An approximate course schedule is below. Check back for updates on any dates more than 1 week in the future.
For all required readings, unless otherwise stated, students are not required to read appendices or footnotes.
Starting on January 14, 2026 (day 2 of the course), the general structure of each day will be: The discussion of two readings (one at a time) followed by the instructor connecting the discussion to the day’s and course’s learning objectives and covering any relevant learning objectives not already surfaced in the day’s discussion.
Starting on February 6, 2026 (with the Module 3 readings), student should keep at least the following questions in mind as the read the assigned readings:
What would your stakeholder analysis be for the work?
Which stakeholders are considered by the authors? Which stakeholders are not considered, if any?
What are the dual-use potentials or implications of the work?
What biases or assumptions may be included in the work?
What ethics-related decisions would one make from a strict consequentialist perspective? From a strict deontological perspective?
If you were the authors of the work, what ethics-related decisions would you have made?
Starting on near the end of Module 4, there will be dedicated time in class work on projects (details TBD).
Friday, January 9, 2026: Introduction, Threat Modeling, and Stakeholder Analyses
Day contents:
Course overview
Course participant introductions (instructor and students)
Introductory discussions of computer security ethics
Threat modeling and stakeholder analyses
Optional reading:
S. Lipner, The Trustworthy Computing Security Development Lifecycle, ACSAC 2004.
Wednesday, January 14, 2026: Computer Security and Ethical Frameworks
Day contents:
Ethics and moral philosophy introduction, including consequentialist, deontological, and virtue ethics
Trolley problems
Computer security-themed trolley problems
Required reading:
T. Kohno, Y. Acar, and W. Loh, Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations, USENIX Security 2023. Read the arXiv version; appendices not required for this or any other reading unless stated otherwise.
Friday, January 16, 2026: Who is Left Out?
Day contents:
The “default persona”
Who is included and who is excluded in computer security threat modeling, design, and analysis, and why
Strategies for inclusion, including stakeholder analyses and design justice
Important considerations for inclusion, including avoiding stereotypes and over-taxation
Required reading:
M. Sim, B. Radka, T. Kohno, F. Roesner, K. Hugenberg, Characterizing the Default Persona During Design: Mental Representations of Technology Users are Gendered, FAccT 2025.
M. Sim, K. Hugenberg, T. Kohno, and F. Roesner, A Scalable Inclusive Security Intervention to Center Marginalized & Vulnerable Populations in Security & Privacy Design, NSPW 2023.
Optional reading:
K. Butler, K. Hugenberg, E. Jain, A. Kapadia, T. Kohno, E.M. Redmiles, F. Roesner, M. Sim, P. Traynor, and H. Barakat, Extending the Heilmeier Catechism to Evaluate Security and Privacy Systems: Who is Left Out? IEEE S&P Magazine 2025.
T. Kohno, Background and Context for the Our Reality Novella, 2021.
S. Wachter-Boettcher, Technically Wrong: Sexist Apps, Biased Algorithms, and Other Threats of Toxic Tech, 2018.
S. Costanza-Chock, Design Justice: Community-Led Practices to Build the Worlds We Need, 2020.
January 21, 2026: Biases and worldviews in computing technologies
Day contents:
Identifying and articulating biases and worldviews in computing systems
Required reading:
L. Winner, Do Artifacts Have Politics, 1980.
B. Friedman and H.Nissenbaum, Bias in Computer Systems, ACM Transactions on Information Systems, 1996.
January 23, 2026: Key concepts in computer security
Day contents:
Key concepts in computer security, including
Confidentiality, integrity, and availability as objectives
Prevention, detection, deterrence, and recovery as part of a security portfolio
“Build security in vs bolt it on”
Direct attacks and indirect attacks (side channels and information leakage)
Defense in depth
Least privilege
Minimizing the Trusted Computing Base
Separating code and data
Software updates
Differentiating trust and trustworthiness
Coordinated disclosure of vulnerabilities
Required reading:
TBD reading on computer security fundamentals (or no reading if a reading is not posted by class on January 16, 2026)
January 28, 2026: No Class
January 30, 2026: Historical considerations and dual-use technologies
Day contents:
The “Crypto Wars”
The relationship between the U.S. government and early modern cryptography
Dual-use technologies and computer security
Cryptography patents and proprietary security designs
Required reading:
P. Zimermann, Why Do You Need PGP? 1995.
U.S. National Security Agency, American Cryptology during the Cold War, 1945-1989: Book III: Retrenchment and Reform, 1972-1980, Declassified in 2013. Read page 232 (241 of the PDF) last paragraph and page 234 (243 in the PDF) last paragraph.
