Computer Security

1. Knowledge and understanding. The student acquires a critical understanding of contemporary “frontier” security issues.

2. Applying knowledge and understanding. The student gains practical skills to build a virtual laboratory for conducting penetration testing experiments and becomes able to carry out basic sessions of formal analysis.
3. Making judgements. The student becomes an experienced player in the “security game,” that is, identifying possible attacks on a system presumed to be secure and then improving the system to defend it against the discovered vulnerabilities.
4. Communication skills. The student becomes familiar with the technical vocabulary of cybersecurity and learns to use the multiple meanings of the term “security” unambiguously when referring to research topics, penetration testing, and formal analysis.
5. Learning skills. The student develops a critical mindset and methodological competence to face and solve new security challenges that may arise in the future.

Teaching consists of traditional upfront classes, enriched with a variety of practical applications demonstrated during class. 

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.

Not mandatory but strongly recommended due to the highly experimental and interactive nature of the course.

The Computer Security course covers a broad range of fundamental topics in cybersecurity, focusing on advanced protection techniques and security protocols.

It begins with the study of visual cryptography and its applications — a technique that allows information to be hidden within images, making it readable only to those who possess the appropriate key. This is followed by the analysis of smartcard security, devices used for authentication and data protection, with an in-depth look at their specific vulnerabilities and countermeasures.

The course also addresses LAN network security, with a particular focus on the Kerberos V protocol, used for network authentication to ensure that only authorized users can access resources. The topic of non-repudiation is also covered — the guarantee that an action or communication cannot be denied afterward — through the detailed study of the Zhou-Gollmann, Crispo, and Abadi et al. protocols, which provide formal solutions to this issue.

Students learn how to analyze security protocols using advanced techniques such as model checking, which verifies the absence of attacks in simplified protocol models; theorem proving, which demonstrates protocol security through logical reasoning; and ProVerif, an automated tool for analyzing and verifying cryptographic protocols.

The course then examines the crucial topic of security compliance, with particular attention to the General Data Protection Regulation (GDPR). Students analyze how legal and organizational requirements influence the design and management of secure information systems.

Finally, the course introduces the fundamentals of penetration testing, illustrating the main methodologies and stages of an ethical security assessment. Students learn how to identify and exploit vulnerabilities in controlled environments, using professional tools and techniques to evaluate the robustness of systems and networks.

• William Stallings: Network Security Essentials
• Bruce Schneier: Secrets and lies: Digital Security in a Networked World
• Lecture notes provided by the lecturer via Microsoft Teams

Implementation Project and Oral Examination:
Each of the two assessments will be graded on a thirty-point scale. The final grade will result from the average of the two marks.

The grading scale is as follows:

• Not approved: the student has not acquired the basic concepts and is unable to answer at least 60% of the questions or complete the required exercises.

• 18–23: the student demonstrates a minimal understanding of the basic concepts, limited ability to connect topics, and can solve only simple exercises.

• 24–27: the student shows a good grasp of the course contents, adequate ability to interrelate topics, and completes the exercises with few errors.

• 28–30 with distinction: the student has mastered all course contents, demonstrates critical understanding and the ability to make connections across topics, and solves the exercises thoroughly and without mistakes.

The assessment may also be conducted remotely, should circumstances require it.

Students with disabilities and/or specific learning disorders (SLD) are required to contact the instructor, the CInAP representative of the DMI, and the CInAP office well in advance of the exam date to request appropriate compensatory measures.