05-899 / 08-534 / 08-734 Usable Privacy and Security

Spring 2008: Wean 4615A, Mondays and Wednesdays 1:30-2:50 pm
Class web site: http://cups.cs.cmu.edu/courses/ups-sp08/
Class mailing list: http://cups.cs.cmu.edu/mailman/listinfo/ups

Students in this course may also be interested in joining the CUPS mailing list.

Professor: Lorrie Cranor

• Email: lorrie AT cs DOT cmu DOT edu
• Web: http://lorrie.cranor.org/
• Phone: 412-268-7534
• Office: CIC 2207
• Office hours: Mondays 3-4:30 pm and by appointment (no office hours 1/14, 3/17, 4/7)

There is growing recognition that technology alone will not provide all of the solutions to security and privacy problems. Human factors play an important role in these areas, and it is important for security and privacy experts to have an understanding of how people will interact with the systems they develop. This course is designed to introduce students to a variety of usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course is suitable both for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. Much of the course will be taught in a graduate seminar style in which all students will be expected to do a weekly reading assignment and each week different students will prepare a presentation for the class. Students will also work on a group project throughout the semester.

Readings will be assigned from the following text (available in the CMU bookstore and from all the usual online stores). Additional readings will be assigned from papers available online or handed out in class.

• Security and Usability: Designing Secure Systems that People Can Use, edited by Lorrie Cranor and Simson Garfinkel

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.

Week 1 (January 14, 16): Course overview / Introduction to usable privacy and security

• January 14: Introductions, review syllabus and course policies, course overview, introduce project [slides]
• January 16: Understanding the human in the loop [slides]

Week 2 (January 23): Introduction to Human-Computer Interaction

• January 21: Martin Luthor King Jr. Day - No class
• January 23: Introduction to HCI - Guest speaker, Jason Hong [slides]
• Reading assignment:
  • Chapter 1 Psychological Acceptability Revisited
  • Chapter 2 The Case for Usable Security
  • Chapter 3 Design for Usability
• Optional readings:
• Chapter 32 Users are not the Enemy
• Designing for Usability: Key Principles and What Designers Think, by John D. Gould and Clayton Lewis, in Communications of the ACM 28, 3 (Mar. 1985), pp. 300 - 311.
• S. Furnell. Making security usable: Are things improving? Computers & Security Volume 26, Issue 6, September 2007, Pages 434-443
• J. Johnston, J. H. P. Eloff and L. Labuschagne. Security and human computer interfaces. Computers & Security Volume 22, Issue 8, December 2003, Pages 675-684.
• All students who have not completed human subjects training should do so this week and submit a copy of their certificate (counts as one homework).

Week 3 (January 28, 30): Introduction to privacy / UI design and evaluation

• January 28: Introduction to privacy [slides]
• January 30: User interface design and evaluation case study - Guest speaker - Rob Reeder [slides]
• Reading assignment:
• Chapter 13 Goals and Strategies for Secure Interaction Design
• Chapter 33 Usability and Privacy: A Study of Kazaa P3P File Sharing
• Chapter 34 Why Johnny Can't Encrypt
• Optional readings:
• L. Cranor. 'I Didn't Buy it for Myself': Privacy and Ecommerce Personalization. In Clare-Marie Karat, Jan O. Blom, and John, Karat, eds. Designing Personalized User Experiences in eCommerce. Kluwer Academic Publishers, 2004.
• Giovanni Iachello Jason Hong (2007) "End-User Privacy in Human-Computer Interaction", Foundations and Trends in Human-Computer Interaction: Vol. 1: No 1, pp 1-137. http:/dx.doi.org/10.1561/1100000004
• R. Maxion and R. Reeder. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies Volume 63, Issues 1-2 , July 2005, p. 25-50.
• Brustoloni, J. C. and Villamarin-Salomon, R. 2007. Improving security decisions with polymorphic and audited dialogs. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 76-85. DOI= http://doi.acm.org/10.1145/1280680.1280691

