Please note the course schedule is subject to change. Check back here frequently for the latest information.
- Zurko, Mary Ellen, and Richard T. Simon. User-centered security. NSPW. Vol. 96. 1996.
- Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (December 1999), 40-46.
- Peter Mayer, Nina Gerber, Benjamin Reinheimer, Philipp Rack, Kristoffer Braun, and Melanie Volkamer. 2019. I (Don't) See What You Typed There! Shoulder-surfing Resistant Password Entry on Gamepads. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19). (should be accessible via GW's campus internet connection)
- Peter Mayer (KIT) -- Guest Speaker
- Problem Set 0 (due Wed. Sept 4th at 1159pm)
-
James Mickens. This World of Ours. USENIX ;login:, January 2014.
(no reading report necessary for this one, just read it and enjoy) -
Alma Whitten and J.D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security 1999]
-
Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith. Obstacles to the Adoption of Secure Communication Tools . In Proceedings of IEEE SP 2017.]
-
Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, and Kent Seamons. 2016. "We're on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI '16).
-
Lucy Qin and Andrei Lapets and Frederick Jansen and Peter Flockhart and Kinan Dak Albab and Ira Globus-Harris and Shannon Roberts and Mayank Varia. From Usability to Secure Computing and Back Again. In the proceedings of SOUPS 2019).
-
Elham Vaziripour, Justin Wu, Mark O’Neill, Daniel Metro, Josh Cockrell, Timothy Moffett, Jordan Whitehead, Nick Bonner, Kent Seamons, and Daniel Zappala. Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal. In proceedings of SOUPS 2018.
- Reschedule ...
- Problem Set 1 (due Wed. Sept 11th at 1159pm)
-
Daniel Solove. 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy. San Diego Law Review 44, 2007. (no reading report for this one, but please read it)
-
Nithya Sambasivan, Garen Checkley, Amna Batool, Nova Ahmed, David Nemer, Laura Sanely Gaytán-Lugo, Tara Matthews, Sunny Consolvo, Elizabeth Churchill. "Privacy is not for me, it's for those rich women": Performative Privacy Practices on Mobile Phones by Women in South Asia. In Proceedings of SOUPS 2018.
-
Allison Woodruff, Vasyl Pihur, Alessandro Acquisti, Sunny Consolvo, Lauren Schmidt, Laura Brandimarte. Would a Privacy Fundamentalist Sell Their DNA for $1000... If Nothing Bad Happened Thereafter? A Study of the Westin Categories, Behavioral Intentions, and Consequences. In Proceedings of SOUPS 2014.
-
Alessandro Acquisti, Laura Brandimarte, George Loewenstein. Privacy and human behavior in the age of information. Science. Vol. 347, Issue 6221. January 2015.
-
Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. 2019. Exploring How Privacy and Security Factor into IoT Device Purchase Behavior. In CHI Conference on Human Factors in Computing Systems Proceedings (CHI 2019), May 4–9, 2019,
- James Levy: Acquisti et. al.
-
Joseph Bonneau. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of IEEE SP 2012.
-
Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur. Measuring Password Guessability for an Entire University. In Proceedings of CCS 2013.
-
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor. "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. In the proceedings of SOUPS 2015.
-
Blase Ur, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor. Do Users' Perceptions of Password Security Match Reality? In Proceedings of CHI 2016.
-
Elizabeth Stobert and Robert Biddle. The Password Life Cycle: User Behaviour in Managing Passwords. In Proceedings of SOUPS 2014.
-
Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites. Proceedings of the SOUPS 2016.
- Malley: Wash et al.
- Kuchipudi: Stobert et al.
-
Bonneau, Joseph, Sören Preibusch, and Ross Anderson. A birthday present every eleven wallets? The security of customer-chosen banking PINs. In proceedings of FC 2012.
-
Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: the case of android unlock patterns. In Proceedings of the CCS 2013.
-
Adam J. Aviv, Devon Budzitowski, and Ravi Kuber. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock. In Proceedings of ACSAC 2015.
-
Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors. In Proceedings of CCS 2014.
-
Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner,Alexander De Luca, Matthew Smith. It’s a hard lock life: A field study of smartphone (un) locking behavior and risk perception.. In proceedings of SOUPS 2014.
