COMPUTER SECURITY AND LABORATORYModule COMPUTER SECURITY
Academic Year 2025/2026 - Teacher: GIAMPAOLO BELLAExpected Learning Outcomes
- Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
- Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
- Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
- Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
- Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.
Course Structure
Teaching consists of traditional upfront classes, enriched with a variety of practical applications demonstrated during class.
Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.
Required Prerequisites
Attendance of Lessons
Not mandatory but strongly recommended due to the highly experimental and interactive nature of the course.
Detailed Course Content
The Computer Security course covers a broad range of fundamental topics in cybersecurity, focusing on advanced protection techniques and security protocols.
It begins with the study of visual cryptography and its applications — a technique that allows information to be hidden within images, making it readable only to those who possess the appropriate key. This is followed by the analysis of smartcard security, devices used for authentication and data protection, with an in-depth look at their specific vulnerabilities and countermeasures.
The course also addresses LAN network security, with a particular focus on the Kerberos V protocol, used for network authentication to ensure that only authorized users can access resources. The topic of non-repudiation is also covered — the guarantee that an action or communication cannot be denied afterward — through the detailed study of the Zhou-Gollmann, Crispo, and Abadi et al. protocols, which provide formal solutions to this issue.
Students learn how to analyze security protocols using advanced techniques such as model checking, which verifies the absence of attacks in simplified protocol models; theorem proving, which demonstrates protocol security through logical reasoning; and ProVerif, an automated tool for analyzing and verifying cryptographic protocols.
The course then examines the crucial topic of security compliance, with particular attention to the General Data Protection Regulation (GDPR). Students analyze how legal and organizational requirements influence the design and management of secure information systems.
Finally, the course introduces the fundamentals of penetration testing, illustrating the main methodologies and stages of an ethical security assessment. Students learn how to identify and exploit vulnerabilities in controlled environments, using professional tools and techniques to evaluate the robustness of systems and networks.
Textbook Information
- William Stallings: Network Security Essentials
- Bruce Schneier: Secrets and lies: Digital Security in a Networked World
- Lecture notes provided by the lecturer via Microsoft Teams
Course Planning
| Subjects | Text References | |
|---|---|---|
| 1 | Crittografia visuale e sue applicazioni | Schneier and lecture notes |
| 2 | Sicurezza delle smartcard | Schneier and lecture notes |
| 3 | Sicurezza su LAN: Kerberos V | Stallings and lecture notes |
| 4 | Non ripudio: protocollo Zhou-Gollmann | Stallings and lecture notes |
| 5 | Non ripudio: protocollo Crispo | Stallings and lecture notes |
| 6 | Non ripudio: protocollo Abadi et al. | Stallings and lecture notes |
| 7 | Analisi di protocolli: model checking | Stallings and lecture notes |
| 8 | Analisi di protocolli: theorem proving | Stallings and lecture notes |
| 9 | Normative sulla sicurezza: il Codice Privacy e la GDPR | Stallings and lecture notes |
| 10 | Penetration testing: concetti di base |
Learning Assessment
Learning Assessment Procedures
Implementation Project and Oral Examination:
Each of the two assessments will be graded on a thirty-point scale. The final grade will result from the average of the two marks.
The grading scale is as follows:
Not approved: the student has not acquired the basic concepts and is unable to answer at least 60% of the questions or complete the required exercises.
18–23: the student demonstrates a minimal understanding of the basic concepts, limited ability to connect topics, and can solve only simple exercises.
24–27: the student shows a good grasp of the course contents, adequate ability to interrelate topics, and completes the exercises with few errors.
28–30 with distinction: the student has mastered all course contents, demonstrates critical understanding and the ability to make connections across topics, and solves the exercises thoroughly and without mistakes.
The assessment may also be conducted remotely, should circumstances require it.
Students with disabilities and/or specific learning disorders (SLD) are required to contact the instructor, the CInAP representative of the DMI, and the CInAP office well in advance of the exam date to request appropriate compensatory measures.
Examples of frequently asked questions and / or exercises
Examples: configuration of Kerberos and access to a Kerberized resource; analysis of exploit source code.
Naturally, the examination may also include exercises on other topics covered in the syllabus.