Swedish web site
Introduction to Information Privacy2013HT
|
|
Course plan
Lectures
Recommended for
Recommended for PhD students.
The course was last given
--
Goals
The course provides understanding of the area of privacy. It is organized into
two parts: an introduction to privacy and privacy-enhancing technologies, and a
deeper study in a selected research area in the field of privacy: database
privacy. Each part has its own set of learning outcomes. Passing this course
means that a student should,
- recognize the privacy terminology
- identify the principles and motivation of the research in the field of
privacy
- classify privacy-enhancing technologies and reflect about their fundamentals
- apply privacy-enhancing technologies in different contexts
- recognize main concepts in database privacy;
- describe major data protection methods for different types of data;
- apply techniques for measuring disclosure risk and information loss / data
utility for protected data
Prerequisites
MSc in mathematics or computer science/engineering, with some background in Security, and knowledge of maths.
Contents
The goal of data privacy and privacy enhancing technologies is to develop
theories and technologies that permit the access to information avoiding the
disclosure of sensitive information. Different approaches focus on different
answers to the questions of what sensitive data are, how sensitive data are
represented, and how an adversary can recover sensitive data.
Privacy preserving data mining (PPDM) and statistical disclosure control (SDC)
are two areas of research that focus on the problems of data privacy.
In this course, the main concepts to be studied are related to data privacy.
Major approaches for data protection will be reviewed and there will be
discussions on how these methods ensure privacy. Also subjects to discussions
are: disclosure risk measures that evaluate to which extent protected data
ensures confidentiality, and information loss measures that evaluate whether
protected data is still useful for their analysis.
Concrete examples to be discussed are data protection methods for numerical and
categorical database protection, and measures for information loss and
disclosure risk for these types of databases. We will also discuss some
examples on other types of databases as e.g. online social networks.
Organization
The course consists of two equally important parts: an introduction to privacy
and privacy-enhancing technologies and a deeper study in a selected research
area in the field of privacy: database privacy. Both parts are focused on
lectures, the study of relevant literature, discussions, group activities and
practical assignments. The practical part consists of a project work in the
area of information privacy, which may, but not necessarily, be related to the
content of the lectures. Participants are required to plan and document their
work.
Part I: Introduction to Privacy and Privacy-Enhancing Technologies
1. Introduction to Privacy
a. Definition of Privacy
b. Legal Aspects
c. Research Areas in Privacy
2. Anonymity and Pseudonyms
a. Identity and Identifiers
b. Types of Pseudonyms
c. Anonymity
3. Anonymous Communication Mechanisms
a. The Dining Cryptographers
b. MIX Networks
c. Crowds
d. Onion Routing and TOR
4. An Introduction to an ongoing research area in the field of privacy
Part II: Privacy Aspects in Data Mining
0. For those unfamiliar:
a. Elements of machine learning
b. Clustering and comparison of partitions
c. Association rules
1. Data Privacy Dimensions
a. Owner privacy
b. Respondent and owner privacy
c. Data-driven or general-purpose
d. Computation-driven or specific-purpose
e. Result-driven
2. Data protection methods
3. Information loss measures
4. Disclosure risk measures
Literature
The following literature:
C. C. Aggarwal, P. S. Yu (Eds.) Privacy-Preserving Data Mining: Models and
Algorithms, Springer, 2008.
G. T. Duncan, M. Elliot, J. J. Salazar-Gonzalez, Statistical Confidentiality:
Principles and Practice, Springer, 2011.
A. Hundepool, J. Domingo-Ferrer, L. Franconi, S. Giessing, E. S. Nordholt, K.
Spicer, P.-P. de Wolf, Statistical Disclosure Control, Wiley, 2012.
A. Pfitzmann, M. Hansen. A terminology for talking about privacy by data
minimization: anonymity, unlinkability, undetectability, unobservability,
pseudonymity, and identity management. v0.34, 10 Aug 2010.
S. Fischer-Hübner, D. Kesdogan, L. Martucci. Privacy and privacy-enhancing
technologies. In: S. Furnell, S. Katsikas, J. Lopez, A. Patel (Eds.) Securing
Information and Communication Systems: Principles, Technologies, and
Applications. Artech House, Norwood, MA, USA. ch.11, p.213-242.
P. Syverson, D. Goldschlag, M. Reed. Anonymous connections and onion routing.
In Proc. of the 1997 IEEE Symposium on Security and Privacy (S&P 1997), pages
44–54. IEEE Computer Society, 4–7 May 1997.
M. Reiter, A. Rubin. Crowds: anonymity for web transactions. ACM Transactions
on Information and System Security (TISSEC), 1(1):66–92, 1998. ISSN 1094-9224.
doi: http://doi.acm.org/10.1145/290163.290168
Lecturers
See the organization.
Examiner
Examiner: Nahid Shahmehri
Guest lecturers: Drs. Leonardo Martucci, Vicenc Torra.
Examination
Both theoretical writing/exam and practical work.
Credit
4 hp
Organized by
ADIT
Comments
Registrations are binding.
The lectures will be in intensive form. A schedule will be provided after the
participants are registered to the course.
Page responsible: Anne Moe
