Seminar: Privacy Analysis in Cloud Services
Basic Information
Type of Lecture: | Seminar |
---|---|
Course: | Master |
Hours/Week: | 2 |
Credit Points: | 6 |
Language: | English |
Term: | Winter 2022/2023 |
Lecturers: | |
Email: |
Content of the Course
Description:
Thank you for submitting the papers and presentations. The final presentation will be on 30.06.2022. You can check the initial agenda by this link (v0.5) . Detailed agenda of the presentations will be published here by 27.06.2022.
There is an increasing tendency among the users (private or company) to find out more about how their data is being treated and preserve their privacy. To help them determine this and cover these concerns, privacy metrics should be identified and evaluated. Identifying these metrics and concerns could lead to a methodology to measure and evaluate data privacy regarding user perspectives on cloud services.
Such an evaluating and ranking algorithm could turn the public view on a service providing company and change the business plan.
This seminar aims to perform an extensive analysis of the state of the art in which privacy threats and the implementation of counter-measures will be identified and analysed.
This will be a journey for us to see what are the privacy concerns of the user dealing with the cloud services, how we can measure and evaluate the service providers, and how this may make an impact on the economic and change the market.
- Please check the introduction slides here for more information.
Prospective topics could be selected from the list below:
- Literature review about the privacy standards for cloud services
- Privacy concerns in cloud services
- Privacy threats and attacks in Cloud services
- Privacy preserving & enhancement methods in cloud services
- Literature review about the privacy metrics in IT services
- Privacy evaluation approaches in IT services
- Literature review about the assurance methods for privacy threats
- Assurance methods for privacy threats on cloud services
- Economic incentives for Cloud service providers and customers
- Best practices for privacy in IT and cloud services (particular service)
More details about the topics will be discussed during the kick-off session before the registration. The methodologies will be talked and discussed in the group before the allocation of the topics. Students are still required to work through the methodology of their topic carefully.
The list is being updated and other related topics in the area are open to talk.
-
-
-
-
- Parikh, Shalin, Dharmin D., Reema P., and Nishant D. (2019). Security and Privacy Issues in Cloud, Fog and Edge Computing. Procedia Computer Science (pp. 734-739)
- Niknia, A., Correia, M., Karimpour, J. (2021, June). Secure cloud-of-clouds storage with space-efficient secret sharing. Journal of Information Security and Applications. (59)
- Information technology — Security techniques — Guidelines for privacy impact assessment. ISO/IEC 29134. Edition 2017
- Cloud Control Matrix (CCM). (2021), Cloud Security Alliance. https://cloudsecurityalliance.org/research/cloud-controls-matrix/
- Ezhilarasan, E., and M. Dinakaran. (2021, April). Privacy preserving and data transpiration in multiple cloud using secure and robust data access management algorithm. Journal of Microprocessors and Microsystems. (82)
- P. Mell, and T. Grance. 800-145. National Institute of Standards and Technology (NIST), Gaithersburg, MD, (September 2011)
- I. Wagner and D. Eckhoff, ‘‘Technical privacy metrics: A systematic survey,’’ ACM Comput. Surv., vol. 51, no. 3, pp. 1–38, Jun. 2018, doi: 10.1145/3168389.
- SILVA P., MONTEIRO E., and SIMÕES P. (2021). Privacy in the Cloud: A Survey of Existing Solutions and Research Challenges, (IEE Access, 2021, pp. 10473-10497
-
-
-
Literature list is being updated...
Agenda:
Title | Date | Time | Room | Files |
Kick-off | 25.04.2022 | 10:00 - 18:00 | RuW 2.202 | |
Topic Submission | 27.04.2022 | Midnight | via Email | |
Topic Allocation | 29.04.2022 | Midnight | via Email | |
Intermediate check-points (on-request appointments) |
30.05.2022 | 14:00-16:00 | TBD | |
Paper Submission | 20.06.2022 | Midnight | via Email | Template |
Presentation Submission | 24.06.2022 | Midnight | via Email | |
Presentations | 27 and 30.06.2022 | 09:00 - 14:00 | RuW 2.202 | Agenda (v0.5) |
The event is planned as a face-to-face event at the university. If more than 10 participants register and we cannot comply with the hygiene regulations for the planned rooms, we will hold the dates online. We will publish all information about the Seminar including changes of time and room on our website (current page).
