All secure and privacy-preserving systems are ultimately used
by humans, who might or might not understand the intended usage
of these systems. In fact, often users are the “last line of
defense” in securing a system and if the systems are not
designed keeping user mental model and their background
knowledge in mind, that can lead to system misuse and consequent
security and privacy disasters. Thus, only designing secure and
private systems are not enough, we need to design secure and
private systems keeping usability in mind. In other words, we
need to understand the user expectation from the systems and
incorporate this understanding in system design.
This course will focus on how to design for security and
privacy in systems using a user-centric view. We will combine
concepts from computer systems, human computer interaction (HCI)
and secure/private system design. We will introduce core
security and privacy technologies, as well as HCI techniques for
conducting robust user studies. The course will cover topics
like passwords, definitions of privacy, usable encryption,
authentication, privacy of archival data, usability of crypto
libraries and privacy notices. Keep an eye on the course schedule for details.
Credit (L-T-P) |
3-0-0 |
Background Knowledge |
Since this course deals with usability of systems,
(naturally) you need to first know how systems work. We
will assume some familiarity with some basic computer
science / mathematics concepts. We are providing a
list of expected background knowledge below (this list is
not complete, but should give you an idea about what basic
background knowledge you need for this course).
|
Lectures | Scheduled lecture timings are: Monday 3:00 pm - 4:55 pm Tuesday 3:00 pm - 3:55 pm In this semester we will conduct the course offline with a mix of live lectures, and pre-recorded course videos (if necessary). Please keep an eye on the Schedule page for the latest updates. |
Textbook | No specific books; That being said, we will post
publicly available research papers/book excerpts that you
need to read for following the class as well as for the
quizzes/viva (will be added to the course schedule page ). |
Coursework | The coursework for all students consists of three tests
and a project (in groups of 2-3). We will use CSE
Moodle for submission of tests and assignments this
course. The code for joining CSE moodle will be given in
the class. |
Communication | We will update the course schedule regularly
throughout the course.
General discussion
|
Late policy | You need to strictly adhere to the deadlines for the
submissions (e.g., reports, test scripts etc.) announced
for this course in MS teams, or by design Moodle will not
accept it. Of course, in exceptional circumstances related to personal emergencies, serious illness, wellness concerns, family emergencies, and similar, please make the course staff aware of your situation beforehand/as soon as possible and we will decide how to handle your case. |
Mid and End Sem (60%) |
To test student's understanding we will
conduct mid/end semester examination as per institute
regulations. We will share the details in due course. |
Term project + assignment (40%) |
Students will work on course projects in
small groups of 4-6. We will provide a choice of projects.
Students will be given an opportunity to indicate their
preferences before project groups are assigned by the
instructors. Students who have their own ideas for projects (or already formed a group) should discuss them with the instructors within the first week (start with sending a mail). The end goal of this project is to teach you the principles of usable security and privacy hands-on All reports should be written in ACM double column "sigconf" template. Check the latex/word templates here. Feel free to use the overleaf link in that page. We will deduct marks if your report is not in ACM double column sigconf format. You can use LaTex and MS Word. Each report should contain your name and Roll numbers. Furthermore, one report-upload per group in Moodle (by any of the group members) will suffice (submission by multiple people will confuse the course-stuff and you will risk being evaluated by the submission of a random group member). Here are parts of the project for the students. Note that each one of these steps involve knowledge acquired from the course to give your a hands on experience. We will decide on specific deadlines for each of them:
|
Mid/end semester examination |
60% |
Term project + One assignment | 40% |