Security and Privacy

A.Y. 2024/2025
6
Max ECTS
60
Overall hours
SSD
INF/01
Language
Italian
Learning objectives
The aim of the course is to introduce the students to the conceptual and practical bases of Information Security and Privacy, placing a certain emphasis on the more implemented aspects of the discipline. The reference domain will be represented by the systems with particular emphasis on the Linux system and networks.
Expected learning outcomes
At the end of the course the student will be able to: evaluate the main vulnerabilities present in a given system; exploit some of these vulnerabilities to gain unauthorized access to information or systems; identifying the best countermeasures to be adopted in the face of the most common attacks, assessing the main threats to privacy deriving from the use of specific IT technologies, designing a computer security system for small realities.
Single course

This course can be attended as a single course.

Course syllabus and organization

Single session

Responsible
Lesson period
First semester
Course syllabus
During the course the following topics will be addressed:
Introduction to cybersecurity and terminology
Main protection tools:
Introduction to cryptography
Threats Models and TCB
Designing Secure Systems
Execution Semantics
Buffer overflow & Defenses
Code Analysis and Isolation
Introduction to Crypto
Symmetric Ciphers, HASH, MAC
Public Key Crypto
Bitcoin & Cryptocurrencies
NetWork Security: introduction & attacks
Network Security: Defenses
Web Security
Privacy and Data Privacy
Usability and Economic Aspects
Malware

Laboratory activities:
- use of cryptographic tools: PGP and main cryptographic algorithms
- Access control system in UNIX
- Writing a shellcode
- Buffer overflow attack
-Network Security tools
- Web attacks
Prerequisites for admission
Students are encouraged to take the following exams before attending the course
- Programming
- Computer architectures
- Operating systems
- Computer networks
Teaching methods
Teaching will be carried out in frontal mode through the projection of slides and the possible commentary of some films.
The laboratory activities will be carried out in the classroom, to perform these activities students are required to have a portable PC on which they can install at least two copies of virtual machines.
Teaching Resources
The course does not adopt a particular text, during the course bibliographical materials will be indicated. Students can however consult the following as a reference text for a series of in-depth studies:
W. Stallings, L. Brownie, "Computer Security: principles and practice", Global Edition, Pearson.
It is understood that students are required to acquire the knowledge present in all the teaching material that will be indicated during the course. The oral exam will take place assuming that the student has assimilated all the aforementioned contents.
Assessment methods and Criteria
During the course, homework will be assigned that the student can carry out to verify his level of preparation. The final exam requires passing two tests: a practical test and an oral test.
In the practical test lasting a maximum of 4 hours, the student will have to demonstrate that they have acquired the skills and dexterity necessary to independently carry out elementary exercises related to carrying out cyber attacks and protecting data and systems. The test will be evaluated on a scale from 0 to 5. The evaluation of the test will be communicated to the students on the spot.
Passing the practical test is a NECESSARY requirement for admission to the oral test.
During the oral exam the student must demonstrate that he has assimilated the notions imparted during the theoretical lessons and acquired sufficient reasoning autonomy to allow him to apply the aforementioned notions to different application contexts. The final exam grade will be determined as follows:
- up to 5 points for completing homework
- up to 5 points for carrying out the practical test exercises
- up to 23 points for the oral exam.

The practical test and the oral test must be taken in the same session. Failure in the oral test will require the entire exam to be redone.
INF/01 - INFORMATICS - University credits: 6
Laboratories: 24 hours
Lessons: 36 hours
Shifts:
Turno
Professor: Bruschi Danilo Mauro
Educational website(s)
Professor(s)
Reception:
send an email to danilo[dot]bruschi[at]unimi[dot]it
Room 8011, Via Celoria 18