| Lecture # |
Date |
Topics |
Presenter |
| 1 |
8/31 (Mon) |
Administrivia, course information, introduction
|
Adam Lee [PDF] |
| 2 |
9/2 (Wed) |
Background: Access Control |
Adam Lee |
| - |
9/7 (Mon) |
Labor Day (No Class) |
| 3 |
9/9 (Wed) |
Background: Cryptography |
Adam Lee |
| 4 |
9/14 (Mon) |
Trust Management
|
| Matt Blaze, Joan Feigenbaum, and Jack
Lacy,
Decentralized Trust Management, IEEE Symposium on Security
and Privacy, May 1996. |
Adam Lee [PDF] |
| Ninghui Li, John C. Mitchell, and William
H. Winsborough,
Design of a Role-based Trust-Management Framework, IEEE
Symposium on Security and Privacy, May 2002. |
| 5 |
9/16 (Wed) |
Moritz Y. Becker and Peter Sewell,
Cassandra:
distributed access control policies with tunable
expressiveness, 5th IEEE International Workshop on
Policies for Distributed Systems and Networks (POLICY), 2004
|
Yue [PDF] |
|
Moritz Y. Becker, Cedric Fournet, and Andrew D. Gordon,
SecPAL:
Design and Semantics of a Decentralized Authorization
Language, in Journal of Computer Security (JCS), IOS
Press, 2009
|
Brian [PDF] |
| 6 |
9/21 (Mon) |
Ninghui Li, William H. Winsborough, and John C. Mitchell,
Distributed
Credential Chain Discovery in Trust Management, Journal
of Computer Security 11(1):35-86, February 2003.
|
Onur [PDF] |
|
Adam J. Lee and Ting
Yu, Towards
a Dynamic and Composite Model of Trust, Proceedings of the
14th ACM Symposium on Access Control Models and Technologies
(SACMAT), June 2009.
|
Yue [PDF] |
| 7 |
9/23 (Wed) |
Trust Negotiation |
|
William H. Winsborough, Kent E. Seamons, and Vicki
E. Jones, Automated
Trust Negotiation, DARPA Information Survivability Conference
and Exposition, January 2000.
|
Andrew [PDF] |
|
Ting Yu, Marianne Winslett and Kent E. Seamons,
Supporting
Structured Credentials and Sensitive Policies through
Interoperable Strategies in Automated Trust Negotiation, ACM
Transaction on Information and System Security (TISSEC) 6(1):
1-42, February 2003.
|
Mohammad [PDF] |
| 8 |
9/28 (Mon) |
Charles C. Zhang, Marianne
Winslett, Distributed
Authorization by Multiparty Trust Negotiation. ESORICS 2008,
pages 282-299.
|
Yue [PDF] |
| Privacy-Preserving Credentials |
|
Ariel Glenn, Ian Goldberg, Frederic Legare, and Anton Stiglic,
A Description of
Protocols for Private Credentials, IACR ePrint report 2001/082.
|
Onur [PDF] |
| 9 |
9/30 (Wed) |
Jason Holt, Robert Bradshaw, Kent E. Seamons, and Hillarie
Orman, Hidden
Credentials, 2nd ACM Workshop on Privacy in the Electronic
Society, October 2003.
|
Nick [PDF] |
|
Jiangtao Li and Ninghui
Li, OACerts:
Oblivious Attribute Certificates, IEEE Transactions on
Dependable and Secure Computing, 3(4):340-352, October 2006.
|
Brian [PDF] |
| 10 |
10/5 (Mon) |
Deployment Considerations |
|
Lujo Bauer, Scott Garriss, and Michael
K. Reiter, Distributed
proving in access-control systems, Proceedings of the IEEE
Symposium on Security & Privacy, pages 81-95, May 2005.
|
Andrew [PDF] |
|
Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and
Michael
K. Reiter, Consumable
credentials in logic-based access-control systems, Proceedings
of the Network & Distributed System Security Symposium (NDSS),
pages 143-157, February 2007.
