Part of the
Cyber Security
TU DelftTU EindhovenUniversity of TwenteWageningen University
Cyber Security


+31(0)6 48 27 55 61



4TU.CybSec Syllabus Principles of Data Protection until 2015/2016 (PDP)

Credits: 5EC

Motivation: The digitalization of information and the Internet have dramatically changed society. New business models and technologies have been deployed to provide users with new services (e.g., eBusiness, eHealth, eGoverment). However, this new trend has to increasingly face the risk of unauthorized access to personal information and consequently of misuses of personal information.

Synopsis: Privacy is an abstract and subjective concept, hard to define. The notion of privacy dependends on cultural issues, study discipline, stakeholder, and context. The course focuses on access control and on its extension to address privacy issues, and not on cryptography. The lectures cover the most important access control mechanisms: discretionary access control, mandatory access control, role-based access control, privacy-aware access control.

Aim: To provide an understanding of privacy risks related to IT technology and an understanding of how access control mechanisms can be used and extended to mitigate such risks.

Learning outcomes: After completing the course:

Lecturers: Dr Nicola Zannone (TUDelft/TUe)

Examination: Written (3 hours) and two assignments (80% and 20%)

Contents: Introduction to access control, Discretionary Access Control (Access Matrix, HRU Model, Safety Problem), Mandatory Access Control (Security Classification, Bell-LaPadula Model, Biba Model, Chinise Wall Model), Role-based Access Control (Role, Role Hierarchy, Separation of Duties), Usage Control (Continuity of decision, Mutability of attributes), Privacy Principles, Privacy-aware Access Control (Hippocratic Databases, Purpose-based Access Control), Industry standards for access control and privacy (Enterprise Privacy Authorization Language (EPAL), eXtensible Access Control Markup Language (XACML), RBAC Profile of XACML, Privacy Profile of XACML), Research directions in access control and privacy.

Core text: Various papers from the literature