Information System Security
Knowledge and understanding: i) to understand main cryptographic algorithms, techniques for preserving information integrity and confidentiality, and for identity management ii) know and being able to analyze main application vulnerabilities; iii) understand security issues arising with emerging technologies.
Applying knowledge and understanding: i) exploit and fix main software vulnerabilities; ii) design and programming software systems providing integrity, confidentiality and availability.
Making judgements: i) security evaluation of a complex system; ii) comparison of systems based on security features.
Learning skills: i) consulting reference literature; ii) searching and consulting online databases and repositories.
Communication skills: i) mastery of the jargon with respect to the course topics; ii) team working
Even if not formally necessary, it is highly suggested that the student already masters the contents of the Network Security class.
System Security Concepts (2h - 0.25 CFU). Unix Security (14h - 1.75 CFU): permission management, SUID/GUID eSUID/eGUID, sticky bits; multi-threading; Virtual Memory Management; Race Conditions. Assembly x86 (6h - 0.75 CFU): basic programming; debugging with gdb-peda; mixed c/asm programming; Integer Overflows. Binary Security(10h - 1.25 CFU): reverse engineering; intro to radare2; anti-reversing techniques; anti-debugging techniques. Application Security (10h - 1.25 CFU): Buffer Overflow; Format String Vulnerability; Shellcoding and metasploit lab; Return-2-libc; Return Oriented Programming. Cryptography (10h - 1.25 CFU): Classical Cyphers algorithms and vulnerabilities, Symmetric Cryptography, Asymmetric Cryptography, Message Authentication Codes and Hash functions. IAM (8h - 1 CFU): digital signature; digital certificates; PKIs. Cloud Security (4h - 0.5CFU): threats and countermeasures. IoT Security (4h - 0.5CFU): technologies and issues. Hardware Assisted Security (4h - 0.5CFU): Trusted Computing and Intel SGX.
Security mechanisms in Operating Systems (16h, 2 CFU): access permissions in Linux, Concurrent Programming, Race Conditions, Memory Management.
Binary Code Security(26 h, 3.25 CFU): Binary files Reverse Engineering; Anti-reverse Engineering and anti-debugging techniques. Application Security: Buffer Overflow, Integer Overflow, Format String Vulnerability, Return Oriented Programming.
Cryptography, PKIs, and IAM(18 h, 2.25 CFU): Classical Cryptography Schemas and vulnerabilities; Symmetric and Asymmetric Cryptography;Message integrity and authentication; PKI, digital signature and digital certificates. Identity and Access Management.
Security in modern computing paradigms (12 h, 1.5 CFU). Cloud Computing Security. Internet of Things security. Hardware Assisted Security.
Lectures and hands-on experience sessions.
Cryptography and Network Security: Principles and Practice, 7th Edition
William Stallings, Pearson, ISBN-13: 978-0134444284
Further Readings: The Hacker Playbook 3: Practical Guide To Penetration Testing, Peter Kim, ed. 2018. ISBN-13: 978-1980901754
Exam consists in an oral discussion of a project work agreed with the professor and developed individually by the student.
Lectures are in Italian. Additional study material will be made available by the teachers. The professor is fluent in English and is available to interact with students in English, also during the examination. Students can meet the professor on Tuesdays from 3 to 5 PM in his office (and/or remotely).