Embedded Files
Course Description
Course Description
Usability and security are often seen as antagonistic design goals for computer systems and yet usability shortcomings can be catastrophic for security and privacy. Poor security and privacy user experience design (UX) has led to user harms, regulatory fines and product failures. In this course we will use core security and privacy concepts and techniques, and a grounding in UX, to learn to better recognize security and privacy pitfalls. Students will be challenged to discover ways that security, privacy, and usability can be made synergistic in system design.
Course topics include:
User Experience: Human decision making in security/privacy, dark patterns related to security and privacy, usability research methods
Privacy: Anonymization & differential privacy, privacy and AI/ML, regulatory perspective
Security: Cryptographic tools for confidentiality & authentication, online safety
This is a research and practice oriented course and only a portion of the class meetings will be traditional lectures. A significant portion of course meetings will be spent working together on projects and problem sets and learning how to find and understand security and privacy research. A key deliverable of the course is a project paper that is suitable for submission as a conference poster or workshop presentation.
Based on interests and backgrounds, students will be assigned to a small group project that they will focus on for the majority of the semester. Many projects will have an external stakeholder who is a key consumer of the project deliverables and will mentor students during the semester along with the instructor and TA.
Through this course students will be familiarized with many of the most common privacy and security concepts and techniques and be better able to design safe software systems. From project work, students will also have a concrete artifact demonstrating their understanding of designing good privacy and security UX.
To summarize, there are 3 goals for this course:
Build a solid understanding of introductory privacy, security and UX concepts and techniques.
Be sufficiently familiar with resources for privacy, security and UX to know where to go to assess risk and keep abreast of the state of the art.
Produce a human-oriented privacy/security contribution suitable for a workshop presentation or conference poster.
Prerequisites
Prerequisites
There are no prerequisites and this is not a coding-intensive class – projects and assignments may involve data analysis, e.g., using python or R.
Class Resources
Class Resources
Any lecture slides will be made available by the end of each class. All research papers and case studies will be made available through Canvas. Please bring a laptop/tablet to every class.
This term we will be using Piazza for class discussion. The system is highly catered to getting you help fast and efficiently from classmates, the TA, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email team@piazza.com.
Find our class signup link at: https://piazza.com/northeastern/fall2025/cs676018681202610
The following textbooks are available online and are optional resources for some of the course topics:
Security Engineering - Third Edition, A Guide to Building Dependable Distributed Systems
by Ross Anderson
§ Computer Security and the Internet: Tools and Jewels
by Paul C. van Oorschot. 2019, Springer.
https://people.scs.carleton.ca/~paulv/toolsjewels.html
Assignments & Grading
In-class time will be devoted to all course deliverables, Projects will have 3 milestones: 1. Project Plan, 2. Project Update and 3. Final project presentation and paper. #1 and #2 are not graded and are an opportunity to get feedback from fellow students and the instructors. The final project presentation will be to the class, instructors and any external mentors. If the project does not have an external mentor a security/privacy professional may join the presentation to give feedback.
Rubrics will be provided for all written course deliverables. Students will get full participation points if they engage in classroom discussion and submit questions for guest speakers.
Grading is as follows:
20%: Online security certification course
20%: Privacy/Security problem set
15%: Research paper presentation
5%: Class participation
40%: Project
15%: final project presentation
25%: final project paper
No final exam, project is due at end of semester and will be presented in class
Final grades will use this scale: [0-59] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A.
Late Policy
We will use flexible slip days for all assignments. Each student is given five (5) slip days for the semester. Request a slip day through a Piazza post visible to the TA and instructor and wait for confirmation. If slip days are not granted before the deadline, a 20% a day late penalty will be applied. After you have used up your slip days, any project handed in late will also be penalized by 20% per day.
For group assignments, slip days will be deducted from each group member's remaining slip days. Keep this stipulation in mind: if one member of a group has zero slip days remaining, then that means the whole group has zero slip days remaining.
Requests for Regrading
Regrades must be requested through a Piazza post visible to the TA and instructor. Specify exactly what you want reviewed and why you think it was misgraded. This request must be made within a week of the assignment due date or when you receive your grade in Canvas, whichever is later.
