1. Introduction and overview of the course
2. Security bootcamp & adversary model.

1. Read before the class:
   1. Alan Jay Smith. 1990. The Task of the Referee. Computer 23, 4 (April 1990), 65-71.
   2. Alma Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, 1999. (USENIX ’99)
2. In-class critiquing: “Why Johnny Can’t Encrypt …“

Topic: General UPS

Critique before the class:

1. 1. Cormac Herley. So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users. In Proceedings of the 2009 New Security Paradigms Workshop, 2009. (NSPW ’09).
   2. Serge Egelman, Marian Harbach, and Eyal Peer, “Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS)” In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI ’16). ACM, New York, NY, USA, 5257-5261.

Read before the class: Stuart Schechter. Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them, 2009.

1. Jose
2. Asem

Topic: Passwords

Critique before the class:

1. Dinei Florêncio and Cormac Herley. A Large-Scale Study of Web Password Habits. In Proceedings of the 16th international conference on World Wide Web, 2007. (WWW ’07)
2. Elizabeth Stobert and Robert Biddle. The Password Life Cycle: User Behaviour in Managing Passwords. In Proceedings of the Tenth Symposium on Usable Privacy and Security, 2014. (SOUPS ’14)

1. Artemij
2. Jose

UBC closed, No classes

Topic: Authentication Between Humans and Computers

Critique before the class:

1. J. Bonneau, C. Herley, P. C. v. Oorschot and F. Stajano,”The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes.” IEEE Symposium on Security and Privacy (2012): pp. 553–567.
2. Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007. (Oakland ’07)

1. Masoud
2. Pritam

Topic 1: Term Paper Proposal Presentations

Topic 2: Secure Messaging

Critique before the class:

1. Elham Vaziripour, Justin Wu, Mark O’Neill, Daniel Metro, Josh Cockrell, Timothy Moffett, Jordan Whitehead, Nick Bonner, Kent Seamons, and Daniel Zappala, “Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal“, In Proceedings of the Symposium on Usable Privacy and Security, 2018. (SOUPS ’18).

1. Gleb

Topic: Warnings and Security Indicators

Critique before the class:

1. Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. Bridging the gap in computer security warnings: A mental model approach. In IEEE Security and Privacy magazine, Volume 9, Issue 2, pp. 18-26, March 2011.
2.  Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of the Seventh Symposium on Usable Privacy and Security, 2011. (SOUPS ’11)

Optional Reading:

1. Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, and Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo, “Rethinking Connection Security Indicators,” In Proceedings of the Symposium on Usable Privacy and Security, 2016. (SOUPS ’16)

1. Masoud
2. Puneet

Topic: UPS in homes

Critique before the class:

1. 1. Eric Zeng, Shrirang Mare, and Franziska Roesner, “End User Security and Privacy Concerns with Smart Homes,” In Proceedings of the Symposium on Usable Privacy and Security, 2017. (SOUPS ’17).
   2. Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Durmuth, Earlence Fernandes, Blase Ur, “Rethinking Access Control and Authentication for the Home Internet of Things (IoT),” in USENIX Security Symposium, 2018.

Optional reading:

1. Blase Ur, Jaeyeon Jung, and Stuart Schechter. Intruders versus intrusiveness: Teens’ and parents’ perspectives on home-entryway surveillance . In Proceedings of the 2014 ACM Conference on Ubiquitous Computing, 2014. (UbiComp ’14)
2. Norbert Nthala and Ivan Flechais, “Informal Support Networks: an investigation into Home Data Security Practices“, In Proceedings of the Symposium on Usable Privacy and Security, 2018. (SOUPS ’18).

1. Yue
2. Aarti

Topic: Software Development

Critique before the class:

1. 1. Hala Assal and Sonia Chiasson, “Security in the Software Development Lifecycle,” In Proceedings of the Symposium on Usable Privacy and Security, 2018. (SOUPS ’18).
   2. D. Votipka, R. Stevens, E. Redmiles, J. Hu and M. Mazurek, “Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes,” 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2018, pp. 374-391. doi: 10.1109/SP.2018.00003

1. Borke
2. Zitao

Topic: TBD

Critique before the class:

1. Park, Cheul Young, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish, and Jason Hong. “Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships.” In Fourteenth Symposium on Usable Privacy and Security (SOUPS) 2018.
2. Nithya Sambasivan, Garen Checkley, Amna Batool, Nova Ahmed, David Nemer, Laura Sanely Gaytan-Lugo, Tara Matthews, Sunny Consolvo, Elizabeth Churchill, ““Privacy is not for me, it’s for those rich women”: Performative Privacy Practices on Mobile Phones by Women in South Asia,” SOUPS 2018, pp. 127-142.

1. Gleb
2. Puneet