Exam:
Information:
In order to successfully pass this module, you need to write a paper (60%) and make a presentation (40%). Each partial requirement needs to be passed with a grade of 4.0 or better.
For the paper, the formal requirements of the chair apply (use this Template).
Future Lectures
Lecture | WS 2022 | SS 2023 | WS 2023 |
---|---|---|---|
Mobile Business I - Technology, Markets, Platforms, and Business Models | |||
Mobile Business II - Application Design, Applications, Infrastructures, and Security | |||
Privacy vs. Data: Business Models in the digital, mobile Economy | |||
Seminar | |||
Einführung in die Mobile Business | |||
Business Informatics II | |||
Strategien für Mobile Business | |||
Informations- und Kommunikationssicherheit: Infrastrukturen, Technologien und Geschäftsmodelle |
Privacy vs. Data: Business Models in the digital, mobile Economy
Basic Information
Type of Lecture: | Lecture |
---|---|
Course: | Master |
Hours/Week: | 3 |
Credit Points: | 6 |
Language: | English |
Term: | Summer 2022 |
Lecturers: | |
Email: |
Content of the Course
Description:
Course Contents
The majority of business models in the digital economy heavily rely on the existence of user data in order to enable a value proposition for users. For instance, advertisers use data for the targeting of advertisements whereas others apply it for the personalisation of their service offerings. However, what is beneficial for businesses often becomes of a threat to the privacy of users – especially if highly sensitive data, such as location data, is collected and processed without their consent. Within the digital economy field, this course is going to explore the area of conflict between data-centric business models and user privacy. Since mobile devices accumulate a significant amount of personal data about individuals, the following topics will be covered and examined with a special focus from this „mobile“ perspective:
-
-
-
- Digital data-driven business models
- Means of data collection and its threat to privacy
- Privacy and Data Protection
- Basics of Information Security
- Interplay between data and privacy within digital business models
-
-
Further information at the corresponding LSF/QIS webpage of the course.
The 2nd part of this lecture series (Mobile Business II) focuses on the variety of opportunities and challenges, that are offered by mobile communication technologies and their specific properties and which need to be considered and addressed by companies and regulators. The overall objective of the course is to provide advanced knowledge about mobile applications and mobile services, ranging from technical to economic aspects. Students will be qualified to pro-actively realise inherent commercial potential and to identify and to address challenges and problems in the area of mobile business. An important facet of this is the discussion of international regulation and its implications on the development and application scenarios for mobile services.
Architectures for mobile services and their development are in the focus of the first part of the course. This includes topics such as security and privacy, usability, and the role of standardisation. The presentation of exemplary application areas will allow students to understand and question how different design aspects are considered in current scenarios. The course concludes with a state of the art overview of current mobile business research topics and activities, enabling students to understand the lines of research and to draw connections to already existing mobile business applications and scenarios.
Literature:
No initial readings are required for the course.
Agenda:
Time:
-
-
-
- Thu, 28.04.22, 9 am - 5 pm, Room Casino 1.802 / Campus Westend
- Fri, 29.04.22, 9 am - 5 pm, Room Casino 1.811 / Campus Westend
- Sat, 30.04.22, 9 am - 5 pm, Room Casino 1.811 / Campus Westend
- Fri, 06.05.22, 9 am - 5 pm, Room Casino 1.811 / Campus Westend
- Sat, 07.05.22, 9 am - 5 pm, Room Casino 1.811 / Campus Westend
-
-
The course starts every day "cum tempore (ct.)
Downloads:
-
-
-
- Lecture 1: Introduction to Course and Organisation
- Lecture 2: Customer Touchpoints
- Lecture 3: Products & Services
- Lecture 4: Business Models & Innovation
- Lecture 5: Digital Business - Enablers & Platform Models
- Lecture 6: Big Four of Digital Business
- Lecture 7+8: Data Capital
- Lecture 9: Online Profiling Challenge
- Lecture 10+11: Privacy & Privacy Protection
- Lecture 12: From Data to Artificial Intelligence
- Lecture 13: Tradeoff between Privacy vs. Business Value
- Lecture 14: Course Conclusion & Takeaways
- Course Exercises
- Guest Lecture: ML Expectations vs. Reality
-
-
All downloads are password protected. Participating students will receive the password via e-mail to their student e-mail accounts.
Mobile Business II: Application Design, Applications, Infrastructures and Security
Basic Information
Type of Lecture: | Lecture |
---|---|
Course: | Master |
Hours/Week: | 3 |
Credit Points: | 6 |
Language: | English |
Term: | Summer 2022 |
Lecturers: | Prof. Dr. Kai Rannenberg |
Email: |
Content of the Course
Description:Learning Goals and Competencies
-
-
- Basic understanding of business models of online and mobile business (LGBWL-5)
- Basic understanding of location-based services and its architectures (LGBWL-1)
- Ability to design and evaluate digital business models and concepts with regard to data security and protection (LGBWL-1)
-
Description of the course:
The 2nd part of this lecture series (Mobile Business II) focuses on the variety of opportunities and challenges, that are offered by mobile communication technologies and their specific properties and which need to be considered and addressed by companies and regulators. The overall objective of the course is to provide advanced knowledge about mobile applications and mobile services, ranging from technical to economic aspects. Students will be qualified to pro-actively realise inherent commercial potential and to identify and to address challenges and problems in the area of mobile business. An important facet of this is the discussion of international regulation and its implications on the development and application scenarios for mobile services.
Architectures for mobile services and their development are in the focus of the first part of the course. This includes topics such as security and privacy, usability, and the role of standardisation. The presentation of exemplary application areas will allow students to understand and question how different design aspects are considered in current scenarios. The course concludes with a state of the art overview of current mobile business research topics and activities, enabling students to understand the lines of research and to draw connections to already existing mobile business applications and scenarios.
Agenda:
Please note that the guest lectures are exam relevant and should be attended in person!
Day | Date | Time | Room | Session | Nr. | Title | Document |
Tuesday | 12.04.22 | 14:00-16:00 | HZ15 | Lecture | VL1 | Introduction | Slides |
Tuesday | 12.04.22 | 16:00-18:00 | HZ15 | Lecture | VL2 | Positioning Methods for Location-based Services | Slides |
Tuesday | 19.04.22 | 14:00-16:00 | HZ15 | Lecture | VL3 | LBS Business Models | Slides |
Tuesday | 26.04.22 | 14:00-16:00 | HZ15 | Lecture | VL4 | Cryptography | Slides |
Tuesday | 26.04.22 | 16:00-18:00 | HZ15 | Lecture | VL5 | Electronic Signatures | Slides (Updated) |
Tuesday | 03.05.22 | 14:00-16:00 | HZ15 | Exercise | VL8 |
Data Protection / IdM |
Slides (Updated2) |
Tuesday | 10.05.22 | 14:00-16:00 | HZ15 | Lecture | VL9 | Regulation of Mob. Telec. | Slides |
Tuesday | 10.05.22 | 16:00-18:00 | HZ15 | Lecture | VL10 | Regulation by Licensing | Slides |
Tuesday | 17.05.22 | 14:00-16:00 | HZ15 | Exercise | Ü1 | LBS and Mobile Communities |
|
Tuesday | 24.05.22 | 14:00-16:00 | HZ15 | Lecture | VL6 | M-Payment I | Slides |
Tuesday | 24.05.22 | 16:00-18:00 | HZ15 | Lecture | VL7 | M-Payment II | Slides |
Tuesday | 31.05.22 | 14:00-16:00 | HZ15 | Exercise | Ü3 | M-Payment |
|
Tuesday | 07.06.22 | 14:00-16:00 | HZ15 | Lecture | Ü2 | Cryptography |
|
Tuesday | 07.06.22 | 16:00-18:00 | HZ15 | Lecture | B1 | Current Research: Insights into the Adoption of Cryptocurrencies as Payment Systems | Slides |
Tuesday | 14.06.22 | 14:00-16:00 | HZ15 | Guest Lecture | G1 |
Fatbardh Veseli - Capgemini Privacy by design: positive sum, or zero sum? Illustrations with examples of privacy enhancing technologies and relation to mobility |
Slides |
Tuesday | 21.06.22 | 14:00-16:00 | HZ15 | Lecture | VL11 | HCI Issues | Slides |
Tuesday | 21.06.22 | 16:00-18:00 | HZ15 | Exercise | E4 | Regulation |
|
Tuesday | 28.06.22 | 14:00-16:00 | HZ15 | Guest Lecture | G2 |
Michael Schmid - Hubert Burda Media Holding GmbH: Information Security Governance, Risk and Compliance at a glance and in motion |
|
Tuesday | 05.07.22 | 14:00-16:00 | HZ15 | Guest Lecture | G3 |
Stefan Gärtner Telekom Deutschland GmbH: Mobile Telco Transformation and its Impact on Business and Technology |
Slides |
Tuesday | 05.07.22 | 16:00-18:00 | HZ15 | Lecture | VL12 | Design Evaluation | Slides |
Tuesday | 12.07.22 | 14:00-16:00 | HZ15 | Lecture | VL13 | Current Research / Q&A |
Exam
Information:
The language of the exam is English. The exam is also to be answered in English.