Cheating Policy
It's ok to ask your peers about the concepts, algorithms, or approaches needed to do the assignments. We encourage you to do so; both giving and taking advice will help you to learn. However, what you turn in must be your own, or for group assignments, your group's work. Looking at or copying from other people or the Web is strictly prohibited. If you have any questions about using a particular resource, ask the course staff or post a question to the class forum.
All students are subject to the Northeastern University's Academic Integrity Policy. Per Khoury College policy, all cases of suspected plagiarism or other academic dishonesty must be referred to the Office of Student Conduct and Conflict Resolution (OSCCR). This may result in deferred suspension, suspension, or expulsion from the university.
Ethics
Ethics
In this class, you will learn about security and privacy techniques and tools that can potentially be used for offensive purposes.It is ethically problematic to attack systems or data that you do not own, and may violate the law.
Accommodations for Students with Disabilities
If you have a disability-related need for reasonable academic accommodations in this course and have not yet met with a Disability Specialist, please visit www.northeastern.edu/drc and follow the outlined procedure to request services. If the Disability Resource Center has formally approved an academic accommodation in this class, please present the instructor with your "Professor Notification Letter" at your earliest convenience, so that we can address your specific needs as early as possible.
Safety
Safety
Northeastern University and its faculty are committed to creating a safe and open learning environment for all students. If you or someone you know has experienced discrimination (including discrimination based on sex, gender, gender identity, gender expression, sexual orientation, pregnancy or pregnancy related condition, race, religion, national origin, disability status, veteran status etc.), or sexual violence (including sexual harassment, sexual assault, dating/domestic violence, or stalking), please know that help and support are available. Northeastern strongly encourages all members of the community to take action, seek support, and report incidents of discrimination, harassment, and sexual violence to the Office for University Equity and Compliance (OUEC) through the Online Reporting Form (https://web.studentally.com/#/report/northeastern).
More information on Northeastern’s policies is here: https://policies.northeastern.edu/policy104/
Course Description
Course Description
Usability and security are often seen as antagonistic design goals for computer systems and yet usability shortcomings can be catastrophic for security and privacy. Poor security and privacy user experience design (UX) has led to user harms, regulatory fines and product failures. In this course we will use core security and privacy concepts and techniques, and a grounding in UX, to learn to better recognize security and privacy pitfalls. Students will be challenged to discover ways that security, privacy, and usability can be made synergistic in system design.
Course topics include:
User Experience: Human decision making in security/privacy, dark patterns related to security and privacy, usability research methods
Privacy: Anonymization & differential privacy, privacy and AI/ML, regulatory perspective
Security: Cryptographic tools for confidentiality & authentication, online safety
This is a research and practice oriented course and only a portion of the class meetings will be traditional lectures. A significant portion of course meetings will be spent working together on projects and problem sets and learning how to find and understand security and privacy research. A key deliverable of the course is a project paper that is suitable for submission as a conference poster or workshop presentation.
Based on interests and backgrounds, students will be assigned to a small group project that they will focus on for the majority of the semester. Many projects will have an external stakeholder who is a key consumer of the project deliverables and will mentor students during the semester along with the instructor and TA.
Through this course students will be familiarized with many of the most common privacy and security concepts and techniques and be better able to design safe software systems. From project work, students will also have a concrete artifact demonstrating their understanding of designing good privacy and security UX.
To summarize, there are 3 goals for this course:
Build a solid understanding of introductory privacy, security and UX concepts and techniques.
Be sufficiently familiar with resources for privacy, security and UX to know where to go to assess risk and keep abreast of the state of the art.
Produce a human-oriented privacy/security contribution suitable for a workshop presentation or conference poster.
Prerequisites
Prerequisites
There are no prerequisites and this is not a coding-intensive class – projects and assignments may involve data analysis, e.g., using python or R.
Class Resources
Class Resources
Any lecture slides will be made available by the end of each class. All research papers and case studies will be made available through Canvas. Please bring a laptop/tablet to every class.