A.C. Gaudion, Auditing the Government's Vulnerability Stockpile, Virginia Journal of Law & Technology, 2024. Read pages TBD.
G. Vetter, Patenting Cryptographic Technology, Chicago-Kent Law Review, 2009.
Optional reading:
S. Levy, Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age, 2002.
K. Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, 2015.
National Academies, Decrypting the Encryption Debate: A Framework for Decision Makers, 2018.
February 4, 2026: Vulnerability disclosure practices and The Menlo Report
Day contents:
Vulnerability disclosure practices, including coordinated disclosure
The Menlo Report
Required reading:
K. Moussouris, Coordinated Vulnerability Disclosure: Bringing Balance to the Force, 2010.
The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research, 2012.
Optional reading:
The Belmont Report, 1979
February 6, 2026: Humans and human subjects
Day contents:
Human subjects research and computer security
Different security considerations and designs for different populations
How the “right” design for one person might be the “wrong” design for another
The Federal Policy for the Protection of Human Subjects
Required readings:
L. Simko, A. Lerner, S. Ibtasam, F. Roesner, and T. Kohno, Computer Security and Privacy for Refugees in the United States, IEEE S&P 2018.
C.W. Munyendo, K. Owens, F. Strong, S. Wang, A.J. Aviv, T. Kohno, and F. Roesner, “You Have to Ignore the Dangers”: User Perceptions of the Security and Privacy Benefits of WhatsApp Mods, IEEE S&P 2025.
Optional readings:
M. Sim, B. Radka, E. Yoshikawa, F. Roesner, K. Hugenberg, and T. Kohno, To Reveal or Conceal: Privacy and Marginalization in Avatars, PoPETS 2025.
A. Daffalla, L. Simko, T. Kohno, and A.G. Bardas, Defensive Technology use by Political Activists During the Sudanese Revolution, IEEE S&P 2021.
February 11, 2026: The design, implementation, and deployment of security systems
Day contents:
Dual-use and computer security solutions
On the relationships between security, functionality, and usability
On the strengths and limits of security solutions
Required reading:
R. Dingledine, N. Matthewson, and P. Syverson, Tor: The Second-Generation Onion Router, USENIX Security 2004.
N. Borisov, I. Goldberg, and E. Brewer, Off-the-Record Communication, or, Why Not To Use PGP, WPES 2004. Read sections 1 and 2; skim the rest.
R. Stedman, K. Yoshida, and I. Goldberg, A User Study of Off-the-Record Messaging, SOUPS 2008.
Required readings (short):
K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker, Low-resource Routing Attacks Against Tor, WPES 2007. Read just the abstract.
Tor Blog, Tor and the Silk Road takedown, 2013.
Krebs on Security, Silk Road Lawyers Poke Holes in FBI’s Story, 2014.
C. Alexander and I. Goldberg, Improved User Authentication in Off-The-Record Messaging, WPES 2007. Read just the abstract.
Optional readings:
R. Geambasu, T. Kohno, A.A. Levy, and H.M. Levy, Vanish: Increasing Data Privacy with Self-Destructing Data, USENIX Security 2009.
S. Wolchok, O.S. Hofmann, N. Heninger, E.W. Felton, J.A. Halderman, C.J. Rossbach, B. Waters, and E. Witchel, Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs, NDSS 2010.
R. Geambasu, T. Kohno, A. Krishnamurthy, A. Levy, H.M. Levy, P. Gardner, and V. Moscaritolo, New Directions for Self-destructing Data, 2011.
February 13, 2026: Vulnerability finding and attacks
Day contents:
The role of vulnerability discovery in advancing the security of computer systems
Vulnerability disclosure practices
Issues when discovering vulnerabilities:
In critical systems
In systems that cannot be (easily) fixed
In a single product with the possibility of unknown vulnerabilities in related products
In a component the underlies many systems
When a public discussion of the findings has the potential to change human behaviors and/or cause fear even with the risks are low
The Digital Millennium Copyright Act
Required reading:
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, Comprehensive Experimental Analyses of Automotive Attack Surfaces, USENIX Security 2011.
