17629 - Computer System Security

Course Unit Page

Academic Year 2017/2018

Learning outcomes

The objective of the course is to present the theory, mechanisms, techniques and tools that are effective in increasing the security of a computer system. At the end of the course, the student will be familiar with the mathematical foundations of modern cryptography, authentication, authorization and access control mechanisms that are suitable for achieving confidentiality, integrity and availability of computer systems.  The student will also acquire the knowledge necessary to assess the potentials and limitations of current technologies.

Course contents

- Introduction     
- Trustworthiness, Network Information Systems, Security Policies    
- Symmetric (secret key) and Asymmetric (public key)  Cryptography
- One-time-pad, DES algorithm for symmetric cryptography
- RSA algorithm for asymmetric cryptography
- Authentication, digital signatures, Message Authentication Codes   
- Key Management   
- Kerberos   
- Certificates, Public-Key-Infrastructures
- PGP   
- Key Escrow   
- SSL    
- Passwords   
- Access control  
- Internet Security: Virtual Private Networks, Firewalls, IPSec   
- Intrusion Detection Systems

Readings/Bibliography

Matt Bishop, "Introduction to Computer Security", Addison-Wesley, 2005.

Teaching methods

Lectures, several small programming projects to complete individually.

Assessment methods

The course requires completing five exercises that can be carried out on a personal laptop (without physical presence in a laboratory) and passing a written exam.  The final vote will be obtained through a weighted average of these two components.

Teaching tools

Overhead slides projected from a laptop computer, white board.

Links to further information

http://www.cs.unibo.it/babaoglu/courses/security/

Office hours

See the website of Ozalp Babaoglu