Usable Security Katharina Krombholz

Registration for this course is open until Sunday, 25.04.2021 00:00.


Currently, no news are available

Usable Security (Advanced Lecture)


In this lecture, you will learn about human-centric aspects of IT security. Besides research and design methods, you will learn about hot topics in usable security such as authentication, encryption and privacy. In particular, you will learn to

  • design user studies to study how humans interact with security & privacy technology with respect to threat models, 
  • collect, understand, evaluate qualitative & quantitative data,
  • interpret results and draw conclusions based on your data,
  • design new security and privacy technology that is better tied to the users' needs and values.

Prerequisites: CySec1/CySec2 or Security, Statistics. 
Please make sure to allocate enough time to work on the assignments for this course. Programming skills and profound knowledge of statistics and data analysis are required. If you have not yet completed any security courses BUT have a strong background in human-computer interaction, psychology, or design you are still welcome to attend this interdisciplinary lecture. In that case, please contact us to directly to discuss whether this is the right course for you.

Registration: 1 May 2021, CMS 


When & Where?

The lecture will take place every Monday from 10.00-12.00, starting April 26th.
Location: (until further notice). Physical presence is not required during the semester.



In total, you can reach 100 points in the course of this lecture: you may reach up to 50 points for solving graded assignments (see more information below) and 50 points for the exam. Additionally, you may collect 5 extra bonus points through mini assignments. Hence, your overall grade will consist of
  • graded assignments (50 points in total),
  • a written exam at the end of the semester (50 points),
  • and 3 mini-assignments to collect 5 extra points.

Minimum requirements to pass:

  • You need to receive a minimum of 26 points from the exam and 26 points from the 4 assignments.
  • Bonus points can be used to jump grades higher than 4.0. Note that you need to have a minimum of 52 points without bonus points to pass this course.

Graded Assignments 

You are expected to solve four assignments to deepen your knowledge from the lecture. Note that you need to receive a minimum of 26 points to be admitted to the written exam. The solutions must be submitted via CMS prior to the (sharp) deadline; assignments will cover the following topics:

  • Qualitative research methods (dates tba)
  • Quantitative research methods (dates tba)
  • User study design (dates tba)
  • Design (dates tba)


You are encouraged to discuss exercise sheets and ask us and other students for help if necessary. However, do not actually show your resulting work to each other if we did not explicitly tell you to do that.


Details about the final exam will be announced shortly.

The exam will consist of knowledge questions and scenarios that you are expected to solve. Those who fail the written exam will be able to take a re-take exam. You cannot take the re-exam if you have already passed final exam unless you get your attempt removed from LSF by the study office.


Lecture Overview & Topics

Please note that this a tentative timetable. Changes will be announced as news posts.

Date Topic Collaborative CryptPad and external links
26.04.2021 Introduction and Organizational Aspects  
03.05.2021 Qualitative Methods  
10.05.2021 Quantitative Methods & Statistics ‚Äč
(self study) Statistics Crash Course  
17.05.2021 User Study Design and Ethics  
24.05.2021 Measuring Humans, Bias  
31.05.2021 Design Methods  
21.06.2021 Authentication, Encryption  
28.06.2021 Backup Slot  
tba Exam tba
tba Re-take Exam tba



Mental Health

Being a student during a pandemic is challenging and might be very overwhelming. If you need support during times of struggle, reach out to friends, family or faculty you trust. The student union at UdS also offers a counselling service that you may contact. You do not have to go through this alone! If for whatever reason (e.g. a personal emergency) you cannot attend the seminar or deliver your work in time please let me know and we will make appropriate arrangements.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators