| A | B | C | D | E | F | G | H | I | J | |
|---|---|---|---|---|---|---|---|---|---|---|
1 | Week | Session | Date | Topic | Optional Reading (see ED for the Required Reading for Each Session) | Reading Commentaries | In-Class Discussion | Notes | ||
2 | 1 | 1 | 1/9 | Course Introduction | Welcome! Let's learn together why we really need to care about users in security and privacy! | |||||
3 | Definititons and Ground Knowldege | |||||||||
4 | 2 | 2 | 1/14 | What is Privacy? | R1: Woodruff, Allison, Vasyl Pihur, Sunny Consolvo, Laura Brandimarte, and Alessandro Acquisti. "Would a Privacy Fundamentalist Sell Their DNA for $1000... If Nothing Bad Happened as a Result? The Westin Categories, Behavioral Intentions, and Consequences." In 10th Symposium On Usable Privacy and Security (SOUPS 2014), pp. 1-18. 2014. R2: Whitten, Alma, and J. Doug Tygar. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0." In USENIX security symposium, vol. 348, pp. 169-184. 1999. | |||||
5 | 2 | 3 | 1/16 | What is Security? | R1: Nanayakkara, P., Smart, M. A., Cummings, R., Kaptchuk, G., & Redmiles, E. M. (2023). What are the chances? explaining the epsilon parameter in differential privacy. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 1613-1630). R2: Barbosa, Natã M., Zhuohao Zhang, and Yang Wang. "Do Privacy and Security Matter to Everyone? Quantifying and Clustering {User-Centric} Considerations About Smart Home Device Adoption." In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 417-435. 2020. | |||||
6 | 3 | 4 | 1/21 | Why Should We (Really) Care About People in Privacy and Security? | R1: Cranor, Lorrie F. "A framework for reasoning about the human in the loop." (2008). R2: Distler, Verena, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Lorrie Faith Cranor, and Vincent Koenig. "A systematic literature review of empirical methods and risk representation in usable privacy and security research." ACM Transactions on Computer-Human Interaction (TOCHI) 28, no. 6 (2021): 1-50. | |||||
7 | User Research Methods and Ethics | |||||||||
8 | 3 | 5 | 1/23 | Designing Effective and Ethical Interview Studies and Focus Groups | R1: McDonald, Nora, Benjamin Mako Hill, Rachel Greenstadt, and Andrea Forte. "Privacy, anonymity, and perceived risk in open collaboration: A study of service providers." In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1-12. 2019. R2: Hang, Alina, Alexander De Luca, Matthew Smith, Michael Richter, and Heinrich Hussmann. "Where Have You Been? Using {Location-Based} Security Questions for Fallback Authentication." In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 169-183. 2015. | ✔ | ✔ | Reading commentaries due 7:00 pm on 1/22 | ||
9 | 4 | 6 | 1/28 | Overview of Qualitative Analysis Methods | R1: Pattnaik, Nandita, Shujun Li, and Jason RC Nurse. "Perspectives of non-expert users on cyber security and privacy: An analysis of online discussions on twitter." Computers & Security 125 (2023): 103008. R2: McDonald, Nora, Sarita Schoenebeck, and Andrea Forte. "Reliability and inter-rater reliability in qualitative research: Norms and guidelines for CSCW and HCI practice." Proceedings of the ACM on human-computer interaction 3, no. CSCW (2019): 1-23. | ✔ | ✔ | Reading commentaries due 7:00 pm on 1/27 | ||
10 | 4 | 7 | 1/30 | Designing Effective and Ethical Surveys | R1: Pattnaik, Nandita, Shujun Li, and Jason RC Nurse. "Perspectives of non-expert users on cyber security and privacy: An analysis of online discussions on twitter." Computers & Security 125 (2023): 103008. R2: McDonald, Nora, Sarita Schoenebeck, and Andrea Forte. "Reliability and inter-rater reliability in qualitative research: Norms and guidelines for CSCW and HCI practice." Proceedings of the ACM on human-computer interaction 3, no. CSCW (2019): 1-23. | ✔ | ✔ | Reading commentaries due 7:00 pm on 1/29 | ||
11 | 5 | 8 | 2/4 | Constructing Research Hypotheses and Experimental Design | R1: Hasan, Rakibul, Yifang Li, Eman Hassan, Kelly Caine, David J. Crandall, Roberto Hoyle, and Apu Kapadia. "Can privacy be satisfying? On improving viewer satisfaction for privacy-enhanced photos using aesthetic transforms." In Proceedings of the 2019 CHI conference on human factors in computing systems, pp. 1-13. 2019. R2: Smith, Garrett, Tarun Yadav, Jonathan Dutson, Scott Ruoti, and Kent Seamons. "If I could do this, I feel anyone could:" The Design and Evaluation of a Secondary Authentication Factor Manager. In 32nd USENIX Security Symposium (USENIX Security 23), pp. 499-515. 2023. | ✔ | ✔ | Reading commentaries due 7:00 pm on 2/03 | ||