|
Mohammad [PDF] |
| 11 |
10/7 (Wed) |
Proposal presentations |
Everyone |
| 12 |
10/13 (Tues) |
Adam J. Lee and Marianne
Winslett, Enforcing
Safety and Consistency Constraints in Policy-Based Authorization
Systems, ACM Transactions on Information and System Security
12(2), December 2008.
|
Brian [PDF] |
|
Adam J. Lee, Kazuhiro Minami, and Nikita Borisov,
Confidentiality-Preserving
Distributed Proofs of Conjunctive Queries, Proceedings of the
Fourth ACM Symposium on Information, Computer, and Communication
Security (ASIACCS), March 2009.
|
Nick and Mohammad (Discussion only!) |
| 13 |
10/14 (Wed) |
Fine-Grained Database Protections |
|
Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong
Xu, Hippocratic
Databases, VLDB 2002, pages 143-154.
|
George [PDF] |
|
Kristen LeFevre, Rakesh Agrawal, Vuk Ercegovac, Raghu
Ramakrishnan, Yirong Xu, and David
J. DeWitt, Limiting
Disclosure in Hippocratic Databases, VLDB 2004, pages 108-119.
|
George, Mehmud, and Thao (Discussion only!) |
| 14 |
10/19 (Mon) |
Shariq Rizvi, Alberto O. Mendelzon, S. Sudarshan, and Prasan
Roy, Extending
Query Rewriting Techniques for Fine-Grained Access Control,
SIGMOD Conference 2004, pages 551-562.
|
Thao [PDF] |
|
Lars E. Olson, Carl A. Gunter and
P. Madhusudan, A
formal framework for reflective database access control
policies, ACM Conference on Computer and Communications
Security 2008, pages 289-298.
|
Brian [PDF] |
| 15 |
10/21 (Wed) |
Microdata Publishing |
|
Latanya
Sweeney, k-Anonymity:
A Model for Protecting Privacy, International Journal on
Uncertainty, Fuzziness, and Knowledge-based Systems,
10(5):557-570, 2002.
|
Mohammad [PDF] |
| Kristen LeFevre, David DeWitt, Raghu
Ramakrishnan, Mondrian
Multidimensional k-Anonymity, ICDE, 2006.
|
George [PDF] |
| 16 |
10/26 (Mon) |
Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and
Muthuramakrishnan
Venkitasubramaniam, l-diversity:
Privacy beyond k-anonymity, ACM Transactions on
Knowledge Discovery from Data 1(1), March 2007.
|
Brian and Onur (Discussion only!) |
|
Arvind Narayanan and Vitaly
Shmatikov, Robust
De-anonymization of Large Sparse Datasets, IEEE Symposium on
Security and Privacy, May 2008.
|
Yue [PDF] |
| 17 |
10/28 (Wed) |
Paul
Ohm, Broken
Promises of Privacy: Responding to the Surprising Failure of
Anonymization, University of Colorado Law Legal Studies
Research Paper No. 09-12, August 2009.
|
Andrew |
|
Cynthia
Dwork, An
Ad Omnia Approach to Defining and Achieving Private Data
Analysis, in Privacy, Security, and Trust in KDD (PinKDD),
August 2007.
|
Mohammad [PDF] |
| 18 |
11/2 (Mon) |
Data Stream Security |
|
Wolfgang Lindner and Joerg
Meier, Securing
the Borealis Data Stream Engine, IDEAS 2006.
|
Thao [PDF] |
Barbara Carminati, Elena Ferrari, Kian Lee
Tan, Enforcing
Access Control Over Data Streams, 12th ACM Symposium on Access
Control Models and Techologies (SACMAT), June 2007.
|
Mehmud [PDF] |
| 19 |
11/4 (Wed) |
Rimma V. Nehme, Elke A. Rundensteiner and Elisa
Bertino. Security
Punctuation Framework for Enforcing Access Control on Streaming
Data, IEEE International Conference on Data Engineering
(ICDE), April 2008.
