The Group "Usable Security and Privacy" offers various courses, which are part of the module Usable Security (Benutzbare Sicherheit).

 Description of the Module

During this module, the participants learn how to deal with the human factor when designing secure systems. The focus on the topics treated in this module lies on the requirements both for security and usability of such systems. Thus, the students will be introduced to the basics of usable security (terms, security mechanisms, attack models). They will also acquire deep, methodic knowledge which allows them to evaluate concepts' and systems' security and usability. Based on this theoretic knowledge, the practical part of this module allows the students to acquire practical skills in designing and implementing secure and usable systems.

Content

Technology alone cannot solve all problems in the field of IT-Security. Today, we are able to create mechanisms, that are recently not breakable. However, security-issues are still an unresolved topic in many areas, as many developed systems are not usable. This causes humans to find many voluntary or involuntary ways to avoid such mechanisms.

Human factors are an important topic in the field of IT-Security. Thus, it is important for experts in usable security to have knowledge about the ways humans interact with such systems. This module introduces a wide range of challenges in the field of privacy protection and usability. It  teaches the theoretical, practical and methodical basics for developing more secure and usable systems.

Thus, we offer the following 3 courses:

Usable Security (Class) –  This class gives an overview of the challenges concerning the usability of secure and usable systems. The students will learn different security-mechanisms and users mental models . In addition, they will get an introduction into modelling attack scenarios and an overview of relevant research topics. This class  is designed both for students which are interested in securtity and privacy protaction andwant to get a deeper insight into usability and for students that are interested in usability and want to learn more about security and privacy protection.

Empirical Research Methods in the Field of IT-Security (Seminar) – The evaluation of secure and privacy protecting systems and mechanisms is indispensable to find flaws in the system. This requires a broad knowledge about research methods. In this seminar differnt types of studies (e.g. descriptive studies, relational studies, experimantal studies), study paradigmens (e.g. lab studies, field studies, deployments) and oftenly used research methods (e.g. questionnaires, interviews, observations, experience sampling and crowdsourcing) will be treated. The students will elaborate the topics by themselfs to later present the different methodologies and their aplliences in research. Subsequently the methods' flaws and assets will be discussed with the other participants.

Designing Secure and Usable Systems (Practical-Course) – This courses goal is to learn user-centered techniques for designing, developing and implementing secure and usable systems. The participants will get an introduction into user-centered design processes. New concepts will be first developed in small groups to be later implemented as a prototype and evaluated in terms of security and uability.