S. Goldberg, M.Haller, N. Heninger, M. Milano, D. Shumow, M. Stevens, and A. Suhl, RADIUS/UDP Considered Harmful, USENIX Security 2024.
Optional reading:
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, IEEE S&P 2008.
P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, Spectre Attacks: Exploiting Speculative Execution, Communications of the ACM 2020.
February 18, 2026: Measuring vulnerabilities and adversarial activities
Day contents:
The role of measurements in understanding the defensive and adversarial ecosystems
Issues that can arise when:
Measuring the prevalence of vulnerabilities in deployed systems
Studying the activities of an adversarial ecosystem
Participating in an adversarial ecosystem
Required reading:
N. Heninger, Z. Durumeric, E. Wustrow, and J.A. Halderman, Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, USENIX Security 2012.
B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, Your Botnet is My Botnet: Analysis of a Botnet Takeover, CCS 2009.
Optional reading:
C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G.M. Voelker, V. Paxson, and S. Savage, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, CCS 2008.
M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G.M. Voelker, and S. Savage, Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context, USENIX Security 2010.
Z. Durumeric, E. Wustrow, and J.A. Halderman, ZMap: Fast Internet-wide Scanning and Its Security Applications, USENIX Security 2013.
Z. Durumeric, F. Li, J. Kasten, J. Amann, J. Beekman, M. Payer, N. Weaver, D. Adrian, V. Paxson, M. Bailey, and J.A. Halderman, The Matter of Heartbleed, IMC 2014.
A. Mirian, J. DeBlasio, S. Savage, G.M Voelker, K. Thomas, Hack for Hire: Exploring the Emerging Market for Account Hijacking, WWW 2019.
February 20, 2026: Experiments with live systems and with people
Day contents:
Issues that can arise when:
Measuring security properties of live systems
Experiments involving people or people’s data
When, without safeguards, experiments could impact users
Required reading:
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, CCS 2009.
A.D.I. Kramer, J.E. Guillory, and J.T. Hancock, Experimental evidence of massive-scale emotional contagion through social networks, PNAS 2014.
M.W. Ross, Do research ethics need updating for the digital age? Monitor on Psychology, 2014.
Optional reading:
R. McAmis and T. Kohno, The Writing on the Wall and 3D Digital Twins: Personal Information in (not so) Private Real Estate, USENIX Security 2023.
I.M. Verma, Editorial Expression of Concern: Experimental evidence of massivescale emotional contagion through social networks, 2014.
C. Puschmann and E. Bozdag, Staking out the unclear ethical terrain of online social experiments, Internet Policy Review, 2014.
February 25, 2026: Studying “sensitive” data and researcher safety
Day contents:
Issues that can arise when:
Measuring data that people are actively trying to keep private
When the measurement activity has the potential to expose team members to harms
Dual-use technologies, and technologies created to harm
Electronic Communications Privacy Act (ECPA)
Required reading:
Y. Pan, Z. Ling, Y. Zhang, H. Wang, G. Liu, J. Luo, and X. Fu, TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network, USENIX Security 2025.
C. Gibson, D. Olszewski, N.G. Brigham, A. Crowder, K. Butler, P. Traynor, E.M. Redmiles, and T. Kohno, Analyzing the AI Nudification Application Ecosystem, USENIX Security 2025.
Optional reading:
D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker, Shining Light in Dark Places: Understanding the Tor Network, PETS 2008.
February 27, 2026: No Class
March 4, 2026: Spring Break
March 6, 2026: Spring Break
March 11, 2026: Vulnerability findings tools and more on vulnerability finding
Day contents:
Issues when discovering vulnerabilities:
Via tools designed to discover new vulnerabilities
With an entire category of systems
In systems that cannot be (easily) fixed
Required reading:
TBD paper
R. Hönig, J. Rando, N. Carlini, and F. Tramèr, Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI, ICLR 2025.
March 13, 2026: (More) examples of works with important ethical considerations
Day contents:
Additional explorations into issues with measurement studies and experiments with live systems
Required reading:
S. Burnett and N. Feamster, Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests, SIGCOMM 2015.
S. Fan, J. Sippe, S. San, J. Sheffey, D. Fifield, A. Houmansadr, E. Wedwards, and E. Wustrow, Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China, NDSS 2025.
