inline-defaultCreated with Sketch.
inline-defaultCreated with Sketch.
HomeUniversitiesProgramsStudents & Alumni
search
Students
Masters

COMPUTER SECURITY

University of Genoa
Genoa , Italy
Visit Program Website
Students
Tuition Fee
Not Available
Start Date
Not Available
Medium of studying
On campus
Duration
Not Available
Details
About Program
About University
Gallery
Contact School
Details
Program Details
Degree
Masters
Major
Computer Science | Cybersecurity | Software Engineering
Area of study
Information and Communication Technologies | Engineering
Education type
On campus
Course Language
English
About Program

Program Overview

COMPUTER SECURITY PROGRAM

Overview

The Computer Security program covers fundamental principles of computer security, including cryptographic hash functions, symmetric and asymmetric ciphers, digital signatures, digital certificates, security protocols, and access control. The program also introduces network security and web security, featuring hands-on sessions and a cyber exercise inspired by Capture-the-Flag competitions.


Aims and Content

Learning Outcomes

This program provides students with a comprehensive understanding of computer security principles, including:


  • Cryptographic hash functions
  • Symmetric and asymmetric ciphers
  • Digital signatures
  • Digital certificates
  • Security protocols
  • Access control
  • Network security
  • Web security

Aims and Learning Outcomes

Students will acquire in-depth knowledge of security issues in modern computer systems and complex ICT infrastructures, as well as techniques to solve or mitigate them. The program features hands-on sessions that provide students with practical problem-solving skills in various domains, including cryptography, network security, host security, and web security.


Prerequisites

  • Good programming skills
  • Fundamentals of Computer Architectures and Operating Systems
  • Fundamentals of communication protocols and the TCP/IP

Teaching Methods

The program uses lecture-style instruction complemented with hands-on sessions on selected topics, such as secure mail and web security. The examination consists of a written and a practical exam (cyber exercise).


Syllabus/Content

  1. Introduction to Computer Security
    • The concepts of resource, vulnerability, threat, countermeasure, and risk
    • Security goals: confidentiality, integrity, availability, etc.
  2. Introduction to Cryptography
    • Fundamental concepts (cryptography, cryptanalysis, general cryptographic schema)
    • Monoalphabetic substitution ciphers (Caesar cipher)
    • Polyalphabetic substitution ciphers (Vigenère cipher)
    • One-time pads (Vernam cipher)
    • Transposition ciphers
    • Composite ciphers
  3. Symmetric Cryptography
    • Block and stream ciphers
    • Feistel cipher structure
    • DES and 3DES
    • Modes of operation (Electronic Code Book, Cipher-Block Chaining, Stream Ciphers)
    • Link vs end-to-end encryption
    • The key distribution problem
  4. Public-Key Cryptography
    • Introduction to public-key cryptography
    • Introduction to Number Theory
    • The RSA algorithm
    • Diffie-Hellman key exchange
  5. Message Authentication and Digital Signatures
    • Message integrity and authentication functions (message encryption, message authentication code, cryptographic hash functions)
    • Digital signature
  6. Public Key Infrastructure (PKI)
    • PKI components
    • Digital Certificates
    • Trust models
  7. Security Protocols
    • Basic notions (protocol execution, assumptions and goals, attacker model)
    • Examples of protocols (NSPK, Otway-Rees, Andrew Secure RPC, Denning & Sacco)
    • Prudent engineering of security protocols
    • Kerberos (architecture, protocol, inter-realm communication, limitations)
  8. Secure Mail
    • PGP
  9. Network Security
    • Link Layer: WiFi Security
    • Network Layer: IP-Sec
    • Transport Layer: SSL/TLS
    • Introduction to Firewalls
  10. Web Security
    • Security on the client side (cookies and privacy, HTTP authentication mechanisms)
    • Security on the server side (unvalidated input, broken authentication and session management, cross-site scripting, injection flaws, denial of service, etc.)
  11. Secure Programming
    • Buffer overflows
    • Format string vulnerabilities
  12. Access Control
    • Discretionary vs Mandatory Access Control
    • Access control matrix model
    • Role-Based Access Control (RBAC)
    • Administrative Role-Based Access Control (ARBAC)
    • Models of Bell-LaPadula, Harrison-Ruzzo-Ullman, Chinese Wall
  13. Cyber Exercise
    • Hands-on cyber exercise inspired by Capture-the-Flag competitions

Recommended Reading/Bibliography

  1. Teaching material (slides and exercises) available on AulaWeb.
  2. Charles P. Pfleeger, Shari Lawrence Pfleeger. Security in Computing, 4/E. Prentice Hall Editor, 2007. (Also available in Italian)
  3. William Stallings, Lawrie Brown. Computer Security: Principles and Practice (3rd Edition). Pearson Ed., 2015

Teachers and Exam Board

  • Alessandro Armando
  • Exam Board:
    • Alessandro Armando (President)
    • Enrico Russo
    • Luca Verderame (President Substitute)

Lessons

  • The timetable for this course is available on the Portale EasyAcademy.

Exams

Exam Description

  • Written Exam based on open-ended questions.
  • Hands-on Assessment (CyberEx) requiring the solution of "Capture-the-Flag" problems.

Assessment Methods

  • The written assessment evaluates the understanding of fundamental problems and techniques of Computer Security.
  • The practical assessment evaluates the ability to use penetration testing tools and discover vulnerabilities and exploits in computer systems.

Agenda 2030 - Sustainable Development Goals

  • Quality education
  • Gender equality
  • Decent work and economic growth
  • Industry, innovation and infrastructure
See More