This course aims at providing an up-to-date survey of developments and practice in computer security. It covers the central problems that confront security designers and security administrators, that is defining the threats to computer and network systems, evaluating the relative risks of these threats, and developing cost-effective and user-friendly countermeasures. Main arguments are: Computer Security Technology and Principles; Software Security and Trusted Systems; Management Issues.
Required Textbook: Computer Security: Principles and Practice (4th ed.) - William Stallings, Lawrie Brown - Pearson (2017).
Additional teaching material:
- slides presented during the course;
- published research papers and technical reports on specific relevant topics.
Obiettivi Formativi
Upon successful completion of this course, the student will be able to
- identify the theoretical and practical problems of computer systems and networks security;
- recognize security issues concerning cyber infrastructures;
- understand and assess threats to fundamental security properties;
- propose appropriate countermeasures by applying the main security mechanisms to mitigate vulnerabilities;
- present concepts to others.
Knowledge and understanding:
theory and practice used to attain security on computer systems and networks; risk assessment and security management; technological bases for secure systems; human factor and personnel, legal and ethical issues.
Practical application of knowledge and understanding:
capability to perform a simple risk assessment for some organisation and to utilise the studied approaches to securing computer software and systems.
Prerequisiti
Courses on computer architecture, operating systems and computer networks are recommended.
Metodi Didattici
Class lectures: 64 (hours).
Seminars by students on specific relevant topics: 8 (hours).
Altre Informazioni
Attendance to lectures: recommended.
Teaching Tools UNIFI E-Learning: https://e-l.unifi.it/.
Office Hours: by appointment. Contact the teacher by e-mail (rosario.pugliese@unifi.it).
Modalità di verifica apprendimento
There will be a final oral exam for each student covering all the topics presented during the course. Moreover, each student (or group of 2-3 students) will be assigned a specific topic to study in depth; then (s)he will give a presentation in class and lead the discussion on the given assignment.
Grading: The final mark will be determined by a weighted average of the scores on the final oral exam (65%), the seminar (30%) and class participation (5%), which includes attendance and contribution to discussions.
Programma del corso
During the course:
- the main basic principles of computer security will be presented and their application in specific areas of computer security will be studied;
- alternative approaches to meeting specific computer security requirements will be examined;
- related standards, important for the understanding of the current status and future direction of technology, will be comprehensively discussed;
- practical applications to a real-world environment will be analysed.
Detailed topics:
Computer Security Concepts (Threats, Attacks, and Assets); Fundamental Security Design Principles; Attack Surfaces and Attack Trees; Cryptographic Tools; User Authentication; Access Control Principles; Database and Data Center Security; SQL Injection Attacks; Malicious Software; Denial-of-Service Attacks; Intrusion Detection Systems; Firewalls and Intrusion Prevention Systems; Software Security; Operating System Security; Cloud and IoT Security; IT Security Management and Risk Assessment; Human Factors; Social Engineering; Legal and Ethical Issues.