Università degli Studi di Napoli "Parthenope"

Teaching schedule

Academic year: 
2022/2023
Belonging course: 
Location: 
Napoli
Disciplinary sector: 
INFORMATION PROCESSING SYSTEMS (ING-INF/05)
Language: 
Italian
Credits: 
9
Year of study: 
1
Teachers: 
Cycle: 
First Semester
Hours of front activity: 
72

Language

Italian

Course description

Knowledge and understanding: i) to understand main cryptographic algorithms, techniques for preserving information integrity and confidentiality, and for identity management ii) know and being able to analyze main application vulnerabilities; iii) understand security issues arising with emerging technologies. 
Applying knowledge and understanding: i) exploit and fix main software vulnerabilities; ii) design and programming software systems providing integrity, confidentiality and availability. 
Making judgements: i) security evaluation of a complex system; ii) comparison of systems based on security features.  
Learning skills: i) consulting reference literature; ii) searching and consulting online databases and repositories. 
Communication skills: i) mastery of the jargon with respect to the course topics; ii) team working 

Prerequisites

None

Syllabus

Itroduction and Operating System Security (10h,1.25CFU): Basic definition and concepts about security and risk management (2h) authentication and authorization in linux: real and effective UID/GID, sticky bit, command injection (3h); IAM: identity, authentication, authorization, auditing, access control policies (2h); authentication by means of passwords, federated authentication, multifactor authentication (2h). Race Conditions, Memory Management (1h).
Binary Code Security (12h, 1.5 CFU): Software Code Vulnerability: Integer Overflow (2h), Buffer Overflow (4h), Format String Vulnerability (4h), Return Oriented Programming (2h).
Malware (10h,1.25 CFU): taxonomy and antiviruses basics (2h), example of antiviruses: the ClamAV case, YARA (2h). Malware signatures (2h). Static Analysis: binary file organization; Indicator of Compromission; Strings analysis, mutex analysis, applications for static analysis (PEStudio) (3h); Dynamic Analysis: preparing a safe testbed, evasion techniques, tools for dynamic software analysis (3h).
Security in modern computing paradigms (20h, 2.5 CFU). Defensive coding; Hardware Assisted Security: Trusted Computing (2h) and Trusted Execution environment (2h): TEE in x86 environments (2h), TEE in ARM environments (2h); log management (2h) SIEM solutions (2h). Internet of Things security: IoT protocols and vulnerabilities (4h). Cloud Computing Security security: the cloud paradigms; classes of vulnerabilities; attack vectors (4h).
Cryptography, PKIs (20h, 2.50 CFU):  Classical Cryptography Schemas: substitution based, Cesar and Vigenere (2h) and related vulnerabilities with exercises (2h). Providing Integrity: hash functions; Authentication: MAC/HMAC (2h); Symmetric (block based and chained), DES, 3DES, AES (8h) and Asymmetric Cryptography RSA (2h) Man-in-the-middle attacks; Message integrity and authentication; PKI, digital signature and digital certificates (2h) and exercises (2h).

Security mechanisms in Operating Systems (10h, 1.5 CFU): access permissions in Linux, IAM, Race Conditions, Memory Management.
Binary Code Security(12 h, 1.5 CFU): Application Security: Integer Overflow, Memory Safety Violations.
Malware (10h,1.25 CFU): classes of malware, antiviruses, malware analysis, static and dynamic analysis.
Security in modern computing paradigms (20h, 2.5 CFU). Defensive coding; Cloud Computing Security. Internet of Things security. Hardware Assisted Security. 
Cryptography, PKIs (20 h, 2.5 CFU):  Classical Cryptography Schemas and vulnerabilities; Symmetric and Asymmetric Cryptography;Message integrity and authentication; PKI, digital signature and digital certificates.  

Teaching Methods

Lectures and hands-on experience sessions.

Textbooks

Cryptography and Network Security: Principles and Practice, 7th Edition
William Stallings, Pearson, ISBN-13: 978-0134444284

Further Readings: The Hacker Playbook 3: Practical Guide To Penetration Testing, Peter Kim, ed. 2018. ISBN-13: 978-1980901754

Learning assessment

Exam consists in an oral discussion of a project work agreed with the professor and developed individually by the student.

More information

Lectures are in Italian. Additional study material will be made available by the teachers. The professor is fluent in English and is available to interact with students in English, also during the examination. Students can meet the professor on Tuesdays from 3 to 5 PM in his office (and/or remotely).
MS Teams code: f8p501g

Mutuazioni

  • Study course INGEGNERIA DELLA SICUREZZA DEI DATI E DELLE COMUNICAZIONI - Training course in PERCORSO GENERICO