Usable Security And Privacy
Spring 2022 CMSC-23210/33210 @ University of Chicago
Spring 2022 CMSC-23210/33210 @ University of Chicago
You can download the syllabus from CANVAS.
The following assignments will be due throughout the semester:
Group Project (45%)
Problem Sets (25%)
Midterm (10%)
Final Exam (10%)
Reading Responses (5%)
Attendance and Participation (5%)
All assignments are due by the beginning of class on the due date and must be submitted via Gradescope or CANVAS. If you have any problems with submission, please email the assignment to the teaching assistants.
Group cooperation and communication skills are essential in working with user experience and software development teams. The group project will bring all components of the course together in a quarter-long project with teams of 2-4 members. Teams will be allowed to pick their own topic from a list of project topics. The project will allow students to apply the research methods discussed in class.
Each project component counts for the follow points. The final project grade will be converted to a score out of 45.
GP0 – Project Topic and Group Formation – 5 points
GP1 – Project Proposal – 10 points
GP2 – Project Ethics Application/Field Materials Submission – 10 points
GP3 – Project Status Report and Presentation – 10 points
GP4 – Final Project Report, Peer Feedback, and Presentation – 65 points
The project will entail choosing a project topic from the list of topics and forming a project group with a group name by April 6.
Each group will submit a brief project proposal by April 13. Detailed instructions are in the project proposal assignment.
Each group will then work on filling out an ethics application, consent forms, recruitment text, and any copies of interview guides/survey questions/study instruments. This will involve designing all questionnaires, scripts, scenarios, interview protocols, etc. necessary to carry out the user study. This is due on April 22.
Each group is responsible for developing any prototypes necessary to carry out the user study. The user study protocol should be piloted on at least two people (can be members of the class from other project groups) and refine it based on these tests.
Each group will then submit progress report and presentation slides by May 4. Detailed instructions are in the progress report assignment.
Groups should then conduct their studies using the revised protocol with at least 6 subjects (or at least 30 if this is a survey). Optionally, you can conduct a larger study that would be likely to lead to publishable results – however, not that for publishable data, you will need to submit an IRB application to the IRB directly. If your study has only 6 subjects, likely this will be useful mostly as a pilot study and should be positioned as such in your paper.
Groups will write a final project report on the results of their user studies and submit it by May 27 and give a presentation to the class on that day. Detailed instructions are in the final project report assignment give a final project presentation in class. Instructions for final presentation may be adjusted based on number of project teams.
All team members will also be required to submit a peer evaluation.
CMSC 33210 students are encouraged to play a leadership role in a project group that writes a project paper that lays the groundwork for a future publication with extra work beyond the quarter. The final paper should be written in a style suitable for publication at a conference or workshop. The conference papers in the readings provide good examples of what a conference paper looks like and the style in which they are written. Papers should follow the SOUPS 2021 paper formatting instructions.
You will complete five graded problem sets. Unless specified by the instructor, problem sets must be completed independently.
There will be a midterm and a final exam. If you complete the required readings, attend class, and complete your assignments in a timely fashion, you will be well prepared for the midterm and final exams. Both exams will be centered on designing experiments, interpreting results, and analyzing research claims related to usable privacy and security. In essence, performing well on these exams will require that you apply the skills you learn in this course, rather than remembering trivia. The best way to prepare for these exams is to critically read of the assigned papers for the course and to be an engaged participant in class discussions and in-class exercises throughout the quarter.
Prior to the class period, you are required to submit a short 2 paragraph reading response to Tuesday’s required reading for the week. If you have done the reading, you should be able to do this very easily. You must complete the assigned reading prior to class so that you can participate fully in class discussions. To facilitate productive class discussions, you must submit a reading response for the assigned paper to CANVAS by 10 am CDT on the day of Tuesday’s class. Before each class, all of the reviews will be made visible to other students in the course. You are encouraged to read and discuss each other’s reviews on the relevant Slack channel for reading responses. Reviews should be no longer than half a page and consist of two brief paragraphs of prose (not bullet points) in your own words using approximately the structure listed below:
Paragraph 1 (Summary):
[3 pts] What are the main takeaways of the paper?
