The schedule may change based on class pacing + interest. You can find readings on CourseWorks in the "files" tab, or you can probably also find them for free if you search on scholar.google.com. Don't pay for papers. Let me know if you can't find them. In addition to homework and project assignments, there is a participation quiz for every class. You can find these on CourseWorks, and I'll often leave time to complete them at the end of class. The quizzes are graded on effort rather than correctness. They are always due at 8am the day before the next class.Tentative schedule
.
Week # (class #)
Date
Topic(s)
Required readings (see CourseWorks for optional readings; there are many)
Need discussion leader (DL)?
Assignments due (8am unless otherwise stated)
Project stuff due (8am unless otherwise stated)
1 (1)
September 3 (T)
What is Usable S&P, Syllabus
1 (2)
September 5 (Th)
Project explanation, genAI co-agreement, contextual integrity
No DL
HW0: class pre-survey
2 (3)
September 10 (T)
Gen AI discussion, Threat modeling, encryption
No DL
2 (4)
September 12 (Th)
Secure messaging
Reading response required for (1)
1. Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security 1999
2. https://www.wired.com/story/efail-pgp-vulnerability-outlook-thunderbird-smime/
No DL
3 (5)
September 17 (T)
Secure messaging II
Reading response required for one of:
1a. Warford, Noel, et al. "Strategies and perceived risks of sending sensitive documents." 30th USENIX Security Symposium (USENIX Security 21). 2021.
1b. Lerner, Ada, Eric Zeng, and Franziska Roesner. "Confidante: Usable encrypted email: A case study with lawyers and journalists." 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2017.
1c. Ruoti, Scott, et al. "Why Johnny still, still can't encrypt: Evaluating the usability of a modern PGP client." 2015. Yes, 3 DL
HW1 due: Send an encrypted email + reflect
3 (6)
September 19 (Th)
Authentication I ( passwords)
Optional (no response required) and really funny:
This World of Ours, James Mickens, 2014.
Reading response required for:
1. Mazurek, Michelle L., et al. "Measuring password guessability for an entire university." Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 2013.
Yes, 1 DL
4 (7)
September 24 (T)
Authentication II (what do we do about passwords?!)
Reading response required for one of the following:
1a. Bonneau, Joseph, et al. "The quest to replace passwords: A framework for comparative evaluation of web authentication schemes." 2012 IEEE symposium on security and privacy. IEEE, 2012.
1b. Reynolds, Joshua, et al. "A tale of two studies: The best and worst of yubikey usability." 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018.
Yes, 2 DL
4 (8)
September 26 (T)
YubiKeys and project brainstorming
No reading response required, but I encourage you to watch the video for paper 1b from Tuesday if you didn't read the paper.
HW2: Security Review (S&P in your daily life)
5 (9)
October 1 (T)
Phishing
Reading response required for both of the following:
1. Lain, Daniele, et al. "Phishing in organizations: Findings from a large-scale and long-term study." 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022.
2. Simko, Lucy, et al. "Computer security and privacy for refugees in the United States." 2018 IEEE symposium on security and privacy (SP). IEEE, 2018.
5 (10)
October 3 (Th)
Privacy policies/notices
Reading response required for:
Emami-Naeini, Pardis, et al. "Exploring how privacy and security factor into IoT device purchase behavior." Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 2019.
Yes, 1 DL
Project proposals due
6 (11)
October 8 (T)
Interviews, Social media analysis
Guest Lecture Dr. Eric Zeng
6 (12)
October 10 (Th)
Measuring people’s S&P behaviors + understanding
Guest Lecture Dr. Yasemin Acar
Reading response required for both of the following:
1. Redmiles, Elissa M., et al. "A summary of survey methodology best practices for security and privacy researchers." (2017).
2. Sawaya, Yukiko, et al. "Self-confidence trumps knowledge: A cross-cultural study of security behavior." Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017.
