/summer2021

Official syllabus for MICS W215, for the Summer semester of 2021

Usable Privacy and Security (MICS W215) Syllabus

Sync Section

  • Tuesdays @ 4:00 p.m. Pacific

Office hours

  • Mondays @ 4:00 p.m. Pacific or by appointment from 3:00 p.m. to 5:00 p.m. Pacific

Slack channel

Instructors

  • Cristian Bravo-Lillo, cbravolillo <a> berkeley.edu
  • Saranga Komanduri, komanduri <a> berkeley.edu

Course Lead

  • Stuart Schechter, imposter <at> berkeley.edu

Original Course Creators & Video Lecturers

Course Description

When computers first came into prominence, security problems were mostly thought of as technical ones: vulnerabilities were exploited due to technical errors — software bugs that needed to be patched. However, as is demonstrated over and over again, the vast majority of modern software security issues stem from human factors. For instance, most software vulnerabilities are exploited because humans fail to apply patches in a timely manner; authentication systems that are difficult to use result in humans choosing weaker passwords (or bypassing security measures altogether); humans are tricked into downloading malware or divulging credentials via phishing; and Internet traffic is easily intercepted because humans fail to properly use encryption technologies.

As you will learn in this course, despite the fact that many security problems are caused by human error, in most cases, the users aren’t to blame. Many security problems exist because software is simply unusable; when software engineers fail to account for the abilities and expectations of their users, those users will make preventable errors. Security and privacy systems can be made more usable by designing them with the user in mind, from the ground up. In this course, you will learn many of the common pitfalls of designing usable privacy and security systems, techniques for designing more usable systems, and how to evaluate privacy and security systems for usability. Through this course you will learn methods for designing software systems that are more secure because they minimize the potential for human error.

Prerequisites

Completion of at least one of the three core courses for the MICS degree program or permission of the instructor.

Course Objectives

  1. Students will learn to identify human factors issues that impact the security and privacy of systems.
  2. Students will develop skills reading research papers, evaluating their findings, and identifying their limitations.
  3. Students will learn multiple experimental approaches to evaluating human factors issues in security and privacy.
  4. Students will learn about current research findings and methods in usable security and privacy.

Course Evaluation

  • Async responses and reflections (15%)
  • Live session participation (30%)
    • You will lead the discussion of 2-3 papers (depending on course enrollment)
  • Assignments (15%)
    • Traditional homeworks
    • Acting as reviewer or pilot participant for other teams’ course projects
  • Final project (40%)

Extra credit: -- Provide additional help to other teams beyond the minimum required under the Assignments category. -- Submit a recording of your practice talk.

Collaboration Policy

We encourage studying in groups of two to four people. This applies to working on homework, discussing material, and practicing presentations. However, students must always adhere to the UC Berkeley Code of Conduct and the UC Berkeley Honor Code. In particular, all materials that are turned in for credit or evaluation must be written solely by the submitting student or group. Similarly, you may consult books, publications, or online resources to help you study. In the end, you must always credit and acknowledge all consulted sources in your submission (including other persons, books, resources, etc.)

At the end of the semester, you will be asked to fill out a confidential survey regarding your final project team and the participation of individual members.

Assignments

Please check the list of assignments. Up to Week 7, there is one assignment per week. After Week 7, most of the work is devoted to group projects. When homework is assigned, it will be due 2 hours before the beginning of the live session.

Late Submission Policy

Solutions will be discussed during the live sessions of the course. Therefore, any assignment that is submitted after the deadline will be returned without grading and will receive a grade of zero.

Participation

Participation and taking an active part in every aspect of the course are key to internalizing the material of the course. Participation includes, but is not limited to, (i) active participation in live sessions, (ii) discussing assignments with other students, (iii) activity in the class Slack (by asking questions and/or contributing to answering other students’ questions), and (iv) submitting responses to the async content where required. Async responses/reflections are due 2 hours before the beginning of the live session.

Your privacy while participating

We use this public GitHub repository to list discussion leads and for students to share course projects. Contact the course instructors if you would prefer a more private option. For example, you may choose to use a pseudonym for discussion leads or share your course project materials only via more private services.

Readings

Reading and understanding research papers is one of the fundamental skills you will develop in this course. You are expected to read and be prepared to discuss all the assigned readings. You will be asked to lead the discussion of research papers in class.

The instructors selected the papers in the first half of the course (through Unit 7) to provide key background in the field and inspiration for your course projects.

In the second half of the class, the instructors will examine students’ project proposals and seek out readings that may serve as important background for those projects. The instructors may then replace many of the readings tentatively on the syllabus with those new selected readings.

When it’s your turn to lead the 10-15 minute discussion of the paper, you'll want to read the guidelines on leading paper discussions.

Textbook

(Required) Research Methods in Human-Computer Interaction, 2nd edition by Lazar, Feng, and Hochheiser. Available in print or online through the UCB Library.

Schedule