| 2015 | "If you were attacked, you'd be sorry": Counterfactuals as security arguments. Cormac Herley, Wolter Pieters |
| 2015 | Bridging the Trust Gap: Integrating Models of Behavior and Perception. Raquel Hill, Devan Ray Donaldson |
| 2015 | Choose Your Own Authentication. Alain Forget, Sonia Chiasson, Robert Biddle |
| 2015 | Employee Rule Breakers, Excuse Makers and Security Champions: : Mapping the risk perceptions and emotions that drive security behaviors. Odette Beris, Adam Beautement, M. Angela Sasse |
| 2015 | Examining the Contribution of Critical Visualisation to Information Security. Peter Hall, Claude Heath, Lizzie Coles-Kemp, Axel Tanner |
| 2015 | Exploiting the Physical Environment for Securing the Internet of Things. Christian T. Zenger, Jan Zimmer, Mario Pietersz, Jan-Felix Posielek, Christof Paar |
| 2015 | Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security. Zinaida Benenson, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Sven Uebelacker |
| 2015 | Milware: Identification and Implications of State Authored Malicious Software. Trey Herr, Eric Armbrust |
| 2015 | Peace vs. Privacy: Leveraging Conflicting Jurisdictions for Email Security. Mohammad Mannan, Arash Shahkar, Atieh Saberi Pirouz, Vladimir Rabotka |
| 2015 | Proceedings of the 2015 New Security Paradigms Workshop, NSPW 2015, Twente, The Netherlands, September 8-11, 2015 Anil Somayaji, Paul C. van Oorschot, Mohammad Mannan, Rainer Böhme |
| 2015 | The Myth of the Average User: Improving Privacy and Security Systems through Individualization. Serge Egelman, Eyal Péer |
| 2015 | Towards Managed Role Explosion. Aaron Elliott, Scott Knight |
| 2015 | WebSheets: Web Applications for Non-Programmers. Riccardo Pelizzi, R. Sekar |