2022 Workshop on Human Centric Software Engineering and Cyber Security

The 2022 Workshop on Human-Centric Software Engineering & Cyber Security (HCSE&CS-2022) will be co-hosted with the 37th IEEE/ACM International Conference on Automated Software Engineering from Mon 10 – Fri 14 October 2022.

Update: Authors of top-quality papers will be invited to submit their extended article to a Special Issue on Human-centered Collaborative Systems at IEEE SYSTEMS, MAN, AND CYBERNETICS MAGAZINE

Call For Papers

Humans are a key part of software development as the creators, designers, coders, testers, end users and occasional abusers of software systems including cyber security systems. While most current software engineering research and practices are function, data or process oriented, human-centric software engineering focuses on the human factors in engineering software systems. Following the success of the first and second editions at ASE 2020 and ASE 2021, the 3rd International Workshop on Human-Centric Software Engineering and Cyber Security will continue its aim to bring together researchers and practitioners to continue the discussion on fundamentally new ways to systematically capture and use human-centric software requirements during software development and verify that systems meet these requirements. At present, there are major issues with misaligned software applications related to human factors, such as accessibility, usability, emotions, personality, age, gender, and culture. This workshop serves as the ideal venue to share research ideas and outcomes on requirements, enhanced theory, models, tools, and capability for next-generation human-centric software engineering aiming to achieve significant benefits of greatly improved software quality and user experience, developer productivity and cost savings.

The increased attention on a human-centric design in software engineering is the focus of contemporary research in cyber security. Particularly, the focus is shifting towards embedding human behaviour and cognitive perception to ensure a fully human-centric cyber security solution that not only protects humans from the harmful aftereffects of cyber security events but does so in unison with human thinking and behavioural patterns. In this workshop, we solicit recent research works in the field of human-centric cyber security engineering.

This workshop solicits papers on all topics related to human-centric software engineering and cyber security, including, but not limited to:

  • Impact of human factors on development processes and software teams
  • Human factors considerations for engineers and developers
  • Incorporating human factors into requirements and design e.g., emotions, bias, personality, and culture
  • Human-centric modelling tools
  • Human-centric requirements engineering
  • Human-centric methodologies and practices
  • Context-awareness in human-centric software (and systems) engineering
  • Proactive help for modellers/designers/engineers e.g., design critics
  • Human-centric applications of emerging technologies
  • Accessible and usable cyber security
  • Usable security/privacy evaluation of existing and/or proposed solutions
  • Mental models that contribute to, or inform security and privacy design and deployment
  • Human-centric design patterns
  • In-the-wild observation of security and privacy behaviour studies
  • Tools and models for capturing and interpreting user behaviours
  • Software applications that demonstrate the practice of human-centric software engineering
  • Cyber security studies in developing countries
  • Case studies on insider whistleblowing
  • Systematization of knowledge papers that integrate and systematize existing knowledge on human-centric software engineering and/or cyber security
  • Replicating or extending previously published studies and experiments on human-centric security

Systematization of Knowledge: We solicit Systematization of Knowledge (SoK) that evaluate, systematize, and contextualize existing knowledge on human-centric software engineering and cyber security. SoK papers should provide a new argument, observation, viewpoint or taxonomy in an established research topic. They should be more than a survey or summary of prior work and provide new insights that can benefit our research community. The paper titles should be prefixed with “SoK:”

Replication Studies: In addition to original work, we also solicit replication studies that replicate important/influential findings from the literature. Authors should clearly state the purpose of conducting the replication study, precisely describe the methodological differences, and compare the findings with the results from the original study.

Submission Process: All submissions must be in PDF format and conform, at time of submission, to the ACM Proceedings Template. Submissions must be no more than 8 pages (including acknowledgments, bibliography, and appendices). All accepted contributions will be published in the conference electronic proceedings. At least one author needs to present their paper during the workshop.

Anonymous Submission: HCSE&CS 2022 will employ a double-anonymous review process. Submissions should not include author names or affiliations anywhere in the paper including the title page, body of the paper, and the acknowledgements. References to the authors’ own work should only be made in third person.

Ethical Research: Authors are encouraged to provide an explanation of how they have following ethical principles when conducting their studies. They may be asked to provide such an explanation should questions arise during the review process.