-
Yusuf Albayram, Mohammad Maifi Hasan Khan, Theodore Jensen, and Nhan Nguyen. “...better to use a lock screen than to worry about saving a few seconds of time”: Effect of Fear Appeal in the Context of Smartphone Locking Behavior. In proceedings of SOUPS 2017.
- TBD
- Select TWO papers that are relevant to your project to read
- Papers must come from a top conference/workshop (SOUPS, CHI, NDSS, S&P, CCS, USENIX Sec', USEC) and submit a reading response form for each.
- Submit papers to instruct by Thursday, Oct. 3rd to be uploaded to HotCRP
- You only need to read the papers you read for your project
- TBD
- https://classroom.github.com/a/ZDm37Sv2
- See Slack for document
- The Menlo Report:Ethical Principles Guiding Information and Communication Technology Research. Departmnet of Homeland Security. 2012. (No need to write a report, but MUST read)
- Rick Wash and Molly M. Cooper. Who Provides Phishing Training? Facts, Stories, and People Like Me. In Proceedings of CHI 2018.
- Roy A. Maxion. Making Experiments Dependable. In Dependable and Historic Computing, Lecture Notes in Computer Science Volume 6875, pp. 344-357, 2011.
- Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G. M., Paxson, V., & Savage, S. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the CCS. 2008.
- Amber van der Heijden and Luca Allodi. Cognitive Triaging of Phishing Attacks. In proceedings of USENIX Sec' 2019.
- Huahong Tu, Adam Doupé, Ziming Zhao,Gail-Joon Ahn. Users Really Do Answer Telephone Scams. In proceedings of USENIX Sec' 2019.
- Melanie Volkamer, Andreas Gutmann, Karen Renaud, Paul Gerber, and Peter Mayer. Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios. Towards Understanding Why People Do, or Do Not, Shield PIN Entry.. In proceedings of SOUPS 2018.
- Also read the original from Alex De Luca et al.
- Alexander De Luca, Marc Langheinrich, and Heinrich Hussmann. Towards Understanding ATM Security – A Field Study of Real World ATM Use. In proceedings of SOUPS 2010.
- TBD
- Problem Set 2 due on Wed. 23 Oct. at 1159pm.
-
Devdatta Akhawe and Adrienne Porter Felt. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In Proceedings of USENIX Security 2013.
-
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12).
-
Lynn Tsai, Primal Wijesekera, Joel Reardon, Irwin Reyes, Serge Egelman, David A. Wagner, Nathan Good, Jung-Wei Chen: Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences. In proceedings of SOUPS 2017
-
Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, Serge Egelmanc. 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System. In proceedings of USENIX Security 2019.
-
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David A. Wagner: Android permissions demystified. ACM Conference on Computer and Communications Security 2011.
-
Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David A. Wagner, Konstantin Beznosov: Android Permissions Remystified: A Field Study on Contextual Integrity. In proceedings USENIX Security Symposium 2015
-
Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15).
- Guest Speaker: Irwin Reyes
No Class
- Problem Set 3 due on Wed. 6 Nov at 1159pm.
-
Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo. Rethinking Connection Security Indicators. In Proceedings of SOUPS 2016.
-
Steven Englehardt and Arvind Narayanan. Online Tracking: A 1-Million-Site Measurement and Analysis. In Proceedings of CCS 2016
-
Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, Edgar Weippl. "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS. In Proceedings of USENIX Security 2017.
-
Y. Yao, D. Lo Re, Y. Wang. Folk Models of Online Behavioral Advertising. Proceedings of the ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW 2017).
-
Matthew Bernhard, Jonathan Sharman, Claudia Z. Acemyan, Philip Kortum, Dan S. Wallach, and J. Alex Halderman. On the Usability of HTTPS Deployment. Proc. ACM Conference on Human Factors in Computing Systems (CHI ’19), May 2019
-
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. “My Data Just Goes Everywhere:” User Mental Models of the Internet and Implications for Privacy and Security. SOUPS 2015.
-
What is GDPR, the EU's new data protection law? No need to do a report, just read
-
Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. We Value Your Privacy ... Now Take Some Cookies:Measuring the GDPR’s Impact on Web Privacy. In NDSS'19.
