COMPUTER SECURITY AND LABORATORYModule LABORATORY
Academic Year 2023/2024 - Teacher: Giampaolo BELLAExpected Learning Outcomes
- Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
- Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
- Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
- Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
- Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.
Course Structure
Practical laboratory experiments of penetration testing based upon Metasploit and Kali Linux.
Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.
Detailed Course Content
1. Non-repudiation
- Validity of evidence and fairness
- Application to e-commerce
- Application to delegation
- Application to certified e-mail
2. Essentials of penetration testing
- Metasploit
- Kali Linux
- Information gathering
3. Tools for security protocol verification
- Theorem proving: the Inductive Method
- Model checking: Avispa
- Ad hoc tools: Proverif
Textbook Information
Lecture notes offered by the lecturer.
- William Stallings: Sicurezza delle reti. Applicazioni e standard
- Bruce Schneier: Sicurezza digitale. Miti da sfatare, strategie da adottare
Course Planning
Subjects | Text References | |
---|---|---|
1 | Crittografia visuale e sue applicazioni | |
2 | Sicurezza delle smartcard | |
3 | Sicurezza su LAN: Kerberos V | |
4 | Non ripudio: protocollo Zhou-Gollmann | |
5 | Non ripudio: protocollo Crispo | |
6 | Non ripudio: protocollo Abadi et al. | |
7 | Analisi di protocolli: model checking | |
8 | Analisi di protocolli: theorem proving | |
9 | Normative sulla sicurezza: il Codice Privacy e la GDPR | |
10 | Penetration testing: concetti di base |