DATA SECURITY AND PRIVACY

Degree course: 
Corso di Second cycle degree in COMPUTER SCIENCE
Academic year when starting the degree: 
2018/2019
Year: 
1
Academic year in which the course will be held: 
2018/2019
Course type: 
Compulsory subjects, characteristic of the class
Language: 
English
Credits: 
9
Period: 
First Semester
Standard lectures hours: 
80
Detail of lecture’s hours: 
Lesson (56 hours), Exercise (24 hours)
Requirements: 

Good knowledge of English. It is also reccomended to have taken a basic security course.

Final Examination: 
Orale

The students learning extent is assessed through a written exam and a talk. The written exam lasts approx. 2 hours. Students are not allowed to consult any text book or other learning material during the test. The test is divided into two parts. The first part consists of 4/5 open questions on the conceptual aspects of the course, whereas the second part consists of 3/4 exercises whose goal is to assess the ability of specifying access control/privacy policies with the models, languages, and tools learned during the course. The grade of each part of the written exam is given in thirtieths. The overall grade of the written exam is determined by the following formula: 1/3 * grade of the first part + 2/3 * grade of the second part. The written exam is passed if the student obtains a grade greater than or equal to 18 in both the parts. The talk has the goal of assessing what has been learned during the exercise classes. The grade of the talk is given in thirtieths and it is successful with a grade greater than or equal to 18. The final score of the course will be determined by the following formula: 1/3 * grade of the talk + 2/3 * grade of the written exam.

Assessment: 
Voto Finale

The course has the main goal of illustrating the models, languages, and tools for the management of access control and privacy policies within a data management system. A part of the course will also be devoted to access control and privacy issues in innovative contexts (such as for instance IoT, social networks and data outsourcing).

On the basis of the knowledge acquired through the lessons and exercises, the student will be able to understand and use the main existing access control models and to customize them according to the needs of specific application domains. A part of the course is also devoted to the main issues related to privacy protection and to the tools for privacy preserving data management system. The course also aims to illustrate the main research trends in the field of security and privacy. To this end, students will be recommended a series of scientific papers that address innovative issues in the field of security and privacy. Each topic will be associated with one or more students. The result of the study will be presented and discussed in class, through a talk that will be part of the final exam.

The course has a significant application value. In particular, an important part of the course will be devoted to the support provided by SQL for access control. The course also includes an in-depth look at the main access control services provided by the Oracle commercial DBMS. It is expected that the student, at the end of the course, will be able to implement through these languages / tools the access control / privacy requirements of a particular application domain.

The expected course outcomes include the ability to independently translate specific access control/privacy requirements with the languages/mechanisms seen in class, while also being able to choose the best solution for the considered domain when multiple options are possible. It is also expected that the student will be able to detect any security vulnerabilities due to design errors. Judgement, analysis and communication skills will be acquired through guided discussions on topics agreed with the instructors.

The knowledge provided by the course will facilitate individual deepening of student knowledge and development of new skills. For example, it should not be difficult for a student who has successfully followed the course, to independently learn the concepts underlying a new access control mechanism or a new technique for privacy protection. This is also facilitated by the presentation of the main research trends.

1.Privacy and security in data management systems: basic concepts (6h)
2.Access control within DBMSs (18h)
3.Access control support in SQL (4h)
4.Oracle VPD, OLS, and Oracle Vault (8h)
5.Privacy-preserving DBMS (16h)
6.Data privacy and security: research trends (IoT, Social Networks, Cloud computing, Blockchain) (28h).

The slides used during classes can be found on the University’s e-learning web site, where the students can also find further materials and links to relevant websites.
Suggested textbook
E. Ferrari. Access Control in Data Management Systems, Synthesis Lectures on Data Management, Morgan & Claypool, 2010.

Convenzionale

Lectures and Exercise classes.

During the period in which the course is held, students can meet with the instructor on class days. In the remainder of the year, the students need to contact the instructor by email to set up an appointment.