COMPUTER SECURITY
6 credits during the 3nd year of 8759 Computer Science (L-31) GENOVA
OVERVIEW
Computer Security pervades every aspect of the modern online experience, from conventional computers to mobile phones and the IoT. This course covers some of the fundamental principles of Computer Security. Topics covered include cryptographic hash functions, symmetric and asymmetric ciphers, digital signatures, digital certificates, security protocols, and access control. An introduction to network security and web security is also provided. The course features a number of hands-on sessions and a cyber exercise (e.g. a Capture-the-Flag competition).
AIMS AND CONTENT
LEARNING OUTCOMES
1. Introduction 2. Introduction to Cryptography 3. Symmetric Cryptography 4. Public-Key Cryptography 5. Message Authentication and Digital Signatures 6. Public Key Infrastructure (PKI) 7. Authentication Protocols 8. Internet Security 9. Secure Programming 10. Network Security 11. Web Security 12. Malware 13. Access Control
PREREQUISITES
- Good programming skills
- Fundamentals of Computer Architectures and Operating Systems
- Fundamentals of communication protocols and the TCP/IP
Teaching methods
Lecture-style instruction complemented with hands-on session on selected topics (e.g. secure mail, web security).
The examination consists of a written and a practical exam (cyber exercise).
SYLLABUS/CONTENT
-
Introduction Computer Security [1h]
-
The concepts of resource, vulnerability, threat, countermeasure, and risk
-
Security goals: confidentiality, integrity, availability, ...
-
-
Introduction to Cryptography [2h]
-
Fundamental concepts (cryptography, cryptanalysis, general cryptographic schema)
-
Monoalphabetic substitution ciphers (Caesar cipher)
-
Polyalphabetic substitution ciphers (Vigenère cipher)
-
One-time pads (Vernam cipher)
-
Transposition ciphers
-
Composite ciphers
-
-
Symmetric Cryptography [3h]
-
Block and stream ciphers
-
Feistel cipher structure
-
DES and 3DES
-
Modes of operation (Electronic Code Book, Cipher-Block Chaining, Stream Ciphers)
-
Link vs end-to-end encryption
-
The key distribution problem
-
-
Public-Key Cryptography [6h]
-
Introduction to public-key cryptography
-
Introduction to Number Theory
-
The RSA algorithm
-
Diffie-Hellman key exchange
-
-
Message Authentication and Digital Signatures [3h]
-
Message integrity and authentication functions (message encryption, message authentication code, cryptographic hash functions)
-
Digital signature
-
-
Public Key Infrastructure (PKI) [3h]
-
PKI components
-
Digital Certificates
-
Trust models
-
-
Security Protocols [6h]
-
Basic notions (protocol execution, assumptions and goals, attacker model)
-
Examples of protocols (NSPK, Otway-Rees, Andrew Secure RPC, Denning & Sacco)
-
Prudent engineering of security protocols
-
Kerberos (architecture, protocol, inter-realm communication, limitations)
-
-
Secure mail [3h+3h hands on]
-
PGP
-
-
Network Security [6h]
-
Link Layer: WiFi Security
-
Network Layer: IP-Sec
-
Transport Layer: SSL/TLS
-
Introduction to Firewalls
-
-
Web Security [6h + 6h hands on]
-
Security on the client side (cookies and privacy, HTTP authentication mechanisms)
-
Security on the server side (unvalidated input, broken authentication and session management, cross-site scripting, injection flaws, denial of service, ...)
-
-
Secure Programming [6h]
-
Buffer overflows
-
Format string vulnerabilities
-
-
Access Control [6h]
-
Discretionary vs Mandatory Access Control
-
Access control matrix model
-
Role-Based Access Control (RBAC)
-
Administrative Role-Based Access Control (ARBAC)
-
I modelli di Bell-LaPadula, Harrison-Ruzzo-Ullman, Chinese Wall
-
-
Cyber Exercise [12h hands on]
RECOMMENDED READING/BIBLIOGRAPHY
Teaching material (slides and exercises) are available on AulaWeb.
Charles P. Pfleeger Shari Lawrence Pfleeger. Security in Computing, 4/E. ISBN-10:0132390779, ISBN-13: 9780132390774, Prentice Hall Editor, 2007. (Available also in Italian)
William Stallings, Lawrie Brown. Computer Security: Principles and Practice (3rd Edition). Pearson Ed., 2015
TEACHERS AND EXAM BOARD
Ricevimento: Tuesday, 2:00pm - 5:00pm
Exam Board
ALESSANDRO ARMANDO (President)
ALESSIO MERLO
GIOVANNI LAGORIO
LESSONS
Teaching methods
Lecture-style instruction complemented with hands-on session on selected topics (e.g. secure mail, web security).
The examination consists of a written and a practical exam (cyber exercise).
EXAMS
Exam description
Written + Practical
Assessment methods
At the end of the course, students will be able to assess the security issues associated with software applications and will be able to identify the security techniques necessary to meet the security requirements.