Service-Oriented Architecture Security
A.Y. 2024/2025
Learning objectives
The objective of the course is to illustrare the basic techniques for confidentiality and integrity of semi-structured and unstructured data.
On this basis, the objective of the course is to explore techniques and standards for authentication, identity management and user profile harvesting in Web services, and to survey and learn the authorization languages for access to network resources and Web services, as well as the methods for the acquisition and representation of assurance metadata, getting to know in depth the techniques and tools for assurance and service safety certification.
On this basis, the objective of the course is to explore techniques and standards for authentication, identity management and user profile harvesting in Web services, and to survey and learn the authorization languages for access to network resources and Web services, as well as the methods for the acquisition and representation of assurance metadata, getting to know in depth the techniques and tools for assurance and service safety certification.
Expected learning outcomes
At the end of the course, the student will be able to: manage the confidentiality, integrity and digital signature controls at service interfaces; manage the authorization policies and security of Web Services; to deal with the problems related to the assurance and certification of Web Services.
Lesson period: Second semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Second semester
Course syllabus
The course focuses on the following topics:
Introduction
- Machine Learning (ML) Models
- Centralized and federated learning
- Artificial Intelligence devices and systems
Part I: Artificial Intelligence techniques for security
- Objectives of ML models and security properties
- Representation of attack data
- ML models for the identification and management of attacks: classification, prediction, anomalies detection
- Use of generative adversarial network models (GAN)
- Management of incidents and Large Language Models
Part II: Security of Intelligent Systems
- Security and privacy in ML models
- Attacks taxonomy
- Security of AI pipelines and secure orchestrations
- Threats modeling methodologies: STRIDE-AI
Part III: Test and assurance of Intelligent Systems
- General concepts of assurance and statistical testing
- Testing and verification of ML models
- Risk evaluation
- Certification of ML models
Introduction
- Machine Learning (ML) Models
- Centralized and federated learning
- Artificial Intelligence devices and systems
Part I: Artificial Intelligence techniques for security
- Objectives of ML models and security properties
- Representation of attack data
- ML models for the identification and management of attacks: classification, prediction, anomalies detection
- Use of generative adversarial network models (GAN)
- Management of incidents and Large Language Models
Part II: Security of Intelligent Systems
- Security and privacy in ML models
- Attacks taxonomy
- Security of AI pipelines and secure orchestrations
- Threats modeling methodologies: STRIDE-AI
Part III: Test and assurance of Intelligent Systems
- General concepts of assurance and statistical testing
- Testing and verification of ML models
- Risk evaluation
- Certification of ML models
Prerequisites for admission
Base concepts of systems' security and privacy; base concepts of Artificial Intelligence.
Teaching methods
The theoretical course consists of traditional lectures. During the course practical activities on services will be organized.
Teaching Resources
Web site with course contents and suggested readings:
https://myariel.unimi.it/course/view.php?id=2394
Slides and notes
Additional documentation: C.A. Ardagna, E. Damiani, N. El Ioini "Open Source Systems Security Certification," Springer, 2008.
https://myariel.unimi.it/course/view.php?id=2394
Slides and notes
Additional documentation: C.A. Ardagna, E. Damiani, N. El Ioini "Open Source Systems Security Certification," Springer, 2008.
Assessment methods and Criteria
The exam is composed of a written test and the presentation of a project.
The written test, that will last one hour and half, will include questions and practical exercises based on course syllabus. The project activity, to be agreed with the Professor, will consist in the developing of an application implementing the security protocols studied during the course. The project can be made in groups up to three students.
When the student successfully passes the written test and after the presentation of the project, a final evaluation is computed, expressed in thirtieths, considering: the knowledge of the topics, ability of applying the learned knowledge to the resolution of a practical project, project quality, critical thinking skills, clarity of exposition, and property of language.
The written test, that will last one hour and half, will include questions and practical exercises based on course syllabus. The project activity, to be agreed with the Professor, will consist in the developing of an application implementing the security protocols studied during the course. The project can be made in groups up to three students.
When the student successfully passes the written test and after the presentation of the project, a final evaluation is computed, expressed in thirtieths, considering: the knowledge of the topics, ability of applying the learned knowledge to the resolution of a practical project, project quality, critical thinking skills, clarity of exposition, and property of language.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professor:
Damiani Ernesto
Shifts:
Turno
Professor:
Damiani ErnestoProfessor(s)