You are here:

72942 - Information Security M

Academic Year 2021/2022

                
                        Docente:
                        Rebecca Montanari
                    
                        Credits:
                        8
                    
                        SSD:
                        ING-INF/05
                    
                        Language:
                        Italian
                    
                        Teaching Mode:
                        Traditional lectures
                        
                            Campus:
                            Bologna
                        
                            Corso:
                            Second cycle degree programme (LM) in
                            Computer Engineering (cod. 5826)

                            Teaching resources on Virtuale

Learning outcomes

Knowledge and engineering skills related to the design, development and deployment of algorithms and protocols for securing systems and networks.

Course contents

The aim of the course is to provide an in-depth study of the models, systems and mechanisms for securing processing systems with both a theoretical and a practical focus.

Suggested background: to gain more from the course it is important to have clear the concepts and tools provided by the computer networks, operating systems and computer security laboratory courses.

The course contents are divided into five macro-areas:

1. Modern cryptography applied

Insights and pitfalls in using PRNG, stream ciphers and block ciphers, cryptographically secure hash functions, asymmetric ciphers
Examples of attacks based on the incorrect use of ciphers and correct methods of use
Examples of cryptographic applications in some scenarios (wireless networks, cloud, IoT, ..)
Symmetric and asymmetric cryptographic key management models and systems (Key distribution center, PKI, PGP)

2. Authentication Models and Systems

Recalls on authentication systems and principles of designing secure authentication protocols
Single Sign-on authentication models with related examples of protocols / systems (Kerberos, ...)
Federated authentication models with relative examples of protocols / systems (Oauth, OpenID, SAML, ..)

3. Access control models and systems

Identity-based models with related examples of protocols / systems
Role-based models with related examples of protocols / systems
Attribute- and context-based models with related examples of protocols / systems

4. Automated security management models and systems: paradigm based on policy-based management

5. Blockchain technologies

Principles of operation
Hints of operation of the Bitcoin and Ethereum platforms

Readings/Bibliography

Slides on the course web site
References:

[1] Bruce Schneier: “Applied Cryptography ” John Wiley 1996

[2] A.J. Menezes, P.C. Van Oorschot, S.A. Vanstone: “Handbook of Applied Cryptography” CRC Press 1997

[3] William Stalling: “Sicurezza delle reti. Applicazioni e standard ” Addison Wesley Longman Italia 2001

[4] C.Pfleeger, S.Pfleeger:”Sicurezza in informatica” Pearson Education Italia, 2004

[5] D. Ferraiolo, R. Kuhn, R. Chandramouli: "Role-based Access Control", Artech House computer security series

[6] G. Karame, E. Androulaki: "Bitcoin and Blockchain Security", Artech House computer security series

Teaching methods

Frontal lectures and laboratory activities

Assessment methods

written exam and practical exam

Teaching tools

slides and laboratory activities

Office hours

See the website of Rebecca Montanari