or confirmation. Accepted papers will
be published online with their supplementary appendices included.

Conflicts of Interest: The submission system will request information
about conflicts of interest between the paper's authors and program
committee (PC) members, including a brief explanation. It is the full
responsibility of all authors of a paper to identify their potential
conflict-of-interest PC members, according to the following
definition. A paper author has a conflict of interest with a PC member
when one or more of the following conditions holds:

    The PC member shared an institutional affiliation with the author
      in the prior two years.
    The PC member was the advisor or advisee of the author at any time.

    The PC member has collaborated or published with the author in the
      prior two years.
    The PC member is serving as the sponsor or administrator of a
      grant that funds the author's research.
    The PC member is a close personal friend or relative of the author.

We recognize that special circumstances may exist, such as deep
personal animosity. If you have any questions or concerns, please
contact the program chairs at

Ethical Research: User studies should follow the basic principles of
ethical research, including beneficence (maximizing the benefits to an
individual or to society while minimizing harm to the individual),
minimal risk (appropriateness of the risk versus benefit ratio),
voluntary consent, respect for privacy, and limited deception. Studies
that rely on crowdworkers can incur additional ethical obligations,
including but not limited to paying a fair wage. If images of
participants are included in the paper, make sure that these images
will not create potential risk for participants and that the informed
consent covers potential publication of participant images.

All papers, especially those with human subjects studies, are expected
to discuss ethical considerations. Risks and benefits of the presented
research should be weighed. Methodological decisions should be
justified. Authors may be asked to provide additional explanations
should questions arise during the review process.

If your organization or institution requires formal clearance for
research with human subjects, your paper may be rejected if clearance
is not obtained. However, such clearance alone does not guarantee
acceptance, and the program committee may reject a paper on ethical

Early Rejections: Papers that receive substantially negative initial
reviews will be rejected early. The authors of early-rejected papers,
and only such papers, will receive a copy of their initial reviews. At
this point, papers are no longer considered under submission (except
if authors appeal).

Authors who substantively disagree with the reviews can appeal to the
program committee chairs. Authors' appeals must clearly and explicitly
identify concrete disagreements with factual statements in the initial
reviews. Appealing a submission that was rejected early will keep it
under consideration, and it cannot be withdrawn or resubmitted
elsewhere until the final notification of acceptance or rejection.

Response: A response period will occur after the second round of
reviews. Authors will be given a chance to see reviews, and they may
provide a short response that will be considered in subsequent
discussions. Due to time constraints, the response period is fairly
short. Please ensure that you reserve enough time between April 18 and
25 for the response process. Late responses will not be accepted.

Presentation: For accepted papers, we require at least one of the
paper authors to attend the conference and present the work. However,
in exceptional cases, authors of accepted papers may present remotely
with permission from the PC Co-Chairs. If you have any questions,
please contact the program chairs at

* Overlap with Previous Papers policy adapted from USENIX Security 2021
* Conflict of Interest policy adapted from USENIX Security 2020
* Early Rejection policy adapted from IEEE Symposium on Security and
  Privacy 2017
* Replication papers description adapted from Elsevier Journal of
  Molecular and Cellular Cardiology
* SoK papers description adapted from IEEE Symposium on Security and
  Privacy 2018