Week 4 (February 4, 6): Introduction to HCI methods and security

• February 4: Introduction to HCI methods - Guest speaker, Brad Myers [slides]
• February 6: Introduction to security - Guest speaker, Lujo Bauer [slides]
• Reading assignment:
• Chapter 4 Usability Design and Evaluation for Privacy and Security Solutions
• Chapter 17 Simple Desktop Security with Chameleon
• Chapter 27 Creating Usable Security Products for Consumers
• Optional readings:
• James Hom, The Usability Methods Toolbox.
• Nielsen, J. and Molich, R. 1990. Heuristic evaluation of user interfaces. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: Empowering People (Seattle, Washington, United States, April 01 - 05, 1990). J. C. Chew and J. Whiteside, Eds. CHI '90. ACM, New York, NY, 249-256. DOI= http://doi.acm.org/10.1145/97243.97281
• Brad A. Myers. Challenges of HCI Design and Implementation, ACM Interactions. vol. 1, no. 1. January, 1994. pp. 73-83.
• A. DeWitt and J. Klujis. Aligning Usability and Security: A usability study of Polaris. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• J. Nielsen. Guerrilla HCI: Using Discount Usability Engineering to Penetrate the Intimidation Barrier, 1994.
• W. Keith Edwards, Erika Shehan and Jennifer Stoll, Security Automation Considered Harmful? Proceedings of the IEEE New Security Paradigms Workshop (NSPW 2007). White Mountain, New Hampshire. September 18-21, 2007.

Week 5 (February 11, 13): User studies / Project group formation

• February 11: Designing user studies [slides]
• February 13: Observations discussion and project group formation
• Observations of people using technology due February 13 (counts as one homework)
• Project groups will be formed in class on February 13. If you have an idea for a project, come to class prepared to pitch it to your classmates.

Week 6 (February 18, 20: Privacy

• February 18: Design for Privacy [slides]
• February 20: Privacy and mobile and ubiquitous computing [student: Sunshine] [slides]
• Reading assignment:
• Chapter 19 Privacy Issues and Human-Computer Interaction
• Chapter 20 A User-Centric Privacy Space Framework
• Chapter 21 Five Pitfalls in the Design for Privacy
• Optional readings:
• Christena Nippert-Eng, Privacy in the United States: Some Implications for Design, International Journal of Design, 1(2), 1-10.
• G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. Abowd. Developing Privacy Guidelines for Social Location Disclosure Applications and Services. In Proceedings of the Symposium On Usable Privacy and Security 2005, Pittsburgh, PA, July 6-8, 2005.
• Tor GUI design competition overview, entries, and judges' comments
• C. Jensen, C. Potts, and C. Jensen. Privacy practices of Internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies Volume 63, Issues 1-2, July 2005, p. 203-227.
• Hong, J.I., J. Ng, and J.A. Landay. Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems. In Proceedings of Designing Interactive Systems (DIS2004). Boston, MA. pp. 91-100 2004.
• Iachello, G., Truong, K. N., Abowd, G. D., Hayes, G. R., and Stevens, M. 2006. Prototyping and sampling experience to evaluate ubiquitous computing privacy in the real world. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montreal, Quebec, Canada, April 22 - 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 1009-1018
• Tang, K. P., Keyani, P., Fogarty, J., and Hong, J. I. 2006. Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montreal, Quebec, Canada, April 22 - 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 93-102.
• Consolvo, S., Smith, I. E., Matthews, T., LaMarca, A., Tabert, J., and Powledge, P. 2005. Location disclosure to social relations: why, when, & what people want to share. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Portland, Oregon, USA, April 02 - 07, 2005). CHI '05. ACM, New York, NY, 81-90.
• Khalil, A. and Connelly, K. 2006. Context-aware telephony: privacy preferences and sharing patterns. In Proceedings of the 2006 20th Anniversary Conference on Computer Supported Cooperative Work (Banff, Alberta, Canada, November 04 - 08, 2006). CSCW '06. ACM, New York, NY, 469-478.

