{"id":58,"date":"2025-07-31T10:11:39","date_gmt":"2025-07-31T16:11:39","guid":{"rendered":"https:\/\/courses.cs.colostate.edu\/cs580b4\/?page_id=58"},"modified":"2025-11-11T15:35:34","modified_gmt":"2025-11-11T22:35:34","slug":"activities","status":"publish","type":"page","link":"https:\/\/courses.cs.colostate.edu\/cs580b4\/activities\/","title":{"rendered":"Assignments and Schedule"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Course Components<\/h2>\n\n\n\n<p>Each week, you will be responsible for reviewing one of the required readings (if there are any). Reviews are typically due Tuesday at midnight via the course HotCRP site (linked from Canvas) so discussion leads have time to read them before the Thursday class.<\/p>\n\n\n\n<p>Except where otherwise noted, discussions will be led by one or two students. Everyone should read the required readings, but discussion leads should also read all of the on-time reviews (i.e., you are not responsible for reading anything submitted at the last minute) to be prepared to lead a discussion.<\/p>\n\n\n\n<p>There will also be opportunities to participate during lectures, so be sure to attend class!<\/p>\n\n\n\n<p>The final project will be an opportunity to explore additional topics in formal methods and\/or usable security or propose your own research project in usable formal methods. More details will be posted soon.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Schedule<\/h2>\n\n\n\n<p>This a tentative course schedule. It may change over the course of the semester, so be sure to check back here before starting on any assigned readings. Some of the materials for this course have been borrowed and\/or adapted from content developed by Professors Lorrie Cranor, Limin Jia, and Hanan Hibshi at Carnegie Mellon University.<\/p>\n\n\n\n<p>This a tentative course schedule. It may change over the course of the semester, so be sure to check back here before starting on any assigned readings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Unit 0: Course Intro<\/h3>\n\n\n<style>.kb-table-container58_abccef-31{overflow-x:auto;}.kb-table-container .kb-table58_abccef-31 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_abccef-31 caption{text-align:center;}.kb-table-container .kb-table58_abccef-31 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_abccef-31 wp-block-kadence-table\"><table class=\"kb-table kb-table58_abccef-31\">\n<tr class=\"kb-table-row kb-table-row58_b18459-f9\">\n<th class=\"kb-table-data kb-table-data58_57b77b-44\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_ab5b4e-42\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_cd23dd-bc\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_fb0dd0-e3\">\n<td class=\"kb-table-data kb-table-data58_5cfa53-cd\">\n\n<p><strong>Week 1<\/strong><\/p>\n\n\n\n<p>8\/26<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_511ea5-85\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Course Overview: Syllabus, classroom expectations, course motivation<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_9a1da1-b3\">\n\n<p><strong>Required Readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Thoughts on Reviewing, Mark Allman&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cs.utexas.edu\/~mckinley\/notes\/reviewing.html\">Notes on Constructive and Positive Reviewing<\/a>, Mark Hill and Kathryn S McKinley<\/li>\n\n\n\n<li>USENIX Orientation slides, adapted from slides developed by Lujo Bauer and Giancarlo Pellegrino<\/li>\n<\/ol>\n\n\n\n<p><strong>No reviews due this week<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_bf6bba-8d\">\n<td class=\"kb-table-data kb-table-data58_72025e-39\">\n\n<p>8\/28<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_dcf8c0-c0\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>How to write a review and lead a discussion<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_8882b2-2e\">\n\n<p>Discussion lead: McKenna<\/p>\n\n\n\n<p><strong>Bid on papers on HotCRP by midnight 8\/29 <\/strong>(you&#8217;ll receive an invitation by email)<\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Unit 1: Security and Privacy<\/h3>\n\n\n<style>.kb-table-container58_a49ea0-16{overflow-x:auto;}.kb-table-container .kb-table58_a49ea0-16 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_a49ea0-16 caption{text-align:center;}.kb-table-container .kb-table58_a49ea0-16 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_a49ea0-16 wp-block-kadence-table\"><table class=\"kb-table kb-table58_a49ea0-16\">\n<tr class=\"kb-table-row kb-table-row58_98b324-3d\">\n<th class=\"kb-table-data kb-table-data58_c3295d-c0\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_fc3c03-e3\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_499df6-1a\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_6ad532-ca\">\n<td class=\"kb-table-data kb-table-data58_6a286f-f0\">\n\n<p><strong>Week 2<\/strong><\/p>\n\n\n\n<p>9\/2<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_eb615f-f5\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Threats and Attackers: Threat modeling, STRIDE, hacking humans<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_d92cc2-aa\">\n\n<p><strong>Required Readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Why Cryptosystems Fail. Ross Anderson (CCS \u201893).