INTRODUCTION Introduction to the lectures and to the exams
MICRODATA AND MACRODATA PROTECTION Techniques for ensuring confidentiality of sensitive information when publishing microdata and macrodata
DATA PRIVACY Privacy metrics and techniques (k-anonymity, l-diversity, t-closeness). Differential privacy. Data linkage.
PRIVACY Privacy requirements in the Web.
MODELS AND LANGUAGES FOR SECONDARY USE OF INFORMATION Secondary usage of information and data handling restrictions. P3P.
PRIVACY-AWARE ACCESS CONTROL Access control departing from authentication of users. Privacy policies, models, and architectural considerations.
XACML eXtensible Access Control Markup Language. XACML for supporting privacy, advantages and limitations.
PROTECTION OF LOCATION DATA Use of contextual information in access control. Location-based access control. Protection and obfuscation of location-based information.
USER PRIVACY IN DIGITAL INTERACTION Anonymity in communication networks. WAN, MANET (VANET) and hybrid networks. TOR.
DATA PROTECTION IN OUTSOURCING SCENARIO AND CLOUD SCENARIOS Indices and inference. Access control on encrypted outsourced data. Indices and selective access.
FRAGMENTATION FOR INFORMATION PRIVACY Fragmentation for protecting sensitive associations. Fragmentation and encryption. Loose associations.
ACCESS AND PATTERN PRIVACY Dynamic allocation for protecting privacy of queries: access and pattern privacy.
CONTROLLED INFORMATION SHARING IN DISTRIBUTED QUERY EXECUTION Controlling information flow in distribuite query execution. Safe query plans. View-based access control and authorization composition.
MODELS AND LANGUAGES FOR USER PRIVACY PREFERENCES User privacy requirements. Supporting user privacy preferences in access control and in digital interactions.
MULTILEVEL DATABASES Mandatory policies in relational databases. Poli-instantiation and cover stories. Architectural approaches for multilevel DBMSs. Oracle label security.
ACCESS CONTROL POLICIES, MODELS, AND LANGUAGES [Only for students that have not tane the exam of Elementi di sicurezza e privatezza with the syllabus of prof. De Capitani di Vimercati] Discretionary policies. Access matrix model. HRU. Limitations of discretionary policies. Trojan Horses. Mandatory policies. Bell-La Padula's model. Limitation of discretionary policies (cover and timing channels). Biba's model. Administrative policies, authorization revocation. Administration of authorization in SQL. Authorization with conditions. Supporting groups and abstraction in subject and object expressions. Negative authorizations. Conflict resolution policies. Chinese-wall. Integrity policies. Clark and Wilson model. Role-based access controls. Some basic principles: (static and dynamic), least privilege. Access controls in open systems: attribute-based access control.