Lecture Schedule


[ Home ]    [ Policies ]    [ Homework ]    [ Project ]   


Notice: Students are responsible for reading all papers listed below prior to the lecture in which they will be discussed. Paper reviews are due at the start of lecture and will not be accepted late without prior approval.


Lecture # Date Topics Presenter
1 8/31 (Mon) Administrivia, course information, introduction Adam Lee [PDF]
2 9/2 (Wed) Background: Access Control Adam Lee
- 9/7 (Mon) Labor Day (No Class)
3 9/9 (Wed) Background: Cryptography Adam Lee
4 9/14 (Mon) Trust Management
Matt Blaze, Joan Feigenbaum, and Jack Lacy, Decentralized Trust Management, IEEE Symposium on Security and Privacy, May 1996. Adam Lee [PDF]
Ninghui Li, John C. Mitchell, and William H. Winsborough, Design of a Role-based Trust-Management Framework, IEEE Symposium on Security and Privacy, May 2002.
5 9/16 (Wed) Moritz Y. Becker and Peter Sewell, Cassandra: distributed access control policies with tunable expressiveness, 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), 2004 Yue [PDF]
Moritz Y. Becker, Cedric Fournet, and Andrew D. Gordon, SecPAL: Design and Semantics of a Decentralized Authorization Language, in Journal of Computer Security (JCS), IOS Press, 2009 Brian [PDF]
6 9/21 (Mon) Ninghui Li, William H. Winsborough, and John C. Mitchell, Distributed Credential Chain Discovery in Trust Management, Journal of Computer Security 11(1):35-86, February 2003. Onur [PDF]
Adam J. Lee and Ting Yu, Towards a Dynamic and Composite Model of Trust, Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2009. Yue [PDF]
7 9/23 (Wed) Trust Negotiation
William H. Winsborough, Kent E. Seamons, and Vicki E. Jones, Automated Trust Negotiation, DARPA Information Survivability Conference and Exposition, January 2000. Andrew [PDF]
Ting Yu, Marianne Winslett and Kent E. Seamons, Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies in Automated Trust Negotiation, ACM Transaction on Information and System Security (TISSEC) 6(1): 1-42, February 2003. Mohammad [PDF]
8 9/28 (Mon) Charles C. Zhang, Marianne Winslett, Distributed Authorization by Multiparty Trust Negotiation. ESORICS 2008, pages 282-299. Yue [PDF]
Privacy-Preserving Credentials
Ariel Glenn, Ian Goldberg, Frederic Legare, and Anton Stiglic, A Description of Protocols for Private Credentials, IACR ePrint report 2001/082. Onur [PDF]
9 9/30 (Wed) Jason Holt, Robert Bradshaw, Kent E. Seamons, and Hillarie Orman, Hidden Credentials, 2nd ACM Workshop on Privacy in the Electronic Society, October 2003. Nick [PDF]
Jiangtao Li and Ninghui Li, OACerts: Oblivious Attribute Certificates, IEEE Transactions on Dependable and Secure Computing, 3(4):340-352, October 2006. Brian [PDF]
10 10/5 (Mon) Deployment Considerations
Lujo Bauer, Scott Garriss, and Michael K. Reiter, Distributed proving in access-control systems, Proceedings of the IEEE Symposium on Security & Privacy, pages 81-95, May 2005. Andrew [PDF]
Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and Michael K. Reiter, Consumable credentials in logic-based access-control systems, Proceedings of the Network & Distributed System Security Symposium (NDSS), pages 143-157, February 2007. Mohammad [PDF]
11 10/7 (Wed) Proposal presentations Everyone
12 10/13 (Tues) Adam J. Lee and Marianne Winslett, Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems, ACM Transactions on Information and System Security 12(2), December 2008. Brian [PDF]
Adam J. Lee, Kazuhiro Minami, and Nikita Borisov, Confidentiality-Preserving Distributed Proofs of Conjunctive Queries, Proceedings of the Fourth ACM Symposium on Information, Computer, and Communication Security (ASIACCS), March 2009. Nick and Mohammad (Discussion only!)
13 10/14 (Wed) Fine-Grained Database Protections
Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu, Hippocratic Databases, VLDB 2002, pages 143-154. George [PDF]
Kristen LeFevre, Rakesh Agrawal, Vuk Ercegovac, Raghu Ramakrishnan, Yirong Xu, and David J. DeWitt, Limiting Disclosure in Hippocratic Databases, VLDB 2004, pages 108-119. George, Mehmud, and Thao (Discussion only!)
14 10/19 (Mon) Shariq Rizvi, Alberto O. Mendelzon, S. Sudarshan, and Prasan Roy, Extending Query Rewriting Techniques for Fine-Grained Access Control, SIGMOD Conference 2004, pages 551-562. Thao [PDF]
Lars E. Olson, Carl A. Gunter and P. Madhusudan, A formal framework for reflective database access control policies, ACM Conference on Computer and Communications Security 2008, pages 289-298. Brian [PDF]