Permitted aids: Dictionary – native tongue to English
Old exams
Information & Communication Security
Basic Information
Type of Lecture: | Lecture |
---|---|
Course: | Master |
Hours/Week: | 3 |
Credit Points: | 6 |
Language: | English |
Term: | Summer 2022 |
Lecturers: | Prof. Dr. Kai Rannenberg |
Email: |
Content of the Course
Description:
The "Information and Communication Security" lecture series provides a general introduction to the topic of information and communication security. Students will be qualified to identify security challenges that come along with using and employing information and communication systems, and to identify and apply adequate means and methods to solve them. Emphasis will be put on the organizational and technical set-up of infrastructures, also including aspects of pragmatic and professional risk management, and profitability analysis of security concepts and technologies. Further, students will be qualified to identify and assess security risks, in order to develop and establish appropriate security strategies. Contents presented in the lecture will also be discussed in the context of international standardization and regulation activities in the domain of information and communication security, allowing students to consider long-term developments, trends, and challenges in their analysis.
-
-
- If you are interested in CONVERGENCE NEXT, you will find the registration link here: https://cybersec4europe.eu/event/convergence-next/
- On short notice, the guestlecture on 14th of June from 16:00 - 18:00 will be virtual. We provide a livestream in HZ15. You can join via: https://bbb.uni-frankfurt.de/b/sas-wfx-xba-ljv (the lecture is NOT recorded)
- We have updated Assignment 4 V1.1 with the solutions.
- GL4 is also uploaded.
- Access Control: In the old SS 2012 exam for historic reasons we were working with the UNIX definition of “write” that does not include “read”. To avoid confusion, we will remove this exam in future.
-
Agenda:
Security Management
Date | Time | Session | Title | Downloads |
12.04.2022 | 10:00-12:00 | Lecture | Introduction | Slides_V1.2 |
19.04.2022 | 10:00-12:00 | Lecture | Authentication | Slides |
19.04.2022 | 16:00-18:00 | Lecture | Access Control | Slides |
26.04.2022 | 10:00-12:00 | Lecture | Cryptography I | Slides |
03.05.2022 | 10:00-12:00 | Lecture | Cryptography II | Slides |
03.05.2022 | 16:00-18:00 | Lecture | Electronic Signatures | Slides |
10.05.2022 | 10:00-12:00 | Lecture | Identity Management | Slides |
17.05.2022 | 10:00-12:00 | Lecture | Privacy Protection I | Slides_V1.1 |
17.05.2022 | 16:00-18:00 | Exercise | Authentication | |
24.05.2022 | 10:00-12:00 | Lecture | Privacy Protection II | Slides |
31.05.2022 | 10:00-12:00 | Lecture | Computer System Security | Slides |
31.05.2022 | 16:00-18:00 | Exercise | Access Control | |
07.06.2022 | 10:00-12:00 | Lecture | Network Security I | Slides |
14.06.2022 | 10:00-12:00 | GL1 | SVA: Biometrics | Slides |
14.06.2022 | 16:00-18:00 | GL2 | Capgemini: eID | Slides |
21.06.2022 | 10:00-12:00 | Exercise | Cryptography | |
28.06.2022 | 10:00-12:00 | GL3 | Security Management | Slides |
28.06.2022 | 16:00-18:00 | Exercise | Security Management | Assignment 4 V1.1 |
05.07.2022 | 10:00-12:00 | GL4 | Visualisation in information Security Management | |
12.07.2022 | 10:00-12:00 | Lecture | Network Security II | Slides |
12.07.2022 | 16:00-18:00 | Lecture | Exam Prep and Wrap Up | Slides |
Exam
Information:
The language of the exam is english. The exam is also to be answered in English.
The exam has 90 points.
Please bring a non-programmable calculator to the exam.
Exam review:
01.09.22; 13-16 Uhr | RuW 2.203 | Register until 31.08.22 by sending an email including your Student ID (Matrikelnummer) to |