Yes, 2 DL
7 (13)
October 15 (T)
Privacy Theory, Policy, and Measurement
Guest Lecture Dr. Jan Tolsdorf Reading response required for:
Oates, Maggie, et al. "Turtles, locks, and bathrooms: Understanding mental models of privacy through illustration." Proceedings on Privacy Enhancing Technologies (2018). Yes, DL
7 (14)
October 17 (Th)
Research Beyond Western Contexts
Guest Lecture Collins Munyendo Reading response required for both of the following:
1. Sambasivan, Nithya, et al. "" Privacy is not for me, it's for those rich women": Performative Privacy Practices on Mobile Phones by Women in South Asia." Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). 2018.
2. Hasegawa, Ayako A., Daisuke Inoue, and Mitsuaki Akiyama. "How WEIRD is Usable Privacy and Security Research?." 33rd USENIX Security Symposium. 2024. Yes, 2 DL
8 (15)
October 22 (T)
Developers as Users
Guest Lecture Dominik Wermke Reading response required for:
Wermke, Dominik, et al. "Committed to trust: A qualitative study on security & trust in open source software projects." 2022 IEEE symposium on Security and Privacy (SP). IEEE, 2022.
Yes, DL
8 (16)
October 24 (Th)
Ethical Human Subjects Research
Tentative Guest Lecture Dr. Yasemin Acar Reading response required for:
Kohno, Tadayoshi, Yasemin Acar, and Wulf Loh. "Ethical frameworks and computer security trolley problems: Foundations for conversations." 32nd USENIX Security Symposium (USENIX Security 23). 2023.
Yes, DL
HW3: Complete Human Subjects Training
9 (17)
October 29 (T)
Project workday - pilot someone else’s study, give feedback
Study design due (e.g., interview guide, survey draft)
9 (18)
October 31 (Th)
Project Logistics
Annotated bibliography draft due
Reflection from pilot study due
10 (-)
November 5 (T)
no class
10 (19)
November 7 (Th)
No Class
Annotated bibliography due; project logistic checklist due
11 (20)
November 12 (T)
Usable S&P for journalists (in person with guest speaker Evan Simko-Bednarski)
Reading response required for one of the following:
1a. McGregor, Susan E., et al. "Investigating the computer security practices and needs of journalists." 24th USENIX Security Symposium (USENIX Security 15). 2015.
1b. McGregor, Susan E., et al. "When the weakest link is strong: Secure collaboration in the case of the Panama Papers." 26th USENIX Security Symposium (USENIX Security 17). 2017.
**If you've missed a reading response earlier in the semester, you may complete a second reading response today to make up for it**
2 DL
[data collection in progress]
11 (21)
November 14 (Th)
Usable S&P for democracy
Reading response required for two of the following:
1.Boyd, Maia J., et al. "Understanding the security and privacy advice given to black lives matter protesters." Proceedings of the 2021 CHI conference on human factors in computing systems. 2021.
2. Daffalla, Alaa, and Simko, Lucy, et al. "Defensive technology use by political activists during the Sudanese revolution." 2021 IEEE symposium on security and privacy (SP). IEEE, 2021.
3. Albrecht, Martin R., et al. "Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong." 30th USENIX security symposium (USENIX Security 21). 2021.
**If you've missed a reading response earlier in the semester, you may complete a third reading response today to make up for it**
3 DL
[data collection in progress]
12 (22)
November 19 (T)
Privacy policy, guest lecture with Dr. Shaanan Cohney (in person)
tbd
tbd
[data collection should be wrapping up]
12 (23)
November 21 (Th)
Data collection and analysis check-in / workday
13 (24)
November 26 (T)
optional zoom class (use as office hours)
13 (-)
November 28 (Th)
no class
14 (25)
December 3 28 (T)
What do we do with our results -- how to write a good discussion section
14 (26)
December 5 (Th)
Reflection: what have we learned about how to develop usable security mechanisms???
Final exam period (Tuesday, Dec 17, 1:10-4pm)
Final paper / presentation due
Powered by w3.css