Academic Year 2023/2024 - Teacher: Giampaolo BELLA

Expected Learning Outcomes

  1. Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
  2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
  3. Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
  4. Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
  5. Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.

Course Structure

Teaching consists of traditional upfront classes, enriched with a variety of practical applications demonstrated during class. The final exam requires passing an individual, practical project and an oral interview.

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.

Detailed Course Content

1. Non-repudiation
- Validity of evidence and fairness
- Application to e-commerce
- Application to delegation
- Application to certified e-mail

2. Essentials of penetration testing

- Metasploit

- Kali Linux

- Information gathering

3. Tools for security protocol verification
- Theorem proving: the Inductive Method
- Model checking: Avispa
- Ad hoc tools: Proverif

Textbook Information

Lecture notes offered by the lecturer.

  • William Stallings: Sicurezza delle reti. Applicazioni e standard
  • Bruce Schneier: Sicurezza digitale. Miti da sfatare, strategie da adottare

Course Planning

 SubjectsText References
1Crittografia visuale e sue applicazioni
2Sicurezza delle smartcard
3Sicurezza su LAN: Kerberos V
4Non ripudio: protocollo Zhou-Gollmann
5Non ripudio: protocollo Crispo
6Non ripudio: protocollo Abadi et al.
7Analisi di protocolli: model checking
8Analisi di protocolli: theorem proving
9Normative sulla sicurezza: il Codice Privacy e la GDPR
10Penetration testing: concetti di base