Week 7 (February 25, 27): Privacy

• February 25: Privacy policies - Guest speakers, Janice Tsai and Aleecia McDonald [McDonald slides]
• February 27: Privacy software [student: Mallios (first half of class)] [slides]
• Reading assignment:
• Chapter 22 Privacy Policies and Privacy Preferences
• Chapter 23 Privacy Analysis for the Casual User Through Bugnosis
• Chapter 26 Anonymity Loves Company: Usability and the Network Effect
• Optional readings:
• N. Good, R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In Proceedings of the Symposium On Usable Privacy and Security 2005, Pittsburgh, PA, July 6-8, 2005.
• B. Kowitz and L. Cranor. Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005 Workshop on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA, pp. 90-96.
• C. Brodie, C. Karat, and J. Karat. An Empirical Study of Natural Language Parsing of Privacy Policy Rules Using the SPARCLE Policy Workbench. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My!. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction, June 2006.
• Evolution of a Prototype Financial Privacy Notice - Report by Kleimann Communication Group for the FTC, 28 February, 2006.
• J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Paper presented at the Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.

Week 8 (March 3, 5): Web browser privacy and security

• March 3: Web browser privacy and security [student: Mohindra (first half of class)] [slides]
• March 5: Guest speaker, Cynthia Kuo [slides]
• Reading assignment:
• Chapter 24 Informed Consent by Design
• Chapter 25 Social Approaches to End-User Security and Privacy Management
• Chapter 28 Firefox and the Worry-free Web
• Optional readings:
  • H. Xia and J. Brustoloni. Hardening Web browsers against man-in-the-middle and eavesdropping attacks. In Proceedings of the 14th international conference on World Wide Web, Chiba, Japan, 2005.
  • Blake Ross, Collin Jackson, Nicholas Miyake, Dan Boneh and John C. Mitchell Stronger Password Authentication Using Browser Extensions. Proceedings of the 14th Usenix Security Symposium, 2005.
  • Clark, J., van Oorschot, P. C., and Adams, C. 2007. Usability of anonymous web browsing: an examination of Tor interfaces and deployability. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 41-51. DOI= http://doi.acm.org/10.1145/1280680.1280687

Spring Break

Week 9 (March 17, 19): Trust and semantic attacks

• March 17: Trust and semantic attacks - Guest speaker, Ponnurangam Kumaraguru [slides]
• March 19: Security indicators and warnings [student: Johns (first half of class)] [slides]
• Reading assignment:
• Chapter 5 Designing Secure Systems that People will Trust
• Chapter 14 Fighting Phishing at the User Interface
• Chapter 29 Usability and Security at Microsoft
• Optional readings:
• S. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies. 2007 IEEE Symposium on Security and Privacy, May 20-27, 2007, Oakland California. - Also read Andrew Patrick's Commentary on Research on New Security Indicators
• Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., and Nunge, E. 2007. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 88-99. DOI= http://doi.acm.org/10.1145/1280680.1280692
• P. Kumaraguru, Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. Cranor and J. Hong. Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer. Proceedings of the 2nd Annual eCrime Researchers Summit, October 4-5, 2007, Pittsburgh, PA, p. 70-81.
• S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. CHI 2008.
• R. Dhamija and J.D. Tygar. The Battle Against Phishing: Dynamic Security Skins. In Proceedings of the Symposium On Usable Privacy and Security 2005, Pittsburgh, PA, July 6-8, 2005.
• M. Wu, R. Miller, and S. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? In Proceedings of CHI 2006, Montreal, Quebec, Canada, April 22-28, 2006.
• User Study for the Web Wallet Prototype from the SOUPS 2006 Security User Studies Workshop User Studies Construction Kits collection
• R. Dhamija, J.D. Tygar, and M. Hearst. Why Phishing Works. In Proceedings of CHI 2006, Montreal, Quebec, Canada, April 22-28, 2006.
• J. Downs, M. Holbrook, and L. Cranor. Decision Strategies and Susceptibility to Phishing. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• A. Fu, X. Deng, W. Liu, and G. Little. The Methodology and an Application to Fight Against Unicode Attacks. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• M. Wu, R. Miller, and G. Little. Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• Jagatic, T., Johnson, N., Jakobsson, M., Menczer, F. Social Phishing. Commun. ACM. To appear.
• M. Wu. 2006. Fighting Phishing at the User Interface. Thesis submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering at the Massachusetts Institute of Technology.
• Tec-Ed Whitepaper. Extended Validation and the VeriSign Brand. See also SSL and VeriSign Secured Seal Success Stories

