Welcome to CS 5439, Practicum in Computer Security. The goal is to learn about computer security as seen in practice. The class can be taken as a supplement to the security survey course CS 5435, or by itself.
For Fall 2018 the practicum will focus on the technology-related threat models that arise in intimate partner violence (IPV), which is sexual, physical, financial, technological, or emotional violence against an intimate partner. IPV is experienced by roughly one quarter of women and one sixth of men at some point in their lives. We will learn about how abusers exploit technology to spy on, harass, or otherwise harm their victims. We will investigate how security mechanism design fails to account for attackers with intimate knowledge of the target and physical access to devices. We will explore ways to improve technology to better empower (potential) victims. Homeworks will be designed to not only gain understanding and appreciation of computer security mechanisms, but also to produce materials useful in practice for advocates and survivors of technology abuse.
Lectures: Wednesdays, 9:30am-10:45am
Classroom: Bloomberg Center 161
Instructor: Tom Ristenpart (https://rist.tech.cornell.edu)
Office hours: By appointment
TA: Diana Freed [email protected] (https://infosci.cornell.edu/content/freed)
Office hours: By appointment
Students should have knowledge of contemporary consumer technologies (smartphones, social networking apps, etc.).
The class will involve a combination of lectures, in-class exercises, readings, and homeworks. Readings for a lecture should be completed before lecture. All homework assignments should be submitted by midnight of the Monday prior to the next class meeting. You'll be graded according to the following:
- Participation: 20%
- Homeworks: 80% (each homework will count an equal amount)
There will likely be opportunities for extra credit, as well.
For those taking a third unit via independent study, there will additionally be a course project. You will receive the same grade across both independent study and the 2-unit portion fo the course. Grading will be broken down according to the following:
- Participation: 20%
- Homeworks: 50% (each homework will count an equal amount)
- Project: 30%
For an easy introduction to some of the issues, check out a mainstream press article we wrote, and some coverage of our work in the NY Times. These articles provide a good overview of a subset of the tech issues we will discuss in the class, namely spyware. For more in-depth discussion, see our IPV Tech Research group website and research papers.
A very preliminary schedule is shown below. It will be updated with topics and associated readings as we progress.
| Date | Topic | Speaker | Readings | Homework | Slides |
|---|---|---|---|---|---|
| Aug 29 | Intro & overview | Tom | Slides | ||
| Sep 5 | IPV 101 | Hannah Pennington, Assistant Commissioner for Policy and Training (OCDV) | Required reading: Freed et al. 2018 Suggested reading: Domestic Violence: Intersectionality and Culturally Competent Practice | HW1 due 9/2 by midnight | Slides |
| Sep 12 | Account Compromise | Tom | HW2 due 9/9 by midnight | Slides | |
| Sep 19 | Cyberharassment Legal Clinic | Andrew Sta. Ana (New York Law School, Day One) | "A Stalkers Paradise" How Intimate Partner Abusers Exploit Technology. Freed et al. 2018 | HW3 due 9/24 by midnight | Slides |
| Sep 26 | Spyware apps | Tom | Chatterjee et al. 2018 | Slides | |
| Oct 3 | Internet of things | Tom | Thermostats, Locks and Lights: Digital Tools of Domestic Abuse | HW4 due 10/9 by midnight | Slides |
| Oct 10 | Abusive messages/content | Tom | HW5 due 10/22 by midnight | Slides | |
| Oct 17 | Information disclosure (``doxxing'', non-consensual intimate imagery, fake accounts) | Tom | Slides | ||
| Oct 24 | Clinical Models for Computer Security | Tom | Slides | ||
| Oct 31 | Online harassment cases, the law | Carrie Goldberg | The One Law That's The Cause of Everything Good and Terrible About the Internet and Herrick v. Grindr | HW6 due by midnight 11/6 | |
| Nov 7 | Abuser-aware HCI | Tom | Slides | ||
| Nov 14 | Prosecuting stalking and other abuse | Michelle Kaminsky (Chief, Domestic Violence Bureau, Kings County District Attorney’s Office) | |||
| Nov 21 | No Class | ||||
| Nov 28 | Case Studies | HW7 due at the start of class on 11/28 |