COMPUTER SYSTEMS SECURITY WITH LAB
Security in Information Systems (SSI) is a 6-CFU teaching unit which constitutes an optional course for the 3-year degree curricula offered by DiST. It provides an overview on both Cybersecurity and the main algorithms and programming techniques for protecting data and software systems.
Security in Information Systems with Programming Lab is a 9-CFU teaching unit which constitutes an optional course for the M.Sc curricula offered by DiST. Besides the contents of SSI, this course provides also an exercise lab in secure programming with the Bash shell and Python.
Cybersecurity and its role and importance for modern societies. The various kinds of current exploits and the trend of cybercrime in the last years. Perimetral defence and modern attack vectors. Passwords and other authentication tools and procedures. Privacy, Social networks and Big data. The root concepts and principles of Cybersecurity. Threats' classification. The CIA triad (confidentiality, Integrity and Availability) and related controls. The MOM (Motive, Opportunity and Method) and related countermeasures.
Role and principles of modern Cryptography. Cryptographic objectives with respect to the CIA triad. Historical ciphers and their influence on modern Cryptography. Discrete probability basics. The one time pad cipher and perfect secrecy. Pseudo-random bit generators. Stream ciphers and related attacks. Semantic security of stream ciphers. Some examples of practical stream ciphers with applications. Block ciphers and related attacks. Semantic security of block ciphers. Some examples of practical block ciphers with applications. Block cipher's mode of operation. Message authentication codes (MAC) and their related attacks. Unforgeability. Some examples of practical MACs with applications. Collision resistance and cryptographic hash functions. Some examples of practical hash functions with applications. Authenticated Encryption and related attacks. Trusted third parties and asymmetric (public-key) cryptography. Number Theory basics. Some examples of practical asymmetric ciphers with applications.
Methodological approaches in the development and management of secure software. Bash and Python used as a calculator. Reserved words. Meta-characters. Environment variables. Working with strings and structured data types. Control flow. statements. Functions. I/O management. Calling external programs. Network programming basics. Building software: scripts, modules and packages. Cryptographic libraries.
C.P Pfleeger, S.L. Pfleeger, J. Margulies - Security in Computing (Fifth Edition)
D. Boneh, V. Shoup - A Graduate Course in Applied Cryptography
The goal of the assessment procedure is to quantify, for each student, the degree of achievement of the learning objectives listed above. The assessment procedure consists of a project (performed individually or in team), optional written examinations, and an oral examination. The optional written examinations are inter-course examinations that allow students to reduce the number of topics assessed during the oral examination. The exam is passed only if all the two mandatory checks (project and oral examination) have been passed.