Georgia Tech Disclaimer. Page contents maintained by the Learning Technology Lab.
Unless noted otherwise, internally-linked contents are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.
| Title: | Usable Privacy and Security |
| Instructor(s): | Lorrie Cranor Michael Reiter Jason Hong |
| Affiliation: | Carnegie Mellon University |
| Description: | There is growing recognition that technology alone will not provide all of the solutions to security and privacy problems. Human factors play an important role in these areas, and it is important for security and privacy experts to have an understanding of how people will interact with the systems they develop. This course is designed to introduce students to a variety of usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course is suitable both for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. Much of the course will be taught in a graduate seminar style in which all students will be expected to do a weekly reading assignment and each week different students will prepare a presentation for the class. Students will also work on a group project throughout the semester. |
| Semester: | TuTh, Spring 2006 |
| Course ID: | 5-899 / 17-500 |
| Textbook(s): | [CG]: Cranor, L. and Garfinkel, S.. Security and Usability: Designing Secure Systems that People Can Use. 2005. |
| Policies: | Your final grade in this course will be based on:
* 25% Homework * 25% Lecture * 50% Project Students are expected to do reading assignments prior to class so that they can participate fully in class discussions. Students must submit a short summary (3-8 sentences) and a "highlight" for each chapter or article in the reading assignment. The highlight may be something you found particularly interesting or noteworthy, a question you would like to discuss in class, a point you disagree with, etc. Summaries and highlights are due in class at 9:15 am each Tuesday. Summaries and highlights will not be accepted late. If you do not attend class, you will not be permitted to submit your summaries and highlights. Students will be assigned to take notes during one or more of the class lectures. Each set of notes will count as an additional homework assignment. Notes should be emailed to the instructors as text, HTML, or PDF (with accompanying Word or Latex) within 48 hours of the lecture for which they were taken. These notes will be posted on the class web site. In addition, the instructors may include all or part of your notes in an instructor's guide they are writing for future usable privacy and security courses. Each student will be assigned a class lecture to prepare and present. The lecture should be based on the topics covered in that week's reading assignment, but it should go beyond the materials in the reading. For example, you might read and present some of the related work mentioned in the reading or that you find on your own (the HCISec Bibliography is a good starting point for finding relevant papers), you might present some of the optional reading materials, you might demonstrate software mentioned in the reading, you might critique a design discussed in the reading, or you might design a class exercise for your classmates. As part of your lecture you should prepare several discussion questions and lead a class discussion. You should also introduce your fellow students to terminology and concepts they might not be familiar with that are necessary to understand the material you are presenting. You should email to the instructors a set of PowerPoint slides including lecture notes and discussion questions. These slides will be posted on the class web site. In addition, the instructors may include all or part of your presentation slides and notes in an instructor's guide they are writing for future usable privacy and security courses. Students will work on semester projects in small groups that include students with a variety of areas of expertise. Each project group will propose a project. It is expected that most projects will involve the design of a user study to evaluate the design of an existing or proposed privacy- or security-related system or gain insight into users' attitudes or mental models related to some aspect of security or privacy. Groups with ideas for other types of projects should discuss them with the professors before submitting their project proposals. As part of the project students will: * Submit a one-page project proposal. * Complete an IRB application with all necessary attachments. * Design all questionnaires, scripts, scenarios, interview protocols, etc. necessary to carry out the user study. * Develop any prototypes necessary to carry out the user study. * Test the user study protocol on at least two members of the class and refine it based on these tests. * Give a 10-minute progress report presentation. * Submit a written progress report. * Conduct a pilot study using the revised protocol with at least three members of the class or other people you know as subjects. * Give a 15-minute final project presentation. * Write a paper giving an overview of the proposed study, what you hope to learn from it, what you learned from the pilot study, etc. Your IRB forms, survey forms, etc. should be included as appendices. |
| Class No. | Readings | Topics | In-class materials | Assignments | Comments |
| 1 | Introduction to Usable Privacy and Security | ||||
| 2 | Introduction to HCI Methods | ||||
| 3 | [CG] Ch. 4 | Introduction to Privacy | |||
| 4 | Introduction to Security | ||||
| 5 | [CG] Ch. 17, 33-34 | User Studies I | |||
| 6 | User Studies II *by J. Hyland | ||||
| 7 | [CG] Ch. 1-3, 32 | Usable Privacy and Security *by C. Koranda | |||
| 8 | Project Group Formation | ||||
| 9 | [CG] Ch. 13, 15, 27 | Secure Interaction Design *by K. Vaniea | |||
| 10 | A Case Study in UI Design and Evaluation for Computer Security *by R. Reeder | ||||
| 11 | [CG] Ch. 5, 14, 29 | Trust and Semantic Attacks I *by J. Chalecki | |||
| 12 | Trust and Semantic Attacks II *by P. Kumaraguru | ||||
| 13 | [CG] Ch. 19-21 | Design for Privacy I | |||
| 14 | Design for Privacy II *by R. Shipman | Project Proposal DUE | |||
| 15 | [CG] Ch. 22-23, 26 | Visualizing Privacy I *by S. Sheng | |||
| 16 | Visualizing Privacy II *by J. Tsai | ||||
| 17 | [CG] Ch. 24-25, 28 | Web Browser Privacy and Security *by R. Villamarin | |||
| 18 | Web Browser Privacy and Security II *by S. Egelman | ||||
| 19 | [CG] Ch. 6-8, 12 | Authentication overview | |||
| 20 | Text Passwords *by S. Romanosky | ||||
| 21 | Project Progress Report Presentations | Written Project Progress Reports DUE | |||
| 22 | Project Progress Report Presentations | ||||
| 23 | [CG] Ch. 9-11 | Biometrics *by A. Brooks | |||
| 24 | Graphical Passwords *by K. Pu | ||||
| 25 | PKIs and Secure Communications *by L. Broderick | ||||
| 26 | No class | ||||
| 27 | No class | ||||
| 28 | No class | ||||
| 29 | [CG] Ch. 18 | Tools for Security Administration *by M. Desantis | |||
| 30 | Project Group Meetings |
Georgia Tech Disclaimer. Page contents maintained by the Learning Technology Lab.
Unless noted otherwise, internally-linked contents are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.