First cycle
degree courses
Second cycle
degree courses
Single cycle
degree courses
School of Science
COMPUTER SCIENCE
Course unit
CYBERSECURITY: PRINCIPLES AND PRACTICES
SCP9087558, A.A. 2019/20

Information concerning the students who enrolled in A.Y. 2017/18

Information on the course unit
Degree course First cycle degree in
COMPUTER SCIENCE
SC1167, Degree course structure A.Y. 2011/12, A.Y. 2019/20
N0
bring this page
with you
Number of ECTS credits allocated 6.0
Type of assessment Mark
Course unit English denomination CYBERSECURITY: PRINCIPLES AND PRACTICES
Website of the academic structure http://informatica.scienze.unipd.it/2019/laurea
Department of reference Department of Mathematics
Mandatory attendance No
Language of instruction English
Branch PADOVA
Single Course unit The Course unit can be attended under the option Single Course unit attendance
Optional Course unit The Course unit can be chosen as Optional Course unit

Lecturers
Teacher in charge MAURO CONTI INF/01

ECTS: details
Type Scientific-Disciplinary Sector Credits allocated
Core courses INF/01 Computer Science 6.0

Course unit organization
Period First semester
Year 3rd Year
Teaching method frontal

Type of hours Credits Teaching
hours
Hours of
Individual study
Shifts
Lecture 6.0 48 102.0 No turn

Calendar
Start of activities 30/09/2019
End of activities 18/01/2020
Show course schedule 2019/20 Reg.2011 course timetable

Examination board
Examination board not defined

Syllabus
Prerequisites: No strict prerequisites on previous exams.
Target skills and knowledge: To acquire basic security concept (e.g., Access Control, User Authentication, Malware, Attacchi DoS, Intrusion Detection/Prevention, Software and OS security, Trusted Computing), and knowledge of system security for Linux/Windows/Android, security of wireless/wired networks, web-application security.
At the end of the course, the students will have acquired basic knowledge of computer security and will be able to analyze a system, identifying its possible vulnerabilities.
Examination methods: Written.
Assessment criteria: Knowledge of the concepts studied during the course.
Course unit contents: Theory:
COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES: Cryptographic Tools, User Authentication, Access Control, Database Security, Malicious Software, Denial-of-Service Attacks, Intrusion Detection, Firewalls and Intrusion Prevention Systems.
SOFTWARE SECURITY AND TRUSTED SYSTEMS: Buffer Overflow, Software Security, Operating System Security, Trusted Computing and Multilevel Security.
MANAGEMENT ISSUES: IT Security Management and Risk Assessment, IT Security Controls, Plans, and Procedures, Physical and Infrastructure Security, Human Resources Security, Security Auditing, Legal and Ethical Aspects.
CRYPTOGRAPHIC ALGORITHMS: Symmetric Encryption and Message Confidentiality, Public-Key Cryptography and Message Authentication.
NETWORK SECURITY: Internet Security Protocols and Standards, Internet Authentication Applications, Wireless Network Security.
Practice:
Structure of a web application; web servers, CGI, proxies, life cycle; XSS vulnerabilities
x86 ISA, ELF, x86 address space layout basics, data-oriented buffer overflows, stack overflows under executable stack; GOT/PLT and GOT hijacking
Classical ciphers: Caesars, affine ciphers, Vigenere, hashing; Symmetric: DES, 3DES, AES, RC4; Asymmetric: DH, ElGamal, RSA
DBMS fundamentals, Interaction web application - DBMS, SQLi
Stack canaries, ASLR, W^X, RELRO. Code reuse under W^X: stack overflows w/ ROP
Planned learning activities and teaching methods: Lectures; practical exercises.
Additional notes about suggested reading: Book (main book: Computer Security: Principles and Practice 2/E).
The course will be given in English.
The web site of the course will offer all the information and additional material:
http://www.math.unipd.it/~conti/teaching.html
Textbooks (and optional supplementary readings)
  • W. Stallings, L. Brown, Computer Security: Principles and Practice 2/E. --: Prentice Hall, --. Cerca nel catalogo
  • M. Bishop, Introduction to Computer Security. --: Addison-Wesley Professional, --. Cerca nel catalogo

Innovative teaching methods: Teaching and learning strategies
  • Lecturing
  • Laboratory
  • Case study
  • Working in group
  • Problem solving
  • Peer feedback
  • Students peer review

Innovative teaching methods: Software or applications used
  • Moodle (files, quizzes, workshops, ...)
  • Latex

Sustainable Development Goals (SDGs)
Industry, Innovation and Infrastructure