12 | 5 | 9 | 2/6 | Overview of Quantitative Analysis Methods | R1: Rader, Emilee. "Data privacy and pluralistic ignorance." In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023), pp. 457-471. 2023. R2: Farke, Florian M., David G. Balash, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv. "Are privacy dashboards good for end users? Evaluating user perceptions and reactions to Google's My Activity." In 30th USENIX Security Symposium (USENIX Security 21), pp. 483-500. 2021. | ✔ | ✔ | Reading commentaries due 7:00 pm on 2/05 | ||
13 | 6 | 10 | 2/11 | Lab on User Research Methods | ||||||
14 | 6 | 11 | 2/13 | In-Class Midterm | ||||||
15 | 7 | 12 | 2/18 | Project Pitch Day | ||||||
16 | Equity and Inclusivity in Security and Privacy | |||||||||
17 | 7 | 13 | 2/20 | Security and Privacy for Kids and Senior Adults | R1: Theofanos, Mary, Yee-Yin Choong, and Olivia Murphy. "'Passwords Keep Me Safe'–Understanding What Children Think about Passwords." In 30th USENIX Security Symposium (USENIX Security 21), pp. 19-35. 2021. R2: Frik, Alisa, Leysan Nurgalieva, Julia Bernd, Joyce Lee, Florian Schaub, and Serge Egelman. "Privacy and security threat models and mitigation strategies of older adults." In Fifteenth symposium on usable privacy and security (SOUPS 2019), pp. 21-40. 2019. | ✔ | ✔ | Reading commentaries due 7:00 pm on 2/19 | ||
18 | 8 | 14 | 2/25 | Security and Privacy for Victim-Survivors of Intimate Partner Violence | R1: Wei, Miranda, Eric Zeng, Tadayoshi Kohno, and Franziska Roesner. "{Anti-Privacy} and {Anti-Security} Advice on {TikTok}: Case Studies of {Technology-Enabled} Surveillance and Control in Intimate Partner and {Parent-Child} Relationships." In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pp. 447-462. 2022. R2: Havron, Sam, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart. "Clinical computer security for victims of intimate partner violence." In 28th USENIX security symposium (USENIX Security 19), pp. 105-122. 2019. | ✔ | ✔ | Reading commentaries due 7:00 pm on 2/24 | ||
19 | 8 | 15 | 2/27 | Role of Security and Privacy in Activism | R1: Boyd, Maia J., Jamar L. Sullivan Jr, Marshini Chetty, and Blase Ur. "Understanding the security and privacy advice given to black lives matter protesters." In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1-18. 2021. R2: Slupska, Julia, Selina Cho, Marissa Begonia, Ruba Abu-Salma, Nayanatara Prakash, and Mallika Balakrishnan. "" They Look at Vulnerability and Use That to Abuse You'': Participatory Threat Modelling with Migrant Domestic Workers." In 31st USENIX Security Symposium (USENIX Security 22), pp. 323-340. 2022. | ✔ | ✔ | Reading commentaries due 7:00 pm on 2/26 | ||
20 | 9 | 16 | 3/4 | Gender and Sexuality in Security and Privacy | R1: Coopamootoo, Kovila PL, and Magdalene Ng. "" Un-Equal Online Safety?" A Gender Analysis of Security and Privacy Protection Advice and Behaviour Patterns." arXiv preprint arXiv:2305.03680 (2023). R2: McDonald, Allison, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, and Elissa M. Redmiles. "" It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online." In 30th USENIX Security Symposium (USENIX Security 21), pp. 375-392. 2021. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/03 | ||
21 | Developing Usable Security and Privacy Tools | |||||||||
22 | 9 | 17 | 3/6 | Privacy Notice and Choice | R1: Stegman, Jonah, Patrick J. Trottier, Caroline Hillier, Hassan Khan, and Mohammad Mannan. "" My Privacy for their Security": Employees' Privacy Perspectives and Expectations when using Enterprise Security Software." In 32nd USENIX Security Symposium (USENIX Security 23), pp. 3583-3600. 2023. R2: Schaub, Florian, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. "A design space for effective privacy notices." In Eleventh symposium on usable privacy and security (SOUPS 2015), pp. 1-17. 2015. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/05 | ||
23 | 10 | 18 | 3/11 | Spring Break | ||||||
24 | 10 | 19 | 3/13 | |||||||