<\/li>\n\n\n\n<li>A Framework for Reasoning About the Human in the Loop. Lorrie Faith Cranor (UPSEC \u201808).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 9\/2 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_dde163-8f\">\n<td class=\"kb-table-data kb-table-data58_dff60d-96\">\n\n<p>9\/4<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_957959-cc\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_41dd31-69\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_699ed9-29\">\n<td class=\"kb-table-data kb-table-data58_6d211c-04\">\n\n<p><strong>Week 3<\/strong><\/p>\n\n\n\n<p>9\/9<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_25bb58-c3\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Security and Privacy Goals and Metrics: Information security properties, usable security metrics, side &amp; covert channels<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_b05902-70\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. Yingchen Wang, Riccardo Paccagnella, Elizabeth Ta ng He, Hovav Shacham, Christopher W. Fletcher, and David Kohlbrenner (USENIX \u201822).<\/li>\n\n\n\n<li>Is it a concern or a preference? An investigation into the ability of privacy scales to capture and distinguish granular privacy constructs. Jessica Colnago, Lorrie Faith Cranor, Alessandro Acquisti, and Kate Hazel Stanton (SOUPS \u201822).<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chapters 1.1-1.2, 1.4 of&nbsp;<a href=\"https:\/\/cacr.uwaterloo.ca\/hac\/\">Handbook of Applied Cryptography<\/a>.&nbsp;Alfred J. Menezes,&nbsp;Paul C. van Oorschot&nbsp;and&nbsp;Scott A. Vanstone<\/li>\n\n\n\n<li>Chapters 5.2-5.2.2 (before 5.2.2.1) of&nbsp;<a href=\"https:\/\/iapp.org\/media\/pdf\/certification\/IAPP-Intro-to-Privacy-for-Tech-Prof-SAMPLE.pdf\">An Introduction to Privacy for Technology Professionals<\/a>. Florian Schaub and Lorrie Faith&nbsp;Cranor<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 9\/9 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_7af968-c0\">\n<td class=\"kb-table-data kb-table-data58_10a1b1-a1\">\n\n<p>9\/11<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_fbfa28-85\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_0a6f42-0d\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_18368d-6e\">\n<td class=\"kb-table-data kb-table-data58_e5787f-f5\">\n\n<p><strong>Week 4<\/strong><\/p>\n\n\n\n<p>9\/16<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_502fba-73\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Introduction to Cryptography and Security Protocols: Terminology, symmetric and public key algorithms<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_d182d1-c5\">\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chapter 1 (through 1.9) of&nbsp;<a href=\"https:\/\/cacr.uwaterloo.ca\/hac\/\">Handbook of Applied Cryptography<\/a>,&nbsp;Alfred J. Menezes,&nbsp;Paul C. van Oorschot&nbsp;and&nbsp;Scott A. Vanstone<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cs.utexas.edu\/~shmat\/courses\/cs380s\/prudent.pdf\" data-type=\"link\" data-id=\"https:\/\/www.cs.utexas.edu\/~shmat\/courses\/cs380s\/prudent.pdf\">Prudent Engineering Practice for Cryptographic Protocols<\/a>, Mart\u00edn Abadi and Roger Needham<\/li>\n<\/ol>\n\n\n\n<p><strong>No reviews due this week<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_00e9c9-0c\">\n<td class=\"kb-table-data kb-table-data58_c78c15-37\">\n\n<p>9\/18<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_5fb355-02\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Introduction to Buffer Overflows: Vulnerabilities and mitigations<\/p>\n\n\n\n<p>Course Project overview<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_bd1fc8-f5\">\n\n<p><\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Unit 2: Formal Methods<\/h3>\n\n\n<style>.kb-table-container58_79b614-00{overflow-x:auto;}.kb-table-container .kb-table58_79b614-00 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_79b614-00 caption{text-align:center;}.kb-table-container .kb-table58_79b614-00 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_79b614-00 wp-block-kadence-table\"><table class=\"kb-table kb-table58_79b614-00\">\n<tr class=\"kb-table-row kb-table-row58_959b81-82\">\n<th class=\"kb-table-data kb-table-data58_8d4777-ce\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_5e8d11-91\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_fd9539-14\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_b41456-b9\">\n<td class=\"kb-table-data kb-table-data58_09edf1-ed\">\n\n<p><strong>Week 5<\/strong><\/p>\n\n\n\n<p>9\/23<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_aa7b6d-f1\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Introduction to Formal Methods: Static and dynamic analysis<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_1e5225-e3\">\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Proving the Correctness of Multiprocess Programs. Leslie Lamport (IEEE Trans. On Software Engineering \u201877).<\/li>\n\n\n\n<li><a href=\"https:\/\/lamport.azurewebsites.net\/tla\/high-level-view.html\">A High-Level View of TLA+<\/a>. Leslie Lamport.<\/li>\n<\/ol>\n\n\n\n<p><strong>No reviews due this week<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_bd7558-ac\">\n<td class=\"kb-table-data kb-table-data58_9feb8d-f8\">\n\n<p>9\/25<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_74efc9-9a\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Model Checking: Finite state machines, safety and liveness properties<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_9d867c-26\">\n\n<p><strong>Project proposals due 9\/25 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_d3c3b3-77\">\n<td class=\"kb-table-data kb-table-data58_42ebdb-76\">\n\n<p><strong>Week 6<\/strong><\/p>\n\n\n\n<p>9\/30<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_c24449-80\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Type Systems and Program Semantics: Noninterference, information flow control<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_7fe3f1-6d\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Reactive Noninterference. Aaron Bohannon, Benjamin C. Pierce, Vilhelm Sj\u00f6berg, Stephanie Weirich, and Steve Zdancewic (CCS \u201909).<\/li>\n\n\n\n<li>Noninterference Through Secure Multi-Execution. Dominique Devriese and Frank Piessens (IEEE S&amp;P \u201810).<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A Lattice Model of Secure Information Flow. Dorothy E. Denning (Comm. of the ACM \u201976)<\/li>\n\n\n\n<li>Dynamic vs. Static Flow-Sensitive Security Analysis. Alejandro Russo and Andrei Sabelfeld (CSF \u201810).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 9\/30 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_6ee1ad-93\">\n<td class=\"kb-table-data kb-table-data58_a3fc1e-65\">\n\n<p>10\/2<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_674808-eb\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_e1b038-74\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Unit 3: Usable Security<\/h3>\n\n\n<style>.kb-table-container58_288f7c-79{overflow-x:auto;}.kb-table-container .kb-table58_288f7c-79 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_288f7c-79 caption{text-align:center;}.kb-table-container .kb-table58_288f7c-79 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_288f7c-79 wp-block-kadence-table\"><table class=\"kb-table kb-table58_288f7c-79\">\n<tr class=\"kb-table-row kb-table-row58_54368f-66\">\n<th class=\"kb-table-data kb-table-data58_bfb14b-41\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_59b208-cf\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_d80463-e9\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_47d3ce-cc\">\n<td class=\"kb-table-data kb-table-data58_7ba5cf-63\">\n\n<p><strong>Week 7<\/strong><\/p>\n\n\n\n<p>10\/7<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_1f63e0-17\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Introduction to Usable Security: What is &#8220;usable&#8221;?, parts of a usable security study<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_0bb4ba-89\">\n\n<p><strong>Required Readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Why Johnny Can\u2019t Encrypt: A Usability Evaluation of PGP 5.0. Alma Whitten and J.D. Tygar (USENIX Security \u201899)<\/li>\n\n\n\n<li>Evaluating the Usability of Privacy Choice Mechanisms. Hana Habib and Lorrie Faith Cranor (SOUPS \u201822).<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional reading:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>&#8220;You do understand that people don\u2019t trust technology?&#8221;: Explaining Trusted Execution Environments to Non-Experts. McKenna McCall, Carolina Carreira, Miguel Flores, and Lorrie Faith Cranor.<\/li>\n\n\n\n<li>Chapters 2.1, 2.3, 3.1-3.3, and 3.6 of&nbsp;<a href=\"https:\/\/colostate.primo.exlibrisgroup.com\/discovery\/fulldisplay?docid=cdi_askewsholts_vlebooks_9780128093436&amp;context=PC&amp;vid=01COLSU_INST:01COLSU&amp;lang=en&amp;search_scope=MyCampus_FC_CI_PU_P&amp;adaptor=Primo%20Central&amp;tab=Everything&amp;query=any,contains,Research%20Methods%20in%20Human-Computer%20Interaction\">Research Methods in Human-Computer Interaction<\/a>.&nbsp;Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser.<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 10\/7 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_4ca9e5-c6\">\n<td class=\"kb-table-data kb-table-data58_d0842a-48\">\n\n<p>10\/9<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_ed4e0f-b2\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_01a1d5-e0\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_8e9dbd-0d\">\n<td class=\"kb-table-data kb-table-data58_f3210b-25\">\n\n<p><strong>Week 8<\/strong><\/p>\n\n\n\n<p>10\/14<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_5afc27-50\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Surveys and Interviews: Pros, cons, and development<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_361ce9-b7\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Do Users Write More Insecure Code with AI Assistants? Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh (CCS \u201923).<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chapters 5.2-5.3, 5.6, 8.2, and 8.6 of&nbsp;<a href=\"https:\/\/colostate.primo.exlibrisgroup.com\/discovery\/fulldisplay?docid=cdi_askewsholts_vlebooks_9780128093436&amp;context=PC&amp;vid=01COLSU_INST:01COLSU&amp;lang=en&amp;search_scope=MyCampus_FC_CI_PU_P&amp;adaptor=Primo%20Central&amp;tab=Everything&amp;query=any,contains,Research%20Methods%20in%20Human-Computer%20Interaction\">Research Methods in Human-Computer Interaction<\/a>.&nbsp;Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser.<\/li>\n<\/ol>\n\n\n\n<p><strong>Reviews due 10\/14 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_05d18f-a9\">\n<td class=\"kb-table-data kb-table-data58_733c9b-6d\">\n\n<p>10\/16<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_c1acf1-2e\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_7b241c-f5\">\n\n<p>Discussion lead(s): Students<\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_5024d6-53\">\n<td class=\"kb-table-data kb-table-data58_570bae-e3\">\n\n<p><strong>Week 9<\/strong><\/p>\n\n\n\n<p>10\/21<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_f46dcc-93\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Quantitative &amp; Qualitative Analysis: Goals, null hypotheses, how to choose a statistic<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_075ae4-2c\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Misuse, Misreporting, Misinterpretation of Statistical Methods in Usable Privacy and Security Papers. Jenny Tang, Lujo Bauer, and Nicolas Christin (SOUPS \u201825).<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chapters 2.2, 2.4, 4, and 11 of&nbsp;<a href=\"https:\/\/colostate.primo.exlibrisgroup.com\/discovery\/fulldisplay?docid=cdi_askewsholts_vlebooks_9780128093436&amp;context=PC&amp;vid=01COLSU_INST:01COLSU&amp;lang=en&amp;search_scope=MyCampus_FC_CI_PU_P&amp;adaptor=Primo%20Central&amp;tab=Everything&amp;query=any,contains,Research%20Methods%20in%20Human-Computer%20Interaction\">Research Methods in Human-Computer Interaction<\/a>.&nbsp;Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser.<\/li>\n\n\n\n<li>Availability of cookies during an academic course session affects evaluation of teaching. Michael Hessler, Daniel M P\u00f6pping, Hanna Hollstein, Hendrik Ohlenburg, Philip H Arnemann, Christina Massoth, Laura M Seidel, Alexander Zarbock, and Manuel Wenk&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 10\/21 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_242397-2a\">\n<td class=\"kb-table-data kb-table-data58_d8e8f8-a4\">\n\n<p>10\/23<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_b10c03-64\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_4ae5f7-4e\">\n\n<p>Discussion lead(s): Students<\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Unit 4: Usability in Formal Methods<\/h3>\n\n\n<style>.kb-table-container58_bba204-a5{overflow-x:auto;}.kb-table-container .kb-table58_bba204-a5 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_bba204-a5 caption{text-align:center;}.kb-table-container .kb-table58_bba204-a5 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_bba204-a5 wp-block-kadence-table\"><table class=\"kb-table kb-table58_bba204-a5\">\n<tr class=\"kb-table-row kb-table-row58_e216d4-2f\">\n<th class=\"kb-table-data kb-table-data58_6f08aa-6a\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_138966-1a\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_851398-fe\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_7f7b6a-ee\">\n<td class=\"kb-table-data kb-table-data58_5718c0-95\">\n\n<p><strong>Week 10<\/strong><\/p>\n\n\n\n<p>10\/28<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_ab6ea7-47\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Smart Homes<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_e534d2-7f\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>AutoTap: Synthesizing and Repairing Trigger-Action Programs Using LTL Properties.&nbsp;Lefan Zhang, Weijia He, Jesse Martinez, Noah Brackenbury, Shan Lu, Blase Ur (ICSE \u201919).<\/li>\n\n\n\n<li>Location-Enhanced Information Flow for Home Automations. McKenna McCall, Ben Weinshel, Kunlin Cai, Ying Li, Eric Zeng, Devika Manohar, Lujo Bauer, Limin Jia, and Yuan Tian.<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>How Risky are Real Users\u2019 IFTTT Applets? Camille Cobb, Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, and Limin Jia (SOUPS \u201820).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 10\/28 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_3a878a-48\">\n<td class=\"kb-table-data kb-table-data58_1167e3-32\">\n\n<p>10\/30<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_b51117-ab\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_5cd0b3-19\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Project check-in 1 due 10\/30 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_3c724f-81\">\n<td class=\"kb-table-data kb-table-data58_08d3e3-98\">\n\n<p><strong>Week 11<\/strong><\/p>\n\n\n\n<p>11\/4<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_60d007-bd\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Information Flows on the Web<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_78e3c3-01\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Tainted Secure Multi-Execution to Restrict Attacker Influence. McKenna McCall, Abhishek Bichhawat, and Limin Jia (CCS \u201823).<\/li>\n\n\n\n<li>An Empirical Study of Information Flows in Real-World&nbsp;JavaScript.&nbsp;Cristian-Alexandru Staicu,&nbsp;Daniel Schoepe,&nbsp;Musard Balliu,&nbsp;Michael Pradel,&nbsp;Andrei Sabelfeld (PLDI \u201819).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 11\/4 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_335a99-25\">\n<td class=\"kb-table-data kb-table-data58_aa56a2-44\">\n\n<p>11\/6<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_56e56a-c2\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_8b3419-0f\">\n\n<p>Discussion lead: Student(s)<\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Unit 5: Research Ethics and Limitations<\/h3>\n\n\n<style>.kb-table-container58_3205a0-02{overflow-x:auto;}.kb-table-container .kb-table58_3205a0-02 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_3205a0-02 caption{text-align:center;}.kb-table-container .kb-table58_3205a0-02 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_3205a0-02 wp-block-kadence-table\"><table class=\"kb-table kb-table58_3205a0-02\">\n<tr class=\"kb-table-row kb-table-row58_701bf0-1f\">\n<th class=\"kb-table-data kb-table-data58_8366da-22\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_d3da74-6f\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_5602ba-2a\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_f95783-a4\">\n<td class=\"kb-table-data kb-table-data58_a7e969-6c\">\n\n<p><strong>Week 12<\/strong><\/p>\n\n\n\n<p>11\/11<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_21a4bb-8c\">\n\n<p><em>Guest Lecture<\/em><\/p>\n\n\n\n<p>Lorrie Cranor<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_c11610-85\">\n\n<p><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_c731e9-35\">\n<td class=\"kb-table-data kb-table-data58_4967ed-c1\">\n\n<p>11\/13<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_bceeb2-14\">\n\n<p><em>McKenna traveling<\/em><\/p>\n\n\n\n<p>No class<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_bd6033-06\">\n\n<p><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_be06e8-bf\">\n<td class=\"kb-table-data kb-table-data58_17f788-ce\">\n\n<p><strong>Week 13<\/strong><\/p>\n\n\n\n<p>11\/18<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_d38cf7-15\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>What is (Ethical) Human Subjects Research?: IRBs, research ethics<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_3dd680-11\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits. Qiushi Wu and Kangjie Lu.<\/li>\n\n\n\n<li>Experimental evidence of massive-scale emotional contagion through social networks. Adam DI Kramer, Jamie E Guillory, and Jeffrey T Hancock (PNAS \u201814)<\/li>\n<\/ol>\n\n\n\n<p><strong>Optional readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Skilled or Gullible? Gender Stereotypes Related to Computer Security and Privacy. Miranda Wei, Pardis Emami-Naeini, Franziska Roesner, and Tadayoshi Kohno (IEEE S&amp;P \u201823).<\/li>\n\n\n\n<li>The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. David Dittrich and Erin Kenneally (US Department of Homeland Security \u201812).