Week 10 (March 24, 26): Authentication and access control overview / text passwords

• March 24: Authentication and access control overview [slides]
• March 26 Text passwords [student: Almuhimedi (first half of class)] [slides]
• Reading assignment:
• Chapter 6 Evaluating Authentication Mechanisms
• Chapter 7 The Memorability and Security of Passwords
• Chapter 8 Designing Authentication Systems with Challenge Questions
• Optional readings:
• Chapter 12 The Usability of Security Devices
• K. Yee and K. Sitaker. Passpet: Convenient password management and phishing protection. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• Kumar, M., Garfinkel, T., Boneh, D., and Winograd, T. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 13-19. DOI= http://doi.acm.org/10.1145/1280680.1280683
• S. Gaw and E. Felten. Password Management Strategies for Online Accounts. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• C. Kuo, S. Romanosky, and L. Cranor. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• Niklas Frykholm and Ari Juels, Error-Tolerant Password Recovery. In P. Samarati, ed., Eighth ACM Conference on Computer and Communications Security, pp. 1-8. ACM Press. 2001.
• Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford. CAPTCHA: Using Hard AI Problems for Security. In Advances in Cryptology, Eurocrypt 2003.
• Passwords Chapter 3 of Security Engineering by Ross Anderson
• Bruce Schneier. Real-World Passwords. Crypto-Gram Newsletter, December 15, 2006.
• D. Ferraiolo, D. Gilbert and N. Lyncho. Assessing Federal and Commercial Information Security Needs. NIST Technical Report, November 1992.

Week 11 (March 31, April 2): Project progress report presentations

• March 31: Project progress report presentations [groups TBA]
• April 2: Project progress report presentations [groups TBA]
• Written project progress reports due March 31

Week 12 (April 7, 9): CHI 2008

• April 7: CHI2008 - no class
• May 4: CHI2008 - no class

Those of you not attending CHI should use the time to meet with your groups and work on your projects

Week 13 (April 14, 16): Biometrics / Graphical passwords

• April 14: Biometrics [student: O'Meara (first half of class)] [slides]
• Reading assignment:
• Chapter 9 Graphical Password Schemes
• Chapter 10 Biometric Authentication
• Chapter 11 Identifying Users from Their Typing Patterns
• Optional readings:
• Chiasson, S., Biddle, R., and van Oorschot, P. C. 2007. A second look at the usability of click-based graphical passwords. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 1-12. DOI= http://doi.acm.org/10.1145/1280680.1280682
• Dirik, A. E., Memon, N., and Birget, J. 2007. Modeling user choice in the PassPoints graphical password scheme. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 20-28. DOI= http://doi.acm.org/10.1145/1280680.1280684
• Moncur, W. and Leplatre, G. 2007. Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (San Jose, California, USA, April 28 - May 03, 2007). CHI '07. ACM, New York, NY, 887-894. DOI= http://doi.acm.org/10.1145/1240624.1240758.
• S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In Proceedings of the Symposium On Usable Privacy and Security 2005, Pittsburgh, PA, July 6-8, 2005.
• A. De Angeli, L. Coventry, G. Johnson, and K. Renaud. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies Volume 63, Issues 1-2, July 2005, Pages 128-152.
• X. Suo and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of the 21st Annual Computer Security Applications Conference December 5-9, 2005, Tucson, Arizona.
• F. Tari, A. Ozok, and S. Holden. A Comparison of Perceived and Real Shoulder-surfing Risks Between Alphanumeric and Graphical Passwords. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.
• Biometrics Chapter 13 of Security Engineering by Ross Anderson
• Rachna Dhamija and Adrian Perrig, Deja Vu: A User Study Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium, August 2000, Denver, Colorado.
• Dunphy, P. and Yan, J. 2007. Do background images improve "draw a secret" graphical passwords?. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007). CCS '07. ACM, New York, NY, 36-47. DOI= http://doi.acm.org/10.1145/1315245.1315252
• Papers from the NIST Biometrics and usability web site

