Tutorial on Challenges in Data Protection - Privacy by Design

Stefan Katzenbeisser, TU Darmstadt & CASED, Germany

The increasing use of networked IT systems brings new challenges regarding the protection of privacy sensitive data. While in the past privacy was mainly assured through regulatory approaches, access control and audits, these mechanisms tend to be inappropriate for largely distributed systems. New technical protection mechanisms come to rescue: they allow to make sensitive data available for various applications, while protecting them from misuse. The tutorial will provide an introduction two technically different approaches. First, data usage control allows to implement fine-granular data-centric access control policies which span across systems boundaries. These approaches gained popularity due to the availability of novel operating systems security concepts, such as strong isolation and virtualization, and can be implemented using concepts like Trusted Computing. Second, cryptographic protocols, based on homomorphic encryption and Secure Multiparty Computation, can be designed, which allow to privately process sensitive data and prevent data leakage to insiders.

Stefan Katzenbeisser received the Ph.D. degree from the Vienna University of Technology, Austria. After working as a research scientist at the Technical University in Munich, Germany, he joined Philips Research as Senior Scientist in 2006.

Since April 2008 he is professor at the Technical University of Darmstadt, heading the Security Engineering group. His current research interests include Digital Rights Management, data privacy, software security and cryptographic protocol design. He is a member of the ACM, IEEE and IACR.