15 10/21 (Wed) Microdata Publishing
Latanya Sweeney, k-Anonymity: A Model for Protecting Privacy, International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems, 10(5):557-570, 2002. Mohammad [PDF]
Kristen LeFevre, David DeWitt, Raghu Ramakrishnan, Mondrian Multidimensional k-Anonymity, ICDE, 2006. George [PDF]
16 10/26 (Mon) Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venkitasubramaniam, l-diversity: Privacy beyond k-anonymity, ACM Transactions on Knowledge Discovery from Data 1(1), March 2007. Brian and Onur (Discussion only!)
Arvind Narayanan and Vitaly Shmatikov, Robust De-anonymization of Large Sparse Datasets, IEEE Symposium on Security and Privacy, May 2008. Yue [PDF]
17 10/28 (Wed) Paul Ohm, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, University of Colorado Law Legal Studies Research Paper No. 09-12, August 2009. Andrew
Cynthia Dwork, An Ad Omnia Approach to Defining and Achieving Private Data Analysis, in Privacy, Security, and Trust in KDD (PinKDD), August 2007. Mohammad [PDF]
18 11/2 (Mon) Data Stream Security
Wolfgang Lindner and Joerg Meier, Securing the Borealis Data Stream Engine, IDEAS 2006. Thao [PDF]
Barbara Carminati, Elena Ferrari, Kian Lee Tan, Enforcing Access Control Over Data Streams, 12th ACM Symposium on Access Control Models and Techologies (SACMAT), June 2007. Mehmud [PDF]
19 11/4 (Wed) Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino. Security Punctuation Framework for Enforcing Access Control on Streaming Data, IEEE International Conference on Data Engineering (ICDE), April 2008. Thao [PDF]
Securely Outsourcing Data
Radu Sion and Bogdan Carbunar, On the Computational Practicality of Private Information Retrieval, Network and Distributed System Security Symposium (NDSS), February 2007. Nick
- 11/9 (Mon) No Class --- Work on projects and progress reports
- 11/11 (Wed) No Class --- Work on projects and progress reports
20 11/16 (Mon) Peter Williams, Radu Sion, and Bogdan Carbunar, Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage, ACM Conference on Computer and Communication Security (CCS), November 2008. Mehmud [PDF]
Regulatory Compliance
Qingbo Zhu and Windsor W. Hsu, Fossilized index: the linchpin of trustworthy non-alterable electronic records, SIGMOD 2005. Mehmud [PDF]
21 11/18 (Wed) Soumyadeb Mitra, Windsor W. Hsu, and Marianne Winslett, Trustworthy keyword search for regulatory-compliant records retention, VLDB 2006. Thao [PDF]
Location-Aware Systems
Andrew J. Blumberg and Peter Eckersley, On Locational Privacy, and How to Avoid Losing it Forever, EFF Whitepaper, August 2009. Background Reading
(No presentation)
Alastair R. Beresford and Frank Stajano, Location Privacy in Pervasive Computing, IEEE Pervasive Computing, 2(1):46-55, 2003. Nick [PDF]
22 11/23 (Mon) Carmela Troncoso, George Danezis, Eleni Kosta, and Bart Preneel, Pripayd: privacy friendly pay-as-you-drive insurance, WPES 2007, pages 99-107. Andrew and Yue (Discussion only!)
Apu Kapadia, Tristan Henderson, Jeffrey J. Fielding, and David Kotz, Virtual Walls: Protecting Digital Privacy in Pervasive Environments, Pervasive 2007, pages 162-179. Onur [PDF]
- 11/25 (Wed) Thanksgiving Holiday (No Class)
23 11/30 (Mon) Social Information Sharing
Ralph Gross, Alessandro Acquisti, and H. John Heinz III, Information revelation and privacy in online social networks, WPES 2005, pages 71-80. George [PDF]
Shane Ahern, Dean Eckles, Nathaniel Good, Simon King, Mor Naaman, and Rahul Nair, Over-exposed?: privacy patterns and considerations in online and mobile photo sharing, CHI 2007, pages 357-366. Onur [PDF]
24 12/2 (Wed) Brian Thompson and Danfeng Yao, The union-split algorithm and cluster-based anonymization of social networks, ASIACCS 2009, pages 218-227. Mehmud
RFID
Simson L. Garfinkel, Ari Juels, and Ravi Pappu, RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security and Privacy, (3)3:34-43, May/June 2005 George [PDF]
25 12/7 (Mon) David Molnar and David Wagner, Privacy and Security in Library RFID: Issues, Practices, and Architectures, ACM CCS, October 2004. Andrew [PDF]
Alexei Czeskis, Karl Koscher, Joshua R. Smith, and Tadayoshi Kohno, RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications, ACM Conference on Computer and Communications Security, pages 479-490, November 2008. Nick
26 12/9 (Wed) Project presentations: Mohammad, George, Thao -
27 12/14 (Mon) Project presentations: Brian, Nick, Mehmud -
28 12/16 (Wed) Project presentations: Onur, Andrew, Yue -