Security and privacy

A.Y. 2020/2021
Overall hours
Learning objectives
The aim of the course is to introduce the students to the conceptual and practical bases of Information Security and Privacy, placing a certain emphasis on the more implemented aspects of the discipline. The reference domain will be represented by the systems with particular emphasis on the Linux system and networks.
Expected learning outcomes
At the end of the course the student will be able to: evaluate the main vulnerabilities present in a given system; exploit some of these vulnerabilities to gain unauthorized access to information or systems; identifying the best countermeasures to be adopted in the face of the most common attacks, assessing the main threats to privacy deriving from the use of specific IT technologies, designing a computer security system for small realities.
Course syllabus and organization

Single session

Lesson period
First semester
The course will be entirely carried out in synchronous on-line mode using the ZOOM platform. The same applies for the exams that will be carried out with the platform for the written tests and the ZOOM platform for the oral tests.
Course syllabus
During the course the following topics will be addressed:
Introduction and terminology
Ethics and Cybersecurity
Elements of cryptography
Physical security
The security of operating systems
Attack techniques: buffer overflow, race conditions,
integer overflow
Malware Exercise
Network security
Network attacks: ARP poisoning, DOS (Syn flood), DNS attacks
The security of the WEB
Attacks on the WEB: XXS
Organizational Aspects of Cybersecurity
Privacy elements
Prerequisites for admission
Before attending the course students should give the following exams
- Programming
- Computer architectures
- Operating systems
- Computer networks
Teaching methods
The course will be entirely carried out in synchronous on-line mode using the ZOOM platform. The lessons will be recorded and made available asynchronously through the ARIEL platform. A discussion forum will also be activated on the same platform which can be used by students for asking questions to the teacher asynchronously.
Teaching Resources
Security in Computing (5th Edition)
Authors: Charles P Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies
Publisher: Prentice Hall Press
Pages: 944
Assessment methods and Criteria
The exam involves passing two tests: a practical test and an oral test.
In the practical test lasting 3 hours, the student must demonstrate to have acquired the skills and dexterity necessary to independently carry out exercises of similar complexity to that of the exercises carried out during classes. The test will be evaluated with the following scale in descending order: A, B, C, D, INSUFFICIENT.
Passing the practical test is a NECESSARY requirement for admission to the oral exam.
During the oral exam the student must demonstrate that he has assimilated the notions imparted during the theoretical lessons and acquired sufficient autonomy of reasoning that allows him to apply the aforementioned notions to different application contexts. The oral exam will be evaluated out of thirty to which the scores of the laboratory test will be added with the following criterion:
A -> + 3 points
B -> + 2 points
C -> + 1 point
D -> + 0 points
The practical test and the oral test must be taken in the same session. Failure to take the oral exam leads to the remaking of the entire exam.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Educational website(s)
send an email to danilo[dot]bruschi[at]unimi[dot]it
Room P115, Via Comelico