the Chair of Human-Centred Security (HCS) and the new working group Developer-Centred Security (DCS) would like to give you an overview of the courses for the upcoming summer semester 2022. We will offer the following:
- Introduction to Usable Security & Privacy (EUSP)
- Practical Course: Research Methods in Human-Centred Security Bachelor
- HCS Seminar Bachelor
- Bachelor Theses
- Human Behaviour in IT Security (MVITS)
- NEW: Developer-Centred Security Lecture
- NEW: Developer-Centred Security Seminar
- Practical Course: Research Methods in Human-Centred Security Master
- Practical Course: Laboratory Studies in Human-Centred Security Master
- HCS Seminar Master
- Master Theses
1. Introduction to Usable Security & Privacy (EUSP) – Bachelor Lecture
In this basic lecture, students gain an understanding of the human factor in IT security and central findings of usable security and privacy research, as well as basic handouts for practice.
Central topics of the course are: Definitions/ Tasks/ Goals of Usable Security, Workload and Human Error, Security Awareness and Education, Different Types of Attacks. In the second half of the lecture these terms will be explained in different application contexts.
Course number: 141036
Lecture: Prof. M. Angela Sasse
Supervision: Jennifer Friedauer, Franziska Herbert, Marvin Kowalewski
Moodle link: https://moodle.ruhr-uni-bochum.de/enrol/index.php?id=44639
Moodle password: HumanError
Format: Virtual (lecture & tutorial)
Exam: Written (once per semester)
2. Human Behaviour in IT Security (MVITS) – Master Lecture
In Human Behaviour in IT Security you will learn which factors influence the security behaviour of employees in companies and users in everyday life, and which possibilities exist to influence and change this. In addition, you will learn why existing approaches to information security management (also according to ISO 27000) often do not work in practice and how we should expand or adapt them.
Course number: 141027
Lecture: Prof. M. Angela Sasse
Supervision: Jonas Hielscher
Moodle link: https://moodle.ruhr-uni-bochum.de/enrol/index.php?id=44581
Format: In-Person (Lecture & Exercise)
Prerequisites: None. We strongly recommend prior attendance of the bachelor course EUSP, or the seminar.
Exam: Written (once per semester)
New –> Time & Date: Lecture: Thursday 8 pm am to 10 pm am at HID & Exercise-Session: Wednesday 4 pm to 6 pm at HZO60
3. Developer-Centred Security Lecture (Master)
Software developers and administrators are often not security experts. The systems they build therefore often have security vulnerabilities that put millions of users and confidential data at risk. But how exactly do software developers and administrators make such serious security mistakes, even though there are ready-made application programming interfaces (APIs), program libraries and tools that are supposed to make it easier to develop and use security concepts? An insight into the basics of usable security and privacy as well as current security-related studies with software developers and administrators will be given. The insights gained from these studies are systematically reviewed and presented. It will also be discussed what security system designers, tool developers, and cryptographers should consider when designing their systems in order to help software developers and administrators avoid security-critical errors. Guidelines for conducting studies with software developers and administrators are also presented. Therein a distinction is made between studies with software developers and studies with end users.
Lecture: Jun.-Prof. Dr. Alena Naiakshina
Lecturer & Supervisor: Raphael Serafini
Moodle link: https://moodle.ruhr-uni-bochum.de/course/view.php?id=44563
Moodle password: Prompting
New –> Time & Date: Lecture: Thursday 12 to 2 pm in building MC, room MC 1/30 and MC 1/31 & Exercise-Session: Thursday 2 pm to 4 pm at building MC, room MC 1/54
4. Developer-Centred Security Seminar (Master)
A selection of current research papers in the field of developer-centred security will be provided. Thematic foci include security deadly sins of software developers, the usability of programming interfaces and behavioural research with security experts. To this end, the students work independently on a topic area using research papers and produce a „Literature Review“ as a seminar paper. At the end of the seminar, the students give a presentation on their work.
Seminar topics are allocated at the beginning of the semester via the central seminar topic allocation system https://seminar.hgi.rub.de. You can find our topics in the “Developer-Centred Security (Naiakshina)” group.
If you have any questions, please contact Raphael.Serafini@rub.de.
5. Practical Course: Research Methods in Human-Centred Security (Bachelor & Master)
The course provides practical knowledge of research design, methods and evaluation procedures in the areas of usability and human-centred security and privacy. The students receive a practical introduction to the methods of qualitative and quantitative methods as well as how to interpret data collected using these methods. This enables them to independently conduct, evaluate and critically question studies in the field of usability and human-centred security and privacy.
Previous knowledge in the subject area of HCS is strongly recommended.
The course consists of semester-long block dates as well as independent work by the students. The dates will be announced.
The number of participants is limited. Pre-registration and space reservation by email to firstname.lastname@example.org is therefore urgently required.
