Human Factors in Security and Privacy - Spring 2021

Instructor Daniel Votipka
Time Tu/Th 10:30-11:45am
Location Zoom!, Meeting ID: 934 3103 3126, Passcode: 196778
Office Hours Tu: 9:15-10:15am, Th: 12:00-1:00pm -- in Zoom

Course Description

Humans are often viewed as the weakest link in security. However, there is growing recognition that technology alone is insufficient to solve all security and privacy problems. Human factors play and essential role. A provably secure system is only as secure as the way users choose to use it, and system builders need to account for these user decisions if they wish to provide security and usability. In this class, we will cover a variety of usability and human interaction (HCI) problems of privacy and security. We will also cover common HCI methods that can be used to measure usability issues in security and privacy mechanisms. Students are expected to complete homeworks on the topic and complete a semester-long researh project designed to give students practical experience understanding and designing studies which evaluate usability issues in security and privacy systems.


40% Project

This class requires that you complete a semester long research project that should produce workshop-level research results and a written report that is formatted using Latex. More details of the project can be found on the project page.

45% Homeworks

There are five homeworks that require a mixture of programming, writing, and data analysis. Specific directions in the homeworks will be provided. All written work should be typed

  10% Readings

Each week readings are listed as either Required or Additional.

  • Students are required to read all the Required Readings
  • Students must submit one Reading Response Form for one of the required readings each week
  • Readings are due before each lecture at 10:30am

  5% Meet Your Professor

We find that meeting 1-1 with the course instructor early in the semester positively impacts the dynamics of the class as it reinforces that we are a team working together to help you master the material in the course. To encourage that connection, I count up to five minutes of office-hour visits as part of your course grade. Each minute you spend in conversation with me during my office hours will earn one percent of your overall course grade, up to a possible total of five percent. To earn full credit, you must come to my office hours by the end of April.

While you may find it helpful to talk about homework, class, engineering, or Tufts overall, any mutually agreeable topic of conversation is acceptable.


Readings will be assigned from the following text (available for purchase from all the usual online book stores, and free of charge in ebook form via the Tufts library):

Additional readings will be assigned from papers available online or handed out in class. In cases where a subscription is required for access, access should be available for free when you are coming from a Tufts IP address (on campus or via Tufts EZproxy or Tufts VPN.).

See the schedule for papers and handouts.

Credits and Copyright

This course is based (with permission) on material provided by Adam Aviv taught at George Washington University, which in turn is based on a course taught by Blase Ur at the University of Chicago and a course taught by Lorrie Cranor at Carnegie Mellon University. Additional material based on samples (with permission) from courses taught by Michelle Mazurek at the University of Maryland, Matthew Smith at Rheinische Friedrich-Wilhelms-Universit├Ąt Bonn and Heather Lipford at the University of North Carolina, Charlotte.

All teaching materials in this class, including slides, homework, assignments, practices exams and quizzes, are copyrighted. Reproduction, redistribution and other rights solely belong to the instructor. In particular, it is not permissible to upload any or part of these materials to public or private websites without the instructor's explicit consent. Violating this copyright policy will be considered an academic integrity violation.

Reading materials are also copyrighted by their respective publishers and/or authors and cannot be re-posted without prior authorization from the publisher. Those materials used here for the purpose of education.

Web Accessibility