CS 4980, Security meets Usability, Spring 2022
| Week 1 | Feb 3 |
| Weekly Theme - Privacy and Usability: I'm All Eyes and Ears: Exploring Effective Locators for Privacy Awareness in IoT Scenarios Y Song, Y Huang, Z Cai, JI Hong Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit T Li, E Louie, L Dabbish, JI Hong Proceedings of the ACM on Human-Computer Interaction 4 (CSCW3), 1-28 Assignment: Summaries of papers, approximately one page each summary |
|
| Week 2 | Feb 10 (or Feb 13, as the case may be) |
|
Weekly Theme - Interesting User Groups (special security concerns, plus RFID-is-cool) RFID Tattoo: A wireless platform for speech recognition Jingxian Wang, Chengfeng Pan, Haojian Jin, Vaibhav Singh, Yash Jain, Jason I Hong, Carmel Majidi, Swarun Kumar. Proceedings of the ACM Conference on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019. "It's stressful having all these phones": Investigating Sex Workers' Safety Goals, Risks, and Practices Online Allison McDonald, University of Michigan; Catherine Barwulor, Clemson University; Michelle L. Mazurek, University of Maryland; Florian Schaub, University of Michigan; Elissa M. Redmiles, Max Planck Institute for Software Systems. USENIX Security '21. (Distinguished Paper Award Winner) "Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns Sunny Consolvo, Patrick Gage Kelley, Tara Matthews, Kurt Thomas, Lee Dunn, and Elie Bursztein, Google. USENIX Security '21. (Distinguished Paper Award Winner) Assignment: Summaries of papers, approximately one page each summary |
|
| Week 3 | Feb 17 (or Feb 18) |
|
Weekly Theme - Interesting User Groups (visually disabled, etc) T. Ahmed, R. Hoyle, K. Connelly, D. Crandall, and A. Kapadia. Privacy concerns and behaviors of people with visual impairments. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015 T. Akter, B. Dosono, T. Ahmed, A. Kapadia, and B. Semaan. "I am uncomfortable sharing what I can't see": Privacy concerns of the visually impaired with camera based assistive applications. In Proceedings of the USENIX Security Symposium, 2020 J. Hayes, S. Kaushik, C. E. Price, and Y. Wang. Cooperative Privacy and Security: Learning from People with Visual Impairments and Their Allies. In Proceedings of the Symposium on Usable Privacy and Security, 2019. S. T. Marne, M. N. Al-Ameen, and M. K. Wright. Learning System- assigned Passwords: A Preliminary Study on the People with Learning Disabilities. In Proceedings of the Symposium on Usable Privacy and Security, 2017 Assignment: Summaries of papers, approximately one page each summary |
|
| Week 4 | Feb 24 |
|
Weekly Theme - Interesting User Groups, repeat, plus some overview / context T. Ahmed, R. Hoyle, K. Connelly, D. Crandall, and A. Kapadia. Privacy concerns and behaviors of people with visual impairments. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015 T. Akter, B. Dosono, T. Ahmed, A. Kapadia, and B. Semaan. "I am uncomfortable sharing what I can't see": Privacy concerns of the visually impaired with camera based assistive applications. In Proceedings of the USENIX Security Symposium, 2020 Chapter 9: Privacy, in Security in Computing by By Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies (Pearson, 2015) (Available in O'Reilly Online Learning E-books library. Assignment: Summaries of papers, approximately one page each summary |
|
| Week 5 | Mar 3 |
|
Weekly Theme - The View from 10,000 feet Finish Chapter 9: Privacy, in Security in Computing by By Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies (Pearson, 2015) (Available in O'Reilly Online Learning E-books library. Chapter 10: Management and Incidents, in Security in Computing by By Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies (Pearson, 2015) (Available in O'Reilly Online Learning E-books library. Assignment: Summaries of chapters, approximately one page each summary |
|
| Week 6 | Mar 11 (Fri) |
|
weekly topic: Security Practices in Businesses Chapter 10: Management and Incidents, in Security in Computing by By Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies (Pearson, 2015) (Available in O'Reilly Online Learning E-books library. An Analysis of the Role of Situated Learning in Starting a Security Culture in a Software Company, by Anwesh Tuladhar, Daniel Lende, Jay Ligatti, and Xinming Ou, University of South Florida, in SOUPS 2021 (Distinguished Paper Award winner) Assignment: Summaries, approximately one page each summary (maybe 2, for chapter in textbook) |
|
| Week 7 | Mar 17 |
|
weekly topic: Security Practices in Businesses (part 2) Chapter 10: Management and Incidents, in Security in Computing by By Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies (Pearson, 2015) (Available in O'Reilly Online Learning E-books library. Code Reviewing as Methodology for Online Security Studies with Developers - A Case Study with Freelancers on Password Storage, by Anastasia Danilova, Alena Naiakshina, and Anna Rasgauski, University of Bonn; Matthew Smith, University of Bonn, Fraunhofer FKIE, in SOUPS 2021 Assignment: Summaries, approximately one page each summary (maybe 2, for chapter in textbook) |
