Schedule of Classes
Class |
Date |
Topic |
Assignment Due |
| 1 | Thurs Feb 2 | Introduction to CS279R | |
| 2 | Tues Feb 7 | Introduction to Privacy and Security | |
| 3 | Thurs Feb 9 | Introduction to HCI Methods & Project | #0: Sign up for an account on wiki and to lead a class |
| 4 | Tues Feb 14 | Secure Communications, Encryption & PKI | #1: Online human subjects training |
| 5 | Thurs Feb 16 | User Authentication: Passwords and Challenge Questions | |
| 6 | Tues Feb 21 | Graphical Passwords & Human Interactive Proofs | |
| 7 | Thurs Feb 23 | Biometrics and Security Devices | |
| 8 | Tues Feb 28 | Phishing and Server Authentication | |
| 9 | Thurs Mar 2 | Privacy Preferences and Policies | |
| 10 | Tues Mar 7 | Notification, Awareness & Informed Consent | |
| 11 | Thurs March 9 | Project: Pitches and Team Creation | #2: Initial Project Proposal |
| 12 | Tues Mar 14 | User Studies- Design, Ethics and User Incentives | #2.5: Refined Project Proposal |
| 13 | Thurs March 16 | Mobile and Ubiquitous Computing | #3: Group Project Proposal |
| 14 | Tues March 21 | Digital Rights Management | #4: Task Analysis & Initial Sketches |
| 15 | Thurs March 23 | Project: Evaluation of lo-fidelity prototypes | #5: Lo-fi prototype |
| 16 | Tues Mar 28 | SPRING BREAK | |
| 17 | Thurs Mar 30 | SPRING BREAK | |
| 18 | Tues Apr 4 | Project: Experimental Design | #6: Prototype Plan & Draft Experiment Protocol |
| 19 | Thurs Apr 6 | Security Visualization | |
| 20 | Tues Apr 11 | Project: Heuristic Evaluation | #7: Prototype 2 |
| 21 | Thurs Apr 13 | Project Development | |
| 22 | Tues Apr 18 | Project: Pilot Usability Testing | #8: Prototype 3 & Experiment Materials |
| 23 | Thurs Apr 20 | Project: Formal Usability Testing | |
| 24 | Tues Apr 25 | Project: Formal Usability Testing | |
| 25 | Thurs Apr 27 | Project: Data Analysis | |
| 26 | Tues May 2 | Project: Data Analysis | |
| 27 | Thurs May 4 | Paper Presentations | #9: Project Presentation |
| 28 | Tues May 9 | Reading Period | |
| 29 | Thurs May 11 | Reading Period | #10: Final Paper |
| 30 | Tues May 16 | Exam Period | |
| 31 | Thurs May 18 | Exam Period |
Readings and Assignments
Thurs Feb 2: Introduction to CS279 (Rachna Dhamija)
- Introductions to course, instructors and students
Tues Feb 7: Introduction to Privacy and Security (Simson Garfinkel)
- Class led by Simson Garfinkel
Thurs Feb 9: Introduction to HCI Methods and Project (Rachna Dhamija)
- Introduction to human-computer interaction methods
- Overview of course project
Required Reading:
- Designing for Usability: Key Principles and What Designers Think, by John D. Gould and Clayton Lewis, in Communications of the ACM 28, 3 (Mar. 1985), pp. 300 - 311. [PDF]
- Neilsen, Jakob. "Guerrilla HCI: Using Discount Usability Engineering to Penetrate the Intimidation Barrier," 1994. [HTML]
Recommended Reading:
- Lo fidelity Prototyping: Prototyping for Tiny Fingers, by Marc Rettig, in Communications of the ACM, Vol. 37, No. 4, pp. 21-27, April 1994.[ACM]
- Task Analysis and the Design of Functionality, by David Kieras, in The Computer Science and Engineering Handbook, CRC Press, pp. 1401-1423, 1997. [PDF]
Tues Feb 14: Secure Communications, Encryption and PKI (David Malan)
Assignment #1 due: Complete NIH Protecting Human Subjects Computer Based Training
http://cme.cancer.gov/clinicaltrials/learning/humanparticipant-protections.asp
Required Reading:
- Alma Whitten and J.D. Tygar, Why Johnny Can't Encrypt: A Usability Case Study of PGP 5.0. Proceedings of the 8th USENIX Security Symposium, August 1999. [HTML][PS]
- Simson L. Garfinkel and Robert C. Miller. "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express." Proceedings of the Symposium on Usable Privacy and Security (SOUPS '05), Pittsburgh, PA, July 2005.[PDF]
Thurs Feb 16: User Authentication: Passwords and Challenge Questions (Prashanth Bungale)
Required Reading:
- Security and Usability, Chapter 6: Evaluating Authentication Mechanisms
- Security and Usability, Chapter 7: The Memorability and Security of Passwords
- Security and Usability, Chapters 8: Designing Authentication Systems with Challenge Questions
Recommended Reading:
- Adams, M.A. Sasse, Users are Not the Enemy Communications of the ACM 42(12): 40-46 (1999)[ACM link]
- Niklas Frykholm and Ari Juels, Error-Tolerant Password Recovery. In P. Samarati, ed., Eighth ACM Conference on Computer and Communications Security, pp. 1-8. ACM Press. 2001.[PDF]
- Protecting Secret Keys with Personal Entropy, C. Ellison, C. Hall, R. Milbert, and B. Schneier, Future Generation Computer Systems, v. 16, 2000, pp. 311-318 [PDF]
Tues Feb 21: Graphical Passwords and Human Interactive Proofs (David Hammer)
Required Reading:
- Security and Usability, Chapter 9: Graphical Passwords
- Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford. CAPTCHA: Using Hard AI Problems for Security. In Advances in Cryptology, Eurocrypt 2003. [PDF]
Recommended Reading:
Graphical Passwords
- Rachna Dhamija and Adrian Perrig, Deja Vu: A User Study. Using Images for Authentication. In Proceedings of the 9th
- USENIX Security Symposium, August 2000, Denver, Colorado. [PDF]
- Darren Davis, Fabian Monrose, and Michael K. Reiter. On user choice in Graphical Password Schemes. In Proceedings of the 13th USENIX Security Symposium, August, San Diego, 2004. [PDF]
- Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice, Weidenbeck, et al. in Proceedings of SOUPS 05 [PDF]
CAPTCHAs
- Luis von Ahn, Ruoran Liu and Manuel Blum Peekaboom: A Game for Locating Objects in Images, to appear in CHI 2006 [PDF]
Thurs Feb 23: Biometrics and Security Devices (Ian Fischer)
Required Reading:
- Security and Usability, Chapters 10: Usable Biometrics
- Security and Usability, Chapter 11: Identifying Users from Their Typing Patterns
- Security and Usability, Chapter 12: The Usability of Security Devices
Tues Feb 28: Phishing and Server Authentication (Blase Ur)
Reading Assignment
- Blake Ross, Collin Jackson, Nicholas Miyake, Dan Boneh and John C. Mitchell Stronger Password Authentication Using Browser Extensions. Proceedings of the 14th Usenix Security Symposium, 2005. [PDF]
- Rachna Dhamija and J.D. Tygar, The Battle Against Phishing: Dynamic Security Skins. Symposium On Usable Privacy and Security (SOUPS 2005) [PDF]
- Wu, M., Robert C. Miller and Simson L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? to appear in the the Proceedings of the Conference on Human Factors in Computing Systems (CHI 2006) [PDF]
Recommended Reading:
- DHS Counter-Phishing Strategies Whitepaper: Online Identity Theft: Technology, Chokepoints and Countermeasures [PDF]
- Chou, Ledesma, Teraguchi, Boneh, and Mitchell, Client-side Defense Against Web-based Identity Theft [PDF]
- R. Dhamija, J.D. Tygar, M. Hearst, Why Phishing Works, to appear in Proceedings of the Conference on Human Factors in Computing Systems (CHI 2006) [PDF]
Thurs Mar 2: Privacy Policies and Preferences (Robert McGrath)
Required Reading :
- User Interfaces for Privacy Agents, Lorrie Cranor, Praveen Guduru, Manjula Arjula, to appear in ACM Transactions on Computer-Human Interaction, 2006) [PDF]
- Nathaniel S. Good and Aaron Krekelberg, Usability and Privacy: A Study of Kazaa P2P File-Sharing. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2003) [PDF]
Recommended Reading:
- Pretty Poor Privacy, An Assessment of P3P and Internet Privacy, June 2000, Electronic Privacy Information Center
- Security Usability, Chapter 22 Privacy Policies and Privacy Preferences
Tues March 7: Notification, Awareness and Informed Consent (Joe Barillari)
Required Reading:
- Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware Nathaniel S. Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan [PDF]
- B. Friedman, D. Howe, E. Felten Informed Consent in the Mozilla Browser: Implementing Value Sensitive Design, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02) [PDF]
Recommended Reading:
- Privacy Analysis for the Casual User with Bugnosis [PDF]
- Peripheral Privacy Notifications for Wireless Networks, Lorrie Cranor [PDF]
Thurs Mar 9: Project Pitches and Team Creation
Assignment #2 due: Post your Initial Project Proposal to the wiki (individual assignment). Be prepared to give a 5 minute presentation of your proposal in class.
In this class, instructors and students will have the opportunity to “pitch” their project ideas to the class. We will choose the best project proposals based on class interest, novelty, feasibility and potential contributions to the field. Students will form teams of 3-4 (or will be assigned to teams).
Tues March 14: User Studies- Design, Ethics and User Incentives (Michael Pao and Vijak Sethaput)
Assignment #2.5 due: Revised Project Proposal due
Required Reading:
- Handbook of Usability Testing by Jeffrey Rubin (Chapter 5- "Developing the Test Plan", handout available at MD110)
- Review the Harvard University Intelligent Scholar's Guide to the Use of Human Subjects in Research
- Read about the Social Phishing Experiment at Indiana University and the controversy about the experiment
- In class, we will review the Draft "Human Subjects application for CS279 student projects"- if your experiment will deviate from this application, please notify the instructors ASAP.
Thurs March 16: Mobile and Ubiquitous Computing (Anqi Huang)
Assignment #3: Final Group Project Proposal due
Required Reading
- Scanning with a Purpose – Supporting the Fair Information Principles in RFID Protocols
Christian Floerkemeier, Roland Schneider, Marc Langheinrich [PDF] - G. Iachello, I. Smith, S. Consolvo, M. Chen, G.D. Abowd, Developing Privacy Guidelines for Social Location Disclosure Applications and Services, Proc. 2005 Symposium On Usable Privacy and Security (SOUPS), (2005) [PDF]
Tues March 21: Digital Rights Management (Geoffrey Werner-Allen)
Assignment #4: Task Analysis and Initial Sketches due- Conduct a "task analysis" of the problem that you are studying in your group project. The first goal of the task analysis is to identify problems with an existing interface or security system (consider what users' goals are, what tasks and subtasks are required, what users need to understand and what functionality is needed to support them). The second goal of the analysis is to highlight how your proposed design will address the weaknesses in the existing system (e.g., by changing user tasks, or by supporting new functionality that does not exist today). The David Kieras paper in the Feb 9 Recommended Readings offers tips and best practices on how to conduct a task analysis.
In conjunction with the task analysis, it is useful to start sketching out the design of your proposed interface or interaction techniques. These sketches will be the basis for your first lo-fi prototype, which is due in the next class. The Rettig paper in the Feb 9 Recommended Readings has tips on how to construct a lo-fi prototype.
Create a space on the wiki for your group project and provide a link to
your task analysis and images of your initial prototype sketches.
