Access Control Systems: Foundations and Practice

  • type: Vorlesung / Übung (VÜ)
  • chair: KIT-Fakultäten - KIT-Fakultät für Informatik - Institut für Telematik - ITM Hartenstein
  • semester: SS 2021
  • time: 13.04.2021
    10:00 - 11:30 wöchentlich


    16.04.2021
    12:00 - 13:30 wöchentlich

    20.04.2021
    10:00 - 11:30 wöchentlich

    23.04.2021
    12:00 - 13:30 wöchentlich

    27.04.2021
    10:00 - 11:30 wöchentlich

    30.04.2021
    12:00 - 13:30 wöchentlich

    04.05.2021
    10:00 - 11:30 wöchentlich

    07.05.2021
    12:00 - 13:30 wöchentlich

    11.05.2021
    10:00 - 11:30 wöchentlich

    14.05.2021
    12:00 - 13:30 wöchentlich

    18.05.2021
    10:00 - 11:30 wöchentlich

    21.05.2021
    12:00 - 13:30 wöchentlich

    01.06.2021
    10:00 - 11:30 wöchentlich

    04.06.2021
    12:00 - 13:30 wöchentlich

    08.06.2021
    10:00 - 11:30 wöchentlich

    11.06.2021
    12:00 - 13:30 wöchentlich

    15.06.2021
    10:00 - 11:30 wöchentlich

    18.06.2021
    12:00 - 13:30 wöchentlich

    22.06.2021
    10:00 - 11:30 wöchentlich

    25.06.2021
    12:00 - 13:30 wöchentlich

    29.06.2021
    10:00 - 11:30 wöchentlich

    02.07.2021
    12:00 - 13:30 wöchentlich

    06.07.2021
    10:00 - 11:30 wöchentlich

    09.07.2021
    12:00 - 13:30 wöchentlich

    13.07.2021
    10:00 - 11:30 wöchentlich

    16.07.2021
    12:00 - 13:30 wöchentlich

    20.07.2021
    10:00 - 11:30 wöchentlich

    23.07.2021
    12:00 - 13:30 wöchentlich


  • lecturer: Jan Grashöfer
    Prof. Dr. Hannes Hartenstein
    Marc Leinweber
  • sws: 3
  • lv-no.: 2400111
  • information: Online
Inhalt

Content

An information security model defines access rights that express for a given system which subjects are allowed to perform which actions on which objects. A system is said to be secure with respect to a given information security model, if it enforces the corresponding access rights. Thus, access control modeling and access control systems represent the fundamental building blocks of secure services, be it on the Web or in the Internet of Everything.
In this master-level course, we thoroughly investigate the evolution of access control models (access control matrix, role-based access control, attribute access control) and describe usage control models as a unified framework for both access control and digital rights management. We analyze current access control systems and APIs from both, the developers and the end users perspective, including Identity-as-a-Serivce. We look at current research aspects of secure data outsourcing and sharing, blockchains, and vehicular systems. Finally, we also discuss the ethical dimension of access management. Students prepare for each session by studying previously announced literature that is then jointly discussed in the lecture.

Work Load

(2 SWS + 2,0 x 2 SWS) x 15 + 30 h Klausurvorbereitung = 120h

4 ECTS

Goals

Summary: the student is able to derive suitable access control models from scenario requirements and is able to specify concrete access control systems. The student is aware of the limits of access control models and systems with respect to their analyzability and performance and security characteristics. The student is able to identify the resulting tradeoffs. The student knows the state of the art with respect to current research endeavors in the field of access control.

The specific competences are as follows. The student...

... is able to analyze a specific instance of an access control system and identify roles that enable a role-based access control realization.

... is able to decide which concrete architectures and protocols are technically suited for realizing a given access control model.
... is able to design an access control system architecture adhering to the requirements of a concrete scenario.
... knows access control models derived from social graphs and is able to analyze the opportunities for deanonymization of persons through metrics from the literature.

... knows specific access control protocols employed by providers of modern cloud-based services.

... knows the challenges of access control in inter and intra-vehicle communication and is able to identify the fundamental access control problems in the domain.
... knows access control mechanisms for secure data outsourcing and is able to analyze and compare the performance and security garantees of the different approaches.

... knows access control protocols to enable decentralized data sharing through cryptographic methods and is able to compare protocol realizations based on different cryptographic building blocks with respect to their performance.

... knows blockchain-based approaches to ensure the consistency in decentralized systems and is able to identify tradeoffs between consistency and anonymity.

VortragsspracheEnglisch