|
| Week 8 | Mar 24 |
|
weekly topic: cancelled Assignment: |
|
| Spring Break | |
| Week 9 | Apr 7 |
|
weekly topic: cancelled Assignment: |
|
| Week 10 | Apr 14 |
|
weekly topic: Security implemented in software (or not) Benefits and Drawbacks of Adopting a Secure Programming Language: Rust as a Case Study, by Kelsey R. Fulton and Anna Chan, Daniel Votipka, Michael Hicks and Michelle L. Mazurek, in SOUPS 2021 Why Can't Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security, by Justin Smith, Lafayette College; Lisa Nguyen Quang Do and Emerson Murphy-Hill, Google, in SOUPS 2020 "You've Got Your Nice List of Bugs, Now What?" Vulnerability Discovery and Management Processes in the Wild, by Noura Alomar, UCB; Primal Wijesekera, UCB and ICSI; Edward Qiu, UCB; Serge Egelman, UCB and ICSI, in SOUPS 2020 Usability Smells: An Analysis of Developers' Struggle With Crypto Libraries, by Nikhil Patnaik, Joseph Hallett, and Awais Rashid, in SOUPS 2019 Assignment: Summaries, approximately one page each summary |
|
| Week 11 | Apr 21 |
|
Stopped before or at this point, in Spring 2022. weekly topic: Assignment: Outline (multiple pages) of what has been learned / observed so far. Observed state of research at the intersectino of security and usability. At least 30% of the outline should be "lessons learned by Sochi." Particular attention to locating any gaps in knowledge / observation; if a gap is spotted, we will focus on finding reading material to fill that gap, next week. |
|
| Week 12 | January 12, 2023 |
|
weekly topic: More interesting user groups... "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country by Kovila P.L. Coopamootoo and Maryam Mehrnezhad, Newcastle University; Ehsan Toreini, Durham University, in Usenix Security Symposium 2022 (summary from SR has been received by MT) Watching the watchers: bias and vulnerability in remote proctoring software by Ben Burgess, Princeton University; Avi Ginsberg, Georgetown Law; Edward W. Felten, Princeton University; Shaanan Cohney, University of Melbourne, in Usenix Security Symposium 2022 (summary from SR has NOT been received by MT. Added in August - has now been received) Assignment: Summaries, approximately one page each summary |
|
| Week 13 | January 23, 2023 |
|
weekly topic: privacy and voting "The Antrim County 2020 Election Incident: An Independent Forensic Investigation" by J. Alex Halderman, University of Michigan, USENIX Security Symposium 2022 (Distinguished Paper Award Winner) (summary from SR has been received by MT) "Increasing security without decreasing usability: A comparison of various verifiable voting systems" by Melanie Volkamer, Karlsruhe Institute of Technology; Oksana Kulyk, IT University of Copenhagen; Jonas Ludwig and Niklas Fuhrberg, Karlsruhe Institute of Technology, USENIX Eighteenth Symposium on Usable Privacy and Security 2022 (summary from SR has NOT been received by MT. Added in August - has now been received) Assignment: Summaries, approximately one page each summary "Watching the watchers" and "Increasing security without..." summaries still needed. |
|
| Week 14 | January 30, 2023 |
|
weekly topic: "Let's Hash: Helping Developers with Password Security" by Lisa Geierhaas and Anna-Marie Ortloff, University of Bonn; Matthew Smith, University of Bonn, FKIE Fraunhofer; Alena Naiakshina, Ruhr University Bochum, (Distinguished Paper Award), USENIX Eighteenth Symposium on Usable Privacy and Security 2022 (summary from SR has been received by MT) "Like Lesbians Walking the Perimeter": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice" by Christine Geeng and Mike Harris, University of Washington; Elissa Redmiles, Max Planck Institute for Software Systems; Franziska Roesner, University of Washington, USENIX Security Symposium 2022 (summary from SR has been received by MT) Assignment: Summaries, approximately one page each summary |
|
| February 17, 2023 (time skipped due to work, etc) | |
| Week 15 | June 15, 2023 |
|
weekly topic: "Usability and Security of Trusted Platform Module (TPM) Library APIs" by Siddharth Prakash Rao and Gabriela Limonta, Nokia Bell Labs; Janne Lindqvist, Aalto University, USENIX Eighteenth Symposium on Usable Privacy and Security 2022 (summary from SR has been received by MT) Assignment: Summary of TPM paper, approximately one page each summary. Plus summaries from earlier weeks that have not been received. And a good draft outline for the final paper, to be discussed at the next meeting. (summaries received, outline not) |
|
| Week ... | skipped a few weeks |
|
weekly topic: |
|
| Week 16 | Aug 3, 2023 |
|
Assignment: outline, extra good. (Sections, subsections, and at least some subsections have sub-subsections) (Outline ... a little wobbly towards the end ... from SR has been received by MT) |
|
| Week 17 | Aug 11, 2023 |
|
Assignment: a paper draft |
|
| Week 18 | June ??, 2023 |
|
weekly topic: Assignment: probably an improved paper draft |
|
| Week 19 | June ??, 2023 |
|
weekly topic: Assignment: Final paper due |
|
Possible future themes :
Possible future readings: