COMPUTER SYSTEMS SECURITY WITH LAB
Knowledge and understanding: Students must demonstrate knowledge and understanding of basic
concepts and methods for the risk assessment and the protection of software systems. Moreover,
they have to know and understand the main results and techniques of modern Cryptography.
Ability to apply knowledge and understanding: Students must show their competence in using
the tools and methods for the risk assessment and the protection of software systems in specific
contexts and operating environments, as indicated by the teacher.
Autonomy of judgement: Students should be able to assess independently both the results returned
by a risk analysis and the correctness of the results and reasoning in Cryptography.
Communication skills: Students, preferably working in teams, should be able to draw up a report
on an algorithm, protocol or any other information security system using advanced
writing/documentation tools and the basic terminology of Computer Science, even in English.
Learning skills: Students must be able to update and deepen topics and specific applications of
information security, even accessing on-line software repositories and other tools on the web.
Cryptography Online Documentation
Cybersecurity and its role and importance for modern societies. The various kinds of current
exploits and the trend of cybercrime in the last years. Perimetral defence and modern attack vectors.
Passwords and other authentication tools and procedures. Privacy, Social networks and Big data.
The root concepts and principles of Cybersecurity. Threats' classification. The CIA triad
(confidentiality, Integrity and Availability) and related controls. The MOM (Motive, Opportunity
and Method) and related countermeasures.
Role and principles of modern Cryptography. Cryptographic objectives with respect to the CIA
triad. Historical ciphers and their influence on modern Cryptography. Discrete probability basics.
The one time pad cipher and perfect secrecy. Pseudo-random bit generators. Stream ciphers and
related attacks. Semantic security of stream ciphers. Some examples of practical stream ciphers
with applications. Block ciphers and related attacks. Semantic security of block ciphers. Some
examples of practical block ciphers with applications. Block cipher's mode of operation. Message
authentication codes (MAC) and their related attacks. Unforgeability. Some examples of practical
MACs with applications. Collision resistance and cryptographic hash functions. Some examples of
practical hash functions with applications. Authenticated Encryption and related attacks. Trusted
third parties and asymmetric (public-key) cryptography. Number Theory basics. Some examples of
practical asymmetric ciphers with applications.Methodological approaches in the development and management of secure software. Bash and
Python used as a calculator. Reserved words. Meta-characters. Environment variables. Working
with strings and structured data types. Control flow. statements. Functions. I/O management.
Calling external programs. Network programming basics. Building software: scripts, modules and
packages. Cryptographic libraries.
This 9-CFU teaching unit is an optional course for the 3-year degree curricula offered by DiST. It
provides an overview on both Cybersecurity and the main algorithms and programming techniques
for protecting data and software systems. This course provides also an exercise lab in secure
programming with Python.
C.P Pfleeger, S.L. Pfleeger, J. Margulies - Security in Computing (Fifth Edition)
D. Boneh, V. Shoup - A Graduate Course in Applied Cryptography
M. Cooper -
Advanced bash scripting guide]; G. van Rossum - Il tutorial di Python
Cryptography Online Documentation
The goal of the assessment procedure is to quantify, for each student, the degree of achievement of
the learning objectives listed above. The assessment procedure consists of a project (performed
individually or in team), optional written examinations, and an oral examination. The optional
written examinations are inter-course examinations that allow students to reduce the number of
topics assessed during the oral examination. The exam is passed only if all the two mandatory
checks (project and oral examination) have been passed.