Access Control Systems: Foundations and Practice
|Ort:||Raum 217, Geb. 20.21 (SCC)|
|Zeit:||Donnerstag, 14:00-15:30 Uhr|
|Dozent:||Prof. Dr. Hannes Hartenstein|
An information security model defines access rights that express for a given system which subjects are allowed to perform which actions on which objects. A system is said to be secure with respect to a given information security model, if it enforces the corresponding access rights. Thus, access control modeling and access control systems represent the fundamental building blocks of secure services, be it on the Web or in the Internet of Everything. In this master-level course, we thoroughly investigate the evolution of access control models (access control matrix, rolebased access control, attribute access control) and describe usage control models as a unified framework for both access control and digital rights management. We analyze current access control systems and APIs from both, the developers and the end users perspective, including Identity-as-a-Serivce. We look at current research aspects of secure data outsourcing and sharing, blockchains, and vehicular systems. Finally, we also discuss the ethical dimension of access management. Students prepare for each session by studying previously announced literature that is then jointly discussed in the lecture.