CSCI 4533/6533 Introduction to Usable Security and Privacy

Instructor

• Adam Aviv
• aaviv@gwu.edu
• SEH 5810
• Office Hours: Mon 11:00am - 12:00pm

Meeting Times

• Location: MON 113
• Time: Mon 12:45pm-3:15pm

Course Prerequisites

• For CSCI 4533, the prerequisite is CSCI 2113
• For CSCI 6533, the co-requisites are CSCI 6221, CSCI 6561, CSCI6212

Course Description

Humans are often considered the weakest link in security. A provable secure system is only useful if it can actually be used by users, and system designers need to account for human behavior if they wish to have both security and usability. In this class, we will take a quick survey into active topics in usability of security and privacy research, which explores how computer systems interact with uses and how that affects users’ security and privacy.

Learning Objectives

1. Read and write critical critiques of scientific papers in the area of security, privacy, and usability.
2. Understand and apply research methods in human factors in computing
3. Develop relevant hypothesis and research questions in the space of usable security and privacy
4. Design and deploy a research study and analyze the results
5. Describe, support, and effectively argue a result using the best practices of scientific writing
6. Understand ethical issues related to human factors research in security and privacy
7. Understanding of the major topics and themes of usable security and privacy

Time Expectations:

• 2.5 hours of direct instruction (i.e., class time) per week
• 5 hours of independent learning (i.e., out of class time) per week
• Total: 112.5 hours per semester

Textbook

The following textbook is required (available for free, online via GWU library):

• Jonathan Lazar, Jinjuan Heidi Feng. Research Methods in Human-Computer Interaction. 2nd edition., Elsevier Science, 2017.

Topics

• Usable Encryption and Secure Messages
• Experimental Design
• Qualitative Methods and Analysis
• Quantitative Methods and Analysis
• Spam and Phishing
• Security Warnings and Permissions
• Authentication: Passwords and Password Managers
• Measuring and Communicating about Privacy
• Data Breaches and Compliance
• Developers are Users Too
• Non-Standard and Unique Groups
• Accessibility and Bias

(for detailed course schedule see the schedule)

Grading

• 10% Paper Responses
• 30% Homework
• 20% Deep Dive
• 5% Attendance/Participation
• 35% Research Project

Paper Responses

There are 10 paper responses due for topics covered in the class, each worth 1% of your grade.

On the reading list, for all additional readings* assigned in a given week, you should select one of the papers to read and provide a response with the following information.

• Summary
  • What are the research questions of the paper?
  • What methods did they use?
  • What is the main result?
• A highlight of the paper that you particularly liked?
• Something you wished the authors did better?
• What would be the follow-up research to this?

Responses are due to Blackboard prior to the start of the following class in which the reading was assigned.

If you do not submit your response on time, you will be deducted 50% on that response. You can submit late responses up until the last day of class.

All paper responses should be done independently. It is never a group assignment.

Homework

There will be three homework assignments assigned throughout the class. Each are worth 10% of your grade. (See below for the late policy.)

All homework should be done independently. It is never a group assignment.

Attendance / Participation

As this is an interactive class, with discussion, it is important that you attend class regularly. There are 11 meetings of this class, not including the midterm (which I assume everyone will attend!). Your attendance grade is determined based on the number of classes you attend:

• 5% - attend at least 9/11 meetings
• 4% - attend 8/11 meetings
• 3% – attend 7/11 meetings
• 2% – attend 6/11 meetings
• 1% – attend 5/11 meetings
• 0% – attend <4 meetings

This means you can miss up to 2 classes without penalty. After missing your 3rd class, this will result in a 1% reduction in your grade, and every further class you miss will be an additional 1%. There are no options to join classes remotely to receive participation credit.

However, coming to class is not sufficient, you must also engage in the opening discussion where we review the additional readings from the prior meetings or the in-class activities as directed by the instructor. Lack of participation during class is determined at the discretion of the instructor.

Requesting an Excused Absence

There is no reason to request an excused absence until you’ve missed more than 2 class. Essentially, your first absence are excused without any penalty. If you end up missing more than 2 class, you should notify the instructor as soon as you know you will miss class. The following are university policy for excused absences: documented family or medical emergency, varsity athletic competition, or a religious observation.

Note that in accordance with University policy, students should notify faculty during the first week of the semester of their intention to be absent from class on their day(s) of religious observance. For details and policy, see Religious Holidays on the Provost web page.

Research Project

Students will work on a semester long research project as part of this course that will require submitting a proposal, final report, and preparing a presentation to give in class. (See below for the late policy.)

Undergraduate students registered for section CSCI4533 can work in groups of two or individually. Graduate students registered for section CSCI6533 must work independently.

Homework, Deep Dive, and Project Late Policy

Homework and project portions cannot be submitted late for credit without prior approval by the instructor. These assignments are due on the date posted on the website. If you are struggling to complete a homework or project portion on time, you should consult with your instructor indicating the soonest date you can complete it. This date should typically be within a few days of the assigned due date (e.g., 2-4 days). If you are still unable to complete the assignment following an agreed upon extension, there will not be additional extensions granted. You will receive a zero for that homework or portion of the assignment. For group work, an extension is granted to the whole group, and failure to meet the agreed upon extension applies to the whole group.

Academic Integrity

The George Washington University has a Code of Academic Integrity which we will follow in this class. Violations of the code, depending on severity, may lead to any (or all) of the following actions within this class:

• Receiving a 0% on the assignment in which a violation is found
• Dismissal from the course
• Receiving a failing grade in the class

Further action may occur, including referring the case to the Academic Integrity Council for further adjudication.

IMPORTANT: The use of AI assistants, such as ChatGPT, Gemni, etc., is strictly forbidden. Submitting AI assistants output as your own is plagiarism. You will receive a zero on that assignment, and if you do so multiple times after fair warning, you will be referred to the academic integrity board and receive a failing grade in the class. Please, please, please do not put me or you in a position where this may become necessary.

Ethical and Respectful Behavior

We expect all students to act in a respectful and ethical way, both with respect to the treatment of their peers in the classroom during discussion but also in the design and execution of their course projects. Actions should meet the expectations of ethical research and follow the norms and proper behavior of the George Washington University community.

Disability Support Services (DSS)

Any student who may need accommodations based on the potential impact of a disability should contact Disability Support Services (or call 202-994-8250) to establish eligibility and to coordinate reasonable accommodations.

Wellness

If any issue arises that may limit your ability to participate in class, for example, personal illness, family emergency, etc., please be sure to discuss these matters with your instructor as soon as possible and accommodations will be made available to you as appropriate.

Feelings of being overwhelmed are unfortunately quite common in the University environment and something we have all dealt with. You are not alone, and there are a number of resources available to provide support in those moments. Learning to ask for help is an import part of the university of experience, and if you or anyone you know experiences any academic stress, difficult life events, or feelings of anxiety or depression, we strongly encourage you to seek support. GW offers counseling services, and also consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:

• Student Counseling : 202-994-5300.
• National Suicide Prevention Lifeline: 1-800-273-8255