Course Research Projects

Throughout the course, you will work in small groups to conduct a research project on usable security and privacy. Since this class is cross-listed between different disciplines, you will probably work with students with diverse areas of expertise. You have the option to choose from a list of projects. If you have ideas for a topic that is not on the proposed list, you should first discuss the project idea with the instructor. With your group, you will write a research paper on the project, and you will also present it to the class. In addition, there will be at least two project check-in meetings with the instructor. The link to schedule the check-ins will be sent during the semester.

To help you find a project, I created a list of themes/topics to select from. The list includes only general topics, and you are expected to find important and feasible research questions that you would like to explore in the semester within these topics (or new ones upon the instructor's approval). Although not necessary, the project could entail designing a system prototype (e.g., interface, app, plugin), which should then be evaluated through user studies as part of the project. You may decide not to design a system and instead conduct empirical research on a usable security and privacy topic by collecting user data and then conducting appropriate analysis. Regardless, all projects should have a user study component, either as its main contribution or a side contribution.

Students are encouraged to submit their research as a full paper or a poster to human-computer interaction (e.g., CHI, CSCW), security, and privacy (e.g., IEEE S&P, USENIX), or a usable security (e.g., SOUPS) venue. Submitting a full paper to these venues requires additional work beyond the semester. I will mentor students who are interested in continuing with their research projects and submitting them to the appropriate venues. 

Project Timeline and Grading

Below is the tentative timeline for various stages of the project. The percentage of project grade for each item is provided in parentheses, if applicable:

  • If you would like to propose project ideas that are not covered by the recommended list, you should discuss your proposal with the instructor no later than January 22.
  • Returning the project preferences form by January 26 at 7 p.m. You will then be assigned to a project team by January 27. (5%)
  • Completing the first 15-minute check-in meeting by February 9. (5%)
  • Submitting a brief project proposal with your team by 7 p.m. on February 12. (5%)
  • Giving a project pitch. Slides are due by 7 p.m. on February 12. (10%)
  • Completing the second 15-minute check-in meeting by March 6. (5%)
  • Giving a final project presentation on April 8 or April 10. Slides are due by 7 p.m. on April 7 or April 9, depending on your assigned presentation date. (20%)
  • Submitting the final project paper by 7 p.m. on April 17. (50%)

Project Recommendations

Below are a few recommendations on the topic or theme of the research projects. If a theme looks exciting, you should work on defining a concrete research goal/question that you would like to explore in this course:

  • Inclusive privacy and security by considering various user communities (e.g., demographics, accessibility). 
  • Privacy and security concerns/practices in smart homes.
  • Privacy and security attitudes/practices of household members toward smart home devices.
  • Usability of phishing warnings and users' nudging. 
  • Privacy and security concerns and practices in the gaming context.
  • Dark/manipulative patterns in voice and video interfaces.
  • Informing consumers' security and privacy purchase decision making (e.g., apps, smart devices).
  • People's understanding of smart device security and data practices. 
  • Concerns toward smart home devices in remote work settings. 
  • Concerns toward smart devices in academic settings.
  • Security and privacy concerns, attitudes, and expectations toward augmented reality.
  • Shared security and privacy practices and misconceptions on social media during the time of crisis (e.g., war in Ukraine, demonstrations in Iran).
  • Security and privacy concerns and attitudes toward popular categories of apps, including online dating apps, health apps, and educational apps.
  • People's security and privacy risk perception and privacy attitudes toward large language models (LLMs) and/or AI-powered technologies.