Privacy and data protection

A.Y. 2015/2016
6
Max ECTS
48
Overall hours
SSD
INF/01
Language
Italian
Learning objectives
Undefined
Expected learning outcomes
Undefined
Course syllabus and organization

Single session

Responsible
Lesson period
First semester
Course syllabus
INTRODUCTION
Introduction to the lectures and to the exams

MICRODATA AND MACRODATA PROTECTION
Techniques for ensuring confidentiality of sensitive information when publishing microdata and macrodata

DATA PRIVACY
Privacy metrics and techniques (k-anonymity, l-diversity, t-closeness). Differential privacy. Data linkage.

PRIVACY
Privacy requirements in the Web.

MODELS AND LANGUAGES FOR SECONDARY USE OF INFORMATION
Secondary usage of information and data handling restrictions. P3P.

PRIVACY-AWARE ACCESS CONTROL
Access control departing from authentication of users. Privacy policies, models, and architectural considerations.

XACML
eXtensible Access Control Markup Language. XACML for supporting privacy, advantages and limitations.

PROTECTION OF LOCATION DATA
Use of contextual information in access control. Location-based access control. Protection and obfuscation of location-based information.

USER PRIVACY IN DIGITAL INTERACTION
Anonymity in communication networks. WAN, MANET (VANET) and hybrid networks. TOR.

DATA PROTECTION IN OUTSOURCING SCENARIO AND CLOUD SCENARIOS
Indices and inference. Access control on encrypted outsourced data. Indices and selective access.

FRAGMENTATION FOR INFORMATION PRIVACY
Fragmentation for protecting sensitive associations. Fragmentation and encryption. Loose associations.

ACCESS AND PATTERN PRIVACY
Dynamic allocation for protecting privacy of queries: access and pattern privacy.

CONTROLLED INFORMATION SHARING IN DISTRIBUTED QUERY EXECUTION
Controlling information flow in distribuite query execution. Safe query plans. View-based access control and authorization composition.

MODELS AND LANGUAGES FOR USER PRIVACY PREFERENCES
User privacy requirements. Supporting user privacy preferences in access control and in digital interactions.

MULTILEVEL DATABASES
Mandatory policies in relational databases. Poli-instantiation and cover stories. Architectural approaches for multilevel DBMSs. Oracle label security.

ACCESS CONTROL POLICIES, MODELS, AND LANGUAGES
[Only for students that have not tane the exam of Elementi di sicurezza e privatezza with the syllabus of prof. De Capitani di Vimercati]
Discretionary policies. Access matrix model. HRU. Limitations of discretionary policies. Trojan Horses. Mandatory policies. Bell-La Padula's model. Limitation of discretionary policies (cover and timing channels). Biba's model. Administrative policies, authorization revocation. Administration of authorization in SQL. Authorization with conditions. Supporting groups and abstraction in subject and object expressions. Negative authorizations. Conflict resolution policies. Chinese-wall. Integrity policies. Clark and Wilson model. Role-based access controls. Some basic principles: (static and dynamic), least privilege. Access controls in open systems: attribute-based access control.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours