This schedule is subject to change. Please check back frequently.
| Week | Date | ACTION ITEMS |
Tentative Topics | Readings and Videos |
Remarks | |
|---|---|---|---|---|---|---|
| Introduction |
||||||
| Week 1 |
24/7 |
Course Introduction : Logistics why do we need usable security and privacy Debate -- Do data privacy matter in AI tech? Are the policy makers or developers doing anything about it? [Slides] |
Required
reading
--
Additional reading -- |
|||
| 25/7 |
||||||
| 26/7 |
||||||
| Definitions |
||||||
| Week 2 |
31/7 |
Introduction
to security, privacy, usability What is security; What is privacy (including differential privacy); What is usability; Why is usability hard? [Slide 1] [Slide 2] [Slide 3] |
Required reading 1. "A Summary of Computer
Misuse Techniques," by Peter G. Neumann and
Donn B. Parker, from the 12th National
Computer Security Conference, 1989 (page 396
of this report)
2. Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA, N. Apthorpe, S. Varghese, N. Feamster, USENIX Security Symposium, 2019 Additional reading 3. Chapters 1 and 2 of Usable Security: History, Themes, and Challenges |
|||
| 1/8 |
||||||
| 2/8 |
||||||
| Week 3 |
7/8 |
-- see above -- |
||||
| 8/8 |
||||||
| 9/8 |
||||||
| Methods | ||||||
| Week 4 |
14/8 |
What started it all: usable encryption aka the "Johnny" papers Traditional techniques to measure usability of secure/private systems Research questions, surveys, interviews, focus Groups, diary Studies, How to create questions Biases/confounds to avoid while designing studies [Slide 1] [Slide 2] |
Required reading 1. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0., A. Whitten and J.D. Tygar. Proceedings of USENIX Security 1999. 2. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers, E. Redmilles, Y. Acar, S. Fahl and M. Mazurek, Tech report, UMD Additional reading 3. Likert scale examples, Source: Vagias, Wade M. (2006). "Likert-type scale response anchors." Clemson International Institute for Tourism & Research Development, Department of Parks, Recreation and Tourism Management. Clemson University |
|||
| - |
||||||
| 16/8 |
||||||
| Week 5 |
21/8 |
-- see above -- |
|
|||
| 22/8 |
||||||
| 23/8 |
||||||
| Analysis techniques |
||||||
| Week 6 |
28/8 |
Techniques of
analyzing qualitative data Coding techniques inter-coder reliability [Slide 1] |
--- |
|||
| 29/8 |
||||||
| 30/8 |
||||||
| Week 7 |
4/9 |
Analyzing
quantitative data with statistics Introduction to statistics Hypothesis testing Case study: Longitudinal data management in cloud storage [Slide 1] |
Required reading 1. Basic Statistical Test Flow Chart 2. Choosing the correct statistical test made easy 3. Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage, Khan et al., CHI 2018 4. Rethinking Connection Security Indicators, Felt et al., SOUPS'16 Additional reading 5. A Painless guide to Statistics (READ IT CAREFULLY) 6. Current Topics in Media Computing and HCI (Another introduction to hypothesis testing). RWTH Aachen. |
|
||
| 5/9 |
||||||
| 6/9 |
||||||
| Ethics |
||||||
| Week 8 |
11/9 |
Designing ethical experiments Case study: Social Engineering and Phishing attacks [Slide 1] |
Required reading 1. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research, August 2012 2. Social Phising, Jagatic et al., CACM'05 Additional reading 3. The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P'07 4. Computer Security and Privacy for Refugees in the United States, Simko et al., IEEE S&P'18 5. Why Phishing Works, Dhamija et al., CHI'06 |
|||
| 12/9 |
||||||
| 13/9 |
||||||
| Enabling Usable Security and Privacy via
System Measurement |
||||||
| Week 9 |
25/9 |
Case study: preserving privacy of social content The problem of "privacy in public" The era of big data: Large-scale internet measurement to understand usability Case study: Usability of Social Access Control Lists. Shortcoming of this approach [Slide] |
Required reading 1. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Acquisti and Gross, PETS’06 2. Quantifying the Invisible Audience in Social Networks, Bernstein et. al., CHI’2013 3. Privacy Wizards for Social Networking Sites, Fang et. al., WWW'2010 4. Information Revelation and Privacy in Online Social Networks, Acquisti and Gross, WPES’05 5. Understanding and Specifying Social Access Control Lists, Mondal et. al. SOUPS’14 6. Analyzing Facebook Privacy Settings: User Expectations vs. Reality, Liu et al. , IMC’2011 7. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook, Stutzman, Gross and Acquisti, Journal of Privacy and Confidentiality, 2012 |
|||
| 26/9 |
||||||
| 27/9 |
||||||
| Week 10 |
2/10 |
- see above -
|
|
|||
| 3/10 |
||||||
| 4/10 |
||||||
| Special topics |
||||||
| Week 11 | 16/10 |
project
topics are announced |
Privacy and Security in Machine learning [Slide 1] [Slide 2] |
Required reading 1. Membership Inference Attacks against Machine Learning Models 2. Extracting Training Data from Large Language Models Additional reading 1. Privacy Preserving Machine Learning — Course Page |
||
| 17/10 |
||||||
| 18/10 |
Set a time for first meeting |
|||||
| Week 12 | 23/10 |
-- see above -- |
|
|||
| 24/10 |
||||||
| 25/10 |
||||||
| Week 13 | 30/10 |
|
||||
| 31/10 |
||||||
| Week 14 | |
|||||