Introduction to privacy and identity management
Program:	Digital identities, privacy and security. An introduction to legal and technical privacy principles. Presentation of an application scenario.
Speaker:	Marc Wilikens

Relevant privacy standards - P3P and Appel
Program:	BACKGROUND: Introduction: Why P3P and EPAL? Introduction to XML: P3P and EPAL are expressed in XML, therefore an understanding of XML is an essential foundation. TECHNICAL DETAILS: P3P Architecture: The elements of P3P architecture - policies, data schemas, compact policies, policy reference files, appel rulesets, and user agents. P3P Semantics: The elements of a Policy, Relationship to Data Protection Legislation, problems in the European Union. Example policies. P3P and Cookies: Applying P3P to a cookie, linkage, legal and "philosophical" issues around cookies. Applying policies: Policy reference files and deciding responsibility for a policy. Scenario. APPEL - language syntax and implementation architecture. Example of APPEL rules. Modeling laws with APPEL. HOW P3P ENABLES A WEB SITE: User Interfaces: User agent front ends, policy editors, rule editors. Exercise: Enabling a web site with P3P from start to finish. OUTLOOK FOR P3P: Unsolved Problems: Legal, Technical and Social problems with P3P e.g. compact policies, notice, consent. Future of P3P: P3P 1.1, P3P in enterprise and audit languages, P3P as a basis for lifecycle data systems. INTRODUCTION TO EPAL: EPAL context. Difference between EPAL and P3P. EPAL architecture. EPAL Syntax. Example of modelling a legal document in EPAL. EPAL Prospects.
Speaker:	Giles Hogben

Privacy-preserving databases and data mining
Program:	Introduction to data mining Overview of privacy preserving databases and data mining Privacy preserving data mining Privacy preserving classification model construction Privacy preserving data clustering Privacy preserving association rule mining in distributed databases Privacy protection against data mining Association rule hiding Classification model hiding Privacy protection in text databases Privacy preserving databases Privacy preserving outsourcing of databases Privacy preserving indexes Privacy preserving query answering Future research directions
Speaker:	Yucel Saygin

Privacy-enhancing techniques
Program:	Anonymity on the network (Mattia Monga - Igor Nai Fovino) Digging the file system looking for personal data (Lorenzo Martignoni) Attacks to privacy (Lorenzo Cavallaro - Andrea Lanzi) Security and Privacy (Danilo Bruschi)
Speakers:	Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Igor Nai Fovino

Anonymity and pseudo-anonymity protocols
Program:	TOPICS: One of the main impact of contemporary Information and Communication Tehnology (ICT) is the invasion of the Privacy and the misuse of the personal informations. In order to solve the privacy problem, often the people talks about “ data protection ” as a set of methodologies and tools useful to solve the problem. But if we use data security as a synonymous of the privacy we can be deceived. Indeed the term “ data protection ” involves all technics usefull for protecting the user's personal informations from the unauthorised or accidental disclosure. Privacy means how to protect the personal sphere of the users. Anonymity represents one of the main aspects of the privacy. This course will give an introduction and a survey on the main anonymity & pseudoanonimity protocols. PROGRAM: Introduction to anonymity & pseudoanonymity. Anonimyty at the Communication Level: DC nets & MIX nets, Mix net applications (Anonymous Remailers and Browsers, Onion Routing), Crowds. Anonimyty at the Application Level: Blind Signatures, Ecash, Anonymous payment protocols, Anonymous voting schemes. Anonimyty at the System Level. BIBLIOGRAPHY: Simone Fischer-Hübner, “ IT-Security and Privacy-Design and Use of Privacy-Enhancing Security Mechanisms ”, Springer Scientific Publishers, Lecture Notes of Computer Science, LNCS 1958 http://link.springer-ny.com/link/service/series/0558/tocs/t1958.htm, May 2001, ISBN 3-540-42142-4. http://www.freehaven.net/anonbib/
Speaker:	Giuseppe Russo

Assuring Security Properties in Third-party Architectures
Abstract:	Web-based Third-party architectures for data publishing  are today receiving growing attention, due to their scalability and  the ability of efficiently managing large numbers of users and great amounts of data. A third-party architecture relies on a distinction between the Owner and the  Publisher of information. The Owner is the producer of information, whereas Publisher provides data management services and query processing functions for (a portion of) the Owner's information. In such an architecture, there are important security concerns in that the Publishers may be untrusted. In this talk we explain some proposals providing partial solutions to this  problem, and a XML-based comprehensive framework to support all the most important security properties  in the presence of an untrusted Publisher.
Speaker:	Barbara Carminati

e-Health Care Process and Management
Abstract:	Much advancement has been achieved and many research projects have been under process in terms of ICT and medical technology so as to provide quality health care to the citizens. The prime concern is being shown on facilitating such continuity health care that can be made available to the citizens on a real time basis while safeguarding the privacy of the information. This paves way to the Health care portal developed on a trusted framework comprising of several components and sub systems and other shared systems that are integrated together with the process sharing. As such, the main components are Laboratory Information System (LIS), Laboratory Automation System (LAS) and Knowledge Management System (LAK). Managing such a system in an efficient way has to take lot of considerations such as Privacy, Trust, Legal and security Issues, Knowledge Bank, Administration Process, Health Value chain, etc.,. The system gives access to the user's to view their health records and facilitates to update the monitoring data/ vital parameters from time to time (e.g. blood pressure). On the whole, the aim is to provide continuity health care to the citizens with QOS. Key Words: - Health care, Clinical Process, Privacy, Knowledge Sharing.
Speaker:	Alberto Sanna

Legal and foresic aspects
Abstract:	The Program of my lessons is related to computer forensics, the science that studies the collection, preservation, analysis, and presentation of computer-related evidence. Computer evidence can be useful in criminal cases, civil disputes, and human resources/employment proceedings. We will study the basic principles of the computer forensics, focusing especially on the legal aspects: media analysis, data retention, privacy, legal security. Lessons will deal also with the italian and international legal framework of these topics.
Speaker:	Giovanni Ziccardi