COMPUTER SECURITY AND LABORATORY

Module LABORATORY

1. Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
3. Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
4. Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
5. Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.

Practical laboratory experiments of penetration testing based upon Metasploit and Kali Linux.

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.

1. Non-repudiation
- Validity of evidence and fairness
- Application to e-commerce
- Application to delegation
- Application to certified e-mail

2. Essentials of penetration testing

- Metasploit

- Kali Linux

- Information gathering

3. Tools for security protocol verification
- Theorem proving: the Inductive Method
- Model checking: Avispa
- Ad hoc tools: Proverif

Lecture notes offered by the lecturer.

• William Stallings: Sicurezza delle reti. Applicazioni e standard
• Bruce Schneier: Sicurezza digitale. Miti da sfatare, strategie da adottare