Week 14 (April 21, 23): Access control and configuration / Tools for security administration

• April 21: Guest speaker - Kami Vaniea [slides]
• April 23: Tools for security administration [student: Bhan] [slides]
• Reading assignment:
• Chapter 18 Security Administration Tools and Practices
• G. Conti, M. Ahamad, and J. Stasko. Attacking Information Visualization System Usability Overloading and Deceiving the Human. In Proceedings of the Symposium On Usable Privacy and Security 2005, Pittsburgh, PA, July 6-8, 2005.
• Optional readings:
• Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64-75, July 2007.
• Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea. A user study of policy creation in a flexible access-control system. In CHI 2008: Conference on Human Factors in Computing Systems, April 2008.
• Robert W. Reeder, Lujo Bauer, Lorrie Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. Expandable grids for visualizing and authoring computer security policies.
• Almut Herzog, and Nahid Shahmehri. Security and Usability of Personal Firewalls. Proceedings of the IFIP TC-11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa.
• C. Kuo, V. Goh, A. Tang, A. Perrig, and J. Walker. Empowering Ordinary Consumers to Securely Configure Their Mobile Devices and Wireless Networks. Carnegie Mellon CyLab Technical Report CMU-CyLab-05-005. December 7, 2005.
• Yurcik, W., Thompson, R. S., Twidale, M. B., and Rantanen, E. M. 2007.If you can't beat 'em, join 'em: combining text and visual interfaces for security-system administration. interactions 14, 1 (Jan. 2007), 12-14.
• Botta, D., Werlinger, R., Gagne, A., Beznosov, K., Iverson, L., Fels, S., and Fisher, B. 2007. Towards understanding IT security professionals and their tools. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 100-111. DOI= http://doi.acm.org/10.1145/1280680.1280693

Week 15 (April 28, 30): PKIs and secure communications

• April 28: PKIs and secure communications [student: Studer] [slides]
• April 30: Guest speaker - Patrick McGregor - "Realities and Challenges of Enterprise Data Control"
• Reading assignment:
• Chapter 16 Making the Impossible Easy: Usable PKI
• Chapter 30 Embedding Security in Collaborative Applications: A Lotus/Domino Perspective
• Optional readings:
• Chapter 31 Achieving Usable Security in Groove Virtual Office
• Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express
• The Johnny 2 Construction Kit for Testing Email Security from the SOUPS 2006 Security User Studies Workshop User Studies Construction Kits collection
• Compliance Defects in Public-Key Cryptography
• Shirley Gaw, Edward W. Felten, Patricia Fernandez-Kelly. Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted E-Mail. Proceedings of CHI 2006 Conference on Human Factors in Computing Systems, 2006.

This class will have no final exam, however, the final exam period May 6, 8:30-11:30 am will be used for final project presentations. Final project papers will be due May 9 at 4pm.

You are responsible for being familiar with the university standard for academic honesty and plagiarism. Please see the CMU Student Handbook for information. In order to deter and detect plagiarism, online tools and other resources are used in this class. Students caught cheating or plagiarizing will receive no credit for the assignment on which the cheating occurred. Additional actions -- including assigning the student a failing grade in the class or referring the case for disciplinary action -- may be taken at the discretion of the instructors.

Your final grade in this course will be based on:

• 25% Homework
• 25% Lecture
• 50% Project

Homework

Homework assignments for this class will include reading summaries as well as written assignments. All homework is due in printed form in class at 1:30 pm each Monday (unless otherwise specified). Homework submitted after 1:45 pm will be considered late. Homework will be graded as check-plus (100%), check (80%), check-minus (60%) or 0. Late homework will receive one grade lower than it would have otherwise received if it is submitted no later than at the beginning of the next class meeting (after that it will not be accepted). Your two lowest homework grades will be dropped from your homework average.

Students are expected to do reading assignments prior to class so that they can participate fully in class discussions. Students must submit a short summary (3-8 sentences) and a "highlight" for each chapter or article in the reading assignment. The highlight may be something you found particularly interesting or noteworthy, a question you would like to discuss in class, a point you disagree with, etc.

