Principles of Data Protection

Course code: 2IMS25

Academic Year: 2017/2018

Quartile 1

Time: Tuesday, hours 3 and 4 (from 10:45 till 12:30)
Place: LUNA 1.050

Time: Thursday, hours 5 and 6 (from 13:45 till 15:30)
Place: LUNA 1.056

The slides are being updated during the course.

Assessment

Grades for the course are based on 2 assignments (10%) and a final exam (90%).

The assignments include problems to be solved.
The final exam is a 3 hours closed-book exam covering ALL topics presented during the course.

During the course, homeworks will be given. Homeworks are not graded. They can be submitted in class at the beginning of the lecture or sent by email.

Assignment 1

Assignment 1
Deadline: 22 September 2017

Assignment 2

Assignment 2
Deadline: 19 October 2017

How to submit the assignments:

send a pdf file with the solution by email (n.zannone at tue dot nl)

Final exam

Date: 30 October 2017 9:00-12:00
Place: FLUX 0.01, FLUX 1.03, FLUX 1.04, FLUX 1.05, FLUX 1.06

Date: 22 January 2018 18:00-21:00
Place: Auditorium 14

Course Outline (numbers correspond to lectures):

(5/9) Introduction. (Nicola Zannone)
(7/9) Discretionary Access Control. (Nicola Zannone)
- (Obligatory) Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in Operating Systems. Communications of the ACM 19(8): 461-471. 1976
- (Obligatory) Butler W. Lampson. Protection. ACM SIGOPS Operating Systems Review 8(1): 18-24. 1974.
- (Suggested) Pierangela Samarati, Sabrina De Capitani di Vimercati. Access Control: Policies, Models, and Mechanisms. Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures.
(12/9) Mandatory Access Control. (Nicola Zannone)
- (Obligatory) Ravi S. Sandhu. Lattice-Based Access Control Models. Computer 26(11):9-19. 1993.
- (Suggested) Pierangela Samarati, Sabrina De Capitani di Vimercati. Access Control: Policies, Models, and Mechanisms. Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures.
(14/9) Role Based Access Control. (Nicola Zannone)
- (Obligatory) R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman. 1996. Role-Based Access Control Models, IEEE Computer 29(2): 38-47
- (Suggested) Pierangela Samarati, Sabrina De Capitani di Vimercati. Access Control: Policies, Models, and Mechanisms. Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures.
(19/9) Usage Control. (Nicola Zannone)
- (Obligatory) Jaehong Park and Ravi Sandhu. 2004. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 1, 128-174.
(21/9) No lecture
(26/9) CANCELLED
(28/9) Role-Based Trust Management I. (Sandro Etalle)
- (Obligatory) Ninghui Li, William H. Winsborough, John C. Mitchell Distributed Credential Chain Discovery in Trust Management. (the type system and the forward and backward algorithms)
- (Suggested) Marianne Winslett. An Introduction to Trust Negotiation. iTrust 2003: 275-283.
(3/10) Introduction to Privacy. (Nicola Zannone)
- (Obligatory) Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu. Hippocratic Databases. VLDB 2002: 143-154 (2002)
- (Suggested) P. Guarda and N. Zannone. Towards the Development of Privacy-Aware Systems. Information and Software Technology. 51(2):337-350. 2009.
(5/10) Privacy-aware Access Control I. (Nicola Zannone)
- (Obligatory) Ji-Won Byun, Ninghui Li. Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4): 603-619 (2008)
(10/10) Privacy-aware Access Control II. (Nicola Zannone)
- (Obligatory) Michael Backes, Günter Karjoth, Walid Bagga, Matthias Schunter. Efficient comparison of enterprise privacy policies. SAC 2004: 375-382 (2004)
- (Suggested) Enterprise Privacy Authorization Language (EPAL 1.2)
(12/10) eXtensible Access Control Markup Language (XACML) I. (Nicola Zannone)
- (Recommended) XACML 3.0 Core: eXtensible Access Control Markup Language (XACML) version 3.0
- (Suggested) Ninghui Li, Qihua Wang, Wahbeh Qardaji, Elisa Bertino, Prathima Rao, Jorge Lobo, and Dan Lin. Access control policy combining: theory meets practice. In Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09), pages 135-144, ACM, 2009.
(17/10) eXtensible Access Control Markup Language (XACML) II. (Nicola Zannone)
- (Recommended) Core and hierarchical role based access control (RBAC) profile of XACML v3.0
- (Recommended) Privacy policy profile of XACML v3.0
(19/10) Role-Based Trust Management II. (Sandro Etalle)
- (Obligatory) Ninghui Li, John C. Mitchell, William H. Winsborough. Design of a Role-Based Trust-Management Framework.
- (Obligatory) Czenko, M.R. and Etalle, S. and Li, D. and Winsborough, W.H. (2007) An Introduction to the Role Based Trust Management Framework RT.
(24/10) Reduction of Access Control Decisions (Nicola Zannone)
- (Obligatory) Charles Morisset, Nicola Zannone: Reduction of access control decisions. In Proceedings of the ACM symposium on Access control models and technologies (SACMAT 2014), pages 53-62, ACM, 2014.
(26/10) Summary. (Nicola Zannone)

Old exams:

2016/2017

Assignment 1, here.
Assignment 2, here.
Exam (November), here.
Exam (January), here.

2015/2016

Assignment 1, here.
Assignment 2, here.
Exam (October), here.
Exam (January), here.

2014/2015

Assignment 1, here.
Assignment 2, here.
Exam (January), here.
Exam (April), here.

2013/2014

Assignment 1, here.
Assignment 2, here.
Exam (January), here.
Exam (April), here.

2012/2013

Assignment 1, here.
Assignment 2, here.
Exam (January), here.
Exam (April), here.

2011/2012

Assignment 1, here.
Assignment 2, here.
Exam (February), here.
Exam (April), here.