17629 - Computer System Security

Academic Year 2019/2020

  • Teaching Mode: Traditional lectures
  • Campus: Bologna
  • Corso: First cycle degree programme (L) in Computer Science (cod. 8009)

Learning outcomes

The objective of the course is to present the theory, mechanisms, techniques and tools that are effective in increasing the security of a computer system. At the end of the course, the student will be familiar with the mathematical foundations of modern cryptography, authentication, authorization and access control mechanisms that are suitable for achieving confidentiality, integrity and availability of computer systems. The student will also acquire the knowledge necessary to assess the potentials and limitations of current technologies.

Course contents

  • Introduction
  • Trustworthiness, Network Information Systems, Security Policies    
  • Symmetric (secret key) and Asymmetric (public key)  Cryptography
  • One-time-pad, DES algorithm for symmetric cryptography
  • RSA algorithm for asymmetric cryptography
  • Authentication, digital signatures, Message Authentication Codes
  • Key Management
  • Kerberos
  • Certificates, Public-Key-Infrastructures
  • PGP
  • Key Escrow
  • Internet security: SSL
  • User authentication: Passwords, tokens, biometrics
  • Strong authentication, 2-factor authentication
  • Access control
  • Capabilities
  • Denial-of-Service, Distributed Denial-of-Service, Defenses
  • Internet Security: Virtual Private Networks, Firewalls, IPSec
  • Intrusion Detection Systems
  • Cloud, IoT and Wireless Security
  • Cyber Forensics

Readings/Bibliography

  • Computer Security: Principles and Practice (4th Edition), Stallings and Brown, Pearson, 2018.
  • Computer Security: Art and Science (2nd Edition), Matt Bishop, Addison-Wesley, 2018.

Teaching methods

The Course is worth 6 credits and consists of lectures together with five programming exercises to complete individually during the semester.

Assessment methods

The final exam for the Course aims to verify achievement of the stated objectives:

  • understanding the principal threats to security in modern computing systems
  • understanding the mathematical foundations for modern cryptography
  • understanding the benefits and limits of modern cryptographic algorithms and protocols 
  • analyzing the vulnerabilities of a computing system
  • formulating a security roadmap for a modern computing system

The final grade for the Course will be obtained through a weighted average of the final exam score and the outcomes for the five programming exercises.

Teaching tools

The lectures utilize overhead slides projected from a laptop computer together with a white board. The material presented during lectures will be made available in electronic format for downloading from the Course web site.  Completing the programming exercises require interacting with the Course teaching assistant via email.

Links to further information

http://www.cs.unibo.it/babaoglu/courses/security/

Office hours

See the website of Ozalp Babaoglu

SDGs

Industry, innovation and infrastructure

This teaching activity contributes to the achievement of the Sustainable Development Goals of the UN 2030 Agenda.