| Instructor: | Habiba Farrukh |
| Credits: | 4 |
| Lectures: | TuTh 2:00 - 3:20 PM, DBH 1300 |
| Class space: | Canvas |
| Office hours: |
By appointment |
Course Description
The increasing security and privacy incidents, including phishing, identity thefts, and attacks on consumer smart devices, highlight the growing need to establish a continuous and in-depth understanding of users’ critical and undeniable role in these situations. This course will examine how to design for security and privacy from a user-centered perspective by combining insights from computer systems and human-centered computing. The course will explore several challenges in integrating usability into core security and privacy systems design and introduce techniques to address these challenges. Topics will include usable authenti- cation, user-centered web security, anonymity software, privacy notices and nudges, security warnings, and data-driven privacy tools in domains ranging from social media to the Internet of Things.
Although there are no hard requirements, the course is most suitable for students with a technical background (e.g., an undergraduate computer programming course).
Grading
There will be no exams. Instead, the grade will be based on the following:Reading Summaries (10%) – For most sessions, students are expected to read and submit a thoughtful commentary on the readings assigned for the sessions. The summaries will be due at 11:59 pm PDT before each class via Canvas Assignments. Please find out more details here.
Homeworks (10%) – There will be a few written homeworks.
Active class participation (10%) - All students are expected to fully participate in all class activities to gain the most benefits from the class. Students should come to class prepared to discuss any assigned readings and provide their perspectives on these readings. Students are also expected to participate in group discussions and other in-class activities. The effectiveness of the course depends on the quality of student participation, willingness to internalize the skills and concepts covered in the course, and efforts to apply them to real-world settings.
Paper presentation and discussion lead (20%) – Depending on the number of students enrolled, each student is expected to sign up to lead the discussion for one of the assigned readings in one session. The discussion lead in a session will not be expected to submit the reading summaries for that session. Please find out more details about the discussion lead's tasks here.
Research Project (50%) – Throughout the course, students will work in small groups (up to 4 students) to conduct a research project. Students will have the option to choose from a list of potential project topics or propose their own research idea after discussion with the instructor. At the end of the course, students will write a research report on the project (publishable in a security and privacy workshop/conference) and present their progress to the class. Students are encouraged to submit their research as a full paper or a poster to a security and privacy (e.g., IEEE S&P, USENIX) venue. Submitting a full paper to these venues requires additional work beyond the quarter. The instructor will mentor students interested in continuing their research projects and submitting them to the appropriate venues. Please find out more details about project guidelines and deliverables here.
Schedule
The tentative list of topics and schedule is given below. The topics and the weeks in which they are presented might change in the future. Please check back here frequently.
Most papers should be publicly accessible online. If any links are broken below, please notify the instructor. If accessing any papers requires a paid subscription, you can access them for free on-campus by connecting to campus WiFi. For off-campus access, please try UCI VPN.
| Week | Date | Topic | Assignment |
|---|---|---|---|
| Week 1 | 09/26/2024 | Course Introduction | |
| Week 2 | 10/01/2024 | Usable Security and Privacy | Homework 0 Due |
| 10/03/2024 | Usability Design and Experiments | ||
| Week 3 | 10/08/2024 | IRB & Recruitment | |
| 10/10/2024 | Quantitative Analysis Methods | ||
| Week 4 | 10/15/2024 | Qualitative Analysis Methods | |
| 10/17/2024 | Project Proposal Presentations | ||
| Week 5 | 10/22/2024 | Security and Privacy of At-Risk Groups | Project Proposals Due |
| 10/24/2024 | Access Control and Authentication | ||
| Week 6 | 10/29/2024 | Security and Privacy Nudges and Warnings | |
| 10/31/2024 | Accessibility in Security and Privacy | ||
| Week 7 | 11/05/2024 | Deceptive Patterns in Security and Privacy | Homework 1 Due |
| 11/07/2024 | Usable Security for Extended Reality | ||
| Week 8 | 11/12/2024 | Usable Security for AI-Enabled Technologies | |
| 11/14/2024 | Usable Security for Developers | ||
| Week 9 | 11/19/2024 | Project Checkin | Homework 2 Due |
| 11/21/2024 | Emerging Topics in Usable Security and Privacy | ||
| Week 10 | 11/26/2024 | Emerging Topics in Usable Security and Privacy | |
| 11/28/2024 | Thanksgiving - No Class | ||
| Week 11 | 12/03/2024 | Project Presentations | |
| 12/05/2024 | Project Presentations | ||
| Week 12 | 12/11/2024 | Project Final Reports Due |
Academic Integrity
Learning, research, and scholarship depend upon an environment of academic integrity and honesty. This environment can be maintained only when all participants recognize the importance of upholding the highest ethical standards. All student work, including quizzes, exams, reports, and papers, must be the work of the individual receiving credit. Academic dishonesty includes, for example, cheating on examinations or any assignment, plagiarism of any kind (including improper citation of sources), having someone else take an examination or complete an assignment for you (or doing this for someone else), or any activity in which you represent someone else’s work as your own. Violations of academic integrity will be referred to the Office of Academic Integrity and Student Conduct. The impact on your grade will be determined by the individual instructor’s policies. Please familiarize yourself with UCI’s Academic Integrity Policy and speak to the instructor if you have any questions about what is and is not allowed in this course.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this class, we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter and spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and expulsion from the university.
When in doubt, please contact the instructor for advice. Do not undertake any action that could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.