Practical Course Usable Security
Lecturer: Prof. Alt
Persons in Charge: Oliver Hein
Hours per week: 4
ECTS credits: 6 (MSc)
Module: Master P3 / P 5: Gruppenpraktikum zu fortgeschrittenen Themen der Informatik I oder Informatik II (MA MI PStO 2022 (Start WiSe)) / (MA MI PStO 2022 (Start SoSe))
After consultation with the examination board, credit for WP 1-3, WP 7,9, WP 19 (advanced topics for Master) also possible
Two topics are available for this course. Interested students may express their interest through this Survey.
Note that the first topic will be conducted as a block course, while the second topic will run over the course of the term.
Topic 1: A Platform to Support Self-Commitment for Secure Behavior
Description
Today, there exists a solid understanding of which habits protect users from the threats of cyber space (for example, not reusing passwords across accounts, verifying senders and examining links in email). Furthermore, many security tools and technologies exist that are designed to support people in behaving securely: examples include but are not limited to password managers, tools for email encryption, or VPNs. At the same time, users struggle to adopt secure behavior and use available tools.
A potential solution to this is providing users means to self-commit to such behavior. This approach has been demonstrated to be highly effective in other domains, such as exercising more or eating healthily. The objective of this course is to develop a platform that supports such self-commitment. Features of such a platform may include an explanation of secure behavior, the possibility to "sign a self-commitment contract", means to feedback reasons for failing to adhere to this contract, and means to remind users in-situ about security behavior.
The specific use case this course will focus on is the use of a password manager. Questions that are going to be tackled are: How can the use of a password manager be motivated and its advantages be communicated? How can users' misconceptions and struggles with adoption be addressed? How can users be reminded about the use of a password manager in-situ (e.g., by means of a browser-plugin or smartphone app)?
Time and Location
- Project Period: April 22 - May 3 (daily 10am - 4pm, longer if needed)
- Kick-Off: Monday April 22, 2pm
- Location: CODE Research Institute for Cyber Defense, Carl-Wery-Straße 18, Raum 0812
Topic 2: Drone-based Security and Privacy Interfaces
Description
The objective of this course is to learn how systems can be designed for different contexts that are secure, privacy-preserving and usable at the same time. This year, the course will evolve around image processing, object detection and drone interaction.
The course consists of two parts: in a theoretical part, participants will be introduced to different topics of usable security and privacy, including an overview of security and privacy mechanisms, threat modeling, and mental models. Furthermore, this part will cover different application area, such as passwords, authentication, security warnings, and social engineering.
The practical part will then focus on user-centered design techniques that allow for creating novel privacy and security mechanisms. In small groups, participants will initially create concepts for novel mechanisms. In the following, participants will then build prototypes and evaluate these in user studies regarding security and usability.
Time and Location
- Time: Tuesday 2pm (s.t.) - 4:15pm
- Kick-Off: Tuesday 16.04.2024
- Location: CODE Research Institute for Cyber Defense, Carl-Wery-Straße 18, Room 0812
Schedule (tentative)
Date | Task | Deliverables |
---|---|---|
16.04.2024 | Introduction & Research Examples | |
30.04.2024 | Individual Concept Pitches (60 seconds) | Video Recording of Pitch |
07.05.2024 | Concept Presentations (in Teams) | Slides, Timeline |
04.06.2024 | Intermediate Presentations | Slides |
02.07.2024 | Final Presentations | Poster, Demonstrator |
30.07.2024 | Written Report |
Application
Students interested in the course can apply via Moodle.
In your application please provide the following information:
- Indicate a topic preference
- For topic 1: Rate (1=no experience, 5=expert) and briefly describe any relevant expertise in the following areas (e.g., from other courses, theses, or projects): web development, Android programming, security/privacy, concept development, evaluation
- For topic 2: Rate (1=no experience, 5=expert) and briefly describe any relevant expertise in the following areas (e.g., from other courses, theses, or projects): hardware prototyping, python programming, image processing, object detection, security/privacy, concept development, evaluation
- Optionally: Provide a short paragraph (max. 150 words) describing your motivation to participate in this course.
Course Material
This is a joint course with the Research Institute CODE of UniBW Munich. Students will get access to the University's learning platform where all relevant course materials will be provided.