SPUR 2022: Making Online Privacy and Security Usable and Understandable

Background

With the pervasiveness of technology in every facet of life, cybersecurity has emerged as one of the most important societal challenges of recent times. Yet, people find it difficult to manage security and privacy when interacting with technology, creating potential risks for their online safety and well-being. To address this issue, this research will focus on understanding people’s preferences and practices pertaining to cybersecurity-related matters and designing user experiences (UX) that help users manage their security and privacy in a more informed way.

To this end, the research project will involve investigating a topic at the intersection of cybersecurity and Human-Computer Interaction (HCI). The specific research question addressed by the project can be chosen from a diversity of topics that hold real-world practical relevance to our daily lives, including but not limited to: social media, phishing, online misinformation (aka "fake news"), smartphone apps, smart home devices, smart cities, algorithmic transparency, ethical and explainable Artificial Intelligence (AI), ransomware, authentication and passwords, public policy and regulatory compliance, cybersecurity education, etc. The student will choose and shape a research project that appeals to the student within this broad space.

Student Role

The project will deal with privacy and security aspects of technology from the human (user) perspective. The student will have the opportunity to take a leadership role and be creative about shaping the specifics of the chosen project. The work involves: collecting and understanding existing research on the topic, designing and conducting a study about people's use of technologies, analyzing qualitative and quantitative data collected in the user study and/or obtained from online sources, developing prototypes or proofs of concept to demonstrate of novel UX designs, etc. To that end, the student can choose to be involved in any or all of aspects of the work, including but not limited to: literature review, study design, data collection, data cleanup, data analysis, writing scripts and programs, developing prototypes of user interfaces and user experiences, writing papers, etc. Creativity, desire to learn new things, and willingness to accept challenges are essential.

No prior technical knowledge or skills is required. However, carrying out many of the project-related activities may require the use of technology such as: Qualtrics (for surveys), R/Python/Javascript/CSS (for data collection and processing), Java (for building apps), Overleaf/LaTeX (for writing papers), Github/Google Drive (for file storage and version control), Illustrator/InDesign (for making posters), Kaltura/Premier (for making videos), BibTeX (for collecting references), Slack/Signal/Zoom (for communication), Trello (for project management), MaxQDA (for qualitative data analysis), etc. The student is expected to be willing to learn (with guidance) the technological tools that may be required for the research project.

Student Learning Outcomes & Benefits

The main learning outcome are: (i) developing the ability to formulate a useful research question on a topic; (ii) making methodological choices suited to addressing the question; (iii) conducting quantitative and/or qualitative data analysis; and (iv) communicating the results and implications of the findings of the analysis in a professional manner. In addition, the student will undergo the required CITI training for conducting human-subjects research in an ethical manner.

The target product of the learning experience is a research paper submitted to a high-impact conference or journal in the fields of cybersecurity or Human-Computer Interaction. In addition, there may be other deliverables connected to the paper, such as a poster, a video presentation, a prototype app and its source code, etc. Any software code and/or data produced as part of the research will be shared openly and can serve as tangible demonstration of skills developed during the experience. Apart from contributing novel and original knowledge to these research fields, the project experience will provide the student with practical hands-on knowledge about cybersecurity and the important professional skills of collaboration and communication.

The experience can serve as a foundation for a career in the technology industry in general and cybersecurity industry in particular. In addition, the experience can be useful for a career in government, defense, or non-profit sectors, especially on matters of cybersecurity-related public policy. Alternatively, the experience can be a steppingstone for graduate or professional education (Master’s or Ph.D.).

Sameer Patil
Associate Professor

School of Computing
College of Engineering

The student will be part of my collaborative and collegial research group composed of postdocs, doctoral students, master’s students, and undergraduates. Apart from participating in the weekly meetings of the research group and being a part of the group’s Slack space, the student will meet with me 1-1 on a regular basis to discuss progress and formulate research plans. The norm in the group is to provide and seek input and help on each other’s projects on a frequent basis. The student will get additional feedback by posting a report of the past week’s accomplishments and describing the goals for the following week. In addition, the student will receive relevant training regarding any software or tools required for the research. My mentoring approach is based on letting students take ownership of the project and empowering them to lead and be creative. To that end, I will encourage the student to take the time to explore alternatives prior to settling on one and emphasize that mistakes and failures are to be embraced as a core component of learning that is often essential for eventual success and impact of the project. I will carefully adjust my guidance and mentorship to allow the student room for trial and error in developing solutions while benefiting from suggestions based on my knowledge and experience. Although I will challenge the student to leave the comfort zone, my caring supervision will provide the necessary scaffolding, safety net, and resources needed for making the experience productive and beneficial.