Readings
This page contains relevant readings for the topics covered in this course. It is not expected that students read all of them.
This reading list is based on a syllabus from Michelle Mazurek. Thanks, Michelle!
This page is slowly being replaced by this Zotero library. Please check there first and then here.
Usable Security
Simson Garfinkel and Heather Richter Lipford. Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust, 2014. Chapters 1 and 2 required; rest optional.
Lorrie Faith Cranor. A Framework for Reasoning About the Human in the Loop. In Proceedings of UPSEC 2008.
Security
Anderson, Ross. Why information security is hard -- an economic perspective. In Computer security applications conference (ACSAC), 2001.
Bruce Schneier. The Psychology of Security. In International Conference on Progress in Cryptology in Africa (AFRICACRYPT), 2008.
Ross Anderson. Security Engineering.
Privacy
Arvind Narayanan. Data Privacy: The Story of a Paradigm Shift, February 2010.
Daniel Solove. 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy. San Diego Law Review 44, 2007.
Giovanni Iachello and Jason Hong. End-User Privacy in Human-Computer Interaction. Foundations and Trends in HCI 1(1), pp. 1-137, 2007.
Qualitative Methods, Diary Studies
Manya Sleeper, Rebecca Balebako, Sauvik Das, Amber McConahy, Jason Wiese, Lorrie Faith Cranor. The Post that Wasn't: Exploring Self-Censorship on Facebook . In Proceedings of CSCW 2013.
Consolvo, S., Smith, I. E., Matthews, T., LaMarca, A., Tabert, J., & Powledge, P. Location disclosure to social relations: why, when, & what people want to share. In ACM CHI, 2005.
Elissa M. Redmiles, Ziyun Zhu, Sean Kross, Dhruv Kuchhal, Tudor Dumitras, and Michelle L. Mazurek. Asking for a friend: Evaluating response biases in security user studies. In CCS 2018: ACM Conference on Computer and Communications Security. 2018.
Kovila P.L. Coopamootoo and Thomas Groß. Evidence-Based Methods for Privacy and Identity Management. 2016 IFIP Summerschool on Privacy and Identity Management
Ethics
Tom Jagatic, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer. Social Phishing. Communications of the ACM 50(10), pp. 94-100, 2007.
Simson L. Garfinkel. IRBs and Security Research: Myths, Facts, and Mission Creep. Naval Postgraduate School. 2008.
Usable Encryption
Alma Whitten and J.D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security 1999.
Abu-Salma, R., Sasse, M. A., Bonneau, J., Danilova, A., Naiakshina, A., & Smith, M. Obstacles to the Adoption of Secure Communication Tools. In IEEE Security and Privacy, 2017.
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, and Sascha Fahl. On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security. SOUPS 2021.
Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, and Kent Seamons. 2016. “We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI ’16).
International and Multicultural Perspectives
Lucy Simko, Ada Lerner, Samia Ibtasam, Franziska Roesner, Tadayoshi Kohno. Computer Security and Privacy for Refugees in the United States. In Proc. IEEE S&P, 2018.
Alghamdi, Deena, Ivan Flechais, and Marina Jirotka. Security Practices for Households Bank Customers in the Kingdom of Saudi Arabia. In SOUPS, 2015.
Daffalla, Simko, Kohno, and Bardas. Defensive Technology Use by Political Activists During the Sudanese Revolution. IEEE S&P 2021.
Ponnurangam Kumaraguru and Niharika Sachdeva. Privacy in India: Attitudes and Awareness V 2.0. Precog-TR-12-001, 2012
Notice and Choice
Lorrie Faith Cranor. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice. Journal of Telecommunications and High Technology Law 10(2), 2012.
Florian Schaub, Rebecca Balebako, Adam L. Durity, Lorrie Faith Cranor. A Design Space for Effective Privacy Notices. In Proceedings of SOUPS 2015.
Joel R. Reidenberg , N. Cameron Russell , Alexander J. Callen, Sophia Qasir & Thomas B. Norton, Privacy Harms and the Effectiveness of the Notice and Choice Framework, 11 ISJLP 485 (2015).
Other
Emilee Rader and Anjali Munasinghe. 2019. “Wait, Do I Know This Person?“: Understanding Misdirected Email. In Proc. CHI, 2019.
Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey. Users Really Do Plug In USB Drives They Find. In Proc. IEEE S&P, 2016.
Rebecca S. Portnoff, Linda N. Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner. 2015. Somebody’s Watching Me? Assessing the Effectiveness of Webcam Indicator Lights. In Proc. CHI, 2015.