Required Reading:
- "Lessons from the Sony CD DRM Episode" by J. Alex Halderman and Edward W. Felten [PDF]
- How DRM-based Content Delivery Systems Disrupt Expectations of "Personal Use" by Deirdre K. Mulligan, John Han and Aaron J. Burstein [ACM Portal]
- The INformed DIalogue about Consumer Acceptability of DRM Solutions in Europe- A European Commission project investigating DRM usability
Thursday March 23: Project- Lo-fi Prototype Evaluation
Assignment #5 due: Lo-fidelity prototype
Create a lo-fidelity prototype of your proposed interface and interaction techniques. The Rettig paper below has tips on how to construct and test lo-fi prototypes. We expect that you will be able to iterate through several designs and test them (on members of your group or other volunteers) before class. In class, you will test your lo-fi prototype on at least 3 people from another group. Before class, determine the task that you will ask the participant to perform, the instructions that will be given to the participant, which team members will play the roles of "computer" and observer, and what you will observe or what questions you will ask the participant. The results of your evaluation may be included in your final paper.
Please sign up to be a participant in one other group's lo-fi test on the wiki.
Required Reading:
- Lo fidelity Prototyping: Prototyping for Tiny Fingers, by Marc Rettig, in Communications of the ACM, Vol. 37, No. 4, pp. 21-27, April 1994.[ACM]
March 28 & 30: SPRING BREAK
Tuesday April 4: Experimental Design
Assignment #6 due: Students will present their plan for incorporating feedback from the lo-fi prototype testing into their hi-fidelity prototypes, and they will present their experimental method and test plan for evaluating the prototype. We will review and critique each project’s experimental protocol and refine them during class.
Thursday April 6: Security Visualization (Phillip Hendrix)
Required Reading:
- G. Conti, K. Abdullah, J. Grizzard, J. Stasko, J. Copeland, M. Ahamad, H. Owen and C. Lee, "Countering Security Analyst and Network Administrator Overload Through Alert and Packet Visualization", IEEE Computer Graphics and Applications (CG&A), March 2006 [PDF]
- G. Conti, M. Ahamad and J. Stasko, "Attacking Information Visualization System Usability: Overloading and Deceiving the Human", Symposium on Usable Privacy and Security 2005 [PDF]
Recommended Reading:
- Goodall, John R., Wayne G. Lutters, Penny Rheingans, and Anita Komlodi. "Focusing on Context in Network Traffic Analysis." IEEE Computer Graphics and Applications 26(2), 2006, 72-80 [PDF]
- Internet Proceedings of the 2005 Workshop on Visualization for Computer Security (VizSEC'05)
Tuesday April 11: Heuristic Evaluation
Assignment # 7 due: Prototype 2
Required Reading:
- Nielson, Chapter 2, “Usability Inspection Methods” [HTML]
In this class, an “expert” trained in usability and security (a member from another group) will conduct a cognitive walk through or heuristic evaluation of your functioning prototype. Evaluators will develop a list of usability problems with the interface by referencing a list of usability principles (see the required reading) that are violated by the design. After class, each evaluator will be responsible for emailing the evaluation and list of usability problems to the group (CC the instructors).
Thursday April 13: Project Development
This class will be devoted to development of prototypes and a review of your progress on the prototype and experiment materials by the instructors.
Tuesday April 18: Project- Pilot Usability Testing
Assignment #8 due: Final prototype and experiment materials
—In this class, each group will be given 30 minutes to conduct their experiment in front of the class, from beginning to end, using a volunteer subject. This is your opportunity to work the bugs out of your experimental set-up, before conducting usability testing on real users. We expect you to run through the test several times before class on your own.
April 20 & 25: Project- Formal Usability Testing
Groups will collect experimental data by testing prototypes on users.
April 27 & May 2: Project- Data Analysis
These classes will be devoted to analysis of the experimental data.
Thurs May 4: Project Presentations
Thurs May 11: Final Papers Due
Prepare your papers using the CHI Conference Proceedings Publication Format. The recommended maximum length is 12 pages, including references. In your Appendix, please include include the task analysis, the design and results of your lo-fi evaluation and heuristic evaluation, all test materials (including consent forms, instructions and questionnaires) and results from the evaluation of your final prototype.