|
Thao [PDF] |
| Securely Outsourcing Data |
|
Radu Sion and Bogdan
Carbunar, On
the Computational Practicality of Private Information
Retrieval, Network and Distributed System Security Symposium
(NDSS), February 2007.
|
Nick |
| - |
11/9 (Mon) |
No Class --- Work on projects and progress reports |
| - |
11/11 (Wed) |
No Class --- Work on projects and progress reports |
| 20 |
11/16 (Mon) |
Peter Williams, Radu Sion, and Bogdan
Carbunar, Building
Castles out of Mud: Practical Access Pattern Privacy and
Correctness on Untrusted Storage, ACM Conference on Computer
and Communication Security (CCS), November 2008.
|
Mehmud [PDF] |
| Regulatory Compliance |
|
Qingbo Zhu and Windsor
W. Hsu, Fossilized
index: the linchpin of trustworthy non-alterable electronic
records, SIGMOD 2005.
|
Mehmud [PDF] |
| 21 |
11/18 (Wed) |
Soumyadeb Mitra, Windsor W. Hsu, and Marianne
Winslett, Trustworthy
keyword search for regulatory-compliant records retention, VLDB
2006.
|
Thao [PDF] |
Location-Aware Systems |
|
Andrew J. Blumberg and Peter
Eckersley, On
Locational Privacy, and How to Avoid Losing it Forever, EFF
Whitepaper, August 2009.
|
Background Reading
(No presentation) |
|
Alastair R. Beresford and Frank
Stajano, Location
Privacy in Pervasive Computing, IEEE Pervasive Computing,
2(1):46-55, 2003.
|
Nick [PDF] |
| 22 |
11/23 (Mon) |
Carmela Troncoso, George Danezis, Eleni Kosta, and Bart Preneel,
Pripayd:
privacy friendly pay-as-you-drive insurance, WPES 2007, pages
99-107.
|
Andrew and Yue (Discussion only!) |
|
Apu Kapadia, Tristan Henderson, Jeffrey J. Fielding, and David
Kotz, Virtual
Walls: Protecting Digital Privacy in Pervasive Environments,
Pervasive 2007, pages 162-179.
|
Onur [PDF] |
| - |
11/25 (Wed) |
Thanksgiving Holiday (No Class) |
| 23 |
11/30 (Mon) |
Social Information Sharing |
|
Ralph Gross, Alessandro Acquisti, and H. John Heinz
III, Information
revelation and privacy in online social networks, WPES 2005,
pages 71-80.
|
George [PDF] |
|
Shane Ahern, Dean Eckles, Nathaniel Good, Simon King, Mor Naaman,
and Rahul
Nair, Over-exposed?:
privacy patterns and considerations in online and mobile photo
sharing, CHI 2007, pages 357-366.
|
Onur [PDF] |
| 24 |
12/2 (Wed) |
Brian Thompson and Danfeng
Yao, The
union-split algorithm and cluster-based anonymization of social
networks, ASIACCS 2009, pages 218-227.
|
Mehmud |
| RFID |
| Simson L. Garfinkel, Ari Juels, and
Ravi Pappu, RFID
Privacy: An Overview of Problems and Proposed Solutions, IEEE
Security and Privacy, (3)3:34-43, May/June 2005 |
George [PDF] |
| 25 |
12/7 (Mon) |
David Molnar and David
Wagner, Privacy
and Security in Library RFID: Issues, Practices, and
Architectures, ACM CCS, October 2004.
|
Andrew [PDF] |
|
Alexei Czeskis, Karl Koscher, Joshua R. Smith, and Tadayoshi
Kohno, RFIDs
and secret handshakes: defending against ghost-and-leech attacks
and unauthorized reads with context-aware communications, ACM
Conference on Computer and Communications Security, pages 479-490,
November 2008.
|
Nick |
| 26 |
12/9 (Wed) |
Project presentations: Mohammad, George, Thao |
- |
| 27 |
12/14 (Mon) |
Project presentations: Brian, Nick, Mehmud |
- |
| 28 |
12/16 (Wed) |
Project presentations: Onur, Andrew, Yue |
- |