05-436 / 05-836 / 08-534 / 08-734 Usable Privacy and Security

Spring 2015: GHC 5222, Tuesdays and Thursdays 3:00pm-4:20pm
Class web site: http://cups.cs.cmu.edu/courses/ups-sp15/
Class mailing list: https://mailman.srv.cs.cmu.edu/mailman/listinfo/ups-class

Professor Lorrie Cranor
Email: lorrie AT cmu DOT edu
Web: http://lorrie.cranor.org/
Phone: 412-268-7534
Office: CIC 2207
Office hours: By appointment

Blase Ur
Email: blase AT blaseur DOT com
Web: http://www.blaseur.com/
Phone: --
Office: CIC 2222 (cubicles)
Office hours: By appointment

Rich Shay
Email: rich AT richshay DOT com
Web: http://www.richshay.com/
Phone: --
Office: CIC 2222 (cubicles)
Office hours: By appointment

Students in this course may also be interested in joining the CUPS mailing list.

This course does not use Blackboard.

Course Description

There is growing recognition that technology alone will not provide all of the solutions to security and privacy problems. Human factors play an important role in these areas, and it is important for security and privacy experts to have an understanding of how people will interact with the systems they develop. This course is designed to introduce students to a variety of usability and user-interface problems related to privacy and security and to give them experience in understanding and designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course is suitable both for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. Much of the course will be taught in a graduate seminar style in which all students will be expected to do reading assignments for each class. Students will also work on a group project throughout the semester.

The course is open to all graduate students who have technical backgrounds. The 12-unit course numbers (08-734 and 5-836) are for PhD students and masters students. Students enrolled in these course numbers will be expected to play a leadership role in a group project that produces a paper suitable for publication. The 9-unit 500-level course numbers (08-534 and 05-436) are for juniors, seniors, and masters students. Students enrolled in these course numbers will have less demanding project and presentation requirements.


Readings will be assigned from the following text (available in the CMU bookstore and from all the usual online stores):

Additional readings will be assigned from papers available online or handed out in class. In cases where a subscription is required for access, access should be available for free when you are coming from a CMU IP address (on campus or via CMU VPN).

Course Schedule

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.




To be done before coming to class

Tuesday, January 13

01. Course overview and introductions (Lorrie) [SLIDES]

No readings for this class.

Thursday, January 15

02. Introduction to security; usable encryption (Blase) [SLIDES]

Optional reading:

Tuesday, January 20

03. Reasoning about the human in the loop (Lorrie) [SLIDES | Privacy Illustrated]

Optional reading:

Thursday, January 22

04. Introduction to privacy; the difficulty of measuring privacy (Lorrie) [SLIDES]

Homework 1 due

Optional reading:

Tuesday, January 27

05. Introduction to experimental design: overview of methods, ethics/deception, and ecological validity (Blase) [SLIDES]

Optional reading:

Thursday, January 29

06. Introduction to crowdsourced studies (Rich) [SLIDES]

Homework 2 due

Discuss course projects in class

Optional reading:

Tuesday, February 3

07. Qualitative studies: surveys, interviews, focus groups, and diary studies (Blase) [SLIDES]

Optional reading:

Thursday, February 5

08. Usable privacy and security in the home; analyzing qualitative data (Blase) [SLIDES]

Homework 3 due

Project preference forms also due

Optional reading:

Tuesday, February 10

09. Practicalities of research: IRBs and teamwork (Lorrie)

Project teams assigned (no written assignment)

No readings for this class.

Thursday, February 12

10. Quantitative data collection; field studies; hypothesis testing; simulating attack scenarios (Rich) [SLIDES]

Homework 4 due

Optional reading:

Tuesday, February 17

11. Security warnings (Lorrie) [SLIDES]

Project proposal due

Optional reading:

Thursday, February 19

12. Analyzing quantitative data with statistics (Blase) [SLIDES]

Homework 5 due

Optional reading:

Tuesday, February 24

13. Text passwords; graphical passwords (Rich) [SLIDES]

  • [Required for 9-unit and 12-unit students] Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. Measuring Password Guessability for an Entire University. In Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, 2013. (CCS '13)

Optional reading:

Thursday, February 26

14. Authentication in practice: challenge questions, two-factor auth, and biometrics (Rich) [SLIDES]

Homework 6 due

IRB applications must be submitted to the IRB no later than this date

Optional reading:

Tuesday, March 3

15. SSL, PKIs, and secure communication (Blase) [SLIDES]

Optional reading:

Thursday, March 5

16. In-class midterm exam 1

No readings for this class.

Tuesday, March 10

No class due to spring break

No readings for this class.

Thursday, March 12

No class due to spring break

No readings for this class.

Tuesday, March 17

17. Usability of privacy policies and the dimensions of privacy notice (Joint lecture by Lorrie and special guest Florian Schaub) [SLIDES]

Optional reading:

Thursday, March 19

18. Designing a usable, short-form privacy notice (Blase) [SLIDES]

Homework 7 due

Tuesday, March 24

19. Progress report presentations (Lorrie)

Project progress report due

Thursday, March 26

20. Progress report presentations (Lorrie)

No readings for this class.

