VVZ API is not affiliated with ETH Zurich. Data might be outdated or incorrect. Please view the official ETHZ Vorlesungsverzeichnis for binding information.

851-0392-00L 3 Credits DS , DR D-GESS

You're viewing possible stale or outdated data. Please check the latest semester for more up-to-date information.

Privacy Quantification and Usable Protection Mechanisms

Lecturers & Examiners: Prof. Dr. Verena Zimmermann, Dr. Noé Zufferey

VVZ CR 3.8

Last Updated: 2026-02-05 16:29:12

Abstract

Students will gain an overview of the main privacy metrics that are used to evaluate privacy risks related to the use of a given technology. They will also be introduced to the concepts of privacy/utility balance and usable security. Practical exercises and reading of recently published scientific articles will be used to present practical cases of the theoretical tools presented in class.

Objective

This course aims to provide the students with a global knowledge of the concepts related to privacy, and the methodology and tools to identify, analyze, and address threats while taking the user into account in the process. They will adopt a “privacy mindset”, thus enabling them to automatically take privacy into account, in a usable way, when designing or analyzing a system.

Content

First, the course will introduce the different definitions and approaches of privacy (e.g., privacy by control, privacy by design) as well as the ethical concerns and considerations related to information security and privacy research (e.g., responsible disclosure, full disclosure). Second, the students will be introduced to the different methods, properties, and metrics to assess and/or guarantee a certain level of privacy. They will be introduced to the properties and metrics related to anonymization (e.g., k-anonymity, l-diversity), data aggregation (e.g., randomized responses, ε-differential privacy), as well as other privacy assessment methodologies (e.g., inferential privacy). Third, the course will address usability issues and the role of individuals (i.e., users) in privacy management (i.e., usable security and privacy) and the design of privacy-enhancing technologies. In this context, we will analyze the main concepts seen during the course and discuss their advantages and disadvantages in terms of usability, as well as their implementation for mass-market and large-scale technologies. Across all three parts of the course, practical exercises, as well as recent research articles reading, and presentations will be used as a complement to support the concepts seen in class, as well as to provide concrete examples of methodologies related to the assessment of privacy in general.

Resources

Literature

N. Gerber, A. Stöver, and K. Marky, Eds., Human Factors in Privacy Research. Cham: Springer International Publishing, 2023. doi: 10.1007/978-3-031-28643-8. T. Carvalho, N. Moniz, P. Faria, and L. Antunes, “Survey on Privacy-Preserving Techniques for Microdata Publication,” ACM Comput. Surv., vol. 55, no. 14s, pp. 1–42, Dec. 2023, doi: 10.1145/3588765. A. Y. Ding, G. L. De Jesus, and M. Janssen, “Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure,” in Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing, in ICTRS ’19. New York, NY, USA: Association for Computing Machinery, Sep. 2019, pp. 49–55. doi: 10.1145/3357767.3357774. N. Gerber, P. Gerber, and M. Volkamer, “Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior,” Computers & Security, vol. 77, pp. 226–261, Aug. 2018, doi: 10.1016/j.cose.2018.04.002. A. Moallem, Ed., HCI for Cybersecurity, Privacy and Trust: 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Virtual Event, June 26 – July 1, 2022, Proceedings, vol. 13333. in Lecture Notes in Computer Science, vol. 13333. Cham: Springer International Publishing, 2022. doi: 10.1007/978-3-031-05563-8. M. Weulen Kranenbarg, T. J. Holt, and J. van der Ham, “Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure,” Crime Science, vol. 7, no. 1, p. 16, Nov. 2018, doi: 10.1186/s40163-018-0090-8.

General Information

Language: English
Levels: DS , DR

Examination

Type: graded semester performance

50% of the final grade is based on a final written exam at the end of the semester, 50% of the final grade will be about presentations (personal project / scientific publication) during the class as well as a written report will.However, a grade of strictly less than 3.5 in the final written exam will lead to failure, regardless of the other grades.

Registration & Places

Max Places: 20

Course Components

Type	Title	Time & Place	Hours
seminar	Privacy Quantification and Usable Protection Mechanisms	Wed 10:15-12:00 (HG E 22)	2 h weekly

Offered In

Science in Perspective (In “Science in Perspective”-courses students learn to reflect on ETH’s STEM subjects from the perspective of humanities, political and social sciences. Only the courses listed below will be recognized as "Science in Perspective" courses.)
- Type A: Enhancement of Reflection Competence (SiP courses are recommended for bachelor students after their first-year examination and for all master- or doctoral students. All SiP courses are listed in Type A. Courses listed under Type B are only recommendations for enrollment for specific departments.)
  - Psychology, Pedagogics
- Type B: Reflection About Subject-Specific Methods and Contents (Subject-specific courses. Particularly relevant for students interested in those subjects. All these courses are also listed under the category “Typ A”, and every student can enroll in these courses.)
  - D-INFK
  - D-ITET
  - D-MTEC
  - D-HEST
  - D-MAVT
Doctorate Humanities, Social and Political Sciences (More Information at: )
- Subject Specialisation