B649/I590 - Data Protection

General Course Information (Spring 2015)

Time: Tuesday and Thursday, 04:00pm - 05:15pm
Location: BH 006
Instructor: Raquel Hill
    Email: ralhill [at] indiana [dot] edu
    Office hours: Tuesday and Thursday immediately after class (or by appointment)
    Office: Lindley Hall (LH) 230E
Associate Instructor's
    Harsh Pathak (hpathak [at] indiana [dot] edu)
AI office Hours:
    Thursday: 2:30pm - 3:30pm (or by appointment)
AI office hour location:   Lindley Hall (LH) 112


Course Summary/Pre-requisites

Big Data is more than the latest buzzword, it is big business. The main revenue stream for many of today’s companies is not the product or service that they are offering, but the data that they collect from the consumer as he or she uses the product/service. Consumer data collection may have begun with retail loyalty cards, but has now exploded with growth in social networks, online advertising, and mobile apps. Recent reports state that most mobile apps collect and share personal user data, including: username/password, phone_id, age, gender, location, phone number, contacts, etc. This data is identifying and can often be used to link de-identified data back to an individual identify. Sharing this data, with third parties makes identifying information more widely available; therefore limiting the effectiveness of current data security and privacy mechanisms. Collecting and owning such customer data is also a liability for businesses, for it makes them targets for attacks that compromise confidentiality and data integrity. The problem is further complicated when data has been classified as sensitive and access to sensitive data are regulated by legal statutes such as the Health Insurance Portability and Accountability Act. In this class, we will explore current proposals for protecting data. We will investigate various methods for protecting the identities of individuals who participate in studies, whether data is maintained by the data owners or by within the cloud. In addition, we will investigate the various risks of storing sensitive data on mobile devices where the threat of access to data by malicious software increases as we download more applications. Our goals for the course are to: Understand the types of data that are being collected by businesses or willingly shared via social networking sites, and the associated risks to privacy. Evaluate legal requirements for protecting sensitive data Understand the various security and privacy requirements for protecting data at rest, in cloud, mobile computing environments. Investigate a data protection problem through a semester long research project.

Pre-requisites : None

Useful Skills : Programming (C, JAVA, Perl, etc), Datamining, Statistical Analysis


Textbook


I will derive material from the other reference books, RFCs, and research papers for certain classes. However, you are not required to buy any additional materials for this class.
Students are also encouraged to search for papers related to data/web privacy, go through them, and present some in class or do a project on one of them. Some popular conferences for good papers are :


Grading and Exams

The tentative grading framework for the class is as follows: