Usable Privacy and Security (MICS W215) Syllabus
Sync Section
THURSDAYS@ 4:00pm Pacific
Office hours
Mondays @ 4:00pm Pacific via zoom
Slack channel
ucbischool, channel #w215-summer-2020.
Instructors
-
Cristian Bravo-Lillo, cbravolillo <a> berkeley.edu
-
Stuart Schechter, imposter <at> berkeley.edu
Course Lead
- Stuart Schechter
Original Course Creators & Video Lecturers
-
Maritza Johnson, UC Berkeley School of Information
-
Serge Egelman, UC Berkeley and International Computer Science Institute
Course Description
When computers first came into prominence, security problems were mostly thought of as technical ones: vulnerabilities were exploited due to technical errors—software bugs that needed to be patched. However, as is demonstrated over and over again, the vast majority of modern software security issues stem from human factors. For instance, most software vulnerabilities are exploited because humans fail to apply patches in a timely manner; authentication systems that are difficult to use result in humans choosing weaker passwords (or bypassing security measures altogether); humans are tricked into downloading malware or divulging credentials via phishing; and Internet traffic is easily intercepted because humans fail to properly use encryption technologies.
As you will learn in this course, despite the fact that many security problems are caused by human error, in most cases, the users aren’t to blame. Many security problems exist because software is simply unusable; when software engineers fail to account for the abilities and expectations of their users, those users will make preventable errors. Security and privacy systems can be made more usable by designing them with the user in mind, from the ground up. In this course, you will learn many of the common pitfalls of designing usable privacy and security systems, techniques for designing more usable systems, and how to evaluate privacy and security systems for usability. Through this course you will learn methods for designing software systems that are more secure because they minimize the potential for human error.
Prerequisites
Completion of at least one of the three core courses for the MICS degree program or permission of the instructor.
Course Objectives
-
Students will learn to identify human factors issues that impact the security and privacy of systems.
-
Students will develop skills reading research papers, evaluating their findings, and identifying their limitations.
-
Students will learn multiple experimental approaches to evaluating human factors issues in security and privacy.
-
Students will learn about current research findings and methods in usable security and privacy.
Course Evaluation
-
Async responses and reflections (10%)
-
Live session participation (20%)
- You will lead the discussion of 1-3 papers (depending on course enrollment)
-
Assignments (10%)
- Traditional homeworks
- Acting as reviewer or pilot participant for other teams’ course projects
-
Midterm (20%)
-
Final project (40%)
Extra credit: -- Provide additional help to other teams beyond the minimum required under the Assignments category.
Collaboration Policy
We encourage studying in groups of two to four people. This applies to working on homework, discussing material, and studying for the exam. However, students must always adhere to the UC Berkeley Code of Conduct and the UC Berkeley Honor Code. In particular, all materials that are turned in for credit or evaluation must be written solely by the submitting student or group. Similarly, you may consult books, publications, or online resources to help you study. In the end, you must always credit and acknowledge all consulted sources in your submission (including other persons, books, resources, etc.)
Assignments
When homework is assigned, it will be due two hours before the beginning of the live session.
Late Submission Policy
Solutions will be discussed during the live sessions of the course. Therefore, any assignment that is submitted after the deadline will be returned without grading and will receive a grade of zero.
Participation
Participation and taking an active part in every aspect of the course are key to internalizing the material of the course. Participation includes, but is not limited to, (i) active participation in live sessions, (ii) discussing assignments with other students, and/or (iii) activity in the class forum (by asking questions and/or contributing to answering other students’ questions).
The instructors will also reward participation credit for those who choose to live tweet their experiences reading the assigned research papers (see more in the next section). Tag the tweets with #uc_berkeley_w215.
We would also encourage you to find the authors’ twitter handles and @ them in your tweet. If you have an insight that you’d rather not be made public, the class slack channel may be a more appropriate forum to share those thoughts.
Readings
Reading and understanding research papers is one of the fundamental skills you will develop in this course. You are expected to read and be prepared to discuss all the assigned readings. You will be asked to lead the discussion of research papers in class.
The instructors selected the papers in the first half of the course (through Unit 7) to provide key background in the field and inspiration for your course projects.
In the second half of the class, the instructors will examine students’ project proposals and seek out readings that may serve as important background for those projects. The instructors may then replace many of the readings tentatively on the syllabus with those new selected readings.
When it’s your turn to lead the 10-15 minute discussion of the paper, you'll want to read the guidelines on leading paper discussions.
Textbook
(Required) Research Methods in Human-Computer Interaction by Lazar, Feng, and Hochheiser.
Schedule
- Unit 1: Human–Computer Interaction
- Unit 2: Studying Decision making
- Unit 3: Research Methods: Experimental
- Unit 4: Research Methods: Descriptive and Relational
- Unit 5: Statistics
- Unit 6: Usable Security
- Unit 7: Privacy
- Unit 8: Midterm
- Unit 9: Authentication & Trusted Path
- Unit 10: Access Control
- Unit 11: Warnings
- Unit 12: Mobile Permissions
- Unit 13: Secure Communication
- Unit 14: Privacy Policies