Lecture: Usable Security and Privacy

Course:

Exercises:

Other:

  • Term: Master
  • Requirements:
  • Faculty: MA-INF 3235, B-IT
  • Effort: 2L+2E / 6 CP (B-IT 4CP)

Description

The first lecture will be on the 14th of April from 10:15 until 11:45 in the seminar room II.27 in the LBH. 

Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today.

However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security.

The lecture on Usable Security and Privacy deals with many aspects of human factors and usability in the context of security and privacy. The lecture includes both the foundations of usable security and privacy as well as a selection of cutting edge international research in this area. Topics include:

  • Evaluation of usability issues of existing security & privacy models or technology

  • Design and evaluation of new usable security & privacy technology

  • Impact of organizational policy on security and privacy interaction

  • Lessons learned from designing, deploying, managing or evaluating security & privacy technologies

  • Foundations of usable security & privacy

  • Methodology for usable security & privacy research

  • Ethical, psychological, sociological and economic aspects of security & privacy technologies