Submission Site:

Submissions have now been finalized and accepted papers will be published as part of the IEEE/ACM ASE 2022 proceedings

Important Dates:

  • Workshop Date: Fri 14 Oct 2022


For up-to-date registration information, please visit https://conf.researchr.org/attending/ase-2022/registration


Time (AEDT) Session Details
22:30-23:20OpeningMohan Baruwal Chhetri/Xiao Liu
KeynoteProf Ali Babar, University of Adelaide, Australia

Title: Privacy Engineering: Enabling Mobility of Mental Health Services with Data Protection

Abstract: Ease of access and reduced wait time coupled with COVID-19 restrictions have resulted in unprecedented demand/use of mobile based mental health services, mHealth. At the same time, there are increased concerns about data privacy risks stimulating questions like “Are Apps Enabling Mobility of Mental Health Services with Data Protection”? However, there is relatively little empirically known about the data privacy issues that may exist in mHealth apps, whose users can be particularly vulnerable. This talk will share the motivation, methodological details and key findings of our research aimed at systematically identifying and understanding data privacy incorporated in mHealth Apps. This talk will enumerate the approaches used for in- depth privacy analysis of 27 apps and what we found. I’ll show how we mapped the findings to the LINDDUN threat taxonomy for ease of understandability of the identified issues such as unnecessary permissions, insecure cryptography implementations and leaks of personal data and credentials in logs and web requests. The talk will end with a few recommendations for different stakeholders of mHealth apps in general and apps developers in particular.

Bio: M. Ali Babar is a Professor in the School of Computer Science, University of Adelaide. He leads a theme on architecture and platform for security as service in CyberSecurity Cooperative Research Centre. Prof Babar has established an interdisciplinary research centre called CREST (Centre for Research on Engineering Software Technologies), where he directs the research, education, and engineering activities of more than 25 researchers and engineers. Prof Babar has attracted more than $12 Millions dollar cash funding from industry/government since 2017. Professor Babar has authored/co-authored more than 270 peer-reviewed research papers at premier Software journals and conferences. Professor Babar obtained a Ph.D. in Computer Science and Engineering from the school of computer science and engineering of University of New South Wales, Australia.
23:20-00:00Session 1
(20 mins per paper)
Towards Improving the Adoption and Usage of National Digital Identity SystemsMalyun Hilowle (Deakin University), William Yeoh (Deakin University), Marthie Grobler (CSIRO Data61), Graeme Pye (Deakin University), Frank Jiang (Deakin University)

Dancing, not Wrestling: Moving from Compliance to Concordance for Secure Software DevelopmentDebi Ashenden (University of Adelaide), Gail Ollis (University of Portsmouth), Iain Reid (University of Portsmouth)
00:30-01:50Session 2
(20 mins per paper)
Session Chair: Marthie Grobler

Do Regional Variations Affect the CAPTCHA User Experience? A Comparison of CAPTCHAs in China and the United StatesXinyao Ma (Indiana University Bloomington), Zaiqiao Ye (Indiana University Bloomington), Sameer Patil (University of Utah)

Simulating cyber security management: A gamified approach to executive decision making, Adam Tonkin (Fivecast), William Kosasih (The University of Adelaide), Marthie Grobler (CSIRO’s Data61), Mehwish Nasim (The University of Western Australia)

Towards the Integration of Human Factors in Collaborative Decision Making for Secure Architecture Design, Jason Jaskolka (Department of Systems and Computer Engineering, Carleton University, Canada, Brahim HAMID (IRIT, University of Toulouse, France)

Intelligent Code Review Assignment for Large Scale Open Source Software StacksIshan Aryendu (Stevens Institute of Technology), Ying Wang (Stevens Institute of Technology), Farah Elkourdi (Stevens Institute of Technology), Eman Abdullah AlOmar (Stevens Institute of Technology)

Organising Committee:

  • Mohan Baruwal Chhetri, CSIRO’s Data61, Australia
  • Xiao Liu, Deakin University, Australia
  • Marthie Grobler, CSIRO’s Data61, Australia
  • Thuong Hoang, Deakin University, Australia
  • Karen Renaud, University of Strathclyde, United Kingdom
  • Jennifer McIntosh, Monash University, Australia