Course Research Projects

Throughout the course, you will work in small groups to conduct a research project on usable security and privacy. Since this class is cross-listed between different disciplines, you will probably work with students with diverse areas of expertise. You have the option to choose from a list of projects. If you have ideas for a topic that is not on the proposed list, you should first discuss the project idea with me by January 24. With your group, you will write a research paper on the project, and you will also present it to the class. In addition, you have an interim presentation where you have the opportunity to get feedback on your project prior to the final project presentation. The presenter of the interim project presentation should be different than the presenter of the final project presentation to make sure that more than one group member has the opportunity to share the exciting work you have done for the class.

To help you find a project, I will provide some suggestions on the topics and themes that you can choose from. These suggestions will be general topics, and you are expected to find important and feasible research questions that you would like to explore in the semester. Although not necessary, the project could entail designing a system prototype (e.g., interface, app, plugin), which should then be evaluated through user studies as part of the project. You may decide not to design a system and instead conduct empirical research on a usable security and privacy topic by collecting user data and then conducting appropriate analysis. If your proposed project includes a system design, the user study component of the project will be smaller compared to the projects with no system design. Regardless, all projects should have a user study component, either as its main contribution or a side contribution.

Students are encouraged to submit their research as a full paper or a poster to human-computer interaction (e.g., CHI, CSCW), security, and privacy (e.g., IEEE S&P, USENIX), or a usable security (e.g., SOUPS) venue. Submitting a full paper to these venues requires additional work beyond the semester. I will mentor students who are interested in continuing with their research projects and submitting them to the appropriate venues. 

Project Timeline and Grading

Below is the tentative timeline for various stages of the project. The percentage of project grade for each item is provided in parentheses, if applicable:

  • If you would like to propose project ideas that are not covered by the recommended list, you should discuss your proposal with me no later than January 24.
  • Returning the project preferences form by January 29. You will then be assigned to a project team by February 5. (5%)
  • Giving a 4- to 6-minute project pitch. Slides are due by 10 p.m. on February 18. (5%)
  • Submitting a brief project proposal with your team by 7 p.m. on February 18. (5%)
  • Finishing the required CITI training and sending the training completion certificate along with the IRB application draft to me by 7 p.m. on February 25 to get feedback. You should add my name as the PI. The complete IRB application should be submitted by March 1. (5%)
  • Submitting a short interim project progress report by 7 p.m. on March 17. (5%)
  • Giving a 6- to 8-minute recorded presentation on interim project progress. Slides are due by 10 p.m. on March 17. (5%)
  • Giving a 10- to 12-minute final project presentation. Slides are due by 10 p.m. on April 14 or April 16. (20%)
  • Submitting the final project paper by 7 p.m. on April 21. (50%)

Project Recommendations

Below are a few recommendations on the topic or theme of the research projects. If a theme looks exciting, you should work on defining a concrete research goal/question that you would like to explore in this course:

  • Inclusive privacy and security by considering various user communities (e.g., demographics, accessibility). 
  • Privacy and security concerns/practices in smart homes.
  • Privacy and security attitudes/practices of household members toward smart home devices.
  • Usability of phishing warnings and users' nudging. 
  • Privacy and security concerns and practices in the gaming context.
  • Dark/manipulative patterns in voice and video interfaces.
  • Informing consumers' security and privacy purchase decision making (e.g., apps, smart devices).
  • People's understanding of smart device security and data practices. 
  • Concerns toward smart home devices in remote work settings. 
  • Concerns toward smart devices in academic settings.
  • Security and privacy concerns, attitudes, and expectations toward augmented reality.
  • Shared security and privacy practices and misconceptions on social media during the time of crisis (e.g., war in Ukraine, demonstrations in Iran).
  • Security and privacy concerns and attitudes toward popular categories of apps, including online dating apps, health apps, and educational apps.
  • People's security and privacy risk perception and privacy attitudes toward large language models (LLMs) and/or AI-powered technologies.