Web E Mobile System Security
A.Y. 2019/2020
Learning objectives
The purpose of the course is twofold: on the one hand, we will introduce the basic concepts on computer security, on the other hand, we will cover the security problems specific to Web and mobile systems.
Expected learning outcomes
· Being able to identify the security properties a system must ensure in order to be considered "secure"
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
Lesson period: Third four month period
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Responsible
Course syllabus
1. Introduction to computer security. The problem of computer security: how to protect yourself, against whom or what.
2. The access control problem. Access control models and security policies: discretionary access control (DAC), mandatory access control (MAC), role based access control (RBAC). Man-machine authentication. Access control in Linux.
3. Secure communication along an insecure channel: security protocols and cryptographic primitives. Common attacks to security protocols.
4. Security of Web systems. The HTTP protocol vulnerabilities. SQL Injection and Cross Site Scripting (XSS). Email security. Malware. Web Application fingerprinting. The privacy problem.
5. Security of mobile systems. Common vulnerabilities, malware and attacks. Android security as case study.
2. The access control problem. Access control models and security policies: discretionary access control (DAC), mandatory access control (MAC), role based access control (RBAC). Man-machine authentication. Access control in Linux.
3. Secure communication along an insecure channel: security protocols and cryptographic primitives. Common attacks to security protocols.
4. Security of Web systems. The HTTP protocol vulnerabilities. SQL Injection and Cross Site Scripting (XSS). Email security. Malware. Web Application fingerprinting. The privacy problem.
5. Security of mobile systems. Common vulnerabilities, malware and attacks. Android security as case study.
Prerequisites for admission
None
Teaching methods
Theory is carried out through lectures. The lab sessions alternate lectures with exercises and activities carried out individually or in small groups.
Teaching Resources
Web site: http://cbraghinsswm.ariel.ctu.unimi.it
Course slides, notes taken in class and articles in English which are part of the course programme.
Course slides, notes taken in class and articles in English which are part of the course programme.
Assessment methods and Criteria
The exam consists of a one and a half hour written test with open questions.
The evaluation takes into account the level of mastery of the subject and the clarity of presentation.
The evaluation takes into account the level of mastery of the subject and the clarity of presentation.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professor:
Braghin Chiara
Shifts:
-
Professor:
Braghin ChiaraProfessor(s)