This schedule is subject to change. Please check back frequently.
| Week | Date | ACTION ITEMS |
Tentative Topics | Readings and Videos |
Remarks | |
|---|---|---|---|---|---|---|
| Week 1 |
8/8 |
Course Introduction : Logistics why do we need usable security and privacy Case studies Why is building private systems challenging? What about privacy of Indian users? [Slides] |
Required
reading
--
Additional reading -- |
|||
| 9/8 |
||||||
| Week 2 |
15/8 |
|
-- see above -- |
|||
| 16/8 |
||||||
| Week 3 |
22/8 |
Introduction to
security, privacy, usability Introduction to security; Introduction to privacy; Introduction to usability; Why is usability hard? [Slides 1] [Slides 2] [Slides 3] |
Required reading
1. Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA, N. Apthorpe, S. Varghese, N. Feamster, USENIX Security Symposium, 2019 Additional reading 2. "A Summary of Computer Misuse Techniques," by Peter G. Neumann and Donn B. Parker, from the 12th National Computer Security Conference, 1989 (page 396 of this report) 3. Chapters 1 and 2 of Usable Security: History, Themes, and Challenges |
|||
| 23/8 |
||||||
| Week 4 |
29/8 |
What
started it all: usable encryption aka the "Johnny" papers Traditional techniques to measure usability of secure/private systems Research questions, surveys, interviews, focus Groups, diary Studies How to create questions Biases/confounds to avoid while designing studies [Slides 1] [Slides 2] |
Required reading 1. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0., A. Whitten and J.D. Tygar. Proceedings of USENIX Security 1999. Additional reading 2. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers, E. Redmilles, Y. Acar, S. Fahl and M. Mazurek, Tech report, UMD 3. Likert scale examples, Source: Vagias, Wade M. (2006). “Likert-type scale response anchors. Clemson International Institute for Tourism & Research Development, Department of Parks, Recreation and Tourism Management. Clemson University |
|||
| 30/8 |
||||||
| Week 5 |
5/9 |
- do - |
|
|||
| 6/9 |
||||||
| Week 6 |
12/9 | Social
Privacy Case study: preserving privacy of social content The problem of "privacy in public" The era of big data: Large-scale internet measurement to understand usability Case study: Usability of Social Access Control Lists. Shortcoming of this approach [Slides] |
Required reading 1. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Acquisti and Gross, PETS’06 2. Quantifying the Invisible Audience in Social Networks, Bernstein et. al., CHI’2013 3. Privacy Wizards for Social Networking Sites, Fang et. al., WWW'2010 Additional reading 4. Information Revelation and Privacy in Online Social Networks, Acquisti and Gross, WPES’05 5. Understanding and Specifying Social Access Control Lists, Mondal et. al. SOUPS’14 6. Analyzing Facebook Privacy Settings: User Expectations vs. Reality, Liu et al. , IMC’2011 7. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook, Stutzman, Gross and Acquisti, Journal of Privacy and Confidentiality, 2012 |
|||
| 13/9 |
||||||
| Week 7 |
19/9 | - do - |
|
|||
| 20/9 | ||||||
| Week 8 |
26/09 | - MIDSEM- |
|
|||
| 27/09 | ||||||
| Week 9 |
3/10 | - Holiday - |
|
|||
| 4/10 |
||||||
| Week 10 |
10/10 | Designing ethical experiments Case study: Social Engineering and Phishing attacks [Slides] |
Required
reading 1. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research, August 2012 2. Social Phising, Jagatic et al., CACM'05 3. Consent form template: https://sbsirb.uchicago.edu/templates/ 4. Recruitment: https://www.irb.northwestern.edu/recruitment-materials-and-guidelines/ 5. IRB application form template: https://irb.northwestern.edu/docs/social-behavioral-protocol---protocol---583.docx Additional reading 5. The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P’07 6. Computer Security and Privacy for Refugees in the United States, Simko et al., IEEE S&P’18 7. Why Phishing Works, Dhamija et al., CHI'06 |
|||
| 11/10 |
||||||
| Week 11 | 17/10 | Techniques of analyzing qualitative data Coding/labeling text data inter-coder reliability [Slides] |
|
|||
| 18/10 | ||||||
| Week 12 | 24/10 | Collecting and analyzing quantitative (survey) data with statistics Introduction to statistics Hypothesis testing Case study: Longitudinal data management in cloud storage [Slides] |
Required reading 1. Basic Statistical Test Flow Chart 2. Choosing the correct statistical test made easy 3. Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage, Khan et al., CHI 2018 Additional reading 4. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, Soghoian et al., FC'11 |
|||
| 25/10 | ||||||
| Week 13 | 31/10 | Identity and Authentication I Usability of TLS/PKI Identity and Authentication II Passwords Usability of two/multi factor authentication [Slides] [Slides] |
Required reading
|
|||
| 1/11 | ||||||
| Week 14 | 7/11 | Usability
for developers
(or how do the developers make security mistakes): Curious case of cryptography Libraries Online tracking: Security and privacy concerns who is watching you when you surf and why is it a problem Security/Privacy policies and notices The power of Privacy Notice and Choice Privacy Policies Dark patterns [Slides] [Slides] |
Required reading
CCCC: Corralling Cookies into Categories with CookieMonster, Hu et al., WebSci'21 3. Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing, Weinshel et al. , CCS’19 |
|||
| 8/11 |
||||||
| Week 15 |
14/11 |
Data
privacy regulations Privacy policy/consent Inclusive policy [Slides] |
Required
reading
--
Additional reading -- |
|||