AIMS AND CONTENT

SYLLABUS/CONTENT

• Security requirements, security mechanisms, and attacks.
• Fundamentals of cryptography: classical cryptographic techniques; symmetric ciphers (block ciphers, DES); hash functions; public key cryptography (RSA, Diffie-Hellman, PKI)
• Applications: confidentiality, authentication, non-repudiation (digital signature);
• Security Protocols: design and analysis of vulnerabilities (Needham Schroeder Public Key authentication protocol, Otway-Rees, Andrew Secure RPC protocol, Denning and Sacco key exchange protocol; introduction to Kerberos e IPSec)
•  Web security: cross-site scripting, SQL injection, cookie poisoning, buffer overflow;
• Access Control: discretionary and mandatory access control; access control matrices model; role-based access control.

RECOMMENDED READING/BIBLIOGRAPHY

Teaching material (slides and exercises) are available on AulaWeb.

Charles P. Pfleeger Shari Lawrence Pfleeger. Security in Computing, 4/E. ISBN-10:0132390779, ISBN-13: 9780132390774, Prentice Hall Editor, 2007. (Available also in Italian)

William Stallings and Lawrie Brown. Computer Security: Principles and Practice, 2/E ISBN10: 0132775069, ISBN-13: 9780132775069, Prentice Hall Editor, 2012

TEACHERS AND EXAM BOARD

Exam Board

ALESSANDRO ARMANDO (President)

GABRIELE COSTA

MARCO MARATEA

DANILO MASSA

ALESSIO MERLO

GIANLUCA PAPALEO

ARMANDO TACCHELLA

EXAMS

EXAM DESCRIPTION

Written + Practical

ASSESSMENT METHODS

At the end of the course, students will be able to assess the security issues associated with software applications and will be able to identify the security techniques necessary to meet the security requirements.

Exam schedule