NJIT IS/CS 485 - Usable Security & Privacy - Fall 2024

This course covers how security and privacy decisions are made in the real world, why mistakes and failures happen so often, and what we can do about it.

Instructor

Nathan Malkin

Course Description

Cybersecurity and privacy incidents are often blamed on people’s choices, but what led to these decisions? If we understand the reasons for these failures and how the systems themselves contributed to them, we can create better technologies that help improve people’s security and privacy. In this course, we will study how security and privacy decisions are made in the real world, how incomplete or faulty assumptions may cause mistakes to be made, and what it takes to design and develop systems that overcome these issues. The course will synthesize and present important research in security, privacy, and human-computer interaction. In addition, students will learn and practice techniques, which are commonly used by user experience researchers, that will help them independently evaluate the usability of systems.

Logistics

This course is scheduled to meet at Mechanical and Industrial Engineering Center (ME) 221 on Tuesdays and Thursdays, 4:00 PM – 5:20 PM.

The CRN for the IS section of this course is 95790; for CS it’s 95792.

Prerequisites

Enrolling students are expected to have passed one of the following courses:

IT 230. Computer and Network Security
CS 351. Introduction to Cybersecurity
CS 608. Cryptography and Security
CS 645. Security and Privacy in Computer Systems

Additionally, the following courses are recommended:

IS 247 - Designing the user experience
IS 375 - Discovering user needs for UX
IS 448 - Usability & measuring UX
IT 331 - Privacy & information technology

If you have a strong interest in the topic but lack the formal prerequisites, please contact me in advance.

Topic overview

The course will cover the following topics:

Security

Passwords and potential alternatives
Multi-factor authentication
Warnings and phishing
Mobile permissions
Authentication
Access control

Privacy

Social media privacy
Online tracking
Privacy policies
AR/VR privacy
Smart home privacy
Deceptive design patterns

Special populations

At-risk users
Software developers and system administrators
Children
Accessibility in security
Anonymity needs and tools

Learning outcomes

Students completing this course will:

Discuss concrete instances of security and privacy failures in common technologies
Be able to explain how human factors contributed to these issues
Learn about research findings in a variety of domains in usable privacy and security
Practice methodologies for evaluating the usability of systems
Understand how to apply human-centered design for security and privacy systems

How this course differs from IS/CS 698

IS/CS 698, Human Factors in Security and Privacy, is a graduate, research-oriented seminar course, enrolling a mix of masters and PhD students. Its goal is to help students understand, evaluate, and contribute to cutting-edge research. To that end, a major focus of that course is reading, discussing, and analyzing research papers; students also work on a semester-long research project. In IS/CS 485, the focus will be on learning the lessons from the research field’s findings and how to apply them. The course will be primarily centered around lectures (though with significant active learning components), which will synthesize takeaways from state of the art research. However, students will still gain practical experience with research methods used in the human-computer interaction field through several hands-on projects.

Peer courses

This course is inspired by: