Privacy Enhancing Technologies

Course Description

Huge volumes of data containing sensitive/private information are being collected and stored by websites, sensors/monitoring systems, auditing systems, and so on. Examples include electronic records in health care systems and location information in ubiquitous computing applications. How can we protect users' privacy and at the same time enable effective sharing and utilization of the distributed data? How can we ensure that cloud services do not misuse users' data or violate privacy policies? And how can we provide desirable services to users and protect their privacy even when the servers are untrusted?

The general theme of this course is to explore potential techniques for building new platforms, services, and tools that protect users' privacy. In particular, we emphasize the technical and economic viability, as well as the usability of these privacy technologies. We will study promising component technologies ranging from advances in secure systems research (e.g., trusted computing, virtualization), to theoretic tools like differential privacy and cryptography. Topics intended for discussion include but are not limited to:

-- Attacks against privacy, including de-anoymization/re-identification attacks, and side-channel attacks
-- Privacy of user data in the cloud
-- Privacy of user data on mobile devices
-- Trusted computing, code attestation and property attestation
-- Privacy-preserving data mining
-- Differential privacy, data anonymization and perturbation techniques
-- Privacy-preserving software systems and applications
-- Cryptographic techniques for privacy
-- Programming language techniques for privacy

Selected Slides

• Topic 1: Landscape
• Topic 2: Attacks
• Topic 3: Differential Privacy
• Topic 4: Principles of System Security
• Topic 5: Trusted Computing

We gratefully acknowledge the generous support from Intel to develop this privacy curriculum.