This schedule is subject to change. Please check back frequently.
| Week | Date | ACTION ITEMS |
Tentative Topics | Readings and Videos |
Remarks |
|---|---|---|---|---|---|
| Week 1 | 1/9 | -- |
Course Introduction : Logistics
why do we need usable security and privacy Debate -- contact tracing: privacy nightmare or survival strategy or neither? [Slide] |
-- |
None |
| Week 2 | 7/9 | Introduction to
security, privacy, usability Introduction to security; Introduction to privacy; Introduction to usability; Why is usability hard? [Slide 1] [Slide 2] [Slide 3] |
Required
reading
1."A Summary of Computer
Misuse Techniques," by Peter G. Neumann and Donn B.
Parker, from the 12th National Computer Security
Conference, 1989 (page 396 of this report)2. Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA, N. Apthorpe, S. Varghese, N. Feamster, USENIX Security Symposium, 2019 Additional reading 3. Chapters 1.1 and 1.6 of Computer Security and the Internet: Tools and Jewels 4. Chapters 1 and 2 of Usable Security: History, Themes, and Challenges |
||
| 8/9 | |||||
| 9/9 | |||||
| Week 3 |
14/9 | Doubt clearing session |
What started it
all: usable encryption aka the "Johnny" papers Traditional techniques to measure usability of secure/private systems Research questions, surveys, interviews, focus Groups, diary Studies, How to create questions Biases/confounds to avoid while designing studies [Slide 1] [Slide 2] |
Required reading 1. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0., A. Whitten and J.D. Tygar. Proceedings of USENIX Security 1999. Additional reading 2. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers, E. Redmilles, Y. Acar, S. Fahl and M. Mazurek, Tech report, UMD 3. Likert scale examples, Source: Vagias, Wade M. (2006). “Likert-type scale response anchors. Clemson International Institute for Tourism & Research Development, Department of Parks, Recreation and Tourism Management. Clemson University |
|
| 15/9 | |||||
| 16/9 | |||||
| Week 4 |
21/9 | Doubt clearing session | Case study:
preserving privacy of social content The problem of "privacy in public" The era of big data: Large-scale internet measurement to understand usability Case study: Usability of Social Access Control Lists. Shortcoming of this approach [Slide] |
Required reading 1. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Acquisti and Gross, PETS’06 2. Quantifying the Invisible Audience in Social Networks, Bernstein et. al., CHI’2013 3. Privacy Wizards for Social Networking Sites, Fang et. al., WWW'2010 Additional reading 4. Information Revelation and Privacy in Online Social Networks, Acquisti and Gross, WPES’05 5. Understanding and Specifying Social Access Control Lists, Mondal et. al. SOUPS’14 6. Analyzing Facebook Privacy Settings: User Expectations vs. Reality, Liu et al. , IMC’2011 7. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook, Stutzman, Gross and Acquisti, Journal of Privacy and Confidentiality, 2012 |
|
| 22/9 | |||||
| 23/9 | TBA | ||||
| Week 5 |
28/9 | Doubt clearing session | Designing
ethical experiments Case study: Social Engineering and Phishing attacks Techniques of analyzing qualitative data I Coding techniques [Slide] |
Required reading 1. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research, August 2012 2. Social Phising, Jagatic et al., CACM'05 Additional reading 3. The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P’07 4. Computer Security and Privacy for Refugees in the United States, Simko et al., IEEE S&P’18 5. Why Phishing Works, Dhamija et al., CHI'06 |
|
| 29/9 | TBA |
||||
| 30/9 | TBA | ||||
| Week 6 |
5/10 | Doubt clearing session | Techniques
of analyzing qualitative data II inter-coder reliability Collecting and analyzing quantitative (survey) data with statistics I Introduction to statistics [Slide] |
Required reading A Painless guide to Statistics (READ IT CAREFULLY) Additional reading 4. Current Topics in Media Computing and HCI (Another introduction to hypothesis testing). RWTH Aachen. |
|
| 6/10 | TBA | ||||
| 7/10 | TBA | ||||
| Week 7 |
12/10 | Doubt clearing session | Collecting
and analyzing quantitative (survey) data with statistics II Hypothesis testing Case study: Longitudinal data management in cloud storage Identity and Authentication I Usability of TLS/PKI [Slide 1] [Slide 2] |
Required reading 1. Basic Statistical Test Flow Chart 2. Choosing the correct statistical test made easy 3. Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage, Khan et al., CHI 2018 4. Rethinking Connection Security Indicators, Felt et al., SOUPS'16 Additional reading 5. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, Soghoian et al., FC'11 |
|
| 13/10 | TBA | ||||
| 14/10 | TBA | ||||
| Week 8 |
19/10 | Doubt clearing session | Identity and
Authentication II Usability of TLS/PKI, Passwords Usability of two/multi factor authentication [Slide] |
Additional reading 1. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks, Melicher, et al., Usenix Security'16 |
|
| 20/10 | TBA | ||||
| 21/10 | TBA | ||||
| Week 9 |
26/10 | -- | -- Holiday, No class -- |
-- |
|
| 27/10 | -- | ||||
| 28/10 | -- | ||||
| Week 10 |
2/11 | Doubt clearing session | Usability
for developers (or how do the developers make security mistakes): Curious case of cryptography Libraries Online tracking: Security and privacy concerns [Slide] |
Required reading 1. Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing, Weinshel et al. , CCS’19 |
|
| 3/11 | TBA | ||||
| 4/11 | TBA | ||||
| Week 11 |
9/11 | Doubt clearing session | Ensuring
retrospective and longitudinal Privacy of Digital Archives Temporal aspect of privacy; deletion privacy Security/Privacy policies and notices The power of Privacy Notice and Choice Privacy Policies Dark patterns [Slide 1] [Slide 2] |
Required reading 1. Forgetting in Social Media: Understanding and Controlling Longitudinal Exposure of Socially Shared Data, Mondal et al. , SOUPS’16 2. Lethe: Conceal Content Deletion from Persistent Observers, Minaei et al., PoPETS'19 3. Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media, Mondal et al., CCS'19 |
|
| 10/11 | TBA | ||||
| 11/11 | TBA | ||||
| Week 12 | 16/11 | Doubt clearing session | Operationalizing
data privacy regulations Case study: GDPR privacy policies Inclusive security and privacy Understanding security and privacy concerns of under-represented communities [Slide] |
|
|
| 17/11 | TBA | ||||
| 18/11 | -- | ||||