3 credits
Spring 2025 Lecture Upper Division
Data security and privacy is an important part of information security. This course provides an introduction to the fundamental principles and techniques for data security and privacy. The course covers fundamental theories of access control, discretionary access control, mandatory access control, and role-based access control, database access control approaches including grant revoke, virtual private databases and labelled databases, database encryption. On privacy, it covers data anonymization, re-identification attacks, definition, primitives, and applications of differential privacy.
Learning Outcomes1Explain the limitation of discretionary access control and the impacts to security. (E,Q,W)
2Explain the definition, enforcement, and challenges for multi-level security, including the Bell LaPadula model, non-interference, and covert channels. (E,Q,W)
3Articulate integrity models (Biba and Clark-Wilson), and the difference between integrity and confidentiality. (E,Q,W)
4Articulate the limitations of data anonymization for achieving privacy, and the strengths and limitations of privacy notions including differential privacy. (EQW)
5Identify, implement, and deploy differential privacy mechanisms for problem settings. (P)
Prerequisites
Restrictions
made by Purdue students.