CODE 114583 ACADEMIC YEAR 2026/2027 CREDITS 6 cfu anno 3 INFORMATICA 8759 (L-31) - GENOVA 6 cfu anno 3 INGEGNERIA INFORMATICA 8719 (L-8) - GENOVA SCIENTIFIC DISCIPLINARY SECTOR ING-INF/05 LANGUAGE Italian (English on demand) TEACHING LOCATION GENOVA SEMESTER 2° Semester MODULES Questo insegnamento è un modulo di: COMPUTER NETWORKS AND INFORMATION SECURITY AIMS AND CONTENT LEARNING OUTCOMES This teaching unit provides the students with the fundamental principles of Computer Security. Topics covered include: cryptographic hash functions, symmetric and asymmetric ciphers, digital signatures, digital certificates, security protocols, and access control, and an introduction to network and web security and web security. AIMS AND LEARNING OUTCOMES ### Knowledge and Understanding * Understand the main goals of computer security and the threats that may compromise them. * Understand the fundamental principles of secure system design. * Know the main symmetric and public-key cryptographic techniques and their use in real-world systems. * Understand the role of security protocols, public-key infrastructures, and access control models. * Understand the main security issues affecting networks and web applications. ### Applying Knowledge and Understanding * Analyze the security requirements of a computer system. * Identify vulnerabilities and possible countermeasures. * Evaluate the trust assumptions and attacker models underlying security protocols and systems. * Select appropriate protection mechanisms according to specific security goals. * Critically analyze common vulnerabilities affecting applications and computer systems. * Apply access control models to satisfy specific security requirements. ### Making Judgements * Critically evaluate the security properties of computer systems and applications. * Analyze trade-offs among security requirements, functionality, and usability. ### Communication Skills * Describe the main security mechanisms and protocols using appropriate technical terminology. * Justify design choices adopted to satisfy specific security requirements. ### Learning Skills * Independently study new security mechanisms, protocols, and technologies based on the principles acquired during the course. TEACHING METHODS 1. Introduction and Security Principles [2h] * The concepts of resource, vulnerability, threat, countermeasure * Security goals: confidentiality, integrity, availability * Security principles: Open Design, Least Privilege, Separation of Privilege, Defense-in-Depth 2. Introduction to Cryptography and Symmetric Cryptography [8h] * Shannon ciphers and perfect security * Computational ciphers and semantic security * Stream ciphers, pseudo-random generators * Block ciphers: DES, 3DES, AES * Message integrity: MAC, cryptographic hash functions * Authenticated Encryption (AEAD) * The key distribution problem 3. Public-Key Cryptography [10h] * Introduction to public-key cryptography * Introduction to Number Theory * The RSA algorithm * TLS handshake * Elliptic-Curve Cryptography * Diffie-Hellman key exchange * Digital signatures * Protecting private keys with secure elements: smartcards, hardware security modules * Digital Certificates and the Public Key Infrastructure 4. Security Protocols [8h] * Security goals, trust assumptions, attacker models * Protocol execution and analysis * Case studies: NSSK, NSPK, Otway-Rees, Andrew RPC, Denning-Sacco, Kerberos 5. Network Security [4h] * Firewalls * Link vs end-to-end encryption * Virtual Private Networks (IP-Sec, OpenVPN, WireGuard) 6. Secure Programming [4h] * Buffer overflows * Format string vulnerabilities 7. Web Security [6h] * Client side: Browser security model; origin-based security; cookies, sessions and web authentication; client-side attacks * Server side: input validation; authentication and session management; injection attacks (e.g. SQL Injection, Cross-Site Scripting); access control vulnerabilities * Web PKI; Certificate Transparency 8. Access Control [6h] * Discretionary vs Mandatory Access Control * Access control matrix model (UNIX Access Control model) * Role-Based Access Control (RBAC) * Mandatory Access Control (Bell-LaPadula Model, Biba Model, Chinese Wall Model) RECOMMENDED READING/BIBLIOGRAPHY 1. William Stallings, Lawrie Brown. *Computer Security: Principles and Practice* (4th Edition). Pearson Ed., 2017. 2. Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford Stein. *Introduction to Algorithms* (4th Edition). The MIT Press, 2022. 3. Dan Boneh and Victor Shoup. *A Graduate Course in Applied Cryptography*. Available online at: https://toc.cryptobook.us/ TEACHERS AND EXAM BOARD ALESSANDRO ARMANDO Ricevimento: Meetings via Microsoft Teams or in person (office 102, DIBRIS, Via Dodecaneso 35, Genoa) must be arranged in advance by email. Requests for appointments should be sent to alessandro.armando@unige.it with a subject line beginning with the string "[FSI]". The message should specify the course concerned and the student's matriculation number. LESSONS Class schedule The timetable for this course is available here: Portale EasyAcademy EXAMS EXAM DESCRIPTION Assessment is based on a written examination. ASSESSMENT METHODS Assessment is based on a written examination aimed at evaluating the student's understanding of the fundamental principles of computer security and their ability to apply them to the analysis of security mechanisms, protocols, and systems. The examination may include both theoretical questions and exercises covering the topics addressed during the course. Evaluation takes into account the correctness of the answers, the quality of the reasoning, the appropriate use of technical terminology, and the ability to analyze vulnerabilities and countermeasures. Agenda 2030 - Sustainable Development Goals Quality education Industry, innovation and infrastructure Peace, justice and strong institutions