This schedule is subject to change. Please check back frequently.
| Week | Date | ACTION ITEMS |
Tentative Topics | Readings and Videos |
Remarks |
|---|---|---|---|---|---|
| Week 1 | 10/8 | Course Introduction : Logistics
why do we need usable security and privacy Debate -- Does data privacy matter to Indian users? Are they doing anything about it? [Slides] |
|||
| Week 2 | 16/8 |
Introduction to
security, privacy, usability Introduction to security; Introduction to privacy; Introduction to usability; Why is usability hard? [Slides 1] [Slides 2] [Slides 3] |
Required
reading
1. Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA, N. Apthorpe, S. Varghese, N. Feamster, USENIX Security Symposium, 2019 Additional reading 2. "A Summary of Computer Misuse Techniques," by Peter G. Neumann and Donn B. Parker, from the 12th National Computer Security Conference, 1989 (page 396 of this report) 3. Chapters 1 and 2 of Usable Security: History, Themes, and Challenges |
||
| 17/8 |
|||||
| Week 3 |
23/8 |
-- see above -- |
-- see above -- |
||
| 24/8 |
|||||
| Week 4 |
30/8 |
What started
it all: usable encryption aka the "Johnny" papers Traditional techniques to measure usability of secure/private systems Research questions, surveys, interviews, focus Groups, diary Studies How to create questions Biases/confounds to avoid while designing studies [Slides 1] [Slides 2] |
Required reading 1. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0., A. Whitten and J.D. Tygar. Proceedings of USENIX Security 1999. Additional reading 2. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers, E. Redmilles, Y. Acar, S. Fahl and M. Mazurek, Tech report, UMD 3. Likert scale examples, Source: Vagias, Wade M. (2006). “Likert-type scale response anchors. Clemson International Institute for Tourism & Research Development, Department of Parks, Recreation and Tourism Management. Clemson University |
||
| 31/8 |
|||||
| Week 5 |
6/9 |
Social Privacy Case study: preserving privacy of social content The problem of "privacy in public" The era of big data: Large-scale internet measurement to understand usability Case study: Usability of Social Access Control Lists. Shortcoming of this approach [Slides] |
Required reading 1. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Acquisti and Gross, PETS’06 2. Quantifying the Invisible Audience in Social Networks, Bernstein et. al., CHI’2013 3. Privacy Wizards for Social Networking Sites, Fang et. al., WWW'2010 Additional reading 4. Information Revelation and Privacy in Online Social Networks, Acquisti and Gross, WPES’05 5. Understanding and Specifying Social Access Control Lists, Mondal et. al. SOUPS’14 6. Analyzing Facebook Privacy Settings: User Expectations vs. Reality, Liu et al. , IMC’2011 7. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook, Stutzman, Gross and Acquisti, Journal of Privacy and Confidentiality, 2012 |
||
| 7/9 |
TEST 1 |
||||
| Week 6 |
13/9 |
- do - |
- do - |
||
| 14/9 |
|||||
| Week 7 |
20/9 | Designing ethical experiments Case study: Social Engineering and Phishing attacks [Slides] |
Required reading 1. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research, August 2012 2. Social Phising, Jagatic et al., CACM'05 3. Consent form template: https://sbsirb.uchicago.edu/templates/ 4. Recruitment: https://www.irb.northwestern.edu/recruitment-materials-and-guidelines/ 5. IRB application form template: https://www.irb.northwestern.edu/files/2021/07/Social-Behavioral-Protocol-PROTOCOL-583.docx Additional reading 5. The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P’07 6. Computer Security and Privacy for Refugees in the United States, Simko et al., IEEE S&P’18 7. Why Phishing Works, Dhamija et al., CHI'06 |
||
| 21/9 |
|||||
| Week 8 |
27/9 | Techniques of analyzing qualitative data I Coding/labeling text data inter-coder reliability [Slides] |
|
||
| 28/9 | |||||
| Week 9 |
4/10 | Collecting and analyzing quantitative (survey) data with statistics Introduction to statistics Hypothesis testing Case study: Longitudinal data management in cloud storage [Slides] [Slides] |
Required reading 1. Basic Statistical Test Flow Chart 2. Choosing the correct statistical test made easy 3. Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage, Khan et al., CHI 2018 Additional reading 4. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, Soghoian et al., FC'11 |
||
| 5/10 | TEST 2 |
||||
| Week 10 |
11/10 | -- Holiday -- |
|
||
| Week 11 |
18/10 | Identity and Authentication I Usability of TLS/PKI Identity and Authentication II Passwords Usability of two/multi factor authentication [Slides] |
Required reading
4. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks, Melicher, et al., Usenix Security'16 |
||
| Week 12 | 25/10 | - do - |
|
||
| 26/10 | |||||
| Week 13 | 1/11 | Usability for developers (or how do the developers make security mistakes): Curious case of cryptography Libraries Online tracking: Security and privacy concerns who is watching you when you surf and why is it a problem [Slides] |
Required reading
Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing, Weinshel et al. , CCS’19 |
||
| 2/11 | |||||
| Week 14 | 8/11 | Ensuring retrospective and longitudinal privacy of digital archives Temporal aspect of privacy; deletion privacy Security/Privacy policies and notices The power of Privacy Notice and Choice Privacy Policies Dark patterns [Slides] [Slides] |
Required
reading 1. Forgetting in Social Media: Understanding and Controlling Longitudinal Exposure of Socially Shared Data, Mondal et al. , SOUPS’16 2. Lethe: Conceal Content Deletion from Persistent Observers, Minaei et al., PoPETS'19 3. Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media, Mondal et al., CCS'19 |
||
| 9/11 | |||||
| Week 15 | 15/11 | Doubt clearing session for exam |
Operationalizing data privacy regulations Case study: GDPR Cookie consent banner choices: The good, the bad and the binary |
|
|
| 16/11 |
TEST 3 |
||||