CS 3525: Advanced Topics in Security and Privacy

Fall 2009

[ Home ] [ Policies ] [ Lectures ] [ Project ]

General Information

Instructor:

    Prof. Adam J. Lee
    Office: 6111 Sennott Square
    Email: adamlee -at- cs.pitt.edu
    Phone: 412-624-8416

Lecture:

MW 4:00 - 5:15 PM, 5313 SENSQ

Office Hours:

MW 3:00 - 4:00 PM, 6111 SENSQ

Optional references:

Ross Anderson, Security Engineering, Wiley
Krzysztof R. Apt, Logic Programming in Handbook of Theoretical Computer science
Matt Bishop, Computer Security: Art and Science, Addison-Wesley
Charles Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Prentice Hall
Bruce Schneier, Applied Cryptography, Wiley

Announcements

[11/2] The due date for progress reports has been pushed back until Monday 11/16.
[11/2] From now on, you need only submit one paper review per lecture. You are free to choose which paper you want to review for every lecture.
[9/28] Don't forget that project proposals are due on Wednesday 10/7. Make sure that you talk to me and get preliminary approval for your idea(s) before you start writing!
[9/23] Adam's office hours on Monday 9/28 are cancelled. If you need to meet on Monday, please send email to schedule an appointment.
[9/16] Paper reviews are due before the start of lecture. You can either turn in a hard copy in class, or email Dr. Lee prior to the start of class.
[8/31] Don't forget to email Dr. Lee the titles of 8-10 papers from the lecture list that you are interested in presenting. Please do so by this Friday (Sept. 4th) to avoid being assigned papers at random.
[8/17/09] Welcome to CS 2530! Please check this web page at least 2 times per week for important announcements.

Course Description

Networked systems are becoming an increasingly prevalent and, in some cases, intrusive features in our everyday lives. Examples include online social networks, medical information systems, distributed sensor networks, and context aware applications. While these systems certainly provide users with many direct and indirect benefits, they also expose potentially sensitive personal and corporate data to risks such as unauthorized disclosure or unintended use (e.g., profiling).

This seminar course will cover recent research that aims to support the utility of the above types of systems, while still preserving data confidentiality and respecting user privacy. Specific topics will be selected from areas including flexible user authorization techniques designed for the above types of open networked systems; the enforcement of obligations on data retention and release; microdata publishing, private database management, and private data mining; pervasive monitoring technologies, such as location-based systems and RFID; and access control and privacy policy specification, management, and enforcement. Student grades will be based upon paper reviews, in-class presentations, and an individual or group research project building upon the themes discussed in this course.

Prerequisites: Graduate standing.

Grading:

20% Paper reviews [ Review form ]
25% Paper presentations
45% Project
10% Subjective