Human Factors in Security and Privacy - Fall 2023

Instructor Daniel Votipka
Time T/Th 12:00-1:15pm
Location JCC, room 265
Zoom info https://, Meeting ID: 931 6140 4857, Passcode: 213446
Office Hours M: 10:30-11:30am; F: 11-12pm in the Joyce Cummings Center, room 361 or on Zoom
Jindan's TA Office Hours M: 3-4pm in the Joyce Cummings Center, room 449 or on Zoom

Course Description

Humans are often viewed as the weakest link in security. However, there is growing recognition that technology alone is insufficient to solve all security and privacy problems. Human factors play and essential role. A provably secure system is only as secure as the way users choose to use it, and system builders need to account for these user decisions if they wish to provide security and usability. In this class, we will cover a variety of usability and human interaction (HCI) problems of privacy and security. We will also cover common HCI methods that can be used to measure usability issues in security and privacy mechanisms. Students are expected to complete homeworks on the topic and complete a semester-long researh project designed to give students practical experience understanding and designing studies which evaluate usability issues in security and privacy systems.


40% Project

This class requires that you complete a semester long research project that should produce workshop-level research results and a written report that is formatted using Latex. More details of the project can be found on the project page.

45% Homeworks

There are four homeworks that require a mixture of programming, writing, and data analysis. Specific directions in the homeworks will be provided. All written work should be typed.

  10% Readings

Each week readings are listed as either Required or Additional.

  • Students are required to read all the Required Readings
  • Students must submit a Reading Response for two of the required readings each week (e.g., one per class period)
  • Reading Responses are due at the end of each week (Fridays by 11:59pm)

  5% Meet Your Professor

We find that meeting 1-1 with the course instructor early in the semester positively impacts the dynamics of the class as it reinforces that we are a team working together to help you master the material in the course. To encourage that connection, I count up to five minutes of office-hour visits as part of your course grade. Each minute you spend in conversation with me during my office hours will earn one percent of your overall course grade, up to a possible total of five percent. To earn full credit, you must come to my office hours by December 1st.

While you may find it helpful to talk about homework, class, engineering, or Tufts overall, any mutually agreeable topic of conversation is acceptable.


Readings will be assigned from the following text (available for purchase from all the usual online book stores, and free of charge in ebook form via the Tufts library):

Additional readings will be assigned from papers available online or handed out in class. In cases where a subscription is required for access, access should be available for free when you are coming from a Tufts IP address (on campus or via Tufts EZproxy or Tufts VPN.).

See the schedule for papers and handouts.

Credits and Copyright

This course is based (with permission) on material provided by Adam Aviv taught at George Washington University, which in turn is based on a course taught by Blase Ur at the University of Chicago and a course taught by Lorrie Cranor at Carnegie Mellon University. Additional material based on samples (with permission) from courses taught by Michelle Mazurek at the University of Maryland, Matthew Smith at Rheinische Friedrich-Wilhelms-Universit├Ąt Bonn and Heather Lipford at the University of North Carolina, Charlotte.

All teaching materials in this class, including slides, homework, assignments, practices exams and quizzes, are copyrighted. Reproduction, redistribution and other rights solely belong to the instructor. In particular, it is not permissible to upload any or part of these materials to public or private websites without the instructor's explicit consent. Violating this copyright policy will be considered an academic integrity violation.

Reading materials are also copyrighted by their respective publishers and/or authors and cannot be re-posted without prior authorization from the publisher. Those materials used here for the purpose of education.

Web Accessibility