Università degli Studi di Napoli "Parthenope"

Teaching schedule

Academic year: 
2018/2019
Belonging course: 
Course of Master's Degree Programme on DATA AND COMMUNICATION SECURITY ENGINEERING
Location: 
Napoli
Disciplinary sector: 
INFORMATION PROCESSING SYSTEMS (ING-INF/05)
Language: 
Italian
Credits: 
9
Year of study: 
2
Teachers: 
Cycle: 
First Semester
Hours of front activity: 
72

Language

Italian

Course description

Knowledge and understanding: i) to understand main cryptographic algorithms, techniques for preserving information integrity and confidentiality, and for identity management ii) know and being able to analyze main application vulnerabilities; iii) understand security issues arising with emerging technologies.
Applying knowledge and understanding: i) exploit and fix main software vulnerabilities; ii) design and programming software systems providing integrity, confidentiality and availability.
Making judgements: i) security evaluation of a complex system; ii) comparison of systems based on security features.
Learning skills: i) consulting reference literature; ii) searching and consulting online databases and repositories.
Communication skills: i) mastery of the jargon with respect to the course topics; ii) team working

Prerequisites

Even if not formally necessary, it is highly suggested that the student already masters the contents of the Network Security class.

Syllabus

System Security Concepts (2h - 0.25 CFU). Unix Security (14h - 1.75 CFU): permission management, SUID/GUID eSUID/eGUID, sticky bits; multi-threading; Virtual Memory Management; Race Conditions. Assembly x86 (6h - 0.75 CFU): basic programming; debugging with gdb-peda; mixed c/asm programming; Integer Overflows. Binary Security(10h - 1.25 CFU): reverse engineering; intro to radare2; anti-reversing techniques; anti-debugging techniques. Application Security (10h - 1.25 CFU): Buffer Overflow; Format String Vulnerability; Shellcoding and metasploit lab; Return-2-libc; Return Oriented Programming. Cryptography (10h - 1.25 CFU): Classical Cyphers algorithms and vulnerabilities, Symmetric Cryptography, Asymmetric Cryptography, Message Authentication Codes and Hash functions. IAM (8h - 1 CFU): digital signature; digital certificates; PKIs. Cloud Security (4h - 0.5CFU): threats and countermeasures. IoT Security (4h - 0.5CFU): technologies and issues. Hardware Assisted Security (4h - 0.5CFU): Trusted Computing and Intel SGX.

Security mechanisms in Operating Systems (16h, 2 CFU): access permissions in Linux, Concurrent Programming, Race Conditions, Memory Management.
Binary Code Security(26 h, 3.25 CFU): Binary files Reverse Engineering; Anti-reverse Engineering and anti-debugging techniques. Application Security: Buffer Overflow, Integer Overflow, Format String Vulnerability, Return Oriented Programming.
Cryptography, PKIs, and IAM(18 h, 2.25 CFU): Classical Cryptography Schemas and vulnerabilities; Symmetric and Asymmetric Cryptography;Message integrity and authentication; PKI, digital signature and digital certificates. Identity and Access Management.
Security in modern computing paradigms (12 h, 1.5 CFU). Cloud Computing Security. Internet of Things security. Hardware Assisted Security.

Teaching Methods

Lectures and hands-on experience sessions.

Textbooks

Cryptography and Network Security: Principles and Practice, 7th Edition
William Stallings, Pearson, ISBN-13: 978-0134444284

Further Readings: The Hacker Playbook 3: Practical Guide To Penetration Testing, Peter Kim, ed. 2018. ISBN-13: 978-1980901754

Learning assessment

Exam consists in an oral discussion of a project work agreed with professors and developed individually by the student.

More information

Lectures are in Italian. Additional study material will be made available by the teachers. Professors are fluent in English and are available to interact with students in English, also during the examination. Students can meet professor Romano on Tuesdays from 3 to 5 PM in his office, and prof. Coppolino on Mondays from 10 to 12 AM in his office.