Usable Security

Conference seminar

Type of seminar:S2 4CP
Lecturer:Prof. Dr. Melanie Volkamer supported by
Prof. Dr.-Ing. Ralph Bruder
Doctoral students:Michaela Kauer, Maina Olembo, Cristian Thiago Moecke, Stephan Neumann, Thomas Pfeiffer, Heike Theuerling
Begin:18.10.2011, 4 PM in S202/A313 (KickOff)
Requirements:Interest in interdisciplinary topics and research work, Basic knowledge in Security
Registration:Please register here Deadline 17.10.2011 (only registered students can apply for a topic)
Registration for PC/Easychair: 15.11.2011 via  eMail to Sven Adler
Formatting:Use MS Word or LaTeX template
First submission:23.12.2011 via eMail to supervisor
Reviews from supervisors:03.01.2012
Submission first version:31.01.2012 via EasyChair
Review submission:10.02.2012 via EasyChair
Submission final version:01.03.2012 via EasyChair
Block seminar:Please see here
Number of participants:max. 20
Turnus:irregular
Organisational questions:Please contact Cristian Thiago Moecke

The seminar will take place in form of a conference. The typical phases of a scientific publication will be followed through the example of a paper:

  • Submitted paper
  • Review
  • Camera ready version / Full Paper
  • Talk (General Information, Time Schedule)

Each presentation lasts 30 minutes. All presentations will take place on one day (two days if needed). This day will be organized similar to a talk or visit at a scientific conference. This format ensures that the preparation times are identical for all participants. We will meet all together only twice: to award topics/preliminary discussion and at the talks. Questions that arise during the work of the individual topics will be discussed with the respective supervisor in individual meetings. Analogous to a conference, we will soon provide information about the style template, and a conference tool to upload and review the papers. Further information is available at the preliminary discussion.

Teaching goals

The Internet is used by more and more people for more and more applications in more and more areas. In order to protect applications which process sensitive and personal data and protect against threats targeting personal computers of different users, various security mechanisms are used. The user is confronted with these mechanisms while surfing the internet, sending and receiving e-mails, downloading and installing software or files. This is done in different ways (with different pop-ups or warnings, green or red background URLs, open or closed locks, etc.) and often requires the user to make a decision to proceed with the application. Expert knowledge is often required in order to recognize and understand these warnings, and to make the right decision. However, if the user is overwhelmed with these decisions, there is a risk that he will perform actions which accidentally or unintentionally cause vulnerabilities, which lead to unintended disclosure of information or data. Furthermore, this excessive demand often leads to disabling security mechanisms and warning notices, to clicking away from warnings without reading them. The consequences are the same or even worse. Exactly at this point the young research field "Usable Security" starts its work. The aim of this interdisciplinary seminar is to reappraise the current state of research and identify open research questions.

Topics, Elaborations and Talks

There are two types of seminar topics: [L] means Literature Review, [S] means re-running a published study. You are welcome to suggest your own topic in the area of usable security: until October 16th.

  • [L] Usable Security Engineering 
  • [L] Usable Security and Privacy Policies Settings
  • [L] Mental models in the context of Security and Privacy
  • [L] Usable Security Design Pattern
  • [L] Usability of Privacy Settings in Facebook
  • [L] Trust - why/when do people trust  or distrust in digital information
  • [L] Userfriendly comparison of (SSL certificate) fingerprint
  • [L] Phishing Education
  • [S] Folk Models of Home Computer Security
  • [S] PGP/Hushmail usability evaluation
  • [S] Known Security Indicators

Integration into study plan and examination regulations

The seminar is aimed at Diplom. and potential teachers of computer science, WI-degree programs, Electrical Engineering and Information Technology from Semester 5, as well as bachelor's and master's candidates in the field of trusted systems. The seminar is part of the master's program in IT-Security.

- Bachelor computer science (WS 03/04)
- Bachelor computer science (WS 04/05)
- Bachelor computer science (WS 07/08)
- Bachelor computer science (WS 09/10)
- Master computer science (WS 04/05)
- Master computer science (WS 09/10)

The degree programs from other disciplines will be added shortly.

Internal area for literature

The password-protected area can be reached here. Access credentials will be announced at the preliminary discussion.

Block Seminar

06.03.2012 in S202/A213 - from 16:00
16:00 Userfriendly comparison of (SSL certificate) fingerprint - Ardalan Naseri
16:30 Known Security Indicators - Gerard Yomba Ngangwa
17:00 Trust - why/when do people trust or distrust in digital information - Maximilian Pohst

09.03.2012 in S202/E202 - from 09:00 (If necessary, we will have a 1 hour interval for lunch)
09:00 Usability of Privacy Settings in Facebook - Bastian Laur
09:30 Phishing Education - Paul Klobuszenski
10:00 Folk Models of Home Computer Security - Daniel Storck and Sebastian Günther *
10:40 Usable Security Design Pattern - Pascal Flach
11:10 PGP/Hushmail usability evaluation - Matthias Plociennik
11:40 Smart card-based authentication in eVoting - Jurlind Budurushi

* 30 minutes talk since it is a group work, approx. 15 for each student

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang