Security and Privacy
A.Y. 2024/2025
Learning objectives
The aim of the course is to introduce the students to the conceptual and practical bases of Information Security and Privacy, placing a certain emphasis on the more implemented aspects of the discipline. The reference domain will be represented by the systems with particular emphasis on the Linux system and networks.
Expected learning outcomes
At the end of the course the student will be able to: evaluate the main vulnerabilities present in a given system; exploit some of these vulnerabilities to gain unauthorized access to information or systems; identifying the best countermeasures to be adopted in the face of the most common attacks, assessing the main threats to privacy deriving from the use of specific IT technologies, designing a computer security system for small realities.
Lesson period: First semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
First semester
Course syllabus
During the course the following topics will be addressed:
Introduction to cybersecurity and terminology
Main protection tools:
- Introduction to cryptography
- Identification and Authentication
- Access control
- Auditing
Software security
- Buffer overflow
- TOCTOU
- Malware
- The security of operating systems
The security of the web
- the HTML protocol
- XSS and CSRF
- SQL Injection
Network security
- The TCP / IP protocol
- Some network attacks
- WiFi security
- IPSEC / TLS
Organizational Aspects of Cybersecurity
- IT security management
- Security policies
Elements of Ethics and Privacy
Laboratory activities:
- use of cryptographic tools: PGP and main cryptographic algorithms
- Access control system in UNIX
- Password Crackers
- Introduction to Metasploit
- Web attacks
Introduction to cybersecurity and terminology
Main protection tools:
- Introduction to cryptography
- Identification and Authentication
- Access control
- Auditing
Software security
- Buffer overflow
- TOCTOU
- Malware
- The security of operating systems
The security of the web
- the HTML protocol
- XSS and CSRF
- SQL Injection
Network security
- The TCP / IP protocol
- Some network attacks
- WiFi security
- IPSEC / TLS
Organizational Aspects of Cybersecurity
- IT security management
- Security policies
Elements of Ethics and Privacy
Laboratory activities:
- use of cryptographic tools: PGP and main cryptographic algorithms
- Access control system in UNIX
- Password Crackers
- Introduction to Metasploit
- Web attacks
Prerequisites for admission
Students are encouraged to take the following exams before attending the course
- Programming
- Computer architectures
- Operating systems
- Computer networks
- Programming
- Computer architectures
- Operating systems
- Computer networks
Teaching methods
Teaching will be carried out in frontal mode through the projection of slides and the possible commentary of some films.
The laboratory activities will be carried out in the classroom, to perform these activities students are required to have a portable PC on which they can install at least two copies of virtual machines.
The laboratory activities will be carried out in the classroom, to perform these activities students are required to have a portable PC on which they can install at least two copies of virtual machines.
Teaching Resources
The course does not adopt a particular text, during the course bibliographical materials will be indicated. Students can however consult the following as a reference text for a series of in-depth studies:
W. Stallings, L. Brownie, "Computer Security: principles and practice", Global Edition, Pearson.
It is understood that students are required to acquire the knowledge present in all the teaching material that will be indicated during the course. The oral exam will take place assuming that the student has assimilated all the aforementioned contents.
W. Stallings, L. Brownie, "Computer Security: principles and practice", Global Edition, Pearson.
It is understood that students are required to acquire the knowledge present in all the teaching material that will be indicated during the course. The oral exam will take place assuming that the student has assimilated all the aforementioned contents.
Assessment methods and Criteria
During the course, homework will be assigned that the student can carry out to verify his level of preparation. The final exam requires passing two tests: a practical test and an oral test.
In the practical test lasting a maximum of 4 hours, the student will have to demonstrate that they have acquired the skills and dexterity necessary to independently carry out elementary exercises related to carrying out cyber attacks and protecting data and systems. The test will be evaluated on a scale from 0 to 5. The evaluation of the test will be communicated to the students on the spot.
Passing the practical test is a NECESSARY requirement for admission to the oral test.
During the oral exam the student must demonstrate that he has assimilated the notions imparted during the theoretical lessons and acquired sufficient reasoning autonomy to allow him to apply the aforementioned notions to different application contexts. The final exam grade will be determined as follows:
- up to 5 points for completing homework
- up to 5 points for carrying out the practical test exercises
- up to 23 points for the oral exam.
The practical test and the oral test must be taken in the same session. Failure in the oral test will require the entire exam to be redone.
In the practical test lasting a maximum of 4 hours, the student will have to demonstrate that they have acquired the skills and dexterity necessary to independently carry out elementary exercises related to carrying out cyber attacks and protecting data and systems. The test will be evaluated on a scale from 0 to 5. The evaluation of the test will be communicated to the students on the spot.
Passing the practical test is a NECESSARY requirement for admission to the oral test.
During the oral exam the student must demonstrate that he has assimilated the notions imparted during the theoretical lessons and acquired sufficient reasoning autonomy to allow him to apply the aforementioned notions to different application contexts. The final exam grade will be determined as follows:
- up to 5 points for completing homework
- up to 5 points for carrying out the practical test exercises
- up to 23 points for the oral exam.
The practical test and the oral test must be taken in the same session. Failure in the oral test will require the entire exam to be redone.
INF/01 - INFORMATICS - University credits: 6
Laboratories: 24 hours
Lessons: 36 hours
Lessons: 36 hours
Professor:
Bruschi Danilo Mauro
Shifts:
Turno
Professor:
Bruschi Danilo MauroProfessor(s)
Reception:
send an email to danilo[dot]bruschi[at]unimi[dot]it
Room 8011, Via Celoria 18