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 11\/18 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_61e874-66\">\n<td class=\"kb-table-data kb-table-data58_0378ec-f4\">\n\n<p>11\/20<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_da8621-a1\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Research ethics, required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_754520-b9\">\n\n<p>Discussion lead: McKenna<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Project check-in 2 due 11\/21 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_bd5239-65\">\n<td class=\"kb-table-data kb-table-data58_b8ae99-61\">\n\n<p><strong>Week 14<\/strong><\/p>\n\n\n\n<p>11\/25<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_0a281b-a1\">\n\n<p><em>Fall recess<\/em><\/p>\n\n\n\n<p>No class<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_168803-d5\">\n\n<p><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_88cc47-03\">\n<td class=\"kb-table-data kb-table-data58_8b6da2-f5\">\n\n<p><strong>Week 15<\/strong><\/p>\n\n\n\n<p>12\/2<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_0501de-f2\">\n\n<p><em>Lecture<\/em><\/p>\n\n\n\n<p>Limitations of Formal Methods and Usable Security: Revisiting attacker models and side channels, assumptions, and generalizability<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_b89769-7f\">\n\n<p><strong>Required readings:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef and Frank Piessens (CCS \u201817).<\/li>\n\n\n\n<li>Replication: How Well Do My Results Generalize Now? The External Validity of Online Privacy and Security Surveys. Jenny Tang, Eleanor Birrell, and Ada Lerner (SOUPS \u201822).<\/li>\n<\/ol>\n\n\n\n<p><strong>Review due 12\/2 at midnight<\/strong><\/p>\n\n<\/td>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_f18e62-0a\">\n<td class=\"kb-table-data kb-table-data58_ed6f2e-b0\">\n\n<p>12\/4<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_c617be-67\">\n\n<p><em>Discussion<\/em><\/p>\n\n\n\n<p>Required readings, reviews<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_105e3c-9d\">\n\n<p>Discussion lead: McKenna<\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<h3 class=\"wp-block-heading\">Final Projects and Reports<\/h3>\n\n\n<style>.kb-table-container58_da634e-26{overflow-x:auto;}.kb-table-container .kb-table58_da634e-26 th{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:center;}.kb-table-container .kb-table58_da634e-26 caption{text-align:center;}.kb-table-container .kb-table58_da634e-26 td{padding-top:var(--global-kb-spacing-xxs, 0.5rem);padding-right:var(--global-kb-spacing-xxs, 0.5rem);padding-bottom:var(--global-kb-spacing-xxs, 0.5rem);padding-left:var(--global-kb-spacing-xxs, 0.5rem);text-align:left;}<\/style><div class=\"kb-table-container kb-table-container58_da634e-26 wp-block-kadence-table\"><table class=\"kb-table kb-table58_da634e-26\">\n<tr class=\"kb-table-row kb-table-row58_9396ab-59\">\n<th class=\"kb-table-data kb-table-data58_f1c3aa-60\">\n\n<p>Date<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_5b4322-7e\">\n\n<p>Topic<\/p>\n\n<\/th>\n\n<th class=\"kb-table-data kb-table-data58_9ebf74-6a\">\n\n<p>Assignment<\/p>\n\n<\/th>\n<\/tr>\n\n<tr class=\"kb-table-row kb-table-row58_ecd3ad-6f\">\n<td class=\"kb-table-data kb-table-data58_9d2e13-63\">\n\n<p><strong>Week 16<\/strong><\/p>\n\n\n\n<p>12\/9-12\/11<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_9fcba3-fe\">\n\n<p>Final project presentations<\/p>\n\n<\/td>\n\n<td class=\"kb-table-data kb-table-data58_9c3460-f8\">\n\n<p><strong><strong>Final reports due 12\/12 at midnight<\/strong><\/strong><\/p>\n\n<\/td>\n<\/tr>\n<\/table><\/div>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Course Components Each week, you will be responsible for reviewing one of the required readings (if there are any). Reviews are typically due Tuesday at midnight via the course HotCRP site (linked from Canvas) so discussion leads have time to read them before the Thursday class. Except where otherwise noted, discussions will be led by [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"class_list":["post-58","page","type-page","status-publish","hentry","post-preview"],"taxonomy_info":[],"featured_image_src_large":false,"author_info":{"display_name":"jpurdy","author_link":"https:\/\/courses.cs.colostate.edu\/cs580b4\/author\/jpurdy\/"},"comment_info":0,"_links":{"self":[{"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/pages\/58","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/comments?post=58"}],"version-history":[{"count":20,"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/pages\/58\/revisions"}],"predecessor-version":[{"id":126,"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/pages\/58\/revisions\/126"}],"wp:attachment":[{"href":"https:\/\/courses.cs.colostate.edu\/cs580b4\/wp-json\/wp\/v2\/media?parent=58"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}