W215: Usable Privacy and Security (Fall 2019)

Syllabus

The syllabus can be found here:
https://blues.cs.berkeley.edu/wp-content/uploads/2019/08/w215_syllabus.pdf

Final project: https://blues.cs.berkeley.edu/wp-content/uploads/2019/08/W215-Final-Project.pdf

Instructors

Serge Egelman, egelman@cs.berkeley.edu
Maritza Johnson, maritzaj@ischool.berkeley.edu

Office Hours

We will both be on Zoom and Slack (#w215-mics) to answer questions on Thursdays from 12:30 – 1:30pm PDT (3:30 – 4:30pm EDT). If additional 1-on-1 meetings are needed, please email us to schedule time using our addresses above.

Course Schedule

Unit 1 (8/27): Usability and Security Systems

Assignment:
Assignment 1: Describe a prior poor usability experience.

PDF Download
Assignment 1

Synchronous Content:

Unit 2 (9/3): Studying Decision Making

Assignment:
Assignment 2: Complete IRB training.

PDF Download
Assignment 2

Synchronous Content:

  • Ahead of class, pick a cognitive bias from this list. Create a slide to present in class that explains it and how it might impact decisions about computer security.
  • We will spend time in small groups or as a class discussing the questions below. Please spend a few minutes writing down your thoughts to each of the questions and be prepared to share them with the class.

Discussion questions:

  • What are some examples of security interfaces that you use in your daily life that lead to irrational behaviors?
  • What specific biases might impact computer security decision-making and how?
  • What sort of problems are IRBs likely to prevent?
  • What problems are they unlikely to prevent?
  • Should private companies use IRBs for their human-subjects research?

Unit 3 (9/10): Research Methods (Experimental)

Assignment:
Assignment 3: Evaluate an experiment.

PDF Download
Assignment 3

Synchronous Content:

  • Discuss answers to the assignment.
  • We will spend time in small groups discussing the question below.

Discussion question:
Imagine you are the head of engineering for a software company. Based on reports from customers, you are aware of some usability issues in the latest version of your product. How would you go about designing a study to determine how prevalent this problem is across your user base?

Students will be split into five groups, so that each group designs a study to examine one of the following products and associated usability issues:

  1. Phone lock screen software: users complain about it taking too much time to login.
  2. Photo-sharing software: users complain upon discovering that all of their photos are publicly-accessible.
  3. Crypto SDK: a measurement study shows that many applications use the SDK incorrectly, resulting in insecure software.
  4. Secure messaging software: users complain about not understanding how to authenticate the people with whom they communicate.
  5. Social media website: users complain that they cannot log into their accounts.

Unit 4 (9/17): Research Methods (Descriptive and Relational)

No assignment this week.

Synchronous Content:
1. Welcome and introduction to this week’s topics.

2. In pairs, practice analyzing open-ended survey responses. Review a set of open-ended responses, prepare a brief summary documenting your approach and the results of your analysis. We’ll briefly discuss as a class.

3. In small groups, consider that you want to understand how people understand and use the address bar in a web browser. Prepare a research plan including your research materials and a participant recruiting strategy. Which of the research methods that you learned this week would you use?

Unit 5 (9/24): Statistics

No assignment this week.

Synchronous Content:
Present possible project ideas to the class. Next, self-organize into groups to discuss proposed ideas in depth.

Unit 6 (10/1): Usable Security

Assignment:
Assignment 4: Heuristic evaluation of a web browser feature

PDF Download
Assignment 4

Synchronous Content:

  • Discuss assignment
  • As a group, create a list of evaluation heuristics
  • With a partner, apply the heuristics towards evaluating an interface
  • Report results back to the group

Unit 7 (10/7): Privacy

No assignment this week.

Synchronous Content:
Use AppCensus (https://search.appcensus.io) to identify apps that are violating their own privacy policies. Report back on what you found.

Unit 8 (10/15): More Usable Security

Assignment:
Project proposal

Synchronous Content:
Midterm exam

Unit 9 (10/22): Authentication

Assignment:
Assignment 5: Design an Authentication System

PDF Download
Assignment 5

Synchronous Content:
Discuss assignment and review midterm

Unit 10 (10/29): Access Control

No assignment this week. Check the syllabus for assigned reading.

Synchronous Content:

  • Discuss the assigned reading (~10 minutes)
  • Group activity (~40m)
  • Report back from the group work (5m per group)
  • Remainder of time for discussion of the group work or a quick huddle for project teams.

Unit 11 (11/5): Warnings

Assignment:
Assignment 6: Evaluate a Warning

PDF Download
Assignment 6

Synchronous Content:
Discuss assignment

Unit 12 (11/19): Application Permissions

Assignment:
Assignment 7: Paper summary

PDF Download
Assignment 7

Synchronous Content:
Discuss assignment

Unit 13 (12/3): Secure Communication

Assignment:
Assignment 8: Paper summary

PDF Download
Assignment 8

Synchronous Content:
Discuss assignment

Unit 14 (12/10): Privacy Policies

Assignment:
Final project due

Synchronous Content:
Final project presentations