This term we will be using Piazza for class discussion. The system is highly catered to getting you help fast and efficiently from classmates, the TA, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email team@piazza.com.
Find our class signup link at: https://piazza.com/northeastern/fall2025/cs676018681202610
The following textbooks are available online and are optional resources for some of the course topics:
Security Engineering - Third Edition, A Guide to Building Dependable Distributed Systems
by Ross Anderson
§ Computer Security and the Internet: Tools and Jewels
by Paul C. van Oorschot. 2019, Springer.
https://people.scs.carleton.ca/~paulv/toolsjewels.html
Assignments & Grading
In-class time will be devoted to all course deliverables, Projects will have 3 milestones: 1. Project Plan, 2. Project Update and 3. Final project presentation and paper. #1 and #2 are not graded and are an opportunity to get feedback from fellow students and the instructors. The final project presentation will be to the class, instructors and any external mentors. If the project does not have an external mentor a security/privacy professional may join the presentation to give feedback.
Rubrics will be provided for all written course deliverables. Students will get full participation points if they engage in classroom discussion and submit questions for guest speakers.
Grading is as follows:
15%: Online security certification course
20%: Privacy/Security problem set
15%: Research paper presentation
10%: Class participation
40%: Project
15%: final project presentation
25%: final project paper
No final exam, project is due at end of semester and will be presented in class
Final grades will use this scale: [0-59] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A.
Late Policy
We will use flexible slip days for all assignments. Each student is given five (5) slip days for the semester. Request a slip day through a Piazza post visible to the TA and instructor and wait for confirmation. If slip days are not granted before the deadline, a 20% a day late penalty will be applied. After you have used up your slip days, any project handed in late will also be penalized by 20% per day.
For group assignments, slip days will be deducted from each group member's remaining slip days. Keep this stipulation in mind: if one member of a group has zero slip days remaining, then that means the whole group has zero slip days remaining.
Requests for Regrading
Regrades must be requested through a Piazza post visible to the TA and instructor. Specify exactly what you want reviewed and why you think it was misgraded. This request must be made within a week of the assignment due date or when you receive your grade in Canvas, whichever is later.
Cheating Policy
It's ok to ask your peers about the concepts, algorithms, or approaches needed to do the assignments. We encourage you to do so; both giving and taking advice will help you to learn. However, what you turn in must be your own, or for group assignments, your group's work. Looking at or copying from other people or the Web is strictly prohibited. If you have any questions about using a particular resource, ask the course staff or post a question to the class forum.
All students are subject to the Northeastern University's Academic Integrity Policy. Per Khoury College policy, all cases of suspected plagiarism or other academic dishonesty must be referred to the Office of Student Conduct and Conflict Resolution (OSCCR). This may result in deferred suspension, suspension, or expulsion from the university.
Ethics
Ethics
In this class, you will learn about security and privacy techniques and tools that can potentially be used for offensive purposes.It is ethically problematic to attack systems or data that you do not own, and may violate the law.
Accommodations for Students with Disabilities
If you have a disability-related need for reasonable academic accommodations in this course and have not yet met with a Disability Specialist, please visit www.northeastern.edu/drc and follow the outlined procedure to request services. If the Disability Resource Center has formally approved an academic accommodation in this class, please present the instructor with your "Professor Notification Letter" at your earliest convenience, so that we can address your specific needs as early as possible.
Safety
Safety
Northeastern University and its faculty are committed to creating a safe and open learning environment for all students. If you or someone you know has experienced discrimination (including discrimination based on sex, gender, gender identity, gender expression, sexual orientation, pregnancy or pregnancy related condition, race, religion, national origin, disability status, veteran status etc.), or sexual violence (including sexual harassment, sexual assault, dating/domestic violence, or stalking), please know that help and support are available. Northeastern strongly encourages all members of the community to take action, seek support, and report incidents of discrimination, harassment, and sexual violence to the Office for University Equity and Compliance (OUEC) through the Online Reporting Form (https://web.studentally.com/#/report/northeastern).
More information on Northeastern’s policies is here: https://policies.northeastern.edu/policy104/
Page updated
Google Sites
Report abuse