Tuesday, March 31

21. Privacy and security for mobile and ubicomp devices (Lorrie) [SLIDES]

Optional reading:

Thursday, April 2

22. Making privacy and anonymity tools usable (Blase) [SLIDES]

Homework 8 due

Optional reading:

Tuesday, April 7

23. Designing privacy tools for web browsing (Guest lecture by Pedro Leon) [SLIDES]

Optional reading:

Thursday, April 9

24. Social networks and privacy (Guest lecture by Manya Sleeper) [SLIDES]

Homework 9 due

  • [Required for 9-unit and 12-unit students] Maritza Johnson, Serge Egelman, and Steven M. Bellovin. Facebook and Privacy: It's Complicated. In Proceedings of the Eighth Symposium on Usable Privacy and Security, 2012. (SOUPS '12)

Optional reading:

Tuesday, April 14

25. User education/training; anti-phishing; behavioral economics (Lorrie) [SLIDES]

  • [Required for 9-unit and 12-unit students] Rachna Dhamija, J. D. Tygar, and Marti Hearst. Why Phishing Works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006. (CHI '06)

Optional reading:

Thursday, April 16

No class due to Carnival

No readings for this class.

Tuesday, April 21

26. In-class midterm exam 2

No readings for this class.

Thursday, April 23

27. Access control and policy configuration (Lorrie) [SLIDES]

Homework 10 due

Optional reading:

Tuesday, April 28

28. Mental models and folk models of security; non-US perspectives in research; the usability of software updates (Rich) [SLIDES]

Optional reading:

Thursday, April 30

29. Usable privacy and security in safety-critical devices (Blase) [SLIDES]

Optional reading:

Monday, May 11th, 1:00pm - 4:00pm (Final exam period)



Course Requirements and Grading

You are responsible for being familiar with the university standard for academic honesty and plagiarism. Please see the CMU Student Handbook for information. In order to deter and detect plagiarism, online tools and other resources may be used in this class. Students caught cheating or plagiarizing will receive no credit for the assignment on which the cheating occurred. Additional actions -- including assigning the student a failing grade in the class or referring the case for disciplinary action -- may be taken at the discretion of the instructors.

Your final grade in this course will be based on:

This class will have no final exam. However, the scheduled final exam period (Monday, May 11th, 1:00pm - 4:00pm) will be used for final project presentations. You are required to be present for your group's final presentation during the exam period.


All homework is due in printed form in class at 3:00 PM each Thursday, unless specified otherwise on the schedule above. Homework may not be submitted after 3:05 pm, and we do not accept late homework. Your single lowest homework grade will be dropped from your homework average.

Students taking the 12-unit version of the course will be asked to submit a short summary (3-7 sentences) and a "highlight" for particular readings specified in each homework assignment. The highlight may be something you found particularly interesting or noteworthy, a question you would like to discuss in class, a point you disagree with, etc.

Readings and Quizzes

Students are expected to complete the assigned reading prior to class so that they can participate fully in class discussions. To verify that students have completed the assigned reading, each class will begin with a short quiz. The quizzes will cover major points of the readings, including methodological techniques, findings, high-level takeaways, and major recommendations the authors made. Your single lowest quiz grade will be dropped.

Students taking the 12-unit version of this course are expected to do additional readings each week. In some cases, we will specify which extra reading(s) to do. In other cases, we will specify that students can choose from any of the optional readings for the week. All other students are encouraged to review some of the optional readings that they find interesting, but they need not submit summaries or highlights of the optional readings.


We will hold two in-class midterms during the course. These midterms will be centered around designing experiments, interpreting results, and analyzing research claims related to usable privacy and security. In essence, performing well on these exams will require that you apply the skills you learn in this course, rather than remembering trivia. The best way to prepare for these exams is to critically read all of the assigned papers for the course and to be an engaged participant in class discussions and in-class design assignments throughout the semester.


Students will work on semester projects in small groups that include students with a variety of areas of expertise. A choice of projects will be provided, and students will be given an opportunity to indicate their preferences before projects are assigned. Students who have their own ideas for projects should discuss them with the instructors early in the semester. As part of the project students will:

Students are encouraged to submit their project as a poster to the 2015 Symposium On Usable Privacy and Security, and/or as a full paper to SOUPS 2016 or another conference. A paper submission will likely require additional work after the end of the semester. To submit a poster will only require submitting a 2-page abstract. Professor Cranor will provide funds for one student from each project team to attend the SOUPS conference if their paper or poster is accepted.

Students signed up for the 12-unit version of this course are expected to play a leadership role in a project group that writes a project paper suitable for publication. Your final paper should be written in a style suitable for publication at a conference or workshop. The conference papers in the readings provide good examples of what a conference paper looks like and the style in which they are written. In addition to describing what you did in your study, your paper should include a related work section and properly-formatted references. Papers should follow the SOUPS 2015 technical papers formatting instructions. However, your report for the class need not adhere to the SOUPS page limits and should not be a blind submission; please include the names of the authors for the purposes of the class project.