This schedule is subject to change. Please check back frequently.
| Week | Date | ACTION ITEMS |
Tentative Topics | Readings and Videos |
Remarks | |
|---|---|---|---|---|---|---|
| Week 1 |
23/7 |
Course
Introduction : Logistics why do we need usable security and privacy Debate -- Do data privacy matter in AI tech? Are the policy makers or developers doing anything about it? |
Required
reading
--
Additional reading -- |
|||
| 24/7 |
||||||
| 25/7 |
||||||
| Week 2 |
30/7 |
|
-- see above -- |
|||
| 31/7 |
||||||
| 1/8 |
||||||
| Week 3 |
6/8 |
Introduction to
security, privacy, usability What is security; What is privacy (including differential privacy); What is usability; Why is usability hard? |
Required reading 1. "A Summary of Computer Misuse Techniques," by Peter G. Neumann and Donn B. Parker, from the 12th National Computer Security Conference, 1989 (page 396 of this report) 2. Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA, N. Apthorpe, S. Varghese, N. Feamster, USENIX Security Symposium, 2019 Additional reading 3. Chapters 1 and 2 of Usable Security: History, Themes, and Challenges |
|||
| 7/8 |
||||||
| 8/8 |
||||||
| Week 4 |
12/8 |
|
|
|||
| 13/8 |
||||||
| 14/8 |
||||||
| Week 5 |
19/8 |
What
started it all: usable encryption
aka the "Johnny" papers Traditional techniques to measure usability of secure/private systems Research questions, surveys, interviews, focus Groups, diary Studies, How to create questions Biases/confounds to avoid while designing studies |
Required reading 1. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0., A. Whitten and J.D. Tygar. Proceedings of USENIX Security 1999. 2. A Summary of Survey Methodology Best Practices for Security and Privacy Researchers, E. Redmilles, Y. Acar, S. Fahl and M. Mazurek, Tech report, UMD 3. The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P'07 Additional reading 4. Likert scale examples, Source: Vagias, Wade M. (2006). "Likert-type scale response anchors." Clemson International Institute for Tourism & Research Development, Department of Parks, Recreation and Tourism Management. Clemson University |
|||
| 20/8 |
||||||
| 21/8 |
||||||
| Week 6 |
26/8 |
-- see above |
||||
| 27/8 |
||||||
| 29/8 |
||||||
| Week 7 |
2/9 |
Techniques of
analyzing qualitative data Coding techniques inter-coder reliability |
Required reading 1. "So-called privacy breeds evil" Narrative Justifications for Intimate Partner Surveillance in Online Forums, Bellini et al. 2. Digital technologies and intimate partner violence: A qualitative analysis with multiple stakeholders, Freed et al. |
|
||
| 3/9 |
||||||
| 4/9 |
||||||
Week 8 |
9/9 |
Analyzing quantitative data with statistics Introduction to statistics Hypothesis testing Case study: Longitudinal data management in cloud storage |
Required reading 1. Basic Statistical Test Flow Chart 2. Choosing the correct statistical test made easy 3. Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage, Khan et al., CHI 2018 4. Rethinking Connection Security Indicators, Felt et al., SOUPS'16 5. De-mystifying statistics (You can skip the data visualization, use R ) Additional reading 6. A Painless guide to Statistics (READ IT CAREFULLY) 7. Current Topics in Media Computing and HCI (Another introduction to hypothesis testing). RWTH Aachen. |
|||
| 10/9 |
||||||
| 11/9 |
||||||
Week 9 |
Designing ethical experiments Case study: Social Engineering and Phishing attacks |
Required reading 1. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research, August 2012 2. Social Phising, Jagatic et al., CACM'05 3. The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter et al. , IEEE S&P'07 Additional reading 4. Computer Security and Privacy for Refugees in the United States, Simko et al., IEEE S&P'18 5. Why Phishing Works, Dhamija et al., CHI'06 |
||||
Week 10, 11 |
Case study 1: preserving privacy of social content The problem of "privacy in public" The era of big data: Large-scale internet measurement to understand usability Case study: Usability of Social Access Control Lists. Shortcoming of this approach |
Required reading 1. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, Acquisti and Gross, PETS’06 2. Quantifying the Invisible Audience in Social Networks, Bernstein et. al., CHI’2013 3. Privacy Wizards for Social Networking Sites, Fang et. al., WWW'2010 4. Information Revelation and Privacy in Online Social Networks, Acquisti and Gross, WPES’05 5. Understanding and Specifying Social Access Control Lists, Mondal et. al. SOUPS’14 Additional reading 6. Analyzing Facebook Privacy Settings: User Expectations vs. Reality, Liu et al. , IMC’2011 7. Silent Listeners: The Evolution of Privacy and Disclosure on Facebook, Stutzman, Gross and Acquisti, Journal of Privacy and Confidentiality, 2012 |
project topics
released |
|||
Week 12,13 |
Case study 2: Privacy and Security in Machine learning |
Required reading 1. Deep Learning with Differential Privacy 2. Membership Inference Attacks against Machine Learning Models 3. Machine Learning with Membership Privacy using Adversarial Regularization 4. Extracting Training Data from Large Language Models Additional reading 5. Privacy Preserving Machine Learning — Course Page 6. Differentially Private Empirical Risk Minimization 7. Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning |
||||
Week 14 |
Identity and
Authentication Passwords Usability of two/multi factor authentication |
Required reading
4. MASCARA: Systematically Generating Memorable And Secure Passphrases, Mukherjee et al. 5. zxcvbn: Low-Budget Password Strength Estimation, Daniel Lowe Wheeler |
||||