Optional reading:
B. Jones, R. Ensafi, N. Feamster, V. Paxson, and N. Weaver, Ethical Concerns for Censorship Measurement, NS Ethics 2015.
March 18, 2026: (More) examples of works with important ethical considerations
Day contents:
Additional explorations into issues with vulnerability finding, vulnerability disclosure, and experiments impacting other stakeholders
Required reading:
Q. Wu and K. Lu, On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits, 2021.
T. Holz and A. Oprea, IEEE S&P’21 Program Committee Statement Regarding The “Hypocrite Commits” Paper, 2021.
B.L. Crimmins, D.Y. Narayanan, D. Springall, and J.A. Halderman, DVSorder: Ballot Randomization Flaws Threaten Voter Privacy, USENIX Security 2024.
Optional reading:
J. Mayer, Princeton-Radboud Study on Privacy Law Implementation, 2021.
March 20, 2026: Computer security, ethics, and the law (additional discussions)
Day contents:
Terms of service
Data privacy regulations
Required readings:
C. Fiesler, N. Beard, and B.C. Keegan, No Robots, Spiders, or Scrapers: Legal and Ethical Regulation of Data Collection Methods in Social Media Terms of Service, AAAI Conference on Web and Social Media 2020.
R. Hong, J. Hutson, W. Agnew, I. Huda, T. Kohno, and J. Morgenstern, A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset, 2025.
March 25, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Required reading:
H.S. Ramulu, H. Schmitt, B. Rerich, R.G. Rodriguez, T. Kohno, and Y. Acar, Ethics in Computer Security Research: A Data-Driven Assessment of the Past, the Present, and the Possible Future, CCS 2025. Read the extended version on arXiv.
F. Hantke, S. Roth, R. Mrowczynski, C. Utz, and B. Stock, Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research, IEEE S&P 2024.
March 27, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Required reading:
C. Fiesler and N. Proferes, “Participant” Perceptions of Twitter Research Ethics, Social Media + Society, 2018.
P. Cintaqia, A. Arya, E.M. Redmiles, D. Kumar, A. McDonald, L. Qin, Stop the Nonconsensual Use of Nude Images in Research, NeurIPS 2025.
April 1, 2026: No Class
April 3, 2026: Easter Holiday
April 8, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Required reading:
N. Warford, T. Matthews, K. Yang, O. Akgul, S. Consolvo, P.G. Kelley, N. Malkin, M.L. Mazurek, M. Sleeper, and K. Thomas, SoK: A Framework for Unifying At-Risk User Research, IEEE S&P 2022.
R. Bellini, E. Tseng, N.Warford, A. Daffalla, T. Matthews, S. Consolvo, J.P. Woelfer, P.G. Kelley, M.L. Mazurek, D. Cuomo, N. Dell, and T. Ristenpart, SoK: Safer Digital-Safety Research Involving At-Risk Users, IEEE S&P 2024.
April 10, 2026: Guest Lecture via Zoom, Alex Gantman VP, Security Engineering and Head of Product Security at Qualcomm
Day contents:
Computer security ethics from an industry perspective
Required reading:
TBD
April 15, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Dedicated time for projects
Required reading:
D.R. Thomas, S. Pastrana, A. Hutchings, R. Clayton, and A.R. Beresford, Ethical issues in research using datasets of illicit origin, IMC 2017.
April 17, 2026: No Class -- Please work on projects
April 22, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Dedicated time for projects
Required reading:
Paper TBD
P. Rogaway, The Moral Character of Cryptographic Work, 2015. Read TBD parts.
Optional reading:
T. Kohno, A. Broido, and k. claffy, Remote Physical Device Fingerprinting, IEEE S&P 2005. Section 8 on dataset deanonymization.
E. Adar, User 4XXXXX9: Anonymizing Query Logs, Query Logs Workshop 2007.
A. Narayanan and V. Shmatikov, Robust De-anonymization of Large Sparse Datasets, IEEE S&P 2008.
N. Mireshghallah, M. Antoniak, Y. More, Y. Choi, and G. Farnadi, Trust No Bot: Discovering Personal Disclosures in Human-LLM Conversations in the Wild, 2024.
April 24, 2026: Reflections on ethical practices and ethics across works
Day contents:
Broader considerations of ethical practices, ethics, and computer security research
Dedicated time for projects
Optional (re)reading:
T. Kohno, Y. Acar, and W. Loh, Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations, USENIX Security 2023.
May 9, 2026: Projects due
The course project will be submitted electronically and is due at the start of the scheduled final exam period (May 9, 2026 at 12:30pm).