An information security model defines access rights that express for a given system which subjects are allowed to perform which actions on which objects. A system is said to be secure with respect to a given information security model, if it enforces the corresponding access rights. Thus, access control modeling and access control systems represent the fundamental building blocks of secure services, be it on the Web or in the Internet of Everything.
In this master-level course, we thoroughly investigate the evolution of access control models (access control matrix, role-based access control, attribute access control) and describe usage control models as a unified framework for both access control and digital rights management. The students experiment with real-world access control protocols and technologies and thus apply the contents of the lecture "Access Control Systems: Foundations and Practice" in a real-world context.

The student is able to derive suitable access control models from scenario requirements and is able to specify concrete access control systems.

The student is aware of current access control frameworks and technologies.

The student is able to formulate a suitable system architecture for a given access control scenario.

The student is able to identify concrete technologies to implement an access control system securely and efficiently.

The student is able to evaluate the suitability of a given access control system architecture for a given scenario.