W215: Usable Privacy and Security (Spring 2020)
Syllabus
The syllabus can be found here:
https://blues.cs.berkeley.edu/wp-content/uploads/2019/08/w215_syllabus.pdf
Final project: https://blues.cs.berkeley.edu/wp-content/uploads/2019/08/W215-Final-Project.pdf
Instructors
Stuart Schechter, stuart.schechter@gmail.com
Office Hours
We will both be on Zoom and Slack (#w215-mics) to answer questions on Thursdays from 12:30 – 1:30pm PDT (3:30 – 4:30pm EDT). If additional 1-on-1 meetings are needed, please email us to schedule time using our addresses above.
Course Schedule
Unit 1 (8/27): Usability and Security Systems
Assignment:
Assignment 1: Describe a prior poor usability experience.
Synchronous Content:
- Assignment 1 discussion
- Introductions
- Course overview
- Overview of course projects
- Answer administrative questions
Unit 2 (9/3): Studying Decision Making
Assignment:
Assignment 2: Complete IRB training.
Synchronous Content:
- Ahead of class, pick a cognitive bias from this list. Create a slide to present in class that explains it and how it might impact decisions about computer security.
- We will spend time in small groups or as a class discussing the questions below. Please spend a few minutes writing down your thoughts to each of the questions and be prepared to share them with the class.
Discussion questions:
- What are some examples of security interfaces that you use in your daily life that lead to irrational behaviors?
- What specific biases might impact computer security decision-making and how?
- What sort of problems are IRBs likely to prevent?
- What problems are they unlikely to prevent?
- Should private companies use IRBs for their human-subjects research?
Unit 3 (9/10): Research Methods (Experimental)
Assignment:
Assignment 3: Evaluate an experiment.
Synchronous Content:
- Discuss answers to the assignment.
- We will spend time in small groups discussing the question below.
Discussion question:
Imagine you are the head of engineering for a software company. Based on reports from customers, you are aware of some usability issues in the latest version of your product. How would you go about designing a study to determine how prevalent this problem is across your user base?
Students will be split into five groups, so that each group designs a study to examine one of the following products and associated usability issues:
- Phone lock screen software: users complain about it taking too much time to login.
- Photo-sharing software: users complain upon discovering that all of their photos are publicly-accessible.
- Crypto SDK: a measurement study shows that many applications use the SDK incorrectly, resulting in insecure software.
- Secure messaging software: users complain about not understanding how to authenticate the people with whom they communicate.
- Social media website: users complain that they cannot log into their accounts.
Unit 4 (9/17): Research Methods (Descriptive and Relational)
No assignment this week.
Synchronous Content:
1. Welcome and introduction to this week’s topics.
2. In pairs, practice analyzing open-ended survey responses. Review a set of open-ended responses, prepare a brief summary documenting your approach and the results of your analysis. We’ll briefly discuss as a class.
3. In small groups, consider that you want to understand how people understand and use the address bar in a web browser. Prepare a research plan including your research materials and a participant recruiting strategy. Which of the research methods that you learned this week would you use?
Unit 5 (9/24): Statistics
No assignment this week.
Synchronous Content:
Present possible project ideas to the class. Next, self-organize into groups to discuss proposed ideas in depth.
Unit 6 (10/1): Usable Security
Assignment:
Assignment 4: Heuristic evaluation of a web browser feature
Synchronous Content:
- Discuss assignment
- As a group, create a list of evaluation heuristics
- With a partner, apply the heuristics towards evaluating an interface
- Report results back to the group
Unit 7 (10/7): Privacy
No assignment this week.
Synchronous Content:
Use AppCensus (https://search.appcensus.io) to identify apps that are violating their own privacy policies. Report back on what you found.
Unit 8 (10/15): More Usable Security
Assignment:
Project proposal
Synchronous Content:
Midterm exam
Unit 9 (10/22): Authentication
Assignment:
Assignment 5: Design an Authentication System
Synchronous Content:
Discuss assignment and review midterm
Unit 10 (10/29): Access Control
No assignment this week. Check the syllabus for assigned reading.
Synchronous Content:
- Discuss the assigned reading (~10 minutes)
- Group activity (~40m)
- Report back from the group work (5m per group)
- Remainder of time for discussion of the group work or a quick huddle for project teams.
Unit 11 (11/5): Warnings
Assignment:
Assignment 6: Evaluate a Warning
Synchronous Content:
Discuss assignment
Unit 12 (11/19): Application Permissions
Assignment:
Assignment 7: Paper summary
Synchronous Content:
Discuss assignment
Unit 13 (12/3): Secure Communication
Assignment:
Assignment 8: Paper summary
Synchronous Content:
Discuss assignment
Unit 14 (12/10): Privacy Policies
Assignment:
Final project due
Synchronous Content:
Final project presentations