Students in 08-734 and 05-899 are expected to include a summary and highlight for one optional reading of their choice each week. All other students are encouraged to review some of the optional readings that they find interesting, but they need not submit summaries or highlights of the optional readings.

Lecture

Each student will be assigned a class lecture to prepare and present. The lecture should be based on the topics covered in that week's reading assignment, but it should go beyond the materials in the required reading. Do not present a lecture that simply summarizes the assigned reading. For example, you might read and present some of the related work mentioned in the reading or that you find on your own (the HCISec Bibliography is a good starting point for finding papers), you might present some of the relevant optional reading materials (feel free to use relevant materials from other weeks), you might demonstrate software mentioned in the reading, you might critique a design discussed in the reading, or you might design a class exercise for your classmates. If the material you present describes a user study, include a detailed description and critique of the study design. As part of your lecture you should prepare several discussion questions and lead a class discussion. You should also introduce your fellow students to terminology and concepts they might not be familiar with that are necessary to understand the material you are presenting. You should email to the instructor a set of PowerPoint slides including lecture notes and discussion questions. These slides will be posted on the class web site. In addition, the instructor may include all or part of your presentation slides and notes in an instructor's guide for future usable privacy and security courses.

Students in 08-734 and 05-899 will be assigned all or most of a class period for their lecture. Students in 08-534 will be assigned a time slot of no more than 30 minutes.

Project

Students will work on semester projects in small groups that include students with a variety of areas of expertise. Each project group will propose a project. It is expected that most projects will involve the design of a user study to evaluate the design of an existing or proposed privacy- or security-related system or gain insight into users' attitudes or mental models related to some aspect of security or privacy. Groups with ideas for other types of projects should discuss them with the instructor before submitting their project proposals. As part of the project students will:

• Submit a one-page project proposal by March 5. The proposal should describe the system you propose to design or evaluate, discuss what you hope to learn from your user study and/or the hypotheses you plan to test, and provide and overview of your preliminary user study plan (what types of tasks will you have participants do? what types of people will you recruit? will you use a finished software product, prototype, paper prototype, etc. in your user study? will this be a between-subjects or within-subjects study?)
• Complete an IRB application with all necessary attachments and submit it to IRB as early in the semester as possible.
• Design all questionnaires, scripts, scenarios, interview protocols, etc. necessary to carry out the user study.
• Develop any prototypes necessary to carry out the user study.
• Test the user study protocol on at least two people (can be members of the class from other project groups) and refine it based on these tests.
• Give a 10-15 minute progress report presentation on March 31 or April 2.
• Submit a written progress report by March 31. Your written progress report and presentation should describe your progress to date and any problems you have run into that you would like some advice on. In addition, the written report should include a revised user study plan and the details of your initial pilot user study, including the study design and scripts (and results if you have already completed the initial study)
• Conduct a study using the revised protocol with at least 6 subjects. (Optionally, you can conduct a larger study that would be likely to lead to publishable results. If your study has only 6 subjects, most likely this will be useful mostly as a pilot study, and should be positioned as such in your paper.)
• Give a 15-minute final project presentation during the final exam period.
• Write a paper giving an overview of the proposed study, what you hope to learn from it, what you learned from the pilot study, etc. and submit it by May 9 at 4 pm in both electronic and printed form. Your IRB forms, survey forms, etc. should be included as appendices.
• Submit a poster abstract to SOUPS (and turn in a copy with your paper on May 9). [Take a look at the SOUPS 2007 web site for examples of poster abstracts.]

Students signed up for 5-899 and 08-734 are expected to play a leadership role in a project group and write a project paper suitable for publication. Unless your group has only 08-534 students in it, that means your final paper should be written in a style suitable for publication at a conference or workshop. The conference papers in the optional readings provide some good examples of what a conference paper looks like and the style in which they are written. In addition to describing what you did in your study, your paper should include a related work section and properly-formatted references. Papers should follow the SOUPS 2008 technical papers formatting instructions, but you may include appendixes that exceed the 12 page limit and do not follow the SOUPS formatting guidelines (indeed, your required appendixes should exceed this limit). If you have identified an alternative relevant conference and would prefer to use that conference's submission format for your paper, please discuss it with the instructor.