25 | 11 | 20 | 3/18 | Security and Privacy Warnings | R1: Kaiser, Ben, Jerry Wei, Eli Lucherini, Kevin Lee, J. Nathan Matias, and Jonathan Mayer. "Adapting security warnings to counter online disinformation." In 30th USENIX Security Symposium (USENIX Security 21), pp. 1163-1180. 2021. R2: Huang, Yue, Borke Obada-Obieh, and Konstantin Beznosov. "Users' Perceptions of Chrome Compromised Credential Notification." In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), pp. 155-174. 2022. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/17 | ||
26 | 11 | 21 | 3/20 | Access Control and Authentication | R1: Koushki, Masoud Mehrabi, Yue Huang, Julia Rubin, and Konstantin Beznosov. "Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User {Access-Control} Solutions on Smartphones." In 31st USENIX Security Symposium (USENIX Security 22), pp. 917-935. 2022. R2: He, Weijia, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. "Rethinking Access Control and Authentication for the Home Internet of Things (IoT)." In 27th USENIX Security Symposium (USENIX Security 18), pp. 255-272. 2018. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/19 | ||
27 | 12 | 22 | 3/25 | Usable Security for Developers | R1: Li, Tianshi, Elizabeth Louie, Laura Dabbish, and Jason I. Hong. "How developers talk about personal data and what it means for user privacy: A case study of a developer forum on reddit." Proceedings of the ACM on Human-Computer Interaction 4, no. CSCW3 (2021): 1-28. R2: Gardner, Jack, Yuanyuan Feng, Kayla Reiman, Zhi Lin, Akshath Jain, and Norman Sadeh. "Helping mobile application developers create accurate privacy labels." In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 212-230. IEEE, 2022. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/24 | ||
28 | Security and Privacy Awareness and Education | |||||||||
29 | 12 | 23 | 3/27 | Security and Privacy Advice and Phishing Prevention | R1: Reinheimer, Benjamin, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana Von Landesberger, and Melanie Volkamer. "An investigation of phishing awareness and education over time: When and how to best remind users." In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), pp. 259-284. 2020. R2: Lastdrager, Elmer, Inés Carvajal Gallardo, Pieter Hartel, and Marianne Junger. "How Effective is {Anti-Phishing} Training for Children?." In Thirteenth symposium on usable privacy and security (soups 2017), pp. 229-239. 2017. | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/26 | ||
30 | Emerging Topics In Usable Security and Privacy | |||||||||
31 | 13 | 24 | 4/1 | Deceptive Patterns In Security and Privacy | R1: Di Geronimo, L., Braz, L., Fregnan, E., Palomba, F., & Bacchelli, A. (2020, April). UI dark patterns and where to find them: a study on mobile applications and user perception. In Proceedings of the 2020 CHI conference on human factors in computing systems (pp. 1-14). R2: Bongard-Blanchy, K., Rossi, A., Rivas, S., Doublet, S., Koenig, V., & Lenzini, G. (2021, June). ” I am Definitely Manipulated, Even When I am Aware of it. It’s Ridiculous!”-Dark Patterns from the End-User Perspective. In Designing Interactive Systems Conference 2021 (pp. 763-776). | ✔ | ✔ | Reading commentaries due 7:00 pm on 3/31 | ||
32 | 13 | 25 | 4/3 | Usable Security for AI-Enabled Technologies (e.g., Social Robots) | R1: Kelley, Patrick Gage, Celestina Cornejo, Lisa Hayes, Ellie Shuo Jin, Aaron Sedley, Kurt Thomas, Yongwei Yang, and Allison Woodruff. "" There will be less privacy, of course": How and why people in 10 countries expect {AI} will affect privacy in the future." In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023), pp. 579-603. 2023. R2: Henkel, Zachary, Kenna Baugus, Cindy L. Bethel, and David C. May. "User expectations of privacy in robot assisted therapy." Paladyn, Journal of Behavioral Robotics 10, no. 1 (2019): 140-159. | ✔ | ✔ | Reading commentaries due 7:00 pm on 4/02 | ||
33 | 14 | 26 | 4/8 | Usable Security for Extended Reality | R1: Adams, Devon, Alseny Bah, Catherine Barwulor, Nureli Musaby, Kadeem Pitkin, and Elissa M. Redmiles. "Ethics emerging: the story of privacy and security perceptions in virtual reality." In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 427-442. 2018. R2: Cheng, Kaiming, Jeffery F. Tian, Tadayoshi Kohno, and Franziska Roesner. "Exploring user reactions and mental models towards perceptual manipulation attacks in mixed reality." In USENIX Security, vol. 18. 2023. | ✔ | ✔ | Reading commentaries due 7:00 pm on 4/07 | ||
34 | 14 | 27 | 4/10 | Final Project Presentation | ||||||
35 | 15 | 28 | 4/15 | Final Project Presentation | ||||||