Abstract: The first part of the course will review basic notions of access control and will present the most significant models (DAC, MAC, Chinese Wall, RBAC). The second part will focus on access control for relational database systems. The access control of System R will be presented together with relevant extensions, such as positive/negative authorizations and non-cascading revoke operations. The third part will focus on access control for advanced data management systems, like complex object data management systems and XML data. The Author-X model will be discussed in details, including an encryption-based access control model used for push-based information dissemination and an architecture for secure-third party publishing of XML data. The fourth part will focus on privacy issues in database systems and will discuss access control models specifically tailored to privacy.

Bio: Professor Elisa Bertino joined Purdue in January 2004 as professor in Computer Science and research director at CERIAS. Her research interests cover many areas in the fields of information security and database systems. Her research combines both theoretical and practical aspects, addressing applications on a number of domains, such as medicine and humanities. Current research includes: access control systems, secure publishing techniques and secure broadcast for XML data; advanced RBAC models and foundations of access control models; trust negotiation languages and privacy; data mining and security; multi-strategy filtering systems for Web pages and sites; security for grid computing systems; integration of virtual reality techniques and databases; and geographical information systems and spatial databases.

Professor Bertino serves on the editorial boards of several journals - many of which are related to security, such as the ACM Transactions on Information and System Security, the IEEE Security & Privacy Magazine, and IEEE Transactions on Dependable and Secure Computing. She served as program chair of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT02), and as program chair of the 9th International Conference on Extending Database Technology Conference (EDBT 2004). Professor Bertino is a Fellow of the Institute of Electrical and Electronics Engineers and a Fellow of ACM, and received the IEEE Computer Society Technical Achievement award in 2002 for outstanding contributions to database systems and database security and advanced data management systems. She recently received the received the 2005 Tsutomu Kanai Award by the IEEE Computer Society for pioneering and innovative research contributions to secure distributed systems.