The schedule may change based on class pacing + interest. You can find readings on CourseWorks in the "files" tab, or you can probably also find them for free if you search on scholar.google.com. Don't pay for papers. Let me know if you can't find them. In addition to homework and project assignments, there is a participation quiz for every class. You can find these on CourseWorks, and I'll often leave time to complete them at the end of class. The quizzes are graded on effort rather than correctness. They are always due at 8am the day before the next class.Tentative schedule
.
Week # (class #)
Date
Topic(s)
Required readings (see CourseWorks for optional readings; there are many)
Need discussion leader (DL)?
Assignments due (8am unless otherwise stated)
Project stuff due (8am unless otherwise stated)
1 (1)
September 3 (T)
What is Usable S&P, Syllabus
1 (2)
September 5 (Th)
Project explanation, genAI co-agreement, contextual integrity
No DL
HW0: class pre-survey
2 (3)
September 10 (T)
Gen AI discussion, Threat modeling, encryption
No DL
2 (4)
September 12 (Th)
Secure messaging
Reading response required for (1)
1. Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security 1999
2. https://www.wired.com/story/efail-pgp-vulnerability-outlook-thunderbird-smime/
No DL
3 (5)
September 17 (T)
Secure messaging II
Reading response required for one of:
1a. Warford, Noel, et al. "Strategies and perceived risks of sending sensitive documents." 30th USENIX Security Symposium (USENIX Security 21). 2021.
1b. Lerner, Ada, Eric Zeng, and Franziska Roesner. "Confidante: Usable encrypted email: A case study with lawyers and journalists." 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2017.
1c. Ruoti, Scott, et al. "Why Johnny still, still can't encrypt: Evaluating the usability of a modern PGP client." 2015. Yes, 3 DL
HW1 due: Send an encrypted email + reflect
3 (6)
September 19 (Th)
Authentication I ( passwords)
Optional (no response required) and really funny:
This World of Ours, James Mickens, 2014.
Reading response required for:
1. Mazurek, Michelle L., et al. "Measuring password guessability for an entire university." Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 2013.
Yes, 1 DL
4 (7)
September 24 (T)
Authentication II (what do we do about passwords?!)
Reading response required for one of the following:
1a. Bonneau, Joseph, et al. "The quest to replace passwords: A framework for comparative evaluation of web authentication schemes." 2012 IEEE symposium on security and privacy. IEEE, 2012.
1b. Reynolds, Joshua, et al. "A tale of two studies: The best and worst of yubikey usability." 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018.
Yes, 2 DL
4 (8)
September 26 (T)
YubiKeys and project brainstorming
No reading response required, but I encourage you to watch the video for paper 1b from Tuesday if you didn't read the paper.
HW2: Security Review (S&P in your daily life)
5 (9)
October 1 (T)
Phishing
Reading response required for both of the following:
1. Lain, Daniele, et al. "Phishing in organizations: Findings from a large-scale and long-term study." 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022.
2. Simko, Lucy, et al. "Computer security and privacy for refugees in the United States." 2018 IEEE symposium on security and privacy (SP). IEEE, 2018.
5 (10)
October 3 (Th)
Privacy policies/notices
Reading response required for:
Emami-Naeini, Pardis, et al. "Exploring how privacy and security factor into IoT device purchase behavior." Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 2019.
Yes, 1 DL
Project proposals due
6 (11)
October 8 (Th)
Interviews, Social media analysis
Guest Lecture Dr. Eric Zeng
6 (12)
October 10 (T)
Measuring people’s S&P behaviors + understanding
Reading response required for both of the following:
1. Redmiles, Elissa M., et al. "A summary of survey methodology best practices for security and privacy researchers." (2017).
2. Sawaya, Yukiko, et al. "Self-confidence trumps knowledge: A cross-cultural study of security behavior." Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 2017.
Yes, 2 DL
7 (13)
October 15 (T)
Developers as users
tbd
tbd
7 (14)
October 17 (Th)
Ethics in Usable S&P
tbd
tbd
HW3: Human subjects training due
HW4: mid-term check-in
8 (15)
October 22 (T)
US&P for specific groups (I)
tbd
Yes, DL
Annotated bibliography draft due
8 (16)
October 24 (Th)
US&P for specific groups (II)
tbd
Yes, DL
Study design due (e.g., interview guide, survey draft, social media data collection protocol & sample data)
9 (17)
October 29 (T)
Project workday - pilot someone else’s study, give feedback
9 (18)
October 31 (Th)
Usable S&P for democracy
Reading response required :
1. Boyd, Maia J., et al. "Understanding the security and privacy advice given to black lives matter protesters." Proceedings of the 2021 CHI conference on human factors in computing systems. 2021.
2. tbd
Reflection from pilot study due
10 (-)
November 5 (T)
no class
10 (19)
November 7 (Th)
Tentative: project work day
11 (20)
November 12 (T)
Check-in about study design; data collection logistics how-tos.
tbd
No DL
Revised study design due
11 (21)
November 14 (Th)
IoT and Usable S&P
tbd
tbd
[data collection in progress]
12 (22)
November 19 (T)
Privacy policy, potential guest lecture
tbd
tbd
[data collection in progress]
12 (23)
November 21 (Th)
Data collection check-in
13 (24)
November 26 (T)
tbd
13 (-)
November 28 (Th)
no class
14 (25)
December 3 28 (T)
Mis/Disinformation
tbd
Yes, DL (but tentative)
Data analysis draft
14 (26)
December 5 (Th)
Reflection: what have we learned about how to develop usable security mechanisms???
Final exam period
Final paper / presentation due
Powered by w3.css