[1 pt] What are the paper’s key strengths?
[1 pt] What are the paper’s key weaknesses and/or limitations?
Paragraph 2 (Reaction):
[5 pts] What parts of the paper did you find most interesting/thought-provoking?
CMSC 33210 Students only [2 pts] How you would extend this paper/what future work in this area would you conduct?
Each reading response is worth 10 points for CMSC 23210 students and 12 points for CMSC 33210 students. If you do not submit a reading response, you will receive 0 for that reading response. At the end of the quarter, we will discard your two lowest reading response scores before calculating the reading response grade.
Students are expected to fully participate in all class activities to gain the most benefits from the class. You should come to class prepared to discuss any assigned readings as well as to provide your perspectives on these readings. You will also be expected to participate in group discussions and other in-classroom activities. The effectiveness of the course depends on the quality of your participation and willingness to internalize the skills and concepts covered in the course and efforts to apply them to real-world settings. However, I am also mindful that the pandemic creates many different situations for each student and that situations beyond your control may prevent you from participating in class. If you are having any difficulties, please feel free to discuss alternatives to participation with the instructor.
Students enrolled in CMSC 33210 will be expected to respond to an additional question in their reading responses and their reading responses will be graded out of 12.
The required readings will be posted on the course website as PDF documents. The following books are not required but are recommended for further reading. These books are all available on Amazon.com.
Supplemental: Research Methods in Human-Computer Interaction, Lazar, J., Feng, J.H., Hochheiser, H., Wiley, 2010.
The University of Chicago has formal policies related to academic honesty and plagiarism. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion.
You are permitted to talk to the course staff and to your fellow students about any of the problem sets. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write out his or her own solutions to the problem sets. Consulting another student's solution is prohibited, and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating.
No collaboration is permitted on reading responses or the midterm. All work submitted for the project must properly cite ideas and work that are not those of the students in the group.
If you have any question about whether some activity would constitute cheating, please feel free to ask. Simply stated, feel free to discuss problems with each other, but do not cheat. It is not worth it, and you will get caught.
In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.
If a personal emergency comes up that might impact your work in the class, please let Marshini know so that the course staff can make appropriate arrangements. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. This is especially the case in the global pandemic under COVID-19. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.
If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255
We understand that sometimes life events occur and that it is not always possible to meet every deadline. As such, we are willing to accept late assignments (aside from reading responses) according to the following policy:
You start the term with a grace period "balance" of 96 hours.
Each assignment will be due at 11 a.m. (Chicago Local Time) on the due date.
For each assignment, every hour late (or fraction thereof) that you turn in the assignment will subtract one hour from your grace-period balance. For example, if you turn in your assignment at 12:02 p.m. on the due date, we will count this as two hours against your grace period.
If your grace period balance is positive, you can turn in any assignment late without penalty (aside from reading responses).
Once your grace period balance reaches zero, you will receive half credit for any assignment that you turn in, as long as you turn it in within one week of the due date. If your grace period balance is zero and you turn in an assignment more than one week late, you will receive no credit for the assignment.
Excuses with medical documentation are a legitimate exception and will not count against your late period.
Any other reasons for lateness and including but not limited to interviews, conferences are not considered legitimate excuses and any resulting lateness will count against your grace period.
Important Note: You must still turn in all assignments to pass the course, even if you receive zero points on an assignment. Turning in all assignments is a necessary condition for passing.
This course was initially based on course materials from Blase Ur’s prior version of this class and Lorrie Cranor’s Spring 2021 course at Carnegie Mellon University and revised accordingly. I have also recently incorporated some materials from Adam Aviv, Heather Lipford, and Daniel Votipka as well. I consider these materials as being under a creative commons license where attribution for the creator is required and always appreciated.