Please register with the following information:
- Email address
- Course of study + matriculation number
- Previous knowledge in the area of Usable/Human-Centred Security and Privacy
6. Practical Course: Laboratory Studies in Human-Centred Security (Master)
The course imparts theoretical and practical knowledge of research methods in the field of usable security with a special focus on laboratory studies. Theoretical knowledge is imparted on the basis of which the students are to independently plan and implement a laboratory study and in this way acquire practical knowledge.
The number of participants is also limited here. To register, please send an e-mail to email@example.com.
7. Seminar Human-Centred Security (Bachelor & Master)
Seminar topics are allocated at the beginning of the semester via the central seminar topic allocation system https://seminar.hgi.rub.de.
In the HCS seminar, students write a literature review. For this purpose, the given papers, and others found through own literature research, have to be summarised and put into a common context in order to synthesise new knowledge. At the end of the semester, the findings have to be presented in a short talk and discussed in the group.
Organisational information will follow after the topics have been assigned. There are no weekly meetings. There is only a kick-off meeting at the beginning of the semester and 1-2 presentation days at the end of the semester. In between there are draft submission deadlines and students get individual feedback from their supervisor.
8. Bachelor and Master Theses
Due to the move to the Faculty of Computer Science, many systems are not yet working as intended. This also includes our website https://hcs.rub.de. The theses advertised there are no longer up to date and most of them have already been assigned.
To write a thesis at our department:
You should have already come into contact with our topics, e.g. have participated in the HCS practical reseor otherwise be able to demonstrate HCS research skills (especially knowledge of research methods).
You should apply for a topic early, as a thesis requires forward planning and our capacities are limited.
Annalina Buckmann supervises theses on Digital Security and Society, Security Cultures and Inclusive and Accessible Security. How do Security and Privacy play out in the everyday life of different people? What are their Security and Privacy Requirements, their needs and threat models? How to address them to enhance Security in Society?
Other topics might be accepted. In any case, students should inform themselves about the topics early and independently and come forward with their own ideas and research questions on the topics, at best in the form of a short abstract or exposé via email.
Konstantin Fischer supervises theses on the topics of End User Adoption of Secure Technologies, as well as Usability and Correct Use of Secure Technologies. Examples are Email Security, Encrypted Chat Apps, Password Managers, FIDO Authentication. Additionally, I’m looking for someone who would like to experiment with our new VR Setup (Valve Index) regarding, e.g., learning experiences in VR or authentication schemes in VR.
Jennifer Friedauer supervises theses on the topics of Security Education (learning in IT security) and Awareness (security awareness) with a focus on self-efficacy. The influence of self-efficacy on behaviour, for example in phishing simulations, is the focus of the work supervised.
New theses will not be supervised by Jenny until August 2022.
Students with an interest in these topics should inform themselves about the topics early and independently, and come forward with their own ideas and research questions on the topics. Jennifer.Friedauer@rub.de
Marco Gutfleisch supervises theses on the topics of developer-centred security, especially with a focus on usable security. Generally, his theses examine the behaviour of developers in their work.
Jonas Hielscher supervises theses on topics related to IT security in organisations. Productive security, security friction and security communication between experts and non-experts are possible areas of research. Studies are conducted either in organisations or with groups of employees and experts. He is very busy until August 2022 and only accepts students who approach him with their own elaborated topic proposal for empirical studies in an organisation. firstname.lastname@example.org
Stefan Horstmann supervises theses on the topic of Developer Centered Security with a focus on Privacy and Privacy by Design. He investigates the difficulties software developers face when they have to comply with data protection guidelines (e.g. GDPR) and how they can best be supported in doing so. In addition to software developers, privacy reviews are also a possible starting point for studies. Stefan.Horstmannemail@example.com
Markus Schöps supervises theses on the topic of security and psychology. He investigates the influence of psychological factors on behaviour in IT security. The focus is on the interaction of stress and behaviour in IT security. Stress is measured with subjective (questionnaires) and physiological (cortisol) measures. firstname.lastname@example.org
Raphael Serafini supervises theses on the topic of Developer Centred Security with a focus on the influence of study factors on the willingness of software developers to participate in studies. He also focuses on the differences between end users and software developers. Other topics in the area of Developer Centred Security are also possible.
Asli Yardim supervises theses on the topic of Developer Centred Security with a focus on security and security by design. She investigates how software developers behave when dealing with security-critical tasks. She also deals with methods and tools that can support software developers in the development process with regard to security.
We look forward to your participation in our courses. If you have any questions, please check the Moodle courses first, maybe your questions are already answered there. Otherwise, please write an email to the responsible person.
Stay healthy and see you soon!
Your HCS & DCS Teams,
Prof. M. Angela Sasse,
Jun.-Prof. Alena Naiakshina,