IDENTIFYING DATA 2018_19
Subject (*) PRIVACY PROTECTION Code 17685107
Study programme
Computer Security Engineering and Artificial Intelligence (2016)
 Cycle 2nd
Descriptors Credits Type Year Period
4.5 Compulsory First 2Q
Language
Anglès
Department Computer Engineering and Mathematics
Coordinator
DOMINGO FERRER, JOSEP
 E-mail
Lecturers
Web http://http://crises-deim.urv.cat/privprot
General description and relevant information General description Learn the basics of privacy, its legal principles and major design strategies . Gain expertise in database privacy and data anonymization.

Competences
Type A Code Competences Specific
 A1 Integrate the fundamental technology, applications, services and systems of Computer Security and Artificial Intelligence,in a broader, multidisciplinary context.
 A3 Understand and know how to apply the functioning and organisation of the Internet, the technology and protocols of new-generation networks, the models of components, intermediate software and services.
 A4 Design, develop, manage and evaluate mechanisms to certify and guarantee security in handling information and access to it in a local or distributed processing system.
 A5 Analyse the information needs considered in an environment and execute all stages of the construction process of a secure information system.
 G1 Project, calculate and design products, processes and installations in the areas of Computer Security and Artificial Intelligence
 G2 Perform mathematical modelling, calculation and simulation in company technology and engineering centres, particularly in tasks of research, development and innovation in the areas of Computer Security and Artificial Intelligence
Type B Code Competences Transversal
 CT2 Formular valoracions a partir de la gestió i ús eficient de la informació.
 CT3 Resoldre problemes complexes de manera crítica, creativa i innovadora en contextos multidisciplinars.
 CT4 Treballar en equips multidisciplinars i en contextos complexes.
 CT7 Aplicar els principis ètics i de responsabilitat social com a ciutadà i com a professional.
Type C Code Competences Nuclear

Learning outcomes
Type A Code Learning outcomes
 A1 Analitza els problemes i les seves causes des d'un enfocament global i de mitjà i llarg termini.
 A3 Dissenya protocols de xarxes i serveis privats per a aplicacions informàtiques i telemàtiques.
 A4 Dissenya tecnologies de garantia de la privacitat per a escenaris d'aplicacions informàtiques i telemàtiques.
 A5 Identifica els components d'un problema de presa de decisions i saber decidir el tipus de model de presa de decisions més adequat.
 G1 Integra els coneixements teòrics amb les realitats a les quals es poden aplicar.
 G2 Aplica les tècniques apreses en contextos concrets.
Type B Code Learning outcomes
 CT2 Formula valoracions a partir de la gestió i l'ús eficient de la informació.
 CT3 Resol problemes complexes de manera crítica, creativa i innovadora en contextos multidisciplinars.
 CT4 Treballa en equips multidisciplinars i en contextos complexes.
 CT7 Aplica els principis ètics i de responsabilitat social com a ciutadà i com a professional.
Type C Code Learning outcomes

Contents
Topic Sub-topic
1. Introduction a. Basic concepts of privacy
b. Legal principles
c. Privacy by design
d. Design strategies for privacy
2. Data privacy techniques a. Authentication
b. Attribute-based Credentials.
c. Secure and private communications
d. Anonymity and pseudo-anonymity in communications.
e. Privacy in data storages
f. Privacy-preserving computations
g. Techniques for improving transparency
h. Intervenability-enhancing techniques
3. Privacy in data bases 3. Privacy in data bases
a. Owner's privacy del propietari (Privacy-preserving data mining)
b. User's privacy (private information retrieval)
c. Respondent's privacy (anonymization)

4. User's privacy a. Issues of private information retrieval (PIR).
b. Modifications to PIR based on single users.
c. Modifications to PIR based on p2p networks (P2P PIR).
d. Rational behaviour in P2P PIR.
5. Anonymization in data bases a. Basic concepts
b. Privacy models
c. Protection of tables
d. Protection of interactive data bases.
e. Protection of microdata
g. Evaluation of statistical disclosure control methods.
h. Anonymization software

Planning
Methodologies  ::  Tests
  Competences (*) Class hours
 Hours outside the classroom
 (**) Total hours
Introductory activities
A3
 1 1.5 2.5
Presentations / oral communications
A3
A5
CT4
 1 1.5 2.5
Reading written documents and graphs
A1
A3
CT7
 26 37.5 63.5
Assignments
A3
A4
A5
G1
G2
CT3
CT4
 13 19.5 32.5
Forums of debate
A1
CT2
CT3
CT4
CT7
 1 1.5 2.5
Personal attention
A3
 1 0 1
 
Multiple-choice objective tests
A1
CT2
CT7
 2 6 8
 
(*) On e-learning, hours of virtual attendance of the teacher.
(**) The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies
Methodologies
  Description
Introductory activities Difusió de l'actualitat sobre privadesa reflectida als mitjans
Presentations / oral communications Individual preparation of presentations on specific subjects proposed by the teacher.
Reading written documents and graphs
Assignments
Forums of debate
Personal attention Atenció al despatx prèvia visita concertada

Personalized attention
Description
Students can request via e-mail as many interviews as needed with the teacher. Interviews will be by skype or a similar system.

Assessment
Methodologies Competences Description Weight        
Presentations / oral communications
A3
A5
CT4
 Individual preparation of presentations on specific subjects proposed by the teacher. 20%
Assignments
A3
A4
A5
G1
G2
CT3
CT4
 Individual implementation of a privacy-enhancing technology. 60%
Multiple-choice objective tests
A1
CT2
CT7
 Individual and simultaneous examination of the theoretica contents of the subject. 20%
Others  
 
Other comments and second exam session

Students failing in the first call (according to the assessment scheme above) will be allowed to go to the second call, which will consist in an exam on the June date indicated in the academic calendar. For those students, the exam mark will weight 100% in the second call mark. The exam will take place on the same date and time for all on-line students: they will receive the questions by e-mail and they will be asked to return the answers also by e-mail once the examination time is over.

Sources of information

Basic

o   G. D’Acquisto, J. Domingo-Ferrer, P. Kikiras, V. Torra, Y.-A. De Montjoye and A. Bourka (2015) Privacy by Design in Big Data – An overview of privacy enhancing technologies in the era of big data analytics, European Union Agency for Network and Information Security-ENISA.

o   G. Danezis, J. Domingo-Ferrer, M. Hansen, J.-H. Hoepman, D. Le Métayer, R. Tirtea and S. Schiffner (2015) Privacy and Data Protection by Design: From Policy to Engineering, European Union Agency for Network and Information Security-ENISA.

o   J. Domingo-Ferrer, D. Sánchez and J. Soria-Comas (2016) Database Anonymization: Privacy Models, Data Utility and Microaggregation-Based Inter-Model Connections, Morgan & Claypool.

o   A. Hundepool, J. Domingo-Ferrer, L. Franconi, S. Giessing, E. Schulte-Nordholt, K. Spicer and P.-P. de Wolf (2012) Statistical Disclosure Control, Wiley.
Complementary

Recommendations

Subjects that are recommended to be taken simultaneously
CRYPTOGRAPHY AND INFORMATION SECURITY/17685101v

Subjects that it is recommended to have taken before
CRYPTOGRAPHY AND INFORMATION SECURITY/17685101v
(*)The teaching guide is the document in which the URV publishes the information about all its courses. It is a public document and cannot be modified. Only in exceptional cases can it be revised by the competent agent or duly revised so that it is in line with current legislation.