Usable Security and Privacy (Sommersemester 2022)
Dozent:
Prof. Dr. Christoph Meinel
(Internet-Technologien und -Systeme)
,
Dr. Anne Kayem
(Internet-Technologien und -Systeme)
Allgemeine Information
- Semesterwochenstunden: 4
- ECTS: 6
- Benotet:
Ja
- Einschreibefrist: 01.04.2022 - 30.04.2022
- Prüfungszeitpunkt §9 (4) BAMA-O: 08.06.2022
- Lehrform: Seminar
- Belegungsart: Wahlpflichtmodul
- Lehrsprache: Englisch
Studiengänge, Modulgruppen & Module
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-T Techniken und Werkzeuge
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-K Konzepte und Methoden
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-S Spezialisierung
- DSEC: Data Security
- DSEC-Konzepte und Methoden
- DSEC: Data Security
- DSEC-Techniken und Werkzeuge
- DSEC: Data Security
- Cybersecurity
- HPI-CS-PE Data Protection & Ethics
- HDAS: Health Data Security
- HPI-HDAS-C Concepts and Methods
- HDAS: Health Data Security
- HPI-HDAS-T Technologies and Methods
- HDAS: Health Data Security
- HPI-HDAS-S Specialization
Beschreibung
In this seminar we will focus on the decision-making hurdles (challenges) that users face in making complex privacy and security decisions online (Web) with respect to sharing sensitive personal information. For instance, with the advent of GDPR legislation, web applications were required to integrate clear messages to obtain explicit user consent regarding the use of cookies (or other tracking tools), the types of information being collected, and planned usage objectives. However, while organisations like Statistica indicate that web application users are concerned about the disclosure of their sensitive personal data, studies also indicate that many users feel overwhelmed and that they really do not have a choice except to ”Accept” if they wish to use these web applications.
Our goal during this seminar will be to implement and experiment with some existing automated techniques to aid users in making more proactive and ”better” privacy and security choices. We will study these techniques from both the protective and adversarial perspective, in the sense that oftentimes tools that are designed to support ”better” privacy and/or security choices, can also be exploited to achieve the opposite effect. For instance, research shows that most users never change default settings on web applications. Automated privacy- friendly defaults can support users by providing some baseline privacy settings. However, several application providers also take advantage of this to encourage users to install unnecessary third party applications that disclose personal information for the application provider’s benefit.
===
- Lecture #1 - 20 April 2022 : Course Overview and Introductory Lecture
Block #1: Support and Adversarial Mechanisms
===
-
Lecture #2: 21 April 2022 - Understanding and Assisting User Choices Online
-
Lecture #3: 28 April 2022 - Privacy and Security Warnings
-
Lecture #4: 05 May 2022 - Personalised Privacy/Security Messaging
-
Lecture #5: 12 May 2022 - Supporting Privacy/Security Decisions with Automation
-
Lecture #6: 19 May 2022 - Adversarial Mechanisms (Discussion)
-
Lecture #7: 26 May 2022 - ---- No Lecture (Public Holiday) ---
===
Block #2: Project Work - Phase I: Mid-Semester Presentations
- Mid-Semester Presentations (Schedule to be Decided)
===
Block #3: Experimental Design
---
-
Lecture #8: 09 June 2022 - Structuring User Studies
-
Lecture #9: 16 June 2022 - Quantitative Data Collection
-
Lecture #10: 23 June 2022 - Qualitative Data Collection
-
Lecture #11: 30 June 2022 - Analysing Collected User Data
===
Block 4: Project Work - Phase 2: Final-Semester Presentations and Report
- Final Presentations (Schedule to be decided)
- Final Report Handin: 15 August 2021 (Submission Online on Moodle)
Voraussetzungen
Prerequisites:
Literatur
Relevant literature will be provided to you.
Lern- und Lehrformen
At the end of this seminar you should be able to do the following:
- Design automated mechanisms to support users in making "better" privacy/security decisions on the web
- Critically assess the potential for such mechanisms to be exploited adversarially
- Critically assess whether or not automation is useful in overriding user decisions, and what the long term impact is
- Learn about experimental designs for testing the effectiveness (and counter-effectiveness) of the mechanisms studied
Leistungserfassung
Evaluations towards the final grade, will be based on presentations of results (mid-semester and final), as well as a technical (group) report of 12 - 15 pages (6000-7500 words) on the findings drawn from the project conducted during the seminar. Presentations will count for a combined total of 50% and the report for 50%. The grading rubric is summarised below:
| Grading Rubric | When? & Where? | Grade % |
| Mid-Semester Presentation | TBD (H.2.57/58) | 25% |
| Final Presentation | TBD (H.2.57/58) | 25% |
| Technical Report | 15.08.2022 (Online - Moodle) | 50% |
Termine
Lectures and project meetings will hold on Wednesdays and Thursdays, beginning 19.04.2022 as follows:
| | Day, & Time | Location |
| Project Work (Discussions) | Wednesdays, 17.00 - 18.30 | H.2.57/58 |
| Project Work | Thursdays, 13.30 - 15.00 | H.2.57/58 |
Lecture materials and further details on course modalities will be accessible on Moodle.
Note: To participate in the course you must be registered on the University of Potsdam's Moodle platform, and have registered to attend this course. Search for the course using "Usable Security and Privacy" and register using "USP-SoSe-2022".
Zurück
