In many systems, human users are a critical part of the security process. They create passwords, follow security protocols, and share information that can maintain or destroy the security of a system. However, many secure systems are designed with little to no attention paid to people's cognitive abilities, workflow, or tasks. As a result, people find ways around the security obstacles that get in the way of their work.
This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, including the basics of humans' cognitive abilities, principles of usability, design techniques, and evaluation methods. We will then apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.Through hands-on exercises designing, building, evaluating, and critiquing systems, students will learn how to integrate usability into secure software. The course will specifically focus on authentication mechanisms, browsing security, privacy and social media, and mobile security.