COMPUTER SECURITY AND LABORATORY

Module COMPUTER SECURITY

1. Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
3. Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
4. Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
5. Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.

Teaching consists of traditional upfront classes, enriched with a variety of practical applications demonstrated during class. The final exam requires passing an individual, practical project and an oral interview.

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.

Having basic knowledge of computer networks, computer architectures, operating systems, and web programming.

The Computer Security course covers a wide range of fundamental topics in cybersecurity, focusing on advanced techniques and protection protocols.

It begins with the study of visual cryptography and its applications, a technique that allows information to be hidden within images, making it readable only to those who possess the appropriate key. This is followed by an analysis of smartcard security, devices used for authentication and data protection, exploring specific vulnerabilities and security measures.

The course also addresses LAN security, with a particular focus on the Kerberos V protocol, which is used for network authentication, ensuring that only authorized users have access to resources. The topic of non-repudiation is also covered, meaning the guarantee that an action or communication cannot be denied afterward, with a detailed study of the Zhou-Gollmann, Crispo, and Abadi et al. protocols, which provide solutions to this problem.

Students learn how to analyze security protocols using advanced techniques such as model checking, which verifies the absence of attacks in simplified protocol models, theorem proving, which demonstrates the security of a protocol through logical reasoning, and ProVerif, an automated tool for the analysis and verification of cryptographic protocols.

Lecture notes offered by the lecturer.

• William Stallings: Sicurezza delle reti. Applicazioni e standard
• Bruce Schneier: Sicurezza digitale. Miti da sfatare, strategie da adottare

How to configure Kerberos. Analysis of the code of an exploit.