Modul

Siehe Teilleistung.

Summary: the student is able to derive suitable access control models from scenario requirements and is able to specify concrete access control systems. The student is aware of the limits of access control models and systems with respect to their analyzability and performance and security characteristics. The student is able to identify the resulting tradeoffs. The student knows the state of the art with respect to current research endeavors in the field of access control.

The specific competences are as follows. The student...

... is able to analyze a specific instance of an access control system and identify roles that enable a role-based access control realization.

... is able to decide which concrete architectures and protocols are technically suited for realizing a given access control model.

... is able to design an access control system architecture adhering to the requirements of a concrete scenario.

... knows access control models derived from social graphs and is able to analyze the opportunities for deanonymization of persons through metrics from the literature.

… is aware of hardware-assisted access control mechanisms (e.g., Trusted Execution Environments) and attacks on hardware and operating system security

… is able to name and describe desired features of Trusted Execution Environments and knows current approaches from industry and research.

… knows the requirements for access control mechanisms in decentralized systems (e.g., blockchain-based systems, Matrix) and is able to name and describe current approaches to address the domain-specific requirements

Siehe Teilleistung

An information security model defines access rights that express for a given system which subjects are allowed to perform which actions on which objects. A system is said to be secure with respect to a given information security model, if it enforces the corresponding access rights. Thus, access control modeling and access control systems represent the fundamental building blocks of secure services, be it on the Web or in the Internet of Everything.

In this master-level course, we thoroughly investigate the evolution of access control models (access control matrix, role-based access control, attribute access control) and describe usage control models as a unified framework for both access control and digital rights management. We analyze current access control systems from both, the developers and the end users perspective. We look at current research aspects of secure data outsourcing and sharing, blockchains, and trusted execution environments. Finally, we also discuss the ethical dimension of access management.

Students prepare for lecture and exercise sessions by studying previously announced literature and by preparation of exercises that are jointly discussed in the sessions.

Grundlagen entsprechend der Vorlesungen „IT-Sicherheitsmanagement für vernetzte Systeme“ und „Telematik“ werden empfohlen.

Vorlesung: 2 SWS: 2,0h x 15 = 30h

Übung: 1 SWS: 1,0h x 15 = 15h

Wöchentliche Vor- und Nachbereitung der Vorlesung: 15 x 1,5h x 2 = 45h

Wöchentliche Vor- und Nachbereitung der Übung: 15 x 2h = 30h

Prüfungsvorbereitung: 30h

Σ = 150h = 5 ECTS