-
Florian Schaub,Rebecca Balebako,Adam L. Durity,Lorrie Faith Cranor. A Design Space for Effective Privacy Notices. SOUPS 2015.
-
Jun Ho Huh, Hyoungshick Kim, Swathi S.V.P. Rayala, Rakesh B. Bobba, and Konstantin Beznosov. 2017. I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17).
-
Hana Habib, Yixin Zou, Aditi Jannu, Neha Sridhar, Chelse Swoopes, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub. An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites. SOUPS 2019.
-
Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz. (Un)informed Consent: Studying GDPR Consent Notices in the Field. Proceedings CCS'19.
-
Yixin Zou, Shawn Danino, Kaiwen Sun, and Florian Schaub. 2019. You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI '19).
- Problem Set 4 Due on Wed., Nov. 20.
-
Felix Fischer, Konstantin Böttinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, Sascha Fahl. Stack Overflow Considered Harmful? The Impact of Copy & Paste on Android Application Security
-
Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle Mazurek, Christian Stransky. You Get Where You're Looking For - The Impact of Information Sources on Code Security
-
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study . ACM Conference on Computer and Communications Security 2017: 311-328
-
Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Emanuel von Zezschwitz, Matthew Smith: "If you want, I can store the encrypted password": A Password-Storage Field Study with Freelance Developers. CHI 2019
-
Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. SOUPS'18
-
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Matthew Smith: Deception Task Design in Developer Password Studies: Exploring a Student Sample. SOUPS @ USENIX Security Symposium 2018
- Lightning Talks
-
Susan E. McGregor, Elizabeth Anne Watkins, Mahdi Nasrullah Al-Ameen, Kelly Caine, Franziska Roesner. When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers. In Proceedings of USENIX Security 2017.
-
Tamy Guberek, Allison McDonald, Sylvia Simioni, Abraham H Mhaidli, Kentaro Toyama, Florian Schaub. Keeping a Low Profile? Technology, Risk and Privacy among Undocumented Immigrants. In Proceedings of CHI 2018.
-
Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, and Nicola Dell. "A Stalker's Paradise": How Intimate Partners Abuse Technology. In proceedings of CHI'18.
-
Christine Chen, Nicola Dell, and Franziska Roesner. Computer Security and Privacy in the Interactions Between Victim Service Providers and Human Trafficking Survivors.. In proceedings of USENIX Security 2019.
-
Ada (Adam) Lerner, Eric Zeng, and Franziska Roesner. Confidante: Usable Encrypted Email - A Case Study With Lawyers and Journalists.. 2nd IEEE European Symposium on Security and Privacy (EuroS&P), April 2017.
-
Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish, and Jason Hong. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In proceedings of SOUPS 2018.
-
Tousif Ahmed, Patrick Shaffer, Kay Connelly, David Crandall, Apu Kapadia. Addressing Physical Safety, Security, and Privacy for People with Visual Impairments. In Proceedings of SOUPS 2016.
-
Bryan Dosono, Jordan Hayes, Yang Wang. "I'm Stuck!": A Contextual Inquiry of People with Visual Impairments in Authentication. In Proceedings of SOUPS 2015.
-
Alisa Frik, Leysan Nurgalieva, Julia Bernd, Joyce S. Lee, Florian Schaub, Serge Egelman. Privacy and Security Threat Models and Mitigation Strategies of Older Adults. In proceedings of SOUPS 2019.
-
Taslima Akter, Bryan Dosono, Tousif Ahmed, Apu Kapadia, and Bryan Semaan, "I am uncomfortable sharing what I can't see": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications.. In the proceedings of USENIX Security 2020.
-
Hirak Ray, Flynn Wolf, Adam J. Aviv, and Ravi Kuber. “And Then The Castle Just Falls:” Using Drawmetrics to Compare Privacy Concerns of Older and Working Adults. Pre-Print (see hotCRP instance for paper)
-
Natã M. Barbosa, Jordan Hayes, Yang Wang. UniPass: Design and Evaluation of a Smart Device-Based Password Manager for Visually Impaired Users. In Proceedings of UbiComp 2016.
- TBD
- Project Presentations (in-class)
- Final Project Reports (due